Red Hat's Anaconda installer is a wonderful and intuitive thing... if you have a graphics card in your machine. My HoneyComb LX2K is running with only a serial port and nothing else. Attached to it are 3 2TB hard drives that I wanted in an mdraid with encryption and LVM. The text based installer for RHEL9 does not support this at all. It will, however, find devices you've already setup and opened. So we'll go ahead and do that.
I'm going to assume you're a competent Linux user who can navigate the rest of the install yourself. This blog post will focus on disk setup.
My example consists of the following:
- 3 hard drives
- 3 partitions each for 3 raid volumes
- 2 drives actively in RAID1, 1 for spare.
- luks encryption on raid volume 3
- lvm on top of luks
This should basically include an example of everything you want to do.
The text based installer is actually a tmux session. The highlighted bar at the bottom should help you navigate. Hit Ctrl+B and then press 2 to get into a shell.
Step 1: Partitioning
We need at least 3 volumes,
- EFI System Partition
- Boot partition
- Everything else
Verify the drives you're using in
/dev, mine are sda, sdb and sdc. Start with the first drive going into the raid.
g to create a new GPT.
n creates new partitions and
t changes the partition type. Navigate the prompts and do the following:
n, select default start sector, then
1- 200MB EFI partition.
n, select default start sector, then
29, - 1GB Boot partition.
n, select default start sector, then default last sector,
29, - remaining disk space.
Save your changes. Verify your layout like so:
[anaconda root@localhost ~]# fdisk -l /dev/sda Disk /dev/sda: 1.82 TiB, 2000398934016 bytes, 3907029168 sectors Disk model: Samsung SSD 870 Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: Device Start End Sectors Size Type /dev/sda1 2048 411647 409600 200M EFI System /dev/sda2 411648 2508799 2097152 1G Linux RAID /dev/sda3 2508800 3907029134 3904520335 1.8T Linux RAID
We want to copy our exact partition table to our other drives (they should be identical drives), but with different UUIDs. We'll use
sgdisk for this task. Example based on my disk layout.
[anaconda root@localhost ~]# sgdisk -b - /dev/sda | sgdisk -l - -Gg /dev/sdb [anaconda root@localhost ~]# sgdisk -b - /dev/sda | sgdisk -l - -Gg /dev/sdc
You can use
fdisk -l on the other devices to verify they have the same partition layout and different UUIDs.
Step 2: Create mdraid
I'm going to stop for a recommendation here: write down the serial numbers of all your drives and which SATA ports you plugged them into. The following mapping can change, but if you do
ls -l /dev/disk/by-id you should see your devices with the serial numbers in their names, symlinked to their devices in
/dev/. Decide which two you want in the raid and which one you want as a spare. In my case, we'll be using sda/sdb for the raid and sdc for the spare.
Create the ESP volume with older metadata version. The Arch Wiki advises that metadata version 1.0 is compatible with EFI volumes as the metadata goes to the end of the partition. This is working on my setup.
[anaconda root@localhost ~]# mdadm --create --verbose --level=1 --metadata=1.0 --raid-devices=2 /dev/md/ESP /dev/sda1 /dev/sdb1 [anaconda root@localhost ~]# mdadm --add-spare /dev/md/ESP /dev/sdc1
With the boot and crypt volumes, we can use the default metadata setting.
[anaconda root@localhost ~]# mdadm --create --verbose --level=1 --raid-devices=2 /dev/md/boot /dev/sda2 /dev/sdb2 [anaconda root@localhost ~]# mdadm --add-spare /dev/md/boot /dev/sdc2 [anaconda root@localhost ~]# mdadm --create --verbose --level=1 --raid-devices=2 /dev/md/root /dev/sda3 /dev/sdb3 [anaconda root@localhost ~]# mdadm --add-spare /dev/md/root /dev/sdc3
cat /proc/mdstat to verify your raid devices created successfully. The large one is likely still syncing.
Step 3: Encrypt main volume
It's worth checking to see what the best supported encryption methods for your device are, but chances are, it's
aes-xts. As well, with the way luks splits keys, if we want AES256 bit encryption, we actually have to specify 512.
See what your hardware supports with
The default when running
[anaconda root@localhost ~]# cryptsetup -s 512 luksFormat /dev/md/root WARNING! ======== This will overwrite data on /dev/md/root irrevocably. Are you sure? (Type 'yes' in capital letters): YES Enter passphrase for /dev/md/root: Verify passphrase:
Once this is complete, open the device so we can access it at
[anaconda root@localhost ~]# cryptsetup luksOpen /dev/md/root rhel-crypt Enter passphrase for /dev/md/root:
Step 4: Configure LVM
My example will be a simple 2 partition scheme creating a swap volume and using the rest of the space for root. You can adjust to your needs.
[anaconda root@localhost ~]# pvcreate /dev/mapper/rhel-crypt [anaconda root@localhost ~]# vgcreate rhelvg /dev/mapper/rhel-crypt [anaconda root@localhost ~]# lvcreate -n swap -L 8G rhelvg [anaconda root@localhost ~]# lvcreate -n root -l100%FREE rhelvg
Step 5: Reboot
In my experience, if we try to continue right now, the installer is just going to fail. It seems to work on the second try after opening all the devices you created. Just type
reboot on the command prompt.
Step 6: Activate your devices
Jump into the shell again. Then, in order:
- Assemble mdraid
- Unlock luks
- Activate volume group
[anaconda root@localhost ~]# mdadm --assemble --scan mdadm: /dev/md/root has been started with 2 drives and 1 spare. mdadm: /dev/md/boot has been started with 2 drives and 1 spare. mdadm: /dev/md/ESP has been started with 2 drives and 1 spare. [anaconda root@localhost ~]# cryptsetup luksOpen /dev/md/root rhel-crypt Enter passphrase for /dev/md/root: [anaconda root@localhost ~]# vgchange -ay 2 logical volume(s) in volume group "rhelvg" now active
Step 7: Navigate the installer
I'm going to assume you can sort out all other steps needed to install RHEL. When you're ready, select option
First, we're going to select all drives.
Then, we're going to choose to manually assign mount points.
Your devices will appear as they were before you opened all of them. Enter
s to rescan devices.
It will warn you that it'll undo your changes thus far. We haven't made any anyway, so confirm.
After rescanning, your should see devices that we can actually install to.
Make sure to format the ESP volume as
efi. Adjust the others to your preference.
In the end, my setup looked like this:
Step 8: Begin installation
If you've completed all the other steps in the wizard, you should be able to proceed. If everything was done correctly, you'll see the formatting take place before packages begin to install.