[dm-crypt] Open raid1 with luks encryption after a raid re-create

Sven Eschenberg sven at whgl.uni-frankfurt.de
Mon Nov 23 04:56:34 CET 2015



Am 23.11.2015 um 04:35 schrieb Arno Wagner:
> On Sun, Nov 22, 2015 at 23:30:23 CET, Sven Eschenberg wrote:
> [...]
>> Now to your question, once you know the offset of the header:
>> 1.)Setup a loop device from your image (You can use an offset into
>> the image where your loop device starts with sector 0) see --offset
>> in losetup man page.
>
> Ah, yes. That would save copying it.

That was the plan. In general using dmsetup to create a mapping manually 
should work too, if loop device support is missing - dmsetup is pretty 
cryptic to use though.

>
>> Inspect loopdevice if the LUKS Header now is on sector 0
>> 2.)Try a cryptsetup luksopen in readonly mode
>
> Good idea. With that it may be reasonaly safe to work
> with the original disk. I still would make a full
> backup before.
>
> Regards,
> Arno
>

Well, I thought about using the loop on the file while the physical disk 
stays unchanged. Otherwise it would be possible to work on the physical 
disk, and keep a safety image. No matter which way one chooses, always 
have a safety copy.

If the disk is having mechanical problems or something similiar one 
would of course use 2 images, one 'master binary backup' and the replica 
to work on.

Once mapping and opening works, one can choose to either copy out the 
files and backup (usually a good idea) or to create a copy in the manner 
you described. Possibly such an image could then be remerged onto a new 
clean array, if it is otherwise intact. Not without some remaining risks 
though.

Regards

-Sven


More information about the dm-crypt mailing list