Ubuntu Server 20.04 RAID1 + LVM encrypted partition: problem with GRUB
Solution 1
Thank you @jdurston for your reply, I was able to install Ubuntu 20.04 with RAID 1 and encrypted disks in this way.
I have prepared both the hard drives using "GParted Live" (I created a bootable USB with the GParted ISO):
Disk 1:
- 512 MB partition, named "/bios/efi", fat32, flagged as "bios_grub";
- 10 GB / partition, named "/", ext4, flagged as "raid";
- (Entire remaining space) /home partition, named "/home", ext4, flagged as "raid";
Disk 2:
- 512 MB partition, named "/bios", fat32, flagged as "boot, esp" (ATTENTION: it's flagged differently compared to disk 1);
- 10 GB / partition, named "/", ext4, flagged as "raid";
- (Entire remaining space) /home partition, named "/home", ext4, flagged as "raid";
Then, using the "Custom storage layout" during the Ubuntu Server 20.04 installation:
-
I choose only the disk one to be "added as a boot disk";
-
and then using the "Create software RAID (md)" I have created a new "md0" volume (always active) selecting both 10 GB partition;
-
and then I created another "RAID md" volume (always active) selecting both remaining 222 GB partition;
-
then I selected the "Create Volume LVM" and I choose the 512 MB partition (previously called /boot) and I leaved it not encrypted;
-
I selected again the "Create Volume LVM" and I choose the "md0" partition and I assigned it a passphrase;
-
then I selected again the "Create Volume LVM" and I choose the "md1" partition and I assigned it a passphrase;
-
I selected the "vg0" partition and choose "Add GPT Partition", and than I selected "Create logical volume" and mount on "/boot";
-
then I selected the "vg1" partition and choose "Add GPT Partition", and than I selected "Create logical volume" and mount on "/";
-
Same things for the "vg2" partition where I choose "Add GPT Partition", and I selected "Create logical volume" and mount on "/home";
-
After that I choose "done" and I completed the installation;
-
After the reboot GRUB worked correctly!
I am attaching two images from "Storage Configuration" of Ubuntu 20.04 installation, in the first image you will see the situation before the RAID creation (after the GParted mods), and a second image where you will see the final situation before hitting "done".
Image 1, before the RAID creation:
Image 2, after RAID creation:
Solution 2
I experienced a similar problem. After no luck with various permutations in a VM I stumbled across this thread on Reddit, where user wRAR_ says '[Debian installer] currently doesn't support encrypted /boot'. Ubuntu is based on Debian; I don't know to what extent the installers are similar, but I tested both in a VM, with and without encrypted /boot
. Both failed to boot, presenting the GRUB shell you describe in your question.
NOTE: Designating an encrypted area as the mount point for /
, and not designating a separate /boot
mount point, means that /boot
will reside under that encrypted /
.
Broadly this means, if we want some kind of encrypted LVM ontop of RAID, there are two options:
Option 1 - what I chose to do, and is more beginner-friendly since it can be accomplished with the standard Ubuntu installer.
Encrypt everything except /boot and /boot/efi
All user data will be encrypted, but the entire contents of /boot
(not just /boot/efi
) will not.
The partition scheme you describe is different, but the key thing is that - for this to work - /boot
should not reside on an encrypted partition.
I used the following partition scheme:
My encrypted LVM on RAID1 partition scheme
I was able to accomplish it all in the installer:
sda1: 512M /boot/efi
sdb1: 512M /boot
sda2 & sdb2: RAID1 array md0
md0: Encrypted volume dm_crypt-0
dm-_crypt-0: logical volume vg0-lv--0 for /
dm-_crypt-0: logical volume vg0-lv--1 for /srv
Of course you can choose whatever logical volumes you like inside the volume group: I have a separate /srv for a server setup.
One small advantage of this setup is it makes use of both the 512M unencrypted spaces - unlike the typical scheme of encrypted LVM on RAID1 - with just the efi partition unencrypted. It's not ideal, but I tested it and it worked for me.*
Option 2:
There may be a way to circumvent the installer not supporting encrypted /boot
by dropping-out to a shell, editing some configuration files and reinstalling GRUB among other things. This blog post seems to have some instructions but I haven't followed them.
*(Although I must say I found the installer's partitioning menu a little awkward in places - it seems to automatically grab certain unformatted space assuming it can use it as the EFI partition; but with a little 'gaming' of the options I got there in the end)
MarGraz
Updated on September 18, 2022Comments
-
MarGraz over 1 year
On the new Ubuntu Server 20.04 I was unable to create an encrypted partition with "RAID + LVM". The installation process finished correctly, but at the startup GRUB wasn't found, and I was redirected in the "GRUB minimal bash".
Here I will describe how I proceeded during the installation. First, I have prepared both the hard drives (SSD in my case) using "GParted Live" (I created a bootable USB with the GParted ISO):
- 512 MB partition, named "/bios/efi", fat32, flagged as "boot, esp";
- 10 GB / partition, named "/", ext4, flagged as "raid";
- /home partition, named "/home", ext4, flagged as "raid";
Then, using the "Custom storage layout" during the Ubuntu Server 20.04 installation:
I checked both disks to be "added as a boot disk"
and then using the "Create software RAID (md)" I have created a new "md0" volume (always active)
and then I created another "RAID md" volume (always active)
At this time I selected the "Create Volume LVM" and I choose the "md0" partition and I assigned a passphrase to it.
I selected again the "Create Volume LVM" and I choose the "md1" partition and I assigned a passphrase.
Now I selected the "vg0" partition and choose "Add GPT Partition", and than I selected "Create logical volume" and mount on "/"
Similar things for the "vg1" partition where I choose "Add GPT Partition", and than I selected "Create logical volume" and mount on "/home"
After that I choose "done" and I completed the installation
After the reboot the OS entered in the "GRUB minimal bash"
What's is wrong?
Thank you
-
MarGraz almost 4 yearsThank you for your answer @jdurston, it was very useful, I replied to my question with the procedure that I used. Hope that it will be useful for other Ubuntu user.