On 05/15/2013 12:22 PM, Dave Johansen wrote:
I'm setting up a computer with CentOS 6.4 and a mirrored software RAID. I would like it to be encrypted so I was wondering what the best configuration is. The only info I could find is http://lists.centos.org/pipermail/centos-docs/2008-October/001912.html but it appears to be a bit old and the info on the wiki ( http://wiki.centos.org/HowTos/EncryptTmpSwapHome ) doesn't seem to address RAIDs.
My main question is will it be better to encrypt the RAID itself or the two partitions used by the RAID? Any other things I should be aware of?
Thanks, Dave
This depends on your use-case. Personally, I want my servers to be able to boot headless, so I leave /boot, <swap> and / unencrypted, RAID or not. Then I encrypt the LV (or partition) I am going to put data I care about on. I don't think there is any benefit to encrypting the partitions behind the MD device as it won't be able to form until you decrypt the devices. I'd keep crypt on the resulting /dev/mdX, at the lowest.
Again, it depends on your use-case.