OpenMediaVault 6 setup with RAID5 -> LUKS -> LVM2 -> EXT4

1. offizieller Beitrag

    Hi,


    I would like to share my setup notes with you: https://github.com/mtreml/diy-nas


    Goals:

    • Build a DIY NAS
    • OS drive: OpenMediaVault 6.0-16 on microSD card (cloned for backup)
    • Data drive: RAID5 -> LUKS -> LVM2 -> EXT4 for read performance, failure safety and privacy
    • Automatic unlocking of encrypted drive in a known network with Tang & Clevis
    • Server should be able to do unattended shutdowns / reboots for energy saving


    Since I am new to this forum, this might not be the appropriate place to post this. Please redirect me if necessary.

  • crashtest

    Hat das Thema freigeschaltet.

    This sounds more like a blackbox than a NAS, are you sure you want to use OMV for this? I've never built a blackbox, but I know there are dedicated kernels out there for this that won't come with the overhead of any NAS distro.


    If you want a full blown OS, I wouldn't recommend Tails anymore, but maybe check OS distros that are similar. However to me, it sounds like you want a very small kernel (doesn't sound like you want a GUI of any kind).

    Hello,


    I'm new here in the forum and hope to find some answers to my questions. :)

    Currently I'm setting up my NAS which looks as follows:

    • OMV 6.0.5-3 with omv-extras
    • Pentium Gold G6405
    • 16 GB RAM
    • 256 GB SSD as system drive
    • 2x 4 TB for data (RAID1)


    My plans look very similar to atreo ones:

    • RAID1 > LUKS > EXT4 (I don't need LVM)
    • Automatic unlock over network, e.g. with a keyfile on a separate network share at other location


    Is it possible to run the luksencryption-Plugin at OMV6? If yes, how can I install it?

    https://github.com/OpenMediaVa…mediavault-luksencryption

    • Offizieller Beitrag
    Zitat von copriti

    I'm new here in the forum and hope to find some answers to my questions.

    Welcome.

    Assuming it is a NAS for a home and you don't have a backup of all your data. If not, do not continue reading.

    Some comments about your configuration:

    - You don't need a 256GB drive to install OMV, it only takes about 8GB (at most ...)

    - If you are going to install applications with docker, it is convenient that they do not live on the same unit as the operating system.

    - Applications in docker appreciate being installed on a fast disk.

    - OMV can be installed on a USB stick (16GB or 32GB is fine). Together with the openmediavault-flashmemory plugin you will not notice a difference. https://openmediavault.readthe…/installation/on_usb.html

    - OMV on a pendrive allows you to easily make a backup of the system. https://openmediavault.readthe…l#operating-system-backup

    As a consequence of all the above, I would install OMV on a 32GB pendrive and dedicate the SSD to docker. [How to] Prepare OMV to install docker applications

    - It is essential to have a backup of the data.

    - Raid is not a backup.

    - Raid is used to have the data available if a disk fails.

    - In a home it is not necessary to have the data available 24/7.

    - If your files are attacked by a virus or malware or end up encrypted and asked for a ransom, the Raid is useless.

    - If you accidentally delete files the Raid is useless.

    As a consequence of the above, I would not configure a Raid. I would configure one of the drives for data and the other drive with copies scheduled with rsync, with a time between copies depending on your use.

    And now, answering your question. To install openmediavault-luksencryption you need to install omv-extras.

    OMV-Extras.org Plugin

    Then go to System> Plugins> Search for the plugin and click install.

    You can see here the progress of the plugins in OMV6

    omv-extras plugins - porting progress to OMV 6.x

    Zitat von chente

    Assuming [...] you don't have a backup of all your data.

    Maybe I have to explain my setup a bit more in detail: Actually, I will set up two OMV systems, one at location A and one at location B. The hardware I've mentioned above is the one of A, the hardware of B is older, but in principle the same configuration. B is running with Windows Server Essentials since several years, but I want to get rid of it.


    My backup concept (because I know RAID isn't one) will be realized over two ways (at least that's what I imagine):


    a) The two OMV systems shall always have same version of data. This is also because I sometimes work at location A, sometimes at location B and always want to have maximum speed over LAN.

    • Remote sync of OMV A data at OMV B, using rsync and VPN
    • Remote sync of OMV B data at OMV A, using rsync and VPN


    b) A 'true' backup for those cases you've mentioned above (virus, accidentially deleting files etc.)

    • Local backup of OMV A data at external HDD at location A, also encrypted. Because B is synced with A, it's de facto also a backup of B.
    • Local backup of OMV A data at external HDD at location A, also encrypted. Because A is synced with B, it's de facto also a backup of A.


    Using the second internal drive for backup instead of RAID will not protect me against viruses encrypting my data, because it's always connected. In my opinion, the only option is an external drive physically not connected combined with my own attention realizing the attack before connecting the external drive next time.

    The encryption is just in case of a theft of the complete NAS or an external drive.


    Zitat von chente

    As a consequence of all the above, I would install OMV on a 32GB pendrive and dedicate the SSD to docker.


    That's a good point, I will think about that.


    Zitat von chente

    To install openmediavault-luksencryption you need to install omv-extras.

    OMV-Extras.org Plugin

    Then go to System> Plugins> Search for the plugin and click install.

    You can see here the progress of the plugins in OMV6

    omv-extras plugins - porting progress to OMV 6.x


    omv-extras is already installed, but I didn't find the openmediavault-luksencryption plugin last time.

    But as I can see at the page with the porting progress you've linked, it's not yet ported to OMV6 :(


    Seems I have to be patient... or is there another way get LUKS running without destroying complete OMV system?

    • Offizieller Beitrag

    I am glad to read this. I see that you are clear about the basic concepts to use a NAS. Many newcomers make basic mistakes at first that are difficult to correct later. Your first post It made me think that was the case. Your second post proves otherwise.


    Regarding LUKS, if you want to use it from the OMV GUI you will have to wait for it to be ported to OMV6 or install OMV5. There are currently some issues with the development of other major plugins in OMV6, I am afraid LUKS will lag a bit. I could not say until when.


    I'm not sure if you can use LUKS from CLI without breaking the system. Someone else should step in here to answer this. I quote macom , surely he can confirm it.

    No problem, my first information was a bit rare I think.


    Maybe I'll start setting up the two OMV systems without LUKS and change that later when the plugin is ported to OMV6

    This would mean I have to delete the existing file system, setup LUKS and then creating a new file system on top of LUKS and copy my data back from the backup, right? Or are there any drawbacks of that approach?

    • Offizieller Beitrag
    Zitat von copriti

    Maybe I'll start setting up the two OMV systems without LUKS and change that later when the plugin is ported to OMV6

    This would mean I have to delete the existing file system, setup LUKS and then creating a new file system on top of LUKS and copy my data back from the backup, right? Or are there any drawbacks of that approach?

    Sorry, I don't know how to answer this. I have never used LUKS. Someone else should step in here.

    • Offizieller Beitrag
    Zitat von copriti

    This would mean I have to delete the existing file system, setup LUKS and then creating a new file system on top of LUKS and copy my data back from the backup, right? Or are there any drawbacks of that approach?

    That plan should work. There are plenty of drawbacks to using LUKS though.

    omv 7.1.0-2 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.2 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.5 | scripts 7.0.1


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Zitat von chente

    And now, answering your question. To install openmediavault-luksencryption you need to install omv-extras.

    OMV-Extras.org Plugin

    Then go to System> Plugins> Search for the plugin and click install.

    You can see here the progress of the plugins in OMV6

    omv-extras plugins - porting progress to OMV 6.x

    Hi - I installed OMV6 but LUKS does not show up. Does OMV6 not support LUKS on a RPI4?

    OMV6 i5-based PC

    OMV6 on Raspberry Pi4

    OMV5 on ProLiant N54L (AMD CPU)

    • Offizieller Beitrag
    Zitat von MarcS

    I installed OMV6 but LUKS does not show up. Does OMV6 not support LUKS on a RPI4?

    If you have installed omv-extras, OMV-Extras.org Plugin

    the openmediavault-luks plugin should appear under plugins

    I like the Tang Server idea, I will put that onto my Firewall I guess. But why do you need LVM on this box? You wrote in your Wiki, that you use 100% for one logical unit. I would remove LVM and use a SSD with bcache as a caching drive to pump up the speed.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden