||<>|| = Terminology = Let's introduce some terms (copied from ReliableRaid/History): * component: a single block device node used to make up a part of an array. e.g. "block device" for md (`/dev/sda1`), "physical volume" for LVM (also `/dev/sda1`). It is a component only if the array software understands it as a component (usually via some form of superblock, etc). * array: a single logical unit made up of components. e.g. "RAID device" for md (`/dev/md1`), "volume group" for LVM (`/dev/vg-name/`). * logical device: a block device made available from an array. e.g. "RAID device" for md (`/dev/md1`), "logical volume" for LVM (`/dev/vg-name/lv-name` or `/dev/mapper/vg--name-lv--name`; yes, "-" is escaped with "--" for mapper names). * mount point: final / top-level allocation of filesystem type & mount point. = Devices = Note that below devices can be stacked one, on top of the other, on top of the other... Just like a [[http://en.wikipedia.org/wiki/Matryoshka_doll| Matryoshka doll]] == Physical Disk / usb pen drive / SDcard == * regular disk (attached as sata), name `/dev/sda` * has MBR (for bootloader) * can become a component of another array as a whole * components * can be partitioned into components aka partitions, e.g. (`/dev/sda1, /dev/sda2`) * /dev/sda1 can become formatted filesystems / mountpoints * /dev/sda1 can become a component of another array == LVM - Logical Volume Group == * combines multiple devices into a single array ( volume group ) * e.g. combine `/dev/sda` (100GB) & `/dev/sdb2` (300GB) into `/dev/vg-big` (400GB) * creates variable length logical devices ( logical volume ) * logical volumes can become mount-points. * e.g. create `/dev/vg-big/lv-medium1` (200GB) and `/dev/vg-big/lv-medium2` (200 GB) == LUKS == LUKS aka cryptsetup, dm-crypt, full-disk encryption * takes 1 component & creates 1 encrypted device from it * e.g. `/dev/sda` -> `/dev/crypt1` * `/dev/crypt1` can be used as a mountpoint, or as a component of another array (e.g. LVM) * hopefully (?!) cannot be partitioned, use LVM on top of it. * recommended to have `/boot` mountpoint / filesystem which is not encrypted due to current implementation == RAID == * takes 2+ components and creates an array `/dev/md` * There are many different RAID levels, requiring different minimum amount of disks * Can optionally add more disks, then required, to be used as spares * resulting array can be used as component of another array (e.g. LUKS/LVM) or become a mountpoint * hopefully (?!) cannot be partitioned, use LVM on top of it = Installation types = Typical debian-installer (d-i) installation starts like shown [[https://picasaweb.google.com/105922848292507689403/Beginning?authuser=0&feat=directlink|here]]. After you get to manual partitioning step, here are some of the supported ways to partition your disk: == Typical single disk installation == [[https://picasaweb.google.com/105922848292507689403/SingleDiskStandardInstall?authuser=0&feat=directlink#slideshow/5746148527411337202|Slideshow]] Pre-requisites: * one disk * no-other operating systems Reasoning: * want to custom specify amount of swap * want to leave empty space for future use Final disk layout: || || / || swap fs || ''empty'' || || mbr || /dev/sda1 || swap || ''empty'' || Steps: * Create sda1 partition, specify size * Create swap partition, specify size * Select `/` mountpoint & filesystem (e.g. ext4) * Select `use as swap` == Single full-disk encryption == [[https://picasaweb.google.com/105922848292507689403/FullDiskEncryption?authuser=0&feat=directlink#slideshow/5746424389070749058|Slideshow]] Pre-requisites: * have 1 disk Reasoning: * want / require full-disk encryption * want simplicity (no other additional layers) * will not have swap or will use a swapfile Final disk layout: || || || / || || || /boot || /dev/crypt1 || || mbr || /dev/sda1 || /dev/sda2 || Steps: * Create smallish (300MB) sda1 * Create sda2 with the remaining disk * Create crypt1 device from sda2 * Assign `/boot` mount point to sda1, select filesystem (e.g. ext4) * Assign `/` to crypt1, select filesystem (e.g. ext4) == Single full-disk LVM == [[https://picasaweb.google.com/105922848292507689403/GuidedLVM#slideshow/5746429895739673378|Guided Install]] Pre-requisites: * have 1 very large disk Reasoning: * want ability to take snapshot backups * want ability to dynamically resize partitions Final disk layout: || ||/||swap fs|||| || ||/dev/vg-internalhdd/lv-root||/dev/vg-internalhdd/lv-swap|| `reserved space in this volume group`|| || ||<-3> /dev/vg-internalhdd || || mbr ||<-3> /dev/sda (no partitions) || Steps: * Create physical volume group /dev/vg-internalhdd from `/dev/sda` * Create 2 logical volumes from the volume group * Allocate mount points and file system sizes == Single full-disk encrypted LVM == Pre-requisites: * have 1 very large disk Reasoning: * want ability to take snapshot backups * want ability to dynamically resize partitions * and have full disk encryption Final disk layout: || || ||/||swap fs|||| || || ||/dev/vg-internallhdd/lv-root||/dev/vg-internallhdd/lv-swap|| `reserved space in this volume group`|| || || ||<-3> /dev/vg-internallhdd || || ||/boot||<-3> /dev/crypt1 || || mbr || /dev/sda1 ||<-3> /dev/sda2 || Steps: * Create smallish (300MB) sda1 * Create sda2 with the remaining disk * Create physical volume group /dev/vg-internalhdd from `/dev/sda` * Create 2 logical volumes from the volume group * Allocate mount points and file system sizes == LVM on top of RAID1 == Pre-requisites: * have 2 disks or same capacity * preferably of different brands & wear Reasoning: * if one disk fails, I want my system to keep working * want ability to take snapshot backups * want ability to dynamically resize partitions Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention ;-) ) || ||/||swap fs|||| || ||/dev/vg-internalhdd/lv-root||/dev/vg-internalhdd/lv-swap|| `reserved space in this volume group`|| || ||<-3> /dev/vg-internalhdd || || ||<-3> /dev/md0 || || mbr ||<-3> /dev/sda (no partitions) || || mbr ||<-3> /dev/sdb (no partitions) || * Create RAID1 device md0 form sda & sdb * Create physical volume group /dev/vg-internalhdd from `/dev/md0` * Create 2 logical volumes from the volume group * Allocate mount points and file system sizes == Full Disk encryption with LVM on top of RAID1 == Pre-requisites: * have 2 disks or same capacity * preferably of different brands & wear Reasoning: * if one disk fails, I want my system to keep working * want ability to take snapshot backups * want ability to dynamically resize partitions * and have full disk encryption Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention ;-) ) || || ||/||swap fs|||| || || ||/dev/vg-internalhdd/lv-root||/dev/vg-internalhdd/lv-swap|| `reserved space in this volume group`|| || || ||<-3> /dev/vg-internalhdd || || ||/boot||<-3> /dev/crypt1 || || ||/dev/md0 ||<-3>/dev/md1|| || mbr || /dev/sda1 ||<-3> /dev/sda2 || || mbr || /dev/sdb1 ||<-3> /dev/sdb2 || * Equally Partition sda & sdb: * small partition (300MB) for /boot * large partition with remaining space * Create RAIDs: * md0: RAID1 from sda1 & sdb1 * md1: RAID1 from sda2 & sdb2 * Add encryption: * create crypt1 from md1 * Add LVM: * create physical volume group from md1 * Add extra logical volumes * Assign mountpoints & filesystems: * md0, is mountpoint /boot with ext4 filesystem * logical volumes are: swap, /, etc. = Ubiquity Mockups = [[https://picasaweb.google.com/105922848292507689403/UbiquityMockup#slideshow/5747921182916743730|Slideshow]] == Existing devices == * If existing RAID, CRYPTO devices are found, we should offer to assemble/unlock them. * As an interruption page (?!) ("We noticed you have RAID devices attached, would you like to assemble them?") * As options in the manual partitioner? == Automatic Partitioner == * Support for automatic recipe: LVM * Support for automatic recipe: encrypted LVM * Should not be possible to select encryption without LVM (e.g. encryption checkbox is grayed-out, unless LVM is selected) * Support for RAID problematic, as need to select multiple drives / RAID type etc. * If encryption has been selected, the next page should offer setting up the password, similar to the user-password setup (e.g. repeat twice, warn if password is weak) * After the password promt, we start the install as usual. {{https://lh6.googleusercontent.com/-w5-SPvpHPhU/T8TP81_ucNI/AAAAAAAAARQ/yCrFZpvPKOU/s800/ubiquity-mockup-automatic.png}} == Manual Partitioner == * Note the button 'New Device', which should allow creating LVM and/or RAID devices (no mockup) * Both Edit and Add partition dialogs have a tickbox to encrypt underlying partition * Enabling encryption on an existing partition, will require formatting, and will show a warning * If encryption got enabled, 'Install Now' button will take you to 'setup encryption passphrase page' {{https://lh6.googleusercontent.com/-YoSnrjPJdhM/T8TMQqAn8EI/AAAAAAAAAQU/ARugtve6V6k/s800/ubiquity-mockup-advanced.png}} {{https://lh5.googleusercontent.com/-SNyKLxsWdPk/T8TMQvVOTGI/AAAAAAAAAQc/5ndvRY68PR8/s800/ubiquity-mockup-advanced-2.png}} {{https://lh5.googleusercontent.com/-WXBVj2ic6DM/T8TMQt56SRI/AAAAAAAAAQY/6w46ivhueFg/s800/ubiquity-mockup-advanced-3.png}} === New Device === TODO no mockup yet === Encryption passphrase Setup === TODO no mockup yet ---- CategorySpec