LUKS disk encryption plugin

Zitat

Now syslog shows:

Code

Code

Dec 15 17:39:03 omv-server monit[996]: Filesystem '/srv/dev-disk-by-label-data1' not mounted

Dec 15 17:39:03 omv-server monit[996]: 'filesystem_srv_dev-disk-by-label-data1' unable to read filesystem '/srv/dev-disk-by-label-data1' state

Dec 15 17:39:03 omv-server monit[996]: 'filesystem_srv_dev-disk-by-label-data1' trying to restart

Dec 15 17:39:03 omv-server monit[996]: 'mountpoint_srv_dev-disk-by-label-data1' status failed (1) -- /srv/dev-disk-by-label-data1 is not a mountpoint

I am getting the exact same logs in OMV. I just installed a fresh instance of OMV on my Raspi 4. Everything worked fine. I installed Encryption plugin and followed instructions provided in this post on the very first page. No problems at all - until I restarted the raspi.

Now file system for that disk is marked as 'missing' and I get the logs as mentioned by KemikalElite . Can someone help to debug this problem and eventually find a solution?

Hi folks,

is there any known issue whith LUKS when letting the HDDs spin down after a certain time AND pick the option 127 in the power management?! I had picked a spindown time of 240 minutes AND the 127 option which result in LUKs getting locked after the HDDs (only WD reds) are going into idle mode and power down...

Further on I also have SnapRaid with MergerFS installed, but I did not find anything relevant in the logs, that's why I am asking here... meanwhile I have deleted the 127 option and everything is working fine again after I wake the HDDs from idle.

Hi,

I am looking at finding a way to catch the result of disk.decrypted.sucessfully , so I can trigger a daemon or a script after the decryption is sucessful?

I get fine the email that my disk is decrypted fine:

The system monitoring needs your attention.

Host: \M**********

Date: Sun, 20 Jun 2021 18:00:06

Service: mountpoint_srv_HDA1

Event: Status succeeded

Description: status succeeded (0) -- /srv/HDA1 is a mountpoint

This triggered the monitoring system to: alert

this is cool but I cannot see any specific related services or targets in systemd/system/ that I could use as a trigger to start a service or a script after the decryption is sucessful.

May be I look in the wrong place? Any ideas on the matter ?

How good is this plugin? I would read all 20 pages but would probably get confused, also It would take a new user a long time to comprehend.

So I just wondered with how reliable and functional it actually is. If I was to go encryption I would want a 100% reliability really is this achieved with this.

I realise the nature of these threads deal with some form of problem solving. due to my inexperience would I be foolish to use this software if it was going to one day ruin all my data? or is the encrypted disk just accessed by omv and that is what the extent of data issues are, access issues only limited to OMV, meaning the data can be accessed by another system no problem, just relocate the storage medium.

I have never used Encryption on a disk but would like to, I would be also using rsync or Rsnapshot backup, how well does this LUKS plugin interact with other plugins or features of OMV or even combinations with other plugins or features unique to LUKS that are separate from OMV but may need to interact together. that may include encryption of disk addons if there are any?

Any advice and information would be valued, thank you all.

Hello,

I just installed LUKS to encrypt my RAID 1 HDD but I can't select any drive when using "Create" :




I have already nextcloud data on this RAID 1 HDD, and I would like to encrypt. Is anyone can help ?

Zitat von ryecoaaron

You can't encrypt an existing disk. You will need to wipe the filesystem from the raid array, add luks, and then a filesystem on top of luks.

Thank your for your answer, this is something that I didn't konw.

Is it possible to copy the content of the existing filesystem somewhere else (backup), wipe the filesystem, encrypt it, and then copy the old file system ?

If yes, how can I do that ? (I am sorry, I am a newbie).

Thank you again for your detailed answer ; I just want to add a few details.

I got 1 x 128Go SSD (which contains the installation of OMV5), and 2x 1To HDD in RAID1/ Mirror (which contains my Owncloud server and its files)

So basically, if I am not wrong, I don't have to backup the SSD, but only copy the content of my RAID1 filesystem as you described, then copy it again when LUKS encryption is done. Correct ?

To help you, here is my drives :

Zitat von ryecoaaron

yep. you could copy the content to your ssd since it looks like you have enough room.

Yes, that is what I planned to do. Thank you again for your precious help, dear.

Hi,

I have a trouble with this plugin when I test it.

My current setting :

• VM VirtualBox (for test I don't use my NAS, and prefer to try on VM).
• openmediavault 6.1.4-2
• 3 hard drive (1 for OMV and 2 for the raid)

1. I create a software Raid 1 with the 2 hard drive (/dev/md0)
2. I encrypt the new /dev/md0
3. I create a new File System (BTRFS) to the encrypted device

The encrypted device desappears into the Encryption pannel.

If I delete the File System, delete the Raid 1 and wipe the disk. I can recreate a raid but when I want to encypt it the device list is empty.

Thank you for the answer macom.

I redid the procedure and finaly it's working, I think I forgot to unlock the drive before creating the filesystem.

So I do :

1. Create the raid mirror
2. Validate the change
3. Waiting for the state clean of the raid
4. Create the encrypted device
5. Validate the change
6. Unlock the device, it create a /dev/mapper/md0-crypt
7. Create a File systems -> On the device list I only have "LUKS encrypted container on /dev/md0 [/dev/dm-0,1.98GiB]", I expected to have /dev/md0-crypt
8. Create a shared folders
   • Name : test_folder
   • Device : /dev/mapper/md0-crypt
   • Relative Path : test_folder/
   • Absolute Path : /srv/dev-disk-by-uuid-96aab........./test_folder

I put some files on it and checked that after a reboot I can't access files without unlooking the LUKS device.

To validate the set, I recreate the raid (only on drive of the mirror) and mount the luks on a Linux mint disto and successfully retrieve my files.

Hi,

I have OMV 6.0.24-1 installed, set up an encrypted drive using openmediavault-luksencryption and created an SMB share.

I can unlock the drive and browse to the shares in console on the OMV machine but when I ty to mount the share on another linux machine I get a cifs_mount error mount error(13) - Permission denied.

I have set up an SMB share on a non encrypted filesystem and share it the same way and it mounts and navigates no problem so I assume its because the share is on the encrypted disk.

I also tried using an NFS share and although the mount command works if I cd /mnt/folder, I get Permission denied

Just wondered if im missing something that anyone could point me toward?

Cheers

Stot

Maybe use the Reset Permission plugin to restore the correct permission to users.

Hi all! Can anyone helps with permanent decrypt disk. I use luks in one disk, i want to disable luks for that disk. How can i do this?