File system encryption

    • OMV 2.x
    • File system encryption

      This is a 'thinking aloud' post to see what would be involved in encrypting file systems in place. Currently have the following setup:

      - 3 internal HDD and 2 external HDD, pooled with Greyhole (let's refer to them as B, C, D, E and F)
      - the Greyhole SQL database is stored on an SSD (same disk, different partition to the OMV installation, let's refer to that as A)
      - nothing is encrypted at present
      - before implementing Greyhole, the SMB shares served up by Greyhole were all originally located on disk B, and are still listed as such in the OMV admin interface

      I'm thinking of encrypting all disks B to F in place with LUKS, as follows:

      - remove them one by one from the Greyhole pool
      - wipe the filesystems and create encrypted volumes
      - re-add them to the Greyhole pool and let greyhole fill the disks again

      On the face of it this seems as though it will work, though there are a couple of things I'm not sure about, which arise from not fully understanding how Greyhole handles files:

      - Will the steps above work for disk B (which had the original shares on it), or do I need to tell OMV that those shares have moved?
      - If I need to tell OMV that the shares have moved, do I then need to manually move any files around myself?

      There is also a question relating to LUKS:

      - do disks need to be unlocked again after the NAS restores from pm-suspend mode, or do they remain unlocked while it sleeps?

      And a question relating to the SSD:

      I hope this all makes rough sense. If I'm misunderstanding things or there's a better and simpler way to implement what I am thinking about, I'd welcome any ideas....

      Thanks!