DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 2 Weeks Ago
beavers beavers is offline
Fdisk Soldier
 
Join Date: Nov 2017
Posts: 82
Default Stacking softraid(4) disciplines

I'm having some trouble encrypting a softraid(4) mirror at install time. (I realize this may kill my cat.)

Suppose I have two drives, sd0 and sd1. Do I setup a mirror first (attaching as sd2), then encrypt sd2 (attaching as sd3)? Or vice versa, encrypt a single drive, then mirror that? I've tried both ways, and the installation succeeds with both, but result in "no OS found" upon reboot.
Reply With Quote
  #2   (View Single Post)  
Old 2 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,842
Default

The bootloader cannot use a stacked softraid(4) structure. Any such structure you deploy must be provisioned post-boot, such as in an rc.local(8) script.
Reply With Quote
  #3   (View Single Post)  
Old 2 Weeks Ago
beavers beavers is offline
Fdisk Soldier
 
Join Date: Nov 2017
Posts: 82
Default

Let me see if I understand the process (again, assuming physical disks sd0 and sd1):

* Create crypto discipline from sd0 and attach as sd2.
* Install to sd2.
* Boot to system.
* Create mirror discipline from sd0 and sd1, attach as sd3.
* Subsequently reattach sd3 from /etc/rc.local

Does that look accurate? Any finer points I missed, or gross errors?
Reply With Quote
  #4   (View Single Post)  
Old 2 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,842
Default

You can't create two softraid(4) drives from the same backing device extents, and you have named sd0 as a backing device twice. You would need two separate RAID disklabel partitions on sd0, and nothing would need to be stacked in that instance.

Perhaps more logically, you could create (and boot from) a mirrored softraid array, and then create a RAID partition in sd2 that you would use for whatever needed to be protected via encryption, such as /home or /var/database. You would use rc.local(8) to script the bioctl(8) and mount(8) commands for mounting the encrypted partition/partitions.
Reply With Quote
  #5   (View Single Post)  
Old 1 Week Ago
beavers beavers is offline
Fdisk Soldier
 
Join Date: Nov 2017
Posts: 82
Default

My main goal is really to encrypt an entire mirror, so in the end I just purchased a new (to me) motherboard with mirroring built-in. Problem solved-ish!
Reply With Quote
  #6   (View Single Post)  
Old 15 Hours Ago
beavers beavers is offline
Fdisk Soldier
 
Join Date: Nov 2017
Posts: 82
Default

Is there a reasonable way to setup a second, separate encrypted drive, then make all the same writes to it? Or otherwise keep them both exactly synced? I'm straining to make this work without hardware, it really seems like it should be possible in some way.
Reply With Quote
  #7   (View Single Post)  
Old 7 Hours Ago
albator albator is offline
Shell Scout
 
Join Date: Jul 2011
Posts: 92
Default

Quote:
Originally Posted by beavers View Post
...I just purchased a new (to me) motherboard with mirroring built-in. Problem solved-ish!
I wouldn't do that. If your motherboard fails, you'll face the risk to lose all your data.
You can try this as a raid 1 alternative: https://www.openbsd.org/faq/faq14.html#altroot
Reply With Quote
  #8   (View Single Post)  
Old 6 Hours Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,842
Default

Quote:
Originally Posted by beavers View Post
Is there a reasonable way to setup a second, separate encrypted drive, then make all the same writes to it? Or otherwise keep them both exactly synced? ...
Only after the stacked configuration has been mounted, which can only happen after a standard multi-user boot. There are two key restrictions to provisioning stacked softraid(4) configurations:
  • The bootloader does not support them.
  • The kernel does not automatically assemble them.
So, with those restrictions, it means that you cannot boot stacked softraid(), and you cannot use it on filesystems needed to be mounted during multi-user boot.
  • You must boot from outside the stacked softraid() environment.
  • You must manually assemble them after booting and after all automatic fstab(5) mounts have completed. Typically using rc.local(8).

Last edited by jggimi; 6 Hours Ago at 01:07 PM. Reason: typo, clarity
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Softupdates and Softraid Martillo OpenBSD General 15 8th November 2013 08:08 AM
Big problems 4.9->5.0 with softRAID delorean OpenBSD Installation and Upgrading 13 22nd February 2012 05:38 PM
RAIDframe -> Softraid jggimi OpenBSD General 12 3rd October 2011 12:16 AM
softraid encryption Sunnz OpenBSD Security 6 24th September 2009 04:58 AM
SOFTRAID(4) revzalot OpenBSD Installation and Upgrading 3 27th July 2008 08:40 PM


All times are GMT. The time now is 07:09 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick