Monat: März 2014

♥ installing Arch Linux raid1 ♥

unicorn arch linux installI want to make a guideline for encrypted raid 1 arch linux install

Clean devices:

# dd if=/dev/urandom of=/dev/sd[a,b]

Boot Arch linux from usb-stick how to create one you will find out,
I’m shure, but at least:
dd bs=4M if=Downloads/archlinux-2015.5.01-dual.iso of=/dev/sdb

create partition table, connect to internet

Easy to use is the commandline patition tool cfdisk.

# fdisk -l

Festplatte /dev/sda: 153,4 GiB, 164696555520 Bytes, 321672960 Sektoren
Einheiten: Sektoren von 1 * 512 = 512 Bytes
Sektorgröße (logisch/physikalisch): 512 Bytes / 512 Bytes
E/A-Größe (minimal/optimal): 512 Bytes / 512 Bytes
Festplattenbezeichnungstyp: dos
Festplattenbezeichner: 0x1f66ae0c

Gerät Boot Anfang Ende Sektoren Größe Kn Typ
/dev/sda1 * 2048 393215 391168 191M 83 Linux
/dev/sda2 393216 321672959 321279744 153,2G fd Linux raid autodetect

Device Start End Sectors Size Type
/dev/sda1 2048 294911 292864 143M Linux RAID
/dev/sda2 294912 1953525134 1953230223 931.4G Linux RAID

# sfdisk -d /dev/sda > part-table
# sfdisk /dev/sdb < part-table

If you have a german keyboard type:

# loadkeys de-latin1-nodeadkeys.map.gz

Establish WiFi-connection if you don’t have wired access to theInternet:

call wifi-menu, or  ifconfig and dhcpcd your ethdev
check with „ping ccc.de“

to setup raid arrys load modules

# modprobe raid1 && modprobe dm-mod

and

# mdadm --create /dev/md0 --level=1 --raid-devices=2 --metadata=0.90 /dev/sd[ab]1
# mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sd[ab]2
check the sync status with
 # watch -n1 cat /proc/mdstat
and
 # mdadm --misc --detail /dev/md[01] | less

press q to quit

encrypt everything except boot

XTS splitts the encryption, to AES 256 bit keylength, use 1024 for a 512bit key.

# modprobe dm-crypt
# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/md1
# cryptsetup luksOpen /dev/md1 duoluks

create lvm partitions

# pvcreate /dev/mapper/duoluks
# vgcreate duovg /dev/mapper/duoluks
# lvcreate -L 200GB -n root duovg
# lvcreate -L 12GB -n swap duovg
# lvcreate -l 100%FREE -n home duovg

Now we need a filesystem on them:

# mkfs.ext4 -L boot /dev/md0
# mkfs.ext4 -L root /dev/mapper/duovg-root
# mkfs.ext4 -L home /dev/mapper/duovg-home
# mkswap -L swap /dev/mapper/duovg-swap

mount and install

Mount the volumes into the running livesystem:

# mount /dev/mapper/duovg-root /mnt
# mkdir /mnt/boot
# mount /dev/md0 /mnt/boot

Install the base and base-devel packets to /mnt (Internet-connection required):

# pacstrap /mnt base base-devel joe openssh net-tools
# pacstrap /mnt grub-bios

Generate fstab:

# swapon -L swap
# genfstab -p -U /mnt > /mnt/etc/fstab

After succesfully setting up the drives, install the base packages and then, once that is complete, switch TTYs and update your Raid configuration prior to configuring your system. This means that when your initrd is regenerated, it will inlcude the correct Raid information:

mdadm --examine --scan > /mnt/etc/mdadm.conf

chroot and configure

# arch-chroot /mnt

delete the # in front of your language of choise
(e.g. de_DE.UTF-8 UTF-8) in locale.gen and generate the locale:

# joe /etc/locale.gen

remove hash# form your language

de_DE.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE@euro ISO-8859-15

then:

# locale-gen
# echo LANG=de_DE.UTF-8 > /etc/locale.conf
# echo LC_COLLATE=C >> /etc/locale.conf
# echo LC_TIME=de_DE.UTF-8 >> /etc/locale.conf
# export LANG=de_DE.UTF-8

Generate /etc/vconsole.conf with the following 3 lines to bind your keys correctly:

# echo KEYMAP=de-latin1 >> /etc/vconsole.conf
# echo FONT=Lat2-Terminus16 >> /etc/vconsole.conf
# echo FONT_MAP=8859-1_to_uni >> /etc/vconsole.conf

Create a symbolic link /etc/localtime to your zone file /usr/share/zoneinfo//:

# ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime

Define yout hostename:

# echo myhostname > /etc/hostname

Edit /etc/mkinitcpio.conf: Put „keyboard“, “keymap”, “encrypt” and “lvm2″ before “filesystems” in the HOOKS array. HOOKS=“base udev mdadm autodetect modconf block keymap encrypt lvm2 filesystems keyboard fsck“

# mkinitcpio -p linux

Now install GRUB (part 2), on a device not a partition or a volume:

grub-install --target=i386-pc --recheck --debug /dev/sda

In /etc/default/grub edit the line GRUB_CMDLINE_LINUX=”” to GRUB_CMDLINE_LINUX=”cryptdevice=/dev/md1:duovg” then run:
# grub-mkconfig -o /boot/grub/grub.cfg

make sure to have

# (0) Arch
title Arch Linux
root (hd0,0)
kernel /vmlinuz26 root=/dev/mapper/duovg-root
cryptdevice=/dev/md1:duovg ro
initrd /kernel26.img

# (1) Arch Fallback
title Arch Linux Fallback
root (hd0,0)
kernel /vmlinuz26 root=/dev/mapper/duovg-root
cryptdevice=/dev/md1:duovg ro
initrd /kernel26-fallback.img

# systemctl enable dhcpcd.service

set your root password:
# passwd
Exit the chroot:
# exit

Unmount:

# umount /mnt/boot
# umount /mnt/home
# umount /mnt