Problem with luks and nfs

  • Hallo,
    I have a omv with luks encrypted disks and raid 5 and want to use it as an archive. It is switched off most of the time.


    I unlock the disk in the web interface with a password.


    After the disks are unlocked it is not possible tho mount the share via nfs. It looks, like it mounts the disk with the omv system on it without any rights.


    I see, that the problem ist the startup of nfs before the disks are unlogged.


    I saw, that somebody had the same problem in 2016 (!)


    https://github.com/OpenMediaVa…t-luksencryption/issues/8


    I'm open for any solution for my problem: Power the OMV on, Unlock the disks via web interface, Mount the share. How can I do this?


    I hope somebody can help. Thanks!


    Markus

  • Of course raid is not backup. You should have another mirror server or an external hard drive.
    What is encrypted the raid device or the device members?

    I know, what you mean: But in this case there is no backup, because the archive is to big and I'm not willing to buy a bunch of additional 4 TB discs. Too expensive for me. The raid is for the case, that one disc fails. And as I say: Most of the time the NAS is switched off. It's an archive.


    I did the instalaltion as it's meant to be (I think): Installed the luks plugin und encrypted drive by drive from the web interface. Than I created the raid.

    • Offizieller Beitrag

    I am not sure if your setup is going to work. I am under the impression the raid devices are assembled early at boot. When you decrypt the drives I am not sure if the raid device is gonna get assembled to continue with mounting filesystems.
    I would have to try this tomorrow in a vm. As far as I know is more common to encrypt the raid device instead of the members.

  • Hello,
    I have tested the new luks plugin on a test openmediafault.


    I changed nothing, but:
    Uninstall the old luks plugin
    Install the new luks plugin
    In the web interface: Activate crypttab und bellow add the three discs to crypttab. At "mapped name" I wrote nothing.


    Reboot.


    What happens: The webinterface doesn't come up. Good.
    When I log in via ssh:
    root@openmediavault:~# omv-luks-start
    /usr/sbin/omv-luks-start: Zeile 37: /root/bash-spinner/spinner.sh: Datei oder Verzeichnis nicht gefunden (in english: file not found)
    Proceeding to unlock drives
    Unlocking of drives ended, attempting to mount disks and encrypted containers
    Mounting linux filesystems from /etc/fstab


    There was no question that I have to type in the passwords for the discs.


    After this the webinterface comes up and I can unlock the discs.The I have to mount the filesystem and my test data is still there.

  • When decrypted sdb becomes sdb-crypt, sdc becomes sdc-crypt.
    Should I enter for example sdb-crypt at "mapped name" oder /dev/mapper/sdb-crypt


    In addition to this: Is the missing of spinner.sh a problem? Wehre can I get it?

    • Offizieller Beitrag

    Is just a console eye candy spinner that I added for waiting time, but I didn’t ship the script.
    Those mapped names are the default for unlocking disks using the plugin. You can follow that convention or use different one. But as I told you, you have the wrong order you should do raid then on top luks.
    I’ll test similar setup in a vm tomorrow.

  • Ok, thanks. I'm waiting.


    (... with one new problem: where do i get enough discs for a backup ;(


    I thought about it for a while: Why do I have openmediavault (with Raid 5). I can "survive" the failure of one disc.


    Now: OMV starts. I have to login, I have to unlock the drives. I have control, I see everything.


    When I take your plugin: You say that the raid is build before the unlocking. After the unlocking the system comes up with shares and web interfaces. Right?


    What happens, when something is wrong?
    1) Boot
    2) Build raid, but hey: one disc is missing.


    What happens now? Does omv build the raid. Is your script able to unlock the raid and then the gui comes up and the omv sends a Mail: "Hey dude, there is a disc missing"


    Or is it something in this way:
    Power up. Disc missing. Problem with the raid. Stand by. Launch your script (or not). Can't unlock a luks on a raid, which isn't there. No gui, which helps me. I don't know, what to do. No gui, where I can see, what's giong on.



    I'm not shure, but when I first played around with omv, I have tested some things like, what happens, when the discs are in wrong order. What happens, when I pull one sata cable and boot. I think I had first to put in a new disc and omv told me, not to use system, till raid is clean again. I'm not shure ...


    I hope you see: I'm a bit cunfused. I hope, you can help.

    • Offizieller Beitrag

    Ok, thanks. I'm waiting.


    (... with one new problem: where do i get enough discs for a backup

    Not my problem, is your data you should consider backup hard drives or other server. Depends if is important to you or not.


    I cannot answer all those questions because i would have to setup everything and start producing failures. Use a VM and test it on your own removing drives. I imagine the whole boot would fail, clearly not something you can fix right away. I tell you if you're gonna be plugging drives on/off then omv is not for you.


    RAID is meant to be fault tolerant, when a drive fails the array is mean to be still operational. This is mostly on a active server, if you remove a drive and reboot the raid will enter degraded state, it will probably not assemble without manual intervention.


    Now back to the plugin, i just tested your scenario (LUKS+RAID) and overall it worked ok (take in account it was VM with 1GB disks).
    I just realised a few things i have to correct in the plugin because of your feedback. Thanks :thumbup:

  • Thank you for your work. That means I don't have to backup all my data and do raid first and then luks? It will work after an update of your plugin now?


    Something off topic:
    Before omv I did it this way: Filled disc after disc and put it in the cupboard. Of course I thought: What will happen, when I take a disc out and it fails?
    So I learnd about the nas solutions on the marked. I decided for omv, because it doesn't need specail hardware.I have enough computers to take one for the nas. No additional cost.


    The testing i mentioned upon I did, because somebody told me to. Know what happens on failure before the nas is filled with more or less important data. I thought this would be wise.


    Now I have omv and I can survive one dead disc.


    The disadvantages: Each time I power up, all disc are powering up. With the discs in the cupboard only one disc is used.
    The discs in the cupboard are safe for thunderstorms (because who pulls out power and ethernet every time?)


    Would you advice me to stay with omv or go back to the disc in the cupboard (without a backup of each disc. This would be too expensive)? The loss of a disc would be annoying but not worth spending hundrets of bucks for backup of all discs.

    • Offizieller Beitrag

    I have to correct the plugin:
    - error in the start script when using keydisk.
    - not allow empty device mapper name. Cannot be empty, otherwise the crypttab fails
    - the drop down menu to select devices in crypttab needs to eliminate those ones already added.


    As I already mentioned all internet literature you can find in google points to raid+luks not the other way, this is probably because you don’t want to be typing two-three or more passwords for one device at the end.


    Is not guaranteed is going to work for your setup because the assembly after decryption can take a few seconds and the mount raid device can fail because is not ready.
    I don’t have real HD to test. I don’t use raid In my server.



    “Now I have omv and can survive one dead disk”


    This is wrong...a failed disk in raid is mean to be replaced immediately. Real servers use hot spares that enter operational as soon as one disk is fail. You cannot live with a degraded raid5, the stress induced in the remaining disks can lead to failure of the remaining disks.


    Seriously raid is not your backup. Save money and buy external drive to backup your data.

  • Thank you for your reply.


    I will see, how to backup the nas and then redo it with raid first, then luks


    I will think about your comments about backup strategy, too.


    Thank you.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!