This is an old revision of the document!
This tutorial is based on me wanting to set up a server solution for self-hosters that can survive a remote reboot, but also encrypt the data on the server that matters most. For that reason, I chose RAID1 array, and used luks and pam_mount and once that array and install were created. Here is what I did using an ncurses Debian stretch installer. I recommend not using a netinst.iso but the full DVD.iso instead and also, do NOT use a network mirror, and do not use any extra packages. Once the system is built, you can install the packages and rebuild the sources.list as needed. If you add all of those options during installation, older hardware in particular, will take up to a day to install since it will also be simultaneously syncing the array. At any rate, once you get that all ready, proceed:
Hardware Required
Using the ncruses installer, with manual partitioning, select each drive heading, continue by pressing enter when each of those are selected, and for each one it will prompt you to issue the drive a new GPT table. After that, I partition as follows:
/dev/sda1 - BIOS /dev/sda2 - 128GB (use as RAID) /dev/sda3 - 16GB (use as RAID) /dev/sda4 - 3.9TB (use as RAID)
The other drive was set up identically.
/dev/sdg1 - BIOS /dev/sdg2 - 128GB (use as RAID) /dev/sdg3 - 16GB (use as RAID) /dev/sdg4 - 3.9TB (use as RAID)
From there, I use the configure software RAID option and create new md devices for sda2/sdg2, sda3/sdg3, and sda4/sdg4. Do not create a mirror between the BIOS partitions - do not worry, if you attempted to, it will not allow you to utilize the md partition in that manner in the following screen, but it takes a lot of time to back up and reformat everything and build the array properly, so do not do this from the beginning. Once this is done, you will have
md0 - 128GB - format xfs, mount point "/" md1 - 16GB - use as swap md2 - 3.9TB - format xfs, use as "/home"
Once that is done, continue with the installation as you desire. Again, I do not add any additional software or utitlize the mirror during install. I do all of that later and adjust the sources.list and add the packages after the installation succeeds, and especially important, after the syncing succeeds. At any rate, assuming your host now has its OS installed, you still must do the following to ensure that swap and /home are encrypted. Open a tty1 when the system boots in and log in as root. Once logged in, perform the following:
The sfdisk command is not complete … the proc shows kernel report on mirroring / syncing status …
sfdisk -d | sfdisk cat /proc/mdstat
Temperamental Swap mirroring …
mdadm –readwrite /dev/md1
Instructions for debian install:
https://blog.sleeplessbeastie.eu/2013/10/04/how-to-configure-software-raid1-during-installation-process/ https://www.howtoforge.com/replacing_hard_disks_in_a_raid1_array https://linuxgazette.net/140/pfeiffer.html http://jasonwryan.com/blog/2012/02/11/lvm/
— oemb1905 2018/11/23 15:30