In this breif paper I am going to outline the steps needed to setup an encrypted RAID array on a Redhat/CentOS Server, this procedure is purely for the sake of "just because we can" and is not the best scenario for a production or high availability server.
To achieve our goal of an Encrypted RAID array we are going to use a couple common Linux packages which you shouldnt have a hard time obtaining.
mdadm - manage MD devices aka Linux Software RAID util-linux - The util-linux package contains a large variety of low-level system utilities
-Installing these packages
$ yum install util-linux mdadm
The first thing we will need to do is add the kernel module cryptoloop, this will be needed in order to create our encrypted loop devices which can later be added to a RAID Array.
$ modprobe loop $ modprobe cryptoloop
After adding the needed module you should go ahead and create your disk images, to do this we will use dd and create blank files.
$ dd if=/dev/zero of=image1 count=1 bs=100M 1+0 records in 1+0 records out 104857600 bytes (105 MB) copied, 2.24 seconds, 46.8 MB/s $ dd if=/dev/zero of=image2 count=1 bs=100M 1+0 records in 1+0 records out 104857600 bytes (105 MB) copied, 1.15 seconds, 91.2 MB/s
Now that we have our two blank files we can go ahead and create loop devices out of them using the losetup command which is found in the util-linux package.
$ losetup -e serpent /dev/loop0 image1 Password: Password: $ losetup -e serpent /dev/loop1 image2
At this point we have both our files created a loop devices, if you like to check use losetup -a to view them. Now we can go ahead and use mdadm to create or RAID1 out of these two devices.
$ mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/loop0 /dev/loop1 mdadm: array /dev/md0 started.
To check the status of your RAID check this in /proc/mdstat, from here you can see if the devices are healthy, rebuilding, or degraded.
$ cat /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md0 : active raid1 loop1[1] loop0[0]
102336 blocks [2/2] [UU]
Alright we are now set, we have a single Block device /dev/md0 which contains both our loop devices in RAID1. So now lets go ahead and format it with ext3 and mount it on our system.
$ mkfs.ext3 /dev/md0 $ mount /dev/md0 /mnt
Date: 2010-04-11 11:13:11 CDT
HTML generated by org-mode 6.21b in emacs 23