How to replace failed crypto_luks disk in rhel

nixanwin · 04-04-2017, 12:21 PM

Hi All, I inherited a RHEL system with encrypted data disks (JBOD). One of the data disks (not OS) have failed and I am not sure the process to replace it. Do I just umount the current drive, then replacement it? Do I have to re-encrypt the new drive? I have the current password. Any steps would be appreciated.

Kind Regards,
Mike

smallpond · 04-04-2017, 12:56 PM

How close it needs to look like the previous drive depends on what your backup/restore system expects. If you want it to be as close as possible, you need to recreate partitions, logical volumes, and encrypted areas to match the old drive.

nixanwin · 04-04-2017, 01:18 PM

It's just a single formatted drive with no partitions. The entire disk is encrypted. So would I just yank the failed disk and add the new one, then format and re-encrypt it? I wasn't sure if there were some steps to do before pulling the failed disk. Thanks

syg00 · 04-04-2017, 07:33 PM

JBOD implies, to me at least, multi disk - that means usually RAID and/or LVM (ignoring ZFS and btrfs). As smallpond mentioned you need to understand, and explain to us, your environment better.
If it is a single disk, I see no harm in just yanking it - but I'd want to be real sure I was right before I did. "lsblk" might be a good start.

nixanwin · 04-05-2017, 08:05 AM

Yes it is a single disk as I mentioned above. There are 9 "single" basic (not LVM) disks in the server. The only disks with raid is the OS which is not encrypted. I've never dealt with a crypto disk so did not know if there were steps I should take before pulling it. And what is needed when I add it back.

Thanks

rknichols · 04-05-2017, 08:45 AM

The output from "lsblk -f" would be helpful (adding "-f" to what syg00 suggested). Without that, it's impossible to give accurate advice.

Is this a data recovery situation, or just a "replace disk and restore from backup" scenario?

nixanwin · 04-05-2017, 09:54 AM

# lsblk -f

Code:

NAME        FSTYPE      LABEL UUID                                 MOUNTPOINT
sde         crypto_LUKS       a7163f0c-44c9-4670-9707-20c25545ccb9  /data/04
└─04 (dm-3) ext4              908c1a3e-3509-497d-a95d-2e4a46095a99

(there are other mount points but I removed them from the output here). /data/04 is the one in question)

rknichols · 04-05-2017, 11:25 AM

OK, you just need to connect the new disk, run "lsblk" to see which drive it's being seen as, and run (replacing "{X}" with the appropriate letter):

Code:

cryptsetup luksFormat /dev/sd{X}
cryptsetup luksOpen /dev/sd{X} newdisk
mkfs.ext4 /dev/mapper/newdisk

Once you have loaded your data into the new filesystem, you will probably need to adjust the UUIDs in /etc/crypttab and /etc/fstab to reference the new disk. You can get the new values from the output of "lsblk -f" while the new drive is connected and unlocked.

nixanwin · 04-05-2017, 12:22 PM

Thank you kindly. I will try that.