[dm-crypt] can't open luks device after raid 5 rebuild

Arno Wagner arno at wagner.name
Sun Apr 8 22:22:06 CEST 2012


On Sun, Apr 08, 2012 at 07:09:30PM +0200, Heinz Diehl wrote:
> On 08.04.2012, artificial11000 wrote: 
> 
> >  mdadm --create --level=5 -n 3 /dev/md127 /dev/sdb /dev/sdc /dev/sdd
>          ---------
> 
> Seems your data is gone, forever. You created a new raid manually,
> which means that you deleted all your previous data. 

Not quite. The LUKS header is still there, obviously.
What happens when you create a RAID5 array out of components
of another RAID5 array is the following: They get put
into some order and, in a fashion rotating by stripe-size,
one drive gets overwritten with the parity of the others.
If everything, includiong the drive order is the same
as in the original artray, everything will be fine.

Otherwise, if the stripe size is correct, you will not actually
lose any data, as only one drive was overwritten per stripe
and the original RAID5 data is tolerant against one device loss
(or loss of one stripe per stripe-set). The array still assembles 
incorrectly and you will _not_ be able to re-create the original 
data without major effort. It should be possible though, but
it involves figuring out the current and the old stripe order
and then manually rebuilding the old array out of the old stripes
still there. This is made trickier because the old RAID
superblocks are also gone.

I think could do this, but I would expect several days of coding and
I would need the password (otherwise it is impossible to verify 
correct stripe order and size) and complete drive images of all drives. 
(And, sorry, my rates are likely way above what the data is 
worth to you...) Some RAID recovery software may also be able
to help, but as the data is encrypted, I doubt it, as with encrypted
data, it is not possible to detect whether the assembly order
is right. This would require a specialized LUKS-aware RAID recovery
tool.

> You have a backup, do you?

That would be the next question. The proble is not (only) that
you hosed the LUKS header, but the complete data area.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list