[CentOS] Installing mdadm and C7 on new computer

Fri Apr 29 05:30:36 UTC 2022
Joakim Dellrud <joakim at dellrud.se>

Think he might have just missed the fact that you had EFI boot aswell. 
So then it would be:

/boot md0

/boot/EFI md1

/ md2 -> vg0 -> lvs

Otherwise it was more a suggestion on using encryption for more then 
just the /home partition since there is always a risk with SWAP etc to 
have information that you do not want to be read.

My current setup goes:

/dev/mapper/vg0-root               /
/dev/mapper/vg0-usr                /usr
/dev/nvme0n1p2                      /boot       <- this would be a md 
device in your case
/dev/nvme0n1p1                       /boot/efi <- this would be a md 
device in your case
/dev/mapper/vg0-home             /home
/dev/mapper/vg0-var                 /var
/dev/mapper/vg0-tmp                 /tmp
/dev/mapper/vg0-var_tmp          /var/tmp
/dev/mapper/vg0-var_log            /var/log
/dev/mapper/vg0-var_log_audit  /var/log/audit

Note that we are most likely mixing data redundancy with data security a 
bit here. So as far as your plan to run a md device for each "partition" 
needed that is a sound and solid plan.

When it comes to encryption the point is that you might want to have 
more then just /home protected. But this is very dependent on your 
threat model. If you have a laptop encryption of all partitions is 
suggested.

Regards


On 2022-04-24 20:54, H wrote:
> On 04/23/2022 09:19 PM, H wrote:
>> On 04/19/2022 09:57 AM, Roberto Ragusa wrote:
>>> On 4/18/22 1:27 PM, H wrote:
>>>> I have a new computer with 2 x 2TB SSDs where I wanted to install C7 and use mdadm for RAID1 configuration and encrypting the /home partition. On the net I found https://tuxfixer.com/centos-7-installation-with-lvm-raid-1-mirroring/ which I adopted slightly with respect to partition sizes, using RAID1 for /boot and /root as well and added the /home partition with RAID1 and chose to have /home encrypted.
>>> It may be a good idea to also have / and swap encrypted, since user data can go there easily
>>> (logs, locatedb, swapped mem).
>>>
>>> I would do:
>>> - /boot as a separate RAID1 (md1=sda1+sdb1)
>>> - then another RAID1 (md2=sda2+sdb2) using all the remaining disk
>>> - luks on top of md2, giving you luks-xxxxx
>>> - LVM with a PV on luks-xxxxx
>>> - VG and LVs for swap, / and /home (do not assign all the available space now, especially if using xfs as filesystem)
>>>
>>> Not sure if you can do this setup through the installer, you have to try (in a VM maybe).
>>>
>>> Regards.
>>>
>> Thank you. I will have time to get back to this system tomorrow to try this.
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> Roberto, what would the advantage(s) be with your setup, ie one RAID1 array for everything but /boot compared to what I had done, ie three RAID1 arrays for /boot/efi RAID1, /boot RAID1 and one LVM-RAID1 for / and /home? As a naive user it would seem to me that the setup I did would be more resilient if a disk fails, or?
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20220429/83cff3d8/attachment-0003.sig>