Terminology
Let's introduce some terms (copied from ReliableRaid/History):
component: a single block device node used to make up a part of an array. e.g. "block device" for md (/dev/sda1), "physical volume" for LVM (also /dev/sda1). It is a component only if the array software understands it as a component (usually via some form of superblock, etc).
array: a single logical unit made up of components. e.g. "RAID device" for md (/dev/md1), "volume group" for LVM (/dev/vg-name/).
logical device: a block device made available from an array. e.g. "RAID device" for md (/dev/md1), "logical volume" for LVM (/dev/vg-name/lv-name or /dev/mapper/vg--name-lv--name; yes, "-" is escaped with "--" for mapper names).
mount point: final / top-level allocation of filesystem type & mount point.
Devices
Note that below devices can be stacked one, on top of the other, on top of the other...
Just like a Matryoshka doll
Physical Disk / usb pen drive / SDcard
regular disk (attached as sata), name /dev/sda
- has MBR (for bootloader)
- can become a component of another array as a whole
- components
can be partitioned into components aka partitions, e.g. (/dev/sda1, /dev/sda2)
- /dev/sda1 can become formatted filesystems / mountpoints
- /dev/sda1 can become a component of another array
LVM - Logical Volume Group
- combines multiple devices into a single array ( volume group )
e.g. combine /dev/sda (100GB) & /dev/sdb2 (300GB) into /dev/vg-big (400GB)
- creates variable length logical devices ( logical volume )
- logical volumes can become mount-points.
e.g. create /dev/vg-big/lv-medium1 (200GB) and /dev/vg-big/lv-medium2 (200 GB)
LUKS
LUKS aka cryptsetup, dm-crypt, full-disk encryption
takes 1 component & creates 1 encrypted device from it
e.g. /dev/sda -> /dev/crypt1
/dev/crypt1 can be used as a mountpoint, or as a component of another array (e.g. LVM)
- hopefully (?!) cannot be partitioned, use LVM on top of it.
recommended to have /boot mountpoint / filesystem which is not encrypted due to current implementation
RAID
takes 2+ components and creates an array /dev/md
- There are many different RAID levels, requiring different minimum amount of disks
- Can optionally add more disks, then required, to be used as spares
- resulting array can be used as component of another array (e.g. LUKS/LVM) or become a mountpoint
- hopefully (?!) cannot be partitioned, use LVM on top of it
Installation types
Typical debian-installer (d-i) installation starts like shown here. After you get to manual partitioning step, here are some of the supported ways to partition your disk:
Typical single disk installation
Pre-requisites:
- one disk
- no-other operating systems
Reasoning:
- want to custom specify amount of swap
- want to leave empty space for future use
Final disk layout:
/
swap fs
empty
mbr
/dev/sda1
swap
empty
Steps:
- Create sda1 partition, specify size
- Create swap partition, specify size
Select / mountpoint & filesystem (e.g. ext4)
Select use as swap
Single full-disk encryption
Pre-requisites:
- have 1 disk
Reasoning:
- want / require full-disk encryption
- want simplicity (no other additional layers)
- will not have swap or will use a swapfile
Final disk layout:
/
/boot
/dev/crypt1
mbr
/dev/sda1
/dev/sda2
Steps:
- Create smallish (300MB) sda1
- Create sda2 with the remaining disk
- Create crypt1 device from sda2
Assign /boot mount point to sda1, select filesystem (e.g. ext4)
Assign / to crypt1, select filesystem (e.g. ext4)
Single full-disk LVM
Pre-requisites:
- have 1 very large disk
Reasoning:
- want ability to take snapshot backups
- want ability to dynamically resize partitions
Final disk layout:
/
swap fs
/dev/vg-internalhdd/lv-root
/dev/vg-internalhdd/lv-swap
reserved space in this volume group
/dev/vg-internalhdd
mbr
/dev/sda (no partitions)
Steps:
Create physical volume group /dev/vg-internalhdd from /dev/sda
- Create 2 logical volumes from the volume group
- Allocate mount points and file system sizes
Single full-disk encrypted LVM
Pre-requisites:
- have 1 very large disk
Reasoning:
- want ability to take snapshot backups
- want ability to dynamically resize partitions
- and have full disk encryption
Final disk layout:
/
swap fs
/dev/vg-internallhdd/lv-root
/dev/vg-internallhdd/lv-swap
reserved space in this volume group
/dev/vg-internallhdd
/boot
/dev/crypt1
mbr
/dev/sda1
/dev/sda2
Steps:
- Create smallish (300MB) sda1
- Create sda2 with the remaining disk
Create physical volume group /dev/vg-internalhdd from /dev/sda
- Create 2 logical volumes from the volume group
- Allocate mount points and file system sizes
LVM on top of RAID1
Pre-requisites:
- have 2 disks or same capacity
preferably of different brands & wear
Reasoning:
- if one disk fails, I want my system to keep working
- want ability to take snapshot backups
- want ability to dynamically resize partitions
Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention )
/
swap fs
/dev/vg-internalhdd/lv-root
/dev/vg-internalhdd/lv-swap
reserved space in this volume group
/dev/vg-internalhdd
/dev/md0
mbr
/dev/sda (no partitions)
mbr
/dev/sdb (no partitions)
Create RAID1 device md0 form sda & sdb
Create physical volume group /dev/vg-internalhdd from /dev/md0
- Create 2 logical volumes from the volume group
- Allocate mount points and file system sizes
Full Disk encryption with LVM on top of RAID1
Pre-requisites:
- have 2 disks or same capacity
preferably of different brands & wear
Reasoning:
- if one disk fails, I want my system to keep working
- want ability to take snapshot backups
- want ability to dynamically resize partitions
- and have full disk encryption
Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention )
/
swap fs
/dev/vg-internalhdd/lv-root
/dev/vg-internalhdd/lv-swap
reserved space in this volume group
/dev/vg-internalhdd
/boot
/dev/crypt1
/dev/md0
/dev/md1
mbr
/dev/sda1
/dev/sda2
mbr
/dev/sdb1
/dev/sdb2
Equally Partition sda & sdb:
- small partition (300MB) for /boot
- large partition with remaining space
- Create RAIDs:
md0: RAID1 from sda1 & sdb1
md1: RAID1 from sda2 & sdb2
- Add encryption:
- create crypt1 from md1
- Add LVM:
- create physical volume group from md1
- Add extra logical volumes
Assign mountpoints & filesystems:
- md0, is mountpoint /boot with ext4 filesystem
- logical volumes are: swap, /, etc.
Ubiquity Mockups
Existing devices
- If existing RAID, CRYPTO devices are found, we should offer to assemble/unlock them.
- As an interruption page (?!) ("We noticed you have RAID devices attached, would you like to assemble them?")
- As options in the manual partitioner?
Automatic Partitioner
- Support for automatic recipe: LVM
- Support for automatic recipe: encrypted LVM
- Should not be possible to select encryption without LVM (e.g. encryption checkbox is grayed-out, unless LVM is selected)
- Support for RAID problematic, as need to select multiple drives / RAID type etc.
- If encryption has been selected, the next page should offer setting up the password, similar to the user-password setup (e.g. repeat twice, warn if password is weak)
- After the password promt, we start the install as usual.
Manual Partitioner
- Note the button 'New Device', which should allow creating LVM and/or RAID devices (no mockup)
- Both Edit and Add partition dialogs have a tickbox to encrypt underlying partition
- Enabling encryption on an existing partition, will require formatting, and will show a warning
- If encryption got enabled, 'Install Now' button will take you to 'setup encryption passphrase page'
New Device
TODO no mockup yet
Encryption passphrase Setup
TODO no mockup yet