Hi all!
If you want to see the video on how to do this, click here.
This setup uses to identical disks, as is the condition for a RAID-1 system. Make sure to backup all your data on those disks as their gonna get zapped, and make sure to type all commands as root!
Boot into Ubuntu's live cd using your desired keyboard layout, and fire up a terminal. Note that it is better if you go to a TTY and kill the X server from there, since crashes are possible in the Unity desktop. If you want to do that, press Ctrl - Alt - F1 to go to a TTY, and login as the user "ubuntu" without any password. Then become root buy typing sudo -i. Then:
# systemctl stop lightdm
# pkill XThen zap your disks!
# sgdisk -Z /dev/sda
# sgdisk -Z /dev/sdband partition them using GPT. I'm using legacy BIOS so I will create a 32MiB Bios Boot Partition, a 512MiB /boot partition, a 2GiB volume for swap, and the rest goes to a forth volume used for encryption.
Then backup the partition table from the first disk and apply it to the second disk. The disks are identical so we can safely do this:
# sgdisk --backup=layout /dev/sda
# sgdisk --load-backup=layout /dev/sdbThe next step is to create our RAID arrays. For /boot, you have two options. Either you let the Btrfs manage the RAID-1 (which is better), or you use the Linux Software RAID framework "mdadm". Just to show how it's done, I'm gonna go with mdadm.
First install mdadm:
# apt update && apt install mdadm
Then create the boot array:
# mdadm -C /dev/md/boot -n 2 -l 1 -e 1.0 /dev/sda2 /dev/sdb2
- -C is the array name
- -n is the number of devices
- -l (lowercase L) is the RAID level
- -e is the metadata type. To make sure the system is compatible with all boot loaders it is safer to use metadata 1.0
Then create your swap array. If you want to have a fast swap, use level 0; if you want to duplicate it, use level 1. I'll go with 0.
# mdadm -C /dev/md/swap -n 2 -l 0 /dev/sda3 /dev/sdb3
Now encrypt and open your underlying root volumes:
# cryptsetup luksFormat -c aes-xts-plain64:sha512 -h sha512 -s 256 /dev/sda4
# cryptsetup luksFormat -c aes-xts-plain64:sha512 -h sha512 -s 256 /dev/sdb4
# cryptsetup luksOpen /dev/sda4 sda4-crypt
# cryptsetup luksOpen /dev/sdb4 sdb4-cryptTime to format your /boot and assemble a Btrfs RAID-1 on encrypted containers:
# mkfs.ext2 -m1 /dev/md/boot
# mkfs.btrfs -m raid1 -d raid1 /dev/mapper/sda4-crypt /dev/mapper/sdb4-cryptNow mount the Btrfs file system and create a subvolume for Ubuntu. Note that the other device does not need to be specified as Btrfs will automatically include it:
# mount /dev/mapper/sda4-crypt /mnt
# cd /mnt
# btrfs subvolume create @ubuntuMount it again with the @ubuntu subvolume you just created. Then create some other subvolumes to make snapshotting flexible. If you're on HDD, do:
# mount -o subvol=@ubuntu,compress=lzo,space_cache,autodefrag /dev/mapper/sda4 /mnt
If you're on SSD, do (if you have low-end SSDs, use ssd_spread instead of ssd for better optimization):
# mount -o subvol=@ubuntu,compress=lzo,space_cache,ssd,discard /dev/mapper/sda4 /mnt
Create some subvolumes:
# cd /mnt
# btrfs subvolume create usr
# btrfs subvolume create tmp
# btrfs subvolume create etc
# btrfs subvolume create home
# btrfs subvolume create var
# btrfs subvolume create var/tmp
# btrfs subvolume create optMount /boot:
# mkdir /mnt/boot && mount /dev/md/boot /mnt/boot
Now install the base system! We're gonna use a utility called "debootstrap". It goes to a mirror you specify and downloads the necessary packages for a basic Ubuntu/Debian chroot. I've instructed it to download some extra packages to make our system bootable. The mirror should be something like http://<country-code>.archive.ubuntu.com/ubuntu/.
# apt install debootstrap
# debootstrap --arch amd64 --include=linux-image-generic,linux-headers-generic,linux-tools-generic,linux-sources,cryptsetup,btrfs-tools,mdadm,grub-pc,network-manager,nano,vim,man-db,plymouth-themes xenial /mnt http://se.archive.ubuntu.com/ubuntu/After the installation is finished, chroot to /mnt to make some configurations and make the system bootable:
# cd /mnt
# mount --rbind /dev dev
# mount --rbind /sys sys
# mount --rbind /run run
# mount -t proc none proc
# cp /etc/resolv.conf etc/
# chroot /mnt /bin/bash -lNow configure hostname, time, and locale:
# echo HOSTNAME > /etc/hostname
# ln -sf /usr/share/zoneinfo/CONTINENT/CITY /etc/localtimeEdit /etc/locale.gen and uncomment your locales. for example:
en_US
en_US.UTF-8Save and exit, and then run locale-gen to generate them.
It's time to configure /etc/crypttab. Open it with nano or vim and enter these (add discard after luks if you're on SSDs) (you can find the uuid of sda4 and sdb4 by typing blkid in another tty and write down the values):
sda4-crypt UUID=_UUID_ none luks
sdb4-crypt UUID=_UUID_ none luks
cryptswap /dev/md/swap /dev/urandom swap,cipher=aes-xts-plain64,bits=256Save and exit. Make sure to change its permissions so that only root user can read and modify it:
# chmod go-rx /etc/crypttab
And then configure your /etc/fstab (change autodefrag to ssd,discard as necessary):
### Static mount entries ###
## root partition
/dev/mapper/sda4-crypt / btrfs device=/dev/mapper/sda4-crypt,device=/dev/mapper/sdb4-crypt,subvol=@ubuntu,space-cache,autodefrag,compress=lzo 0 0
## boot partition
/dev/md/boot /boot ext2 defaults 0 2
## swap
/dev/mapper/cryptswap none swap sw 0 0Write mdadm config file:
# mdadm --examine --scan > /etc/mdadm.conf
Update the initramfs and install GRUB2:
# update-initramfs -u
# grub-install --recheck /dev/sda
# grub-install --recheck /dev/sdb
# update-grubMake a user:
# useradd -m -G adm,cdrom,dip,plugdev,audio,video,games,sudo -s /bin/bash USERNAME
# passwd USERNAMENow open the /etc/apt/sources.list file and add the official Ubuntu repositories. By default only the mirror you specified before is there, plus the release name, and the main argument. Add restricted universe multiverse after that, and copy and paste the line until your file looks something like this:
# Ubuntu Main Repos
deb http://se.archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse
deb http://se.archive.ubuntu.com/ubuntu/ xenial-security main restricted universe multiverse
deb http://se.archive.ubuntu.com/ubuntu/ xenial-updates main restricted universe multiverse
deb http://se.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse
#deb http://se.archive.ubuntu.com/ubuntu/ xenial-proposed main restricted universe multiverse
# Ubuntu Partner Repo
deb http://archive.canonical.com/ubuntu/ xenial partnerUpdate the APT catalogue:
# apt update
Now exit your chroot. unmount stuff and reboot:
# exit && cd /
# umount -l /mnt && sync
# rebootYou'll be prompted to enter your passphrases for those two encrypted drives. Then login as your user and go root by running sudo -i. The system might not have the keymap you selected in the Ubuntu live system. In that case, activate your network, and install console-data. You''ll be prompted to select your keymap afterwards:
# systemctl enable network-manager
# systemctl start network-manager && sleep 5
# apt install console-dataNow configure your hostname again using systemd:
# hostnamectl set-hostname HOSTNAME
Then open the /etc/hosts file and add your hostname in the end of the first line. Something like this:
127.0.0.1 localhost HOSTNAME
Configure your locales again using systemd. Type localectl list-locales to see what you have avaiable, and then issue this command (change LOCALE with yours)
# localectl set-locale LANG=LOCALE
One important thing is that your system is a pure 6bit one. So to make it multiarch in order to install Steam and Skype later, run this command:
# dpkg --add-architecture i386 && apt update
Upgrade your packages:
# apt full-upgrade
And then if you wish, install a GUI. Each of these packages below are meta-packages and will download the whole desktop environment and its default artwork and configurations. Choose the one you like:
# apt install ubuntu-desktop
# apt install kubuntu-desktop
# apt install xubuntu-desktop
# apt install lubuntu-desktop
# apt install ubuntu-mate-desktop
# apt install ubuntu-gnome-desktopAnd done! Enjoy!