AdvancedPartitioningSchemes
3534
Comment:
|
← Revision 23 as of 2012-05-29 13:37:06 ⇥
12371
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;"><<TableOfContents(2)>>|| | |
Line 8: | Line 9: |
== Example == | = Devices = Note that below devices can be stacked one, on top of the other, on top of the other... Just like a [[http://en.wikipedia.org/wiki/Matryoshka_doll| Matryoshka doll]] == Physical Disk / usb pen drive / SDcard == |
Line 17: | Line 24: |
* LVM - Logical Volume Group (combines many disks together) | == LVM - Logical Volume Group == |
Line 23: | Line 30: |
* LUKS aka cryptsetup, dm-crypt, full-disk encryption * takes 1 component & creates 1 encrypted device from it * e.g. `/dev/sda` -> `/dev/crypt1` * `/dev/crypt1` can be used as a mountpoint, or as a component of another array (e.g. LVM) * hopefully (?!) cannot be partitioned, use LVM on top of it. * RAID * takes 2+ components and creates an array `/dev/md` * resulting array can be used as component of another array (e.g. LUKS/LVM) or become a mountpoint * hopefully (?!) cannot be partitioned, use LVM on top of it There are many ways to partition and install your system. = What = == Pre-requisites == * 'what disks you have' == Reasoning == * 'why is it sane to partition like that' == Final disk layout == ||<style="border:0px;"> || first row: end mount point, filesystem || ||<style="border:0px;"> || rows of nested block devices || || mbr || last row: real/physical disk(s) || == Steps == # 'steps to create it' == d-i slideshow == Slideshow = Typical single disk installation = == Pre-requisites == |
== LUKS == LUKS aka cryptsetup, dm-crypt, full-disk encryption * takes 1 component & creates 1 encrypted device from it * e.g. `/dev/sda` -> `/dev/crypt1` * `/dev/crypt1` can be used as a mountpoint, or as a component of another array (e.g. LVM) * hopefully (?!) cannot be partitioned, use LVM on top of it. * recommended to have `/boot` mountpoint / filesystem which is not encrypted due to current implementation == RAID == * takes 2+ components and creates an array `/dev/md` * There are many different RAID levels, requiring different minimum amount of disks * Can optionally add more disks, then required, to be used as spares * resulting array can be used as component of another array (e.g. LUKS/LVM) or become a mountpoint * hopefully (?!) cannot be partitioned, use LVM on top of it = Installation types = Typical debian-installer (d-i) installation starts like shown [[https://picasaweb.google.com/105922848292507689403/Beginning?authuser=0&feat=directlink|here]]. After you get to manual partitioning step, here are some of the supported ways to partition your disk: == Typical single disk installation == [[https://picasaweb.google.com/105922848292507689403/SingleDiskStandardInstall?authuser=0&feat=directlink#slideshow/5746148527411337202|Slideshow]] Pre-requisites: |
Line 57: | Line 58: |
== Reasoning == | Reasoning: |
Line 60: | Line 61: |
== Final disk layout == ||<style="border:0px;"> || / || swap fs || ''empty'' || || mbr || sda1 || swap || ''empty'' || == Steps == # 'steps to create it' == d-i slideshow == Slideshow = Single full-disk encryption = == Pre-requisites == |
Final disk layout: ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> || / || swap fs || ''empty'' || ||<rowstyle="background-color: #f1f1dd;"> mbr || /dev/sda1 || swap || ''empty'' || Steps: * Create sda1 partition, specify size * Create swap partition, specify size * Select `/` mountpoint & filesystem (e.g. ext4) * Select `use as swap` == Single full-disk encryption == [[https://picasaweb.google.com/105922848292507689403/FullDiskEncryption?authuser=0&feat=directlink#slideshow/5746424389070749058|Slideshow]] Pre-requisites: * have 1 disk Reasoning: |
Line 73: | Line 78: |
* want simplicity (no other additional) == Reasoning == * 'why is it sane to partition like that' == Final disk layout == ||<style="border:0px;"> || first row: end mount point, filesystem || ||<style="border:0px;"> || rows of nested block devices || || mbr || last row: real/physical disk(s) || == Steps == # 'steps to create it' == d-i slideshow == Slideshow |
* want simplicity (no other additional layers) * will not have swap or will use a swapfile Final disk layout: ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<style="border:0px; background-color: white;"> || / || ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> || /boot || /dev/crypt1 || ||<rowstyle="background-color: #f1f1dd;"> mbr || /dev/sda1 || /dev/sda2 || Steps: * Create smallish (300MB) sda1 * Create sda2 with the remaining disk * Create crypt1 device from sda2 * Assign `/boot` mount point to sda1, select filesystem (e.g. ext4) * Assign `/` to crypt1, select filesystem (e.g. ext4) == Single full-disk LVM == [[https://picasaweb.google.com/105922848292507689403/GuidedLVM#slideshow/5746429895739673378|Guided Install]] Pre-requisites: * have 1 very large disk Reasoning: * want ability to take snapshot backups * want ability to dynamically resize partitions Final disk layout: ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||/||swap fs||<style="border:0px; background-color: white;">|| ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||/dev/vg-internalhdd/lv-root||/dev/vg-internalhdd/lv-swap|| `reserved space in this volume group`|| ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<-3> /dev/vg-internalhdd || ||<rowstyle="background-color: #f1f1dd;"> mbr ||<-3> /dev/sda (no partitions) || Steps: * Create physical volume group /dev/vg-internalhdd from `/dev/sda` * Create 2 logical volumes from the volume group * Allocate mount points and file system sizes == Single full-disk encrypted LVM == Pre-requisites: * have 1 very large disk Reasoning: * want ability to take snapshot backups * want ability to dynamically resize partitions * and have full disk encryption Final disk layout: ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<style="border:0px; background-color: white;"> ||/||swap fs||<style="border:0px; background-color: white;">|| ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<style="border:0px; background-color: white;"> ||/dev/vg-internallhdd/lv-root||/dev/vg-internallhdd/lv-swap|| `reserved space in this volume group`|| ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<style="border:0px; background-color: white;"> ||<-3> /dev/vg-internallhdd || ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||/boot||<-3> /dev/crypt1 || ||<rowstyle="background-color: #f1f1dd;"> mbr || /dev/sda1 ||<-3> /dev/sda2 || Steps: * Create smallish (300MB) sda1 * Create sda2 with the remaining disk * Create physical volume group /dev/vg-internalhdd from `/dev/sda` * Create 2 logical volumes from the volume group * Allocate mount points and file system sizes == LVM on top of RAID1 == Pre-requisites: * have 2 disks or same capacity * preferably of different brands & wear Reasoning: * if one disk fails, I want my system to keep working * want ability to take snapshot backups * want ability to dynamically resize partitions Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention ;-) ) ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||/||swap fs||<style="border:0px; background-color: white;">|| ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||/dev/vg-internalhdd/lv-root||/dev/vg-internalhdd/lv-swap|| `reserved space in this volume group`|| ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<-3> /dev/vg-internalhdd || ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<-3> /dev/md0 || ||<rowstyle="background-color: #f1f1dd;"> mbr ||<-3> /dev/sda (no partitions) || ||<rowstyle="background-color: #f1f1dd;"> mbr ||<-3> /dev/sdb (no partitions) || * Create RAID1 device md0 form sda & sdb * Create physical volume group /dev/vg-internalhdd from `/dev/md0` * Create 2 logical volumes from the volume group * Allocate mount points and file system sizes == Full Disk encryption with LVM on top of RAID1 == Pre-requisites: * have 2 disks or same capacity * preferably of different brands & wear Reasoning: * if one disk fails, I want my system to keep working * want ability to take snapshot backups * want ability to dynamically resize partitions * and have full disk encryption Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention ;-) ) ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<style="border:0px; background-color: white;"> ||/||swap fs||<style="border:0px; background-color: white;">|| ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<style="border:0px; background-color: white;"> ||/dev/vg-internalhdd/lv-root||/dev/vg-internalhdd/lv-swap|| `reserved space in this volume group`|| ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||<style="border:0px; background-color: white;"> ||<-3> /dev/vg-internalhdd || ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||/boot||<-3> /dev/crypt1 || ||<style="border:0px; background-color: white;" rowstyle="background-color: #f1f1dd;"> ||/dev/md0 ||<-3>/dev/md1|| ||<rowstyle="background-color: #f1f1dd;"> mbr || /dev/sda1 ||<-3> /dev/sda2 || ||<rowstyle="background-color: #f1f1dd;"> mbr || /dev/sdb1 ||<-3> /dev/sdb2 || * Equally Partition sda & sdb: * small partition (300MB) for /boot * large partition with remaining space * Create RAIDs: * md0: RAID1 from sda1 & sdb1 * md1: RAID1 from sda2 & sdb2 * Add encryption: * create crypt1 from md1 * Add LVM: * create physical volume group from md1 * Add extra logical volumes * Assign mountpoints & filesystems: * md0, is mountpoint /boot with ext4 filesystem * logical volumes are: swap, /, etc. = Ubiquity Mockups = [[https://picasaweb.google.com/105922848292507689403/UbiquityMockup#slideshow/5747921182916743730|Slideshow]] == Existing devices == * If existing RAID, CRYPTO devices are found, we should offer to assemble/unlock them. * As an interruption page (?!) ("We noticed you have RAID devices attached, would you like to assemble them?") * As options in the manual partitioner? == Automatic Partitioner == * Support for automatic recipe: LVM * Support for automatic recipe: encrypted LVM * Should not be possible to select encryption without LVM (e.g. encryption checkbox is grayed-out, unless LVM is selected) * Support for RAID problematic, as need to select multiple drives / RAID type etc. * If encryption has been selected, the next page should offer setting up the password, similar to the user-password setup (e.g. repeat twice, warn if password is weak) * After the password promt, we start the install as usual. {{https://lh6.googleusercontent.com/-w5-SPvpHPhU/T8TP81_ucNI/AAAAAAAAARQ/yCrFZpvPKOU/s800/ubiquity-mockup-automatic.png}} == Manual Partitioner == * Note the button 'New Device', which should allow creating LVM and/or RAID devices (no mockup) * Both Edit and Add partition dialogs have a tickbox to encrypt underlying partition * Enabling encryption on an existing partition, will require formatting, and will show a warning * If encryption got enabled, 'Install Now' button will take you to 'setup encryption passphrase page' {{https://lh6.googleusercontent.com/-YoSnrjPJdhM/T8TMQqAn8EI/AAAAAAAAAQU/ARugtve6V6k/s800/ubiquity-mockup-advanced.png}} {{https://lh5.googleusercontent.com/-SNyKLxsWdPk/T8TMQvVOTGI/AAAAAAAAAQc/5ndvRY68PR8/s800/ubiquity-mockup-advanced-2.png}} {{https://lh5.googleusercontent.com/-WXBVj2ic6DM/T8TMQt56SRI/AAAAAAAAAQY/6w46ivhueFg/s800/ubiquity-mockup-advanced-3.png}} === New Device === TODO no mockup yet === Encryption passphrase Setup === TODO no mockup yet |
Terminology
Let's introduce some terms (copied from ReliableRaid/History):
component: a single block device node used to make up a part of an array. e.g. "block device" for md (/dev/sda1), "physical volume" for LVM (also /dev/sda1). It is a component only if the array software understands it as a component (usually via some form of superblock, etc).
array: a single logical unit made up of components. e.g. "RAID device" for md (/dev/md1), "volume group" for LVM (/dev/vg-name/).
logical device: a block device made available from an array. e.g. "RAID device" for md (/dev/md1), "logical volume" for LVM (/dev/vg-name/lv-name or /dev/mapper/vg--name-lv--name; yes, "-" is escaped with "--" for mapper names).
mount point: final / top-level allocation of filesystem type & mount point.
Devices
Note that below devices can be stacked one, on top of the other, on top of the other...
Just like a Matryoshka doll
Physical Disk / usb pen drive / SDcard
regular disk (attached as sata), name /dev/sda
- has MBR (for bootloader)
- can become a component of another array as a whole
- components
can be partitioned into components aka partitions, e.g. (/dev/sda1, /dev/sda2)
- /dev/sda1 can become formatted filesystems / mountpoints
- /dev/sda1 can become a component of another array
LVM - Logical Volume Group
- combines multiple devices into a single array ( volume group )
e.g. combine /dev/sda (100GB) & /dev/sdb2 (300GB) into /dev/vg-big (400GB)
- creates variable length logical devices ( logical volume )
- logical volumes can become mount-points.
e.g. create /dev/vg-big/lv-medium1 (200GB) and /dev/vg-big/lv-medium2 (200 GB)
LUKS
LUKS aka cryptsetup, dm-crypt, full-disk encryption
takes 1 component & creates 1 encrypted device from it
e.g. /dev/sda -> /dev/crypt1
/dev/crypt1 can be used as a mountpoint, or as a component of another array (e.g. LVM)
- hopefully (?!) cannot be partitioned, use LVM on top of it.
recommended to have /boot mountpoint / filesystem which is not encrypted due to current implementation
RAID
takes 2+ components and creates an array /dev/md
- There are many different RAID levels, requiring different minimum amount of disks
- Can optionally add more disks, then required, to be used as spares
- resulting array can be used as component of another array (e.g. LUKS/LVM) or become a mountpoint
- hopefully (?!) cannot be partitioned, use LVM on top of it
Installation types
Typical debian-installer (d-i) installation starts like shown here. After you get to manual partitioning step, here are some of the supported ways to partition your disk:
Typical single disk installation
Pre-requisites:
- one disk
- no-other operating systems
Reasoning:
- want to custom specify amount of swap
- want to leave empty space for future use
Final disk layout:
/
swap fs
empty
mbr
/dev/sda1
swap
empty
Steps:
- Create sda1 partition, specify size
- Create swap partition, specify size
Select / mountpoint & filesystem (e.g. ext4)
Select use as swap
Single full-disk encryption
Pre-requisites:
- have 1 disk
Reasoning:
- want / require full-disk encryption
- want simplicity (no other additional layers)
- will not have swap or will use a swapfile
Final disk layout:
/
/boot
/dev/crypt1
mbr
/dev/sda1
/dev/sda2
Steps:
- Create smallish (300MB) sda1
- Create sda2 with the remaining disk
- Create crypt1 device from sda2
Assign /boot mount point to sda1, select filesystem (e.g. ext4)
Assign / to crypt1, select filesystem (e.g. ext4)
Single full-disk LVM
Pre-requisites:
- have 1 very large disk
Reasoning:
- want ability to take snapshot backups
- want ability to dynamically resize partitions
Final disk layout:
/
swap fs
/dev/vg-internalhdd/lv-root
/dev/vg-internalhdd/lv-swap
reserved space in this volume group
/dev/vg-internalhdd
mbr
/dev/sda (no partitions)
Steps:
Create physical volume group /dev/vg-internalhdd from /dev/sda
- Create 2 logical volumes from the volume group
- Allocate mount points and file system sizes
Single full-disk encrypted LVM
Pre-requisites:
- have 1 very large disk
Reasoning:
- want ability to take snapshot backups
- want ability to dynamically resize partitions
- and have full disk encryption
Final disk layout:
/
swap fs
/dev/vg-internallhdd/lv-root
/dev/vg-internallhdd/lv-swap
reserved space in this volume group
/dev/vg-internallhdd
/boot
/dev/crypt1
mbr
/dev/sda1
/dev/sda2
Steps:
- Create smallish (300MB) sda1
- Create sda2 with the remaining disk
Create physical volume group /dev/vg-internalhdd from /dev/sda
- Create 2 logical volumes from the volume group
- Allocate mount points and file system sizes
LVM on top of RAID1
Pre-requisites:
- have 2 disks or same capacity
preferably of different brands & wear
Reasoning:
- if one disk fails, I want my system to keep working
- want ability to take snapshot backups
- want ability to dynamically resize partitions
Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention )
/
swap fs
/dev/vg-internalhdd/lv-root
/dev/vg-internalhdd/lv-swap
reserved space in this volume group
/dev/vg-internalhdd
/dev/md0
mbr
/dev/sda (no partitions)
mbr
/dev/sdb (no partitions)
Create RAID1 device md0 form sda & sdb
Create physical volume group /dev/vg-internalhdd from /dev/md0
- Create 2 logical volumes from the volume group
- Allocate mount points and file system sizes
Full Disk encryption with LVM on top of RAID1
Pre-requisites:
- have 2 disks or same capacity
preferably of different brands & wear
Reasoning:
- if one disk fails, I want my system to keep working
- want ability to take snapshot backups
- want ability to dynamically resize partitions
- and have full disk encryption
Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention )
/
swap fs
/dev/vg-internalhdd/lv-root
/dev/vg-internalhdd/lv-swap
reserved space in this volume group
/dev/vg-internalhdd
/boot
/dev/crypt1
/dev/md0
/dev/md1
mbr
/dev/sda1
/dev/sda2
mbr
/dev/sdb1
/dev/sdb2
Equally Partition sda & sdb:
- small partition (300MB) for /boot
- large partition with remaining space
- Create RAIDs:
md0: RAID1 from sda1 & sdb1
md1: RAID1 from sda2 & sdb2
- Add encryption:
- create crypt1 from md1
- Add LVM:
- create physical volume group from md1
- Add extra logical volumes
Assign mountpoints & filesystems:
- md0, is mountpoint /boot with ext4 filesystem
- logical volumes are: swap, /, etc.
Ubiquity Mockups
Existing devices
- If existing RAID, CRYPTO devices are found, we should offer to assemble/unlock them.
- As an interruption page (?!) ("We noticed you have RAID devices attached, would you like to assemble them?")
- As options in the manual partitioner?
Automatic Partitioner
- Support for automatic recipe: LVM
- Support for automatic recipe: encrypted LVM
- Should not be possible to select encryption without LVM (e.g. encryption checkbox is grayed-out, unless LVM is selected)
- Support for RAID problematic, as need to select multiple drives / RAID type etc.
- If encryption has been selected, the next page should offer setting up the password, similar to the user-password setup (e.g. repeat twice, warn if password is weak)
- After the password promt, we start the install as usual.
Manual Partitioner
- Note the button 'New Device', which should allow creating LVM and/or RAID devices (no mockup)
- Both Edit and Add partition dialogs have a tickbox to encrypt underlying partition
- Enabling encryption on an existing partition, will require formatting, and will show a warning
- If encryption got enabled, 'Install Now' button will take you to 'setup encryption passphrase page'
New Device
TODO no mockup yet
Encryption passphrase Setup
TODO no mockup yet
Ubiquity/AdvancedPartitioningSchemes (last edited 2012-05-29 13:37:06 by xnox)