On 08/02/2022 02:07 PM, H wrote: > On 04/29/2022 07:30 AM, Joakim Dellrud wrote: >> Think he might have just missed the fact that you had EFI boot aswell. So >> then it would be: >> >> /boot md0 >> >> /boot/EFI md1 >> >> / md2 -> vg0 -> lvs >> >> Otherwise it was more a suggestion on using encryption for more then just >> the /home partition since there is always a risk with SWAP etc to have >> information that you do not want to be read. >> >> My current setup goes: >> >> /dev/mapper/vg0-root / >> /dev/mapper/vg0-usr /usr >> /dev/nvme0n1p2 /boot <- this would be a md device >> in your case >> /dev/nvme0n1p1 /boot/efi <- this would be a md device >> in your case >> /dev/mapper/vg0-home /home >> /dev/mapper/vg0-var /var >> /dev/mapper/vg0-tmp /tmp >> /dev/mapper/vg0-var_tmp /var/tmp >> /dev/mapper/vg0-var_log /var/log >> /dev/mapper/vg0-var_log_audit /var/log/audit >> >> Note that we are most likely mixing data redundancy with data security a bit >> here. So as far as your plan to run a md device for each "partition" needed >> that is a sound and solid plan. >> >> When it comes to encryption the point is that you might want to have more >> then just /home protected. But this is very dependent on your threat model. >> If you have a laptop encryption of all partitions is suggested. >> >> Regards >> >> >> On 2022-04-24 20:54, H wrote: >>> On 04/23/2022 09:19 PM, H wrote: >>>> On 04/19/2022 09:57 AM, Roberto Ragusa wrote: >>>>> On 4/18/22 1:27 PM, H wrote: >>>>>> I have a new computer with 2 x 2TB SSDs where I wanted to install C7 and >>>>>> use mdadm for RAID1 configuration and encrypting the /home partition. On >>>>>> the net I found >>>>>> https://tuxfixer.com/centos-7-installation-with-lvm-raid-1-mirroring/ >>>>>> which I adopted slightly with respect to partition sizes, using RAID1 >>>>>> for /boot and /root as well and added the /home partition with RAID1 and >>>>>> chose to have /home encrypted. >>>>> It may be a good idea to also have / and swap encrypted, since user data >>>>> can go there easily >>>>> (logs, locatedb, swapped mem). >>>>> >>>>> I would do: >>>>> - /boot as a separate RAID1 (md1=sda1+sdb1) >>>>> - then another RAID1 (md2=sda2+sdb2) using all the remaining disk >>>>> - luks on top of md2, giving you luks-xxxxx >>>>> - LVM with a PV on luks-xxxxx >>>>> - VG and LVs for swap, / and /home (do not assign all the available space >>>>> now, especially if using xfs as filesystem) >>>>> >>>>> Not sure if you can do this setup through the installer, you have to try >>>>> (in a VM maybe). >>>>> >>>>> Regards. >>>>> >>>> Thank you. I will have time to get back to this system tomorrow to try >>>> this. >>>> >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS@centos.org >>>> https://lists.centos.org/mailman/listinfo/centos >>> Roberto, what would the advantage(s) be with your setup, ie one RAID1 array >>> for everything but /boot compared to what I had done, ie three RAID1 arrays >>> for /boot/efi RAID1, /boot RAID1 and one LVM-RAID1 for / and /home? As a >>> naive user it would seem to me that the setup I did would be more resilient >>> if a disk fails, or? >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos > I am coming back to this topic after a long while. Again, I am installing > CentOS 7 on a new machine. Using the graphical installer and following the > suggestion above, I first created the /boot partition in RAID1 configuration, > then /boot EFI in RAID1 configuration, after which I proceeded to create an > LVM in RAID1 configuration for the remainder of the disks using the / > partition. > > If I understand the above correctly, I should then create /home and swap > using this LVM (as well as possibly /var) but do not seem to be able to do so > in the graphical installer. > > Have I missed something? Or, do I need to do this differently following > another path? > > Thank you in advance. > I am still stuck on the above and would love to hear some suggestion(s).
Thank you. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
