Problems setting up encrypted Disks - Encryption in Unraid is broken


Recommended Posts

Hello, 

Thanks for the replies. 

 

First, there is no way, that this is about performance of the CPU. It would work anyway, but it would cost cpu-time. But I don't think that it would with this CPU. Look it up. We had drive encryption for a long time now and we did it with Much smaller cpus, even without AES-NI

 

Then @limetech is there anything you could point me to?

 

And about separation and plugins. Yes, without any plug in and yes single drive only tested. I even tested without parity. No cross shares ever. The share was only on the encrypted drive and everything else was excluded. 

Link to comment
Looking in your syslog I see a few of these:

Jul 22 19:16:33 Tower kernel: Buffer I/O error on dev md2, logical block 0, async page read

Something is broken with your h/w.

I noticeded those also on the first syslog but I'm used to see them when a disk is being cleared, and disk2 was being cleared, IIRC they started appearing from v6.4 on during clears but appear to be harmless.

 

 

Link to comment

Try running the memory test from the unraid boot menu just to eliminate any potential memory issues. I suspect you have some sort of hardware issue that is only showing up under a specific type of load such as on-the-fly disk encryption. These are a PITA to diagnose.

 

You can create a bootable USB with a newer version of memtest86 off of their website which would pound the snot out of your RAM. They don't allow their current version with other distributions such as unraid.

Edited by jbartlett
Link to comment
9 minutes ago, jbartlett said:

Try running the memory test from the unraid boot menu just to eliminate any potential memory issues. I suspect you have some sort of hardware issue that is only showing up under a specific type of load such as on-the-fly disk encryption. These are a PITA to diagnose.

 

You can create a bootable USB with a newer version of memtest86 off of their website which would pound the snot out of your RAM. They don't allow their current version with other distributions such as unraid.

i did a complete memtest from the bootmenu, without any errors. And i switched the ram afterwards, with the same result.

 

Edited by Dave-Kay
Link to comment
4 minutes ago, Dave-Kay said:

but i think testing it on my unraid, will not prove much, either way.

Just that it's not broken in general, many users using encryption, the problem in this case is that nothing out of the ordinary appears on the diags, at least nothing that I can see, so difficult to see what's causing the problems.

Link to comment
Just now, johnnie.black said:

Just that it's not broken in general, many users using encryption, the problem in this case is that nothing out of the ordinary appears on the diags, at least nothing that I can see, so difficult to see what's causing the problems.

You're right, but i don't think its broken in general, there would be at least some more posts about it.
The difficulty here is a few steps higer even, because there is nothing pointing to any problems on the system... until you use encryption, sryl NOTHING! It runs flawlessly with even a bunch of Vms and a bunch of dockers.

 

Link to comment
On 7/23/2019 at 11:36 AM, Dave-Kay said:

So i had to hard reset the server because he wouldn't neither finish the sync, nor tell me what is going on in any way.

after next boot this appeared out of nowhere. (see image)
 

Screenshot 2019-07-23 20.34.02.png

To potentially answer this question, these are being reported as USB devices. Potentially from your USB keyboard surprisingly enough, plugged into the IO panel. If you have my DiskSpeed docker installed, it has USB tree functionality that'll give a little more info than lsusb does.

 

[1:0:0:0]    cd/dvd  AMI      Virtual CDROM0   1.00  /dev/sr0   /dev/sg1
  state=running queue_depth=1 scsi_level=0 type=5 device_blocked=0 timeout=30
  dir: /sys/bus/scsi/devices/1:0:0:0  [/sys/devices/pci0000:00/0000:00:15.0/usb1/1-3/1-3.1/1-3.1:1.0/host1/target1:0:0/1:0:0:0]

Link to comment
13 minutes ago, jbartlett said:

To potentially answer this question, these are being reported as USB devices. Potentially from your USB keyboard surprisingly enough, plugged into the IO panel. If you have my DiskSpeed docker installed, it has USB tree functionality that'll give a little more info than lsusb does.

 

[1:0:0:0]    cd/dvd  AMI      Virtual CDROM0   1.00  /dev/sr0   /dev/sg1
  state=running queue_depth=1 scsi_level=0 type=5 device_blocked=0 timeout=30
  dir: /sys/bus/scsi/devices/1:0:0:0  [/sys/devices/pci0000:00/0000:00:15.0/usb1/1-3/1-3.1/1-3.1:1.0/host1/target1:0:0/1:0:0:0]

I think i found, what was going on with this. It is some kind of virtualization capability of the board. I think there must have been a cmos reset or setup default loading in between, which activated the virtual devices in Bios.

Link to comment
31 minutes ago, Dave-Kay said:

I think i found, what was going on with this. It is some kind of virtualization capability of the board. I think there must have been a cmos reset or setup default loading in between, which activated the virtual devices in Bios.

That would explain the entries in lsusb simply givng "American Megatrends, Inc." which confused me as to the source. Interesting feature, haven't seen that before.

Link to comment
1 hour ago, jbartlett said:

That would explain the entries in lsusb simply givng "American Megatrends, Inc." which confused me as to the source. Interesting feature, haven't seen that before.

The asrockstuff is serious stuff. i have a C2550D4I and it is really nice. there was even the bug in the CPU an asrock changed it for a new one without the bug, after it had some trouble.
The board my friend has ist even more advanced and the performance with unraid was outstanding. But i didn't have the time to sort all features out, because i was focused on this problem.
I think the best what could happen was, that there is a hardwareerror for real and asrock changes this board, too... but for that, we need to find out more, there is, at the moment, no real thing to prove hardwareerrors.
and above all that, i told him to choose asrock and to choose unraid...so i feel kind of responsible in a way 🙂

Edited by Dave-Kay
Link to comment

You've got three SATA controllers on there with red, white, and black ports - have you tried changing which one the encrypted drive is connected to? You'll need a mini-SAS cable for the black ones.

 

Do you have a SATA PCIe card? That would eliminate the onboard controllers as an issue.

Link to comment
12 minutes ago, jbartlett said:

You've got three SATA controllers on there with red, white, and black ports - have you tried changing which one the encrypted drive is connected to? You'll need a mini-SAS cable for the black ones.

 

Do you have a SATA PCIe card? That would eliminate the onboard controllers as an issue.

ok, thanks...and fuck, this is a really good idea, while i tested other Ports (of course) i left my controller in the closet
The mini-SAS cable is in the package btw.

 

Edited by Dave-Kay
Link to comment
  • 4 weeks later...

Hello,

I am sorry it took me so long but here is an update:

 

I returned the board, got a new one and found time to install it yesterday .... the error is still there.

So it is not the hardware, it must be the software.

 

I have captured a video https://www.youtube.com/watch?v=1mokFtmuvow copying files to a non-encrypted and to an encypted hdd. The error seams not to appear while copying small files (680mb) but on large files (24gb). After some time copying the large file the speed goes down till I get an windows explorer error.

 

I realy need help with this. What should I try? What log files do you need?

 

Thanks for your help

 

 

Link to comment
On 9/7/2019 at 8:45 AM, johnnie.black said:

Does this still happen?

Short version:

It is working under debian with luks

 

Long version:

I downloaded a Debian 10 KDE Live image, put it on an USB Stick and powered up the system. I used the same drive for the encryption as under unraid. I followed this https://linuxwiki.de/cryptsetup tutorial to create an encrypted partition and used this https://www.thomas-krenn.com/de/wiki/Einfache_Samba_Freigabe_unter_Debian tutorial to configure samba.

I copied the same 24gb .zip file as with my unraid test and it is working https://youtu.be/7KjoiDDAKFA . The speed is slowing down a couple of times but it is working. 

 

So it is not the hardware it is unraid that is causing the problems (?)

What should I do next?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.