NAS setup in RAID1 with disks >2TB, possibly with encryption

Turris Omnia
1

I would like to setup a RAID1 on two 8TB disks, possibly with encryption.

My questions are:

  1. Is following setup correct and how to fix the error.
  2. How to setup a disk encryption?
  3. What are encryption downsides? Do I have to enter password after each restart to mount disks, performance, data recovery issues or something different?

I used following commands for setup:

cfdisk /dev/sda
cfdisk /dev/sdb
mkfs.ext4 /dev/sda1
mkfs.ext4 /dev/sdb1
mdadm --create /dev/md0 --level=mirror --raid-devices=2 /dev/sda1 /dev/sdb1

The last command crashes, ssh connection is closed and dmesg displays this:

[   45.189850] EXT4-fs (sdb1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 2838187772)!
[   45.199815] EXT4-fs (sdb1): group descriptors corrupted!
[   45.261929] EXT4-fs (sda1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 2838187772)!
[   45.271920] EXT4-fs (sda1): group descriptors corrupted!

Full log

root@turris:~# dmesg 
[    6.238197] scsi host1: ahci
[    6.241207] ata1: SATA max UDMA/133 abar m512@0xe0110000 port 0xe0110100 irq 120
[    6.248621] ata2: SATA max UDMA/133 abar m512@0xe0110000 port 0xe0110180 irq 120
[    6.800741] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[    6.808452] ata1.00: ATA-9: ST8000AS0002-1NA17Z, AR17, max UDMA/133
[    6.814741] ata1.00: 15628053168 sectors, multi 0: LBA48 NCQ (depth 31/32), AA
[    6.823298] ata1.00: configured for UDMA/133
[    6.827757] scsi 0:0:0:0: Direct-Access     ATA      ST8000AS0002-1NA AR17 PQ: 0 ANSI: 5
[    6.836278] sd 0:0:0:0: [sda] 15628053168 512-byte logical blocks: (8.00 TB/7.28 TiB)
[    6.844139] sd 0:0:0:0: [sda] 4096-byte physical blocks
[    6.849462] sd 0:0:0:0: [sda] Write Protect is off
[    6.854274] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
[    6.854319] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[    6.912629]  sda: sda1
[    6.915415] sd 0:0:0:0: [sda] Attached SCSI disk
[    7.680746] ata2: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[    8.201738] ata2.00: ATA-9: ST8000AS0002-1NA17Z, AR17, max UDMA/133
[    8.208020] ata2.00: 15628053168 sectors, multi 0: LBA48 NCQ (depth 31/32), AA
[    8.216667] ata2.00: configured for UDMA/133
[    8.221120] scsi 1:0:0:0: Direct-Access     ATA      ST8000AS0002-1NA AR17 PQ: 0 ANSI: 5
[    8.229522] sd 1:0:0:0: [sdb] 15628053168 512-byte logical blocks: (8.00 TB/7.28 TiB)
[    8.237383] sd 1:0:0:0: [sdb] 4096-byte physical blocks
[    8.242707] sd 1:0:0:0: [sdb] Write Protect is off
[    8.247511] sd 1:0:0:0: [sdb] Mode Sense: 00 3a 00 00
[    8.247548] sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[    8.305106]  sdb: sdb1
[    8.307844] sd 1:0:0:0: [sdb] Attached SCSI disk
[    8.313055] ahci-mvebu f10a8000.sata: AHCI 0001.0000 32 slots 2 ports 6 Gbps 0x3 impl platform mode
[    8.322155] ahci-mvebu f10a8000.sata: flags: 64bit ncq sntf led only pmp fbs pio slum part sxs 
[    8.331592] scsi host2: ahci-mvebu
[    8.335160] scsi host3: ahci-mvebu
[    8.338667] ata3: SATA max UDMA/133 mmio [mem 0xf10a8000-0xf10a9fff] port 0x100 irq 44
[    8.346627] ata4: SATA max UDMA/133 mmio [mem 0xf10a8000-0xf10a9fff] port 0x180 irq 44
[    8.700744] ata3: SATA link down (SStatus 0 SControl 300)
[    8.706172] ata4: SATA link down (SStatus 0 SControl 300)
[    8.712616] uhci_hcd: USB Universal Host Controller Interface driver
[    8.719570] orion_wdt: Initial timeout 171 sec
[    8.728049] xhci-hcd f10f0000.usb3: xHCI Host Controller
[    8.733400] xhci-hcd f10f0000.usb3: new USB bus registered, assigned bus number 2
[    8.741001] xhci-hcd f10f0000.usb3: hcc params 0x0a000990 hci version 0x100 quirks 0x00010010
[    8.749566] xhci-hcd f10f0000.usb3: irq 46, io mem 0xf10f0000
[    8.755599] hub 2-0:1.0: USB hub found
[    8.759373] hub 2-0:1.0: 1 port detected
[    8.763414] xhci-hcd f10f0000.usb3: xHCI Host Controller
[    8.768743] xhci-hcd f10f0000.usb3: new USB bus registered, assigned bus number 3
[    8.776300] usb usb3: We don't know the algorithms for LPM for this host, disabling LPM.
[    8.784644] hub 3-0:1.0: USB hub found
[    8.788414] hub 3-0:1.0: 1 port detected
[    8.792501] xhci-hcd f10f8000.usb3: xHCI Host Controller
[    8.797833] xhci-hcd f10f8000.usb3: new USB bus registered, assigned bus number 4
[    8.805428] xhci-hcd f10f8000.usb3: hcc params 0x0a000990 hci version 0x100 quirks 0x00010010
[    8.813993] xhci-hcd f10f8000.usb3: irq 47, io mem 0xf10f8000
[    8.819984] hub 4-0:1.0: USB hub found
[    8.823763] hub 4-0:1.0: 1 port detected
[    8.827789] xhci-hcd f10f8000.usb3: xHCI Host Controller
[    8.833123] xhci-hcd f10f8000.usb3: new USB bus registered, assigned bus number 5
[    8.840653] usb usb5: We don't know the algorithms for LPM for this host, disabling LPM.
[    8.848980] hub 5-0:1.0: USB hub found
[    8.852754] hub 5-0:1.0: 1 port detected
[    8.858126] usbcore: registered new interface driver usb-storage
[    9.664316] init: - preinit -
[   12.715946] mount_root: mounting /dev/root
[   12.720979] BTRFS info (device mmcblk0p1): disk space caching is enabled
[   12.728142] mount_root: loading kmods from internal overlay
[   13.120487] block: attempting to load /etc/config/fstab
[   13.127528] block: extroot: not configured
[   13.134066] procd: - early -
[   13.255516] random: jshn urandom read with 64 bits of entropy available
[   13.724234] procd: - watchdog -
[   13.727630] procd: - ubus -
[   14.732003] procd: - init -
[   14.791846] marvell-cesa f1090000.crypto: CESA device successfully registered
[   14.802502] NET: Registered protocol family 38
[   14.821975] md: linear personality registered for level -1
[   14.827858] md: raid0 personality registered for level 0
[   14.834022] md: raid1 personality registered for level 1
[   14.840353] md: raid10 personality registered for level 10
[   14.846448] async_tx: api initialized (async)
[   14.854402] md: raid6 personality registered for level 6
[   14.859729] md: raid5 personality registered for level 5
[   14.865086] md: raid4 personality registered for level 4
[   14.872697] FS-Cache: Loaded
[   14.876061] md: multipath personality registered for level -4
[   14.883268] NET: Registered protocol family 8
[   14.887636] NET: Registered protocol family 20
[   14.896912] device-mapper: ioctl: 4.34.0-ioctl (2015-10-28) initialised: dm-devel@redhat.com
[   14.907978] Key type dns_resolver registered
[   14.916010] NET: Registered protocol family 33
[   14.920468] Key type rxrpc registered
[   14.924167] Key type rxrpc_s registered
[   14.932186] kAFS: Red Hat AFS client v0.1 registering.
[   14.937378] FS-Cache: Netfs 'afs' registered for caching
[   14.979949] RPC: Registered named UNIX socket transport module.
[   14.985918] RPC: Registered udp transport module.
[   14.990632] RPC: Registered tcp transport module.
[   14.995362] RPC: Registered tcp NFSv4.1 backchannel transport module.
[   15.006952] ntfs: driver 2.1.32 [Flags: R/O MODULE].
[   15.017562] RxRPC: Registered security type 2 'rxkad'
[   15.035142] tun: Universal TUN/TAP device driver, 1.6
[   15.040209] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[   15.050717] sit: IPv6 over IPv4 tunneling driver
[   15.056525] gre: GRE over IPv4 demultiplexor driver
[   15.062210] ip_gre: GRE over IPv4 tunneling driver
[   15.084009] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
[   15.092589] PPP generic driver version 2.4.2
[   15.099310] ip6_tables: (C) 2000-2006 Netfilter Core Team
[   15.111198] Loading modules backported from Linux version master-2015-12-03-0-g1677f62
[   15.119136] Backport generated by backports.git backports-20151120-0-g906a6b3
[   15.142535] cfg80211: World regulatory domain updated:
[   15.147700] cfg80211:  DFS Master region: unset
[   15.152083] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   15.161867] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   15.169891] cfg80211:   (2457000 KHz - 2482000 KHz @ 20000 KHz, 92000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   15.179310] cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A)
[   15.187343] cfg80211:   (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   15.196858] cfg80211:   (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[   15.206369] cfg80211:   (5490000 KHz - 5730000 KHz @ 160000 KHz), (N/A, 2000 mBm), (0 s)
[   15.214482] cfg80211:   (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[   15.222507] cfg80211:   (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A)
[   15.251457] u32 classifier
[   15.254174]     input device check on
[   15.257841]     Actions configured
[   15.261856] Mirror/redirect action on
[   15.270180] netem: version 1.3
[   15.280399] fuse init (API version 7.23)
[   15.297115] usbcore: registered new interface driver cdc_wdm
[   15.306012] Ebtables v2.0 registered
[   15.310967] ip_tables: (C) 2000-2006 Netfilter Core Team
[   15.322933] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[   15.514275] Netfilter messages via NETLINK v0.30.
[   15.519842] PPP MPPE Compression module registered
[   15.525197] NET: Registered protocol family 24
[   15.533222] usbcore: registered new interface driver ums-alauda
[   15.539994] usbcore: registered new interface driver ums-cypress
[   15.546933] usbcore: registered new interface driver ums-datafab
[   15.553753] usbcore: registered new interface driver ums-freecom
[   15.560623] usbcore: registered new interface driver ums-isd200
[   15.567559] usbcore: registered new interface driver ums-jumpshot
[   15.574514] usbcore: registered new interface driver ums-karma
[   15.581554] usbcore: registered new interface driver ums-sddr09
[   15.588372] usbcore: registered new interface driver ums-sddr55
[   15.595334] usbcore: registered new interface driver ums-usbat
[   15.607221] usbcore: registered new interface driver usbserial
[   15.613129] usbcore: registered new interface driver usbserial_generic
[   15.619697] usbserial: USB Serial support registered for generic
[   15.630378] xt_time: kernel timezone is -0000
[   15.648592] usbcore: registered new interface driver cdc_ether
[   15.658836] ctnetlink v0.93: registering with nfnetlink.
[   15.667767] usbcore: registered new interface driver qmi_wwan
[   15.674692] usbcore: registered new interface driver rndis_host
[   15.689165] pci 0000:00:01.0: enabling device (0140 -> 0142)
[   15.781792] ath: EEPROM regdomain: 0x0
[   15.781797] ath: EEPROM indicates default country code should be used
[   15.781799] ath: doing EEPROM country->regdmn map search
[   15.781803] ath: country maps to regdmn code: 0x3a
[   15.781806] ath: Country alpha2 being used: US
[   15.781808] ath: Regpair used: 0x3a
[   15.793662] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[   15.794684] ieee80211 phy0: Atheros AR9287 Rev:2 mem=0xf17a0000, irq=108
[   15.801628] cfg80211: Regulatory domain changed to country: US
[   15.807479] cfg80211:  DFS Master region: FCC
[   15.811705] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   15.821493] cfg80211:   (2402000 KHz - 2467000 KHz @ 40000 KHz), (N/A, 3000 mBm), (N/A)
[   15.829517] cfg80211:   (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2300 mBm), (N/A)
[   15.839031] cfg80211:   (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2300 mBm), (0 s)
[   15.848544] cfg80211:   (5490000 KHz - 5730000 KHz @ 160000 KHz), (N/A, 2300 mBm), (0 s)
[   15.856662] cfg80211:   (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 3000 mBm), (N/A)
[   15.864693] cfg80211:   (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)
[   15.873746] usbcore: registered new interface driver option
[   15.879366] usbserial: USB Serial support registered for GSM modem (1-port)
[   15.887105] usbcore: registered new interface driver qcserial
[   15.892927] usbserial: USB Serial support registered for Qualcomm USB modem
[   19.976753] random: nonblocking pool is initialized
[   24.151351] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[   24.232435] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[   24.235990] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
[   25.775051] device eth0 entered promiscuous mode
[   25.775968] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[   25.792018] device eth2 entered promiscuous mode
[   25.872514] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[   26.072787] cfg80211: Regulatory domain changed to country: CZ
[   26.072795] cfg80211:  DFS Master region: ETSI
[   26.072798] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   26.072804] cfg80211:   (2400000 KHz - 2483000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   26.072809] cfg80211:   (5150000 KHz - 5250000 KHz @ 80000 KHz, 200000 KHz AUTO), (N/A, 2300 mBm), (N/A)
[   26.072814] cfg80211:   (5250000 KHz - 5350000 KHz @ 80000 KHz, 200000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[   26.072819] cfg80211:   (5470000 KHz - 5725000 KHz @ 160000 KHz), (N/A, 2700 mBm), (0 s)
[   26.072823] cfg80211:   (57000000 KHz - 66000000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)
[   27.164388] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[   27.165345] device wlan0 entered promiscuous mode
[   27.230002] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   27.230066] br-lan: port 3(wlan0) entered forwarding state
[   27.230084] br-lan: port 3(wlan0) entered forwarding state
[   27.230137] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[   27.770757] mvneta f1030000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off
[   27.770784] br-lan: port 1(eth0) entered forwarding state
[   27.770806] br-lan: port 1(eth0) entered forwarding state
[   27.790744] mvneta f1070000.ethernet eth2: Link is Up - 1Gbps/Full - flow control off
[   27.790762] br-lan: port 2(eth2) entered forwarding state
[   27.790781] br-lan: port 2(eth2) entered forwarding state
[   28.871156] mvneta f1034000.ethernet eth1: Link is Up - 100Mbps/Full - flow control off
[   28.871173] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[   29.220733] br-lan: port 3(wlan0) entered forwarding state
[   29.770738] br-lan: port 1(eth0) entered forwarding state
[   29.790729] br-lan: port 2(eth2) entered forwarding state
[   45.189850] EXT4-fs (sdb1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 2838187772)!
[   45.199815] EXT4-fs (sdb1): group descriptors corrupted!
[   45.261929] EXT4-fs (sda1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 2838187772)!
[   45.271920] EXT4-fs (sda1): group descriptors corrupted!
[   80.105950] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
2

Yes but you can also save the password on Omnia’s flash. The advantage is that you won’t have to type in password on each reboot; the disadvantage is that anyone gaining access to the device will get access to your data.

You need to first create the array with mdadm and then create file system on /dev/md0.

3

It is possible to use a disk without partition:

mdadm --create /dev/md0 --level=mirror --raid-devices=2 /dev/sda /dev/sdb

But then I have following issue:

[681065.017730] ata2: hard resetting link
[681075.022738] ata2: softreset failed (1st FIS failed)
[681075.027731] ata2: hard resetting link

Which is described here: