Skip to main content
Topic: Attempting to setup an encrypted raid 5 with disk images (Read 61 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Attempting to setup an encrypted raid 5 with disk images

Hey I wanted to know others thoughts and any feedback on this thought of mine.

I've already drafted up a little bit of a script for installing the system, but i'm not sure if it's practical, or even setup correctly.

Here it is:

Code: [Select]
#!/bin/bash

# Step 1: Mount the disk drive
MOUNT_POINT="/mnt/raid_images"
DISK_DRIVE="/dev/nvme1n1p3"
# Mount the specified disk partition to the mount point
echo "Mounting $DISK_DRIVE to $MOUNT_POINT"
sudo mount $DISK_DRIVE $MOUNT_POINT
if [ $? -ne 0 ]; then
    echo "Error: Failed to mount $DISK_DRIVE to $MOUNT_POINT"
    exit 1
fi

echo "$DISK_DRIVE mounted successfully to $MOUNT_POINT"

# Step 2: Locate the disk images
DISK_IMAGES=("$MOUNT_POINT/disk1.image" "$MOUNT_POINT/disk2.image" "$MOUNT_POINT/disk3.image" "$MOUNT_POINT/disk4.image")

# Check if all the required disk images are present
echo "Checking if all required disk images are present"
for img in "${DISK_IMAGES[@]}"; do
    if [ ! -f "$img" ]; then
        echo "Error: Disk image $img not found."
        exit 1
    fi
    echo "Disk image $img found"
done
echo "All disk images found"

# Step 2.1: Mount disk images to loopback devices
LOOP_DEVICES=()
EXISTING_LOOPS=$(losetup -a | awk -F':' '{print $1}')
echo "Mounting disk images to loopback devices"
for img in "${DISK_IMAGES[@]}"; do
    LOOP_DEVICE=$(sudo losetup --find --show "$img")
    if [ $? -ne 0 ]; then
        echo "Error: Failed to mount $img to a loopback device."
        exit 1
    fi
    # Ensure only newly mounted loop devices are used
    if [[ ! "${EXISTING_LOOPS[@]}" =~ "$LOOP_DEVICE" ]]; then
        LOOP_DEVICES+=("$LOOP_DEVICE")
    fi
    echo "$img mounted to $LOOP_DEVICE"
done
echo "Disk images mounted to loopback devices: ${LOOP_DEVICES[@]}"

# Step 3: Create mdadm RAID 5 array
RAID_DEVICE="/dev/md0"
# Create a RAID 5 array with the specified loopback devices
echo "Creating RAID 5 array with loopback devices: ${LOOP_DEVICES[@]}"
sudo mdadm --create $RAID_DEVICE --level=5 --raid-devices=4 "${LOOP_DEVICES[@]}"
if [ $? -ne 0 ]; then
    echo "Error: Failed to create RAID 5 array."
    exit 1
fi
echo "RAID 5 array created successfully at $RAID_DEVICE"

# Step 4: Encrypt the mdadm array with cryptsetup
CRYPT_DEVICE="raid_crypt"
# Encrypt the RAID device using LUKS with specified parameters
echo "Encrypting RAID device $RAID_DEVICE with LUKS"
echo -n "YES" | sudo cryptsetup luksFormat --cipher aes-xts-plain64 --pbkdf=argon2id --progress-frequency=2 --pbkdf-parallel=4 --integrity=hmac-sha412 --label="raid_crypt" --sector-size=4096 --tries=2 --timeout=35 --use-urandom --key-size 512 --hash sha512 $RAID_DEVICE
if [ $? -ne 0 ]; then
    echo "Error: Failed to format RAID device with LUKS."
    exit 1
fi
echo "RAID device $RAID_DEVICE encrypted successfully"

# Open the encrypted RAID device
echo "Opening encrypted RAID device $RAID_DEVICE"
sudo cryptsetup open $RAID_DEVICE $CRYPT_DEVICE
if [ $? -ne 0 ]; then
    echo "Error: Failed to open encrypted RAID device."
    exit 1
fi
echo "Encrypted RAID device opened successfully as $CRYPT_DEVICE"

# Step 5: Create a Btrfs filesystem and mount it
BTRFS_MOUNT_POINT="/mnt/raid_install"
# Create a Btrfs filesystem on the encrypted RAID device
echo "Creating Btrfs filesystem on /dev/mapper/$CRYPT_DEVICE"
sudo mkfs.btrfs -f /dev/mapper/$CRYPT_DEVICE
if [ $? -ne 0 ];then
    echo "Error: Failed to create Btrfs filesystem."
    exit 1
fi
echo "Btrfs filesystem created successfully on /dev/mapper/$CRYPT_DEVICE"

# Mount the Btrfs filesystem to the specified mount point
echo "Mounting Btrfs filesystem to $BTRFS_MOUNT_POINT"
sudo mount /dev/mapper/$CRYPT_DEVICE $BTRFS_MOUNT_POINT
if [ $? -ne 0 ];then
    echo "Error: Failed to mount Btrfs filesystem to $BTRFS_MOUNT_POINT"
    exit 1
fi
echo "Btrfs filesystem mounted successfully to $BTRFS_MOUNT_POINT"

# Step 6: Install Linux distribution in chroot environment
# Following guide: https://wiki.artixlinux.org/Main/Installation

# Install base system packages (Artix Linux base, base-devel, and OpenRC)
echo "Installing base system packages"
sudo basestrap $BTRFS_MOUNT_POINT linux-lts linux-firmware linux-headers base base-devel runit elogind-runit
if [ $? -ne 0 ];then
    echo "Error: Failed to install base system."
    exit 1
fi
echo "Base system packages installed successfully"

# Generate the fstab file to define the mounted filesystems
echo "Generating fstab file"
sudo fstabgen -U $BTRFS_MOUNT_POINT | sudo tee -a $BTRFS_MOUNT_POINT/etc/fstab
if [ $? -ne 0 ];then
    echo "Error: Failed to generate fstab."
    exit 1
fi
echo "Fstab file generated successfully"

# Setup temporary device nodes for acting upon disks within the chroot, also, copy over /etc/resolv.conf to the chroot in order to have network.
echo "Setting up temporary device nodes for chroot"
for dir in /proc /sys /run /dev ; do
    echo "Mounting $dir to $BTRFS_MOUNT_POINT/$dir"
    sudo mkdir -p $BTRFS_MOUNT_POINT/$dir
    sudo mount --rbind /$dir $BTRFS_MOUNT_POINT/$dir
    sudo mount --make-rslave $BTRFS_MOUNT_POINT/$dir
    if [ $? -ne 0 ]; then
        echo "Error: Failed to mount $dir to chroot"
        exit 1
    fi
    echo "$dir mounted successfully"
done
sudo cp /etc/resolv.conf $BTRFS_MOUNT_POINT/etc/
if [ $? -ne 0 ]; then
    echo "Error: Failed to copy resolv.conf to chroot"
    exit 1
fi
echo "Device nodes set up successfully for chroot"

# Chroot into the new system and configure it
echo "Entering chroot environment to configure the system"
sudo artix-chroot $BTRFS_MOUNT_POINT <<EOF
# Update mkinitcpio.conf to include RAID and encryption hooks
echo "Updating mkinitcpio.conf for RAID and LUKS"
sed -i 's/^HOOKS=.*/HOOKS=(base udev autodetect modconf block mdadm_udev encrypt filesystems keyboard fsck btrfs)/' /etc/mkinitcpio.conf

# Set time zone
echo "Setting time zone to UTC"
ln -sf /usr/share/zoneinfo/America/Vancouver /etc/localtime
hwclock --systohc

# Set localization
# Generate the locale configuration for en_US.UTF-8
echo "Setting localization"
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
locale-gen
# Set the system language
echo "LANG=en_US.UTF-8" > /etc/locale.conf

# Set hostname
echo "Setting hostname to raidlinux"
echo "raidlinux" > /etc/hostname

# Configure hosts file for network name resolution
echo "Configuring hosts file"
cat <<EOL > /etc/hosts
127.0.0.1   localhost
::1         localhost
127.0.1.1   raidlinux.localdomain raidlinux
EOL

# Create network configuration
echo "Creating network configuration"
cat <<EOL > /etc/wpa_supplicant/wpa_supplicant.conf
network={
    ssid="7of9"
    scan_ssid=1
    key_mgmt=WPA-PSK
    psk="xxxxxxxxxxxx"
}
EOL

# Set file permissions for network configuration
chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf
if [ $? -ne 0 ]; then
    echo "Error: Failed to set permissions for network configuration"
    exit 1
fi
echo "Network configuration created successfully"

# Set root password
echo "Setting root password"
echo "root:password" | chpasswd
if [ $? -ne 0 ]; then
    echo "Error: Failed to set root password"
    exit 1
fi
echo "Root password set successfully"

# Install GRUB bootloader
echo "Installing GRUB bootloader"
# Install GRUB package using pacman
pacman -S --noconfirm grub
if [ $? -ne 0 ]; then
    echo "Error: Failed to install GRUB package"
    exit 1
fi

# Get the UUID of the RAID device for cryptdevice parameter
RAID_UUID=$(blkid -s UUID -o value $RAID_DEVICE)
if [ -z "$RAID_UUID" ]; then
    echo "Error: Failed to get UUID of RAID device"
    exit 1
fi
echo "RAID UUID: $RAID_UUID"

# Update GRUB configuration with cryptdevice parameter
echo "Updating GRUB configuration with cryptdevice parameter"
sed -i "s/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$RAID_UUID:$CRYPT_DEVICE root=\/dev\/mapper\/$CRYPT_DEVICE\"/" /etc/default/grub

# Install GRUB to the EFI system partition
grub-install --target=x86_64-efi --efi-directory=/boot/efi --boot-directory=/boot --bootloader-id=Artix
if [ $? -ne 0 ];then
    echo "Error: Failed to install GRUB bootloader."
    exit 1
fi
echo "GRUB bootloader installed successfully"

# Update the system
echo "Updating the system"
pacman -Syyyu
if [ $? -ne 0 ]; then
    echo "Error: Failed to update the system"
    exit 1
fi
echo "System updated successfully"

# Update mkinitcpio images
echo "Updating mkinitcpio images"
mkinitcpio -P
if [ $? -ne 0 ]; then
    echo "Error: Failed to update mkinitcpio images"
    exit 1
fi
echo "mkinitcpio images updated successfully"

# Generate GRUB configuration file
echo "Generating GRUB configuration file"
grub-mkconfig -o /boot/grub/grub.cfg
if [ $? -ne 0 ];then
    echo "Error: Failed to generate GRUB configuration."
    exit 1
fi
echo "GRUB configuration file generated successfully"

exit
EOF

# Check if chroot operation was successful
if [ $? -ne 0 ];then
    echo "Error: Failed to complete installation in chroot environment."
    exit 1
fi
echo "Chroot configuration completed successfully"

# Final success message
echo "RAID array created, encrypted, and Linux distribution installed successfully."