AdvancedPartitioningSchemes

Terminology

Let's introduce some terms (copied from ReliableRaid/History):

  • component: a single block device node used to make up a part of an array. e.g. "block device" for md (/dev/sda1), "physical volume" for LVM (also /dev/sda1). It is a component only if the array software understands it as a component (usually via some form of superblock, etc).

  • array: a single logical unit made up of components. e.g. "RAID device" for md (/dev/md1), "volume group" for LVM (/dev/vg-name/).

  • logical device: a block device made available from an array. e.g. "RAID device" for md (/dev/md1), "logical volume" for LVM (/dev/vg-name/lv-name or /dev/mapper/vg--name-lv--name; yes, "-" is escaped with "--" for mapper names).

  • mount point: final / top-level allocation of filesystem type & mount point.

Devices

Note that below devices can be stacked one, on top of the other, on top of the other...

Just like a Matryoshka doll

Physical Disk / usb pen drive / SDcard

  • regular disk (attached as sata), name /dev/sda

    • has MBR (for bootloader)
    • can become a component of another array as a whole
  • components
    • can be partitioned into components aka partitions, e.g. (/dev/sda1, /dev/sda2)

    • /dev/sda1 can become formatted filesystems / mountpoints
    • /dev/sda1 can become a component of another array

LVM - Logical Volume Group

  • combines multiple devices into a single array ( volume group )
    • e.g. combine /dev/sda (100GB) & /dev/sdb2 (300GB) into /dev/vg-big (400GB)

  • creates variable length logical devices ( logical volume )
    • logical volumes can become mount-points.
    • e.g. create /dev/vg-big/lv-medium1 (200GB) and /dev/vg-big/lv-medium2 (200 GB)

LUKS

LUKS aka cryptsetup, dm-crypt, full-disk encryption

  • takes 1 component & creates 1 encrypted device from it

  • e.g. /dev/sda -> /dev/crypt1

  • /dev/crypt1 can be used as a mountpoint, or as a component of another array (e.g. LVM)

  • hopefully (?!) cannot be partitioned, use LVM on top of it.
  • recommended to have /boot mountpoint / filesystem which is not encrypted due to current implementation

RAID

  • takes 2+ components and creates an array /dev/md

  • There are many different RAID levels, requiring different minimum amount of disks
  • Can optionally add more disks, then required, to be used as spares
  • resulting array can be used as component of another array (e.g. LUKS/LVM) or become a mountpoint
  • hopefully (?!) cannot be partitioned, use LVM on top of it

Installation types

Typical debian-installer (d-i) installation starts like shown here. After you get to manual partitioning step, here are some of the supported ways to partition your disk:

Typical single disk installation

Slideshow

Pre-requisites:

  • one disk
  • no-other operating systems

Reasoning:

  • want to custom specify amount of swap
  • want to leave empty space for future use

Final disk layout:

  • /

    swap fs

    empty

    mbr

    /dev/sda1

    swap

    empty

Steps:

  • Create sda1 partition, specify size
  • Create swap partition, specify size
  • Select / mountpoint & filesystem (e.g. ext4)

  • Select use as swap

Single full-disk encryption

Slideshow

Pre-requisites:

  • have 1 disk

Reasoning:

  • want / require full-disk encryption
  • want simplicity (no other additional layers)
  • will not have swap or will use a swapfile

Final disk layout:

  • /

    /boot

    /dev/crypt1

    mbr

    /dev/sda1

    /dev/sda2

Steps:

  • Create smallish (300MB) sda1
  • Create sda2 with the remaining disk
  • Create crypt1 device from sda2
  • Assign /boot mount point to sda1, select filesystem (e.g. ext4)

  • Assign / to crypt1, select filesystem (e.g. ext4)

Single full-disk LVM

Guided Install

Pre-requisites:

  • have 1 very large disk

Reasoning:

  • want ability to take snapshot backups
  • want ability to dynamically resize partitions

Final disk layout:

  • /

    swap fs

    /dev/vg-internalhdd/lv-root

    /dev/vg-internalhdd/lv-swap

    reserved space in this volume group

    /dev/vg-internalhdd

    mbr

    /dev/sda (no partitions)

Steps:

  • Create physical volume group /dev/vg-internalhdd from /dev/sda

  • Create 2 logical volumes from the volume group
  • Allocate mount points and file system sizes

Single full-disk encrypted LVM

Pre-requisites:

  • have 1 very large disk

Reasoning:

  • want ability to take snapshot backups
  • want ability to dynamically resize partitions
  • and have full disk encryption

Final disk layout:

  • /

    swap fs

    /dev/vg-internallhdd/lv-root

    /dev/vg-internallhdd/lv-swap

    reserved space in this volume group

    /dev/vg-internallhdd

    /boot

    /dev/crypt1

    mbr

    /dev/sda1

    /dev/sda2

Steps:

  • Create smallish (300MB) sda1
  • Create sda2 with the remaining disk
  • Create physical volume group /dev/vg-internalhdd from /dev/sda

  • Create 2 logical volumes from the volume group
  • Allocate mount points and file system sizes

LVM on top of RAID1

Pre-requisites:

  • have 2 disks or same capacity
  • preferably of different brands & wear

Reasoning:

  • if one disk fails, I want my system to keep working
  • want ability to take snapshot backups
  • want ability to dynamically resize partitions

Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention Wink ;-) )

  • /

    swap fs

    /dev/vg-internalhdd/lv-root

    /dev/vg-internalhdd/lv-swap

    reserved space in this volume group

    /dev/vg-internalhdd

    /dev/md0

    mbr

    /dev/sda (no partitions)

    mbr

    /dev/sdb (no partitions)

  • Create RAID1 device md0 form sda & sdb

  • Create physical volume group /dev/vg-internalhdd from /dev/md0

  • Create 2 logical volumes from the volume group
  • Allocate mount points and file system sizes

Full Disk encryption with LVM on top of RAID1

Pre-requisites:

  • have 2 disks or same capacity
  • preferably of different brands & wear

Reasoning:

  • if one disk fails, I want my system to keep working
  • want ability to take snapshot backups
  • want ability to dynamically resize partitions
  • and have full disk encryption

Final disk layout: (imagine a 3D table with sda/sdb stacked on top of md0 in third dimention Wink ;-) )

  • /

    swap fs

    /dev/vg-internalhdd/lv-root

    /dev/vg-internalhdd/lv-swap

    reserved space in this volume group

    /dev/vg-internalhdd

    /boot

    /dev/crypt1

    /dev/md0

    /dev/md1

    mbr

    /dev/sda1

    /dev/sda2

    mbr

    /dev/sdb1

    /dev/sdb2

  • Equally Partition sda & sdb:

    • small partition (300MB) for /boot
    • large partition with remaining space
  • Create RAIDs:
    • md0: RAID1 from sda1 & sdb1

    • md1: RAID1 from sda2 & sdb2

  • Add encryption:
    • create crypt1 from md1
  • Add LVM:
    • create physical volume group from md1
  • Add extra logical volumes
  • Assign mountpoints & filesystems:

    • md0, is mountpoint /boot with ext4 filesystem
    • logical volumes are: swap, /, etc.

Ubiquity Mockups

Slideshow

Existing devices

  • If existing RAID, CRYPTO devices are found, we should offer to assemble/unlock them.
  • As an interruption page (?!) ("We noticed you have RAID devices attached, would you like to assemble them?")
  • As options in the manual partitioner?

Automatic Partitioner

  • Support for automatic recipe: LVM
  • Support for automatic recipe: encrypted LVM
  • Should not be possible to select encryption without LVM (e.g. encryption checkbox is grayed-out, unless LVM is selected)
  • Support for RAID problematic, as need to select multiple drives / RAID type etc.
  • If encryption has been selected, the next page should offer setting up the password, similar to the user-password setup (e.g. repeat twice, warn if password is weak)
  • After the password promt, we start the install as usual.

https://lh6.googleusercontent.com/-w5-SPvpHPhU/T8TP81_ucNI/AAAAAAAAARQ/yCrFZpvPKOU/s800/ubiquity-mockup-automatic.png

Manual Partitioner

  • Note the button 'New Device', which should allow creating LVM and/or RAID devices (no mockup)
  • Both Edit and Add partition dialogs have a tickbox to encrypt underlying partition
  • Enabling encryption on an existing partition, will require formatting, and will show a warning
  • If encryption got enabled, 'Install Now' button will take you to 'setup encryption passphrase page'

https://lh6.googleusercontent.com/-YoSnrjPJdhM/T8TMQqAn8EI/AAAAAAAAAQU/ARugtve6V6k/s800/ubiquity-mockup-advanced.png https://lh5.googleusercontent.com/-SNyKLxsWdPk/T8TMQvVOTGI/AAAAAAAAAQc/5ndvRY68PR8/s800/ubiquity-mockup-advanced-2.png https://lh5.googleusercontent.com/-WXBVj2ic6DM/T8TMQt56SRI/AAAAAAAAAQY/6w46ivhueFg/s800/ubiquity-mockup-advanced-3.png

New Device

TODO no mockup yet

Encryption passphrase Setup

TODO no mockup yet


CategorySpec

Ubiquity/AdvancedPartitioningSchemes (last edited 2012-05-29 13:37:06 by xnox)