Jump to content
Dave-Kay

Problems setting up encrypted Disks - Encryption in Unraid is broken

52 posts in this topic Last Reply

Recommended Posts

Posted (edited)

Have you tried encrypting the drive as soon as the server is booted up after a fresh install and drives assigned, before any other add-on/docker added?

Edited by jbartlett

Share this post


Link to post

Hello, 

Thanks for the replies. 

 

First, there is no way, that this is about performance of the CPU. It would work anyway, but it would cost cpu-time. But I don't think that it would with this CPU. Look it up. We had drive encryption for a long time now and we did it with Much smaller cpus, even without AES-NI

 

Then @limetech is there anything you could point me to?

 

And about separation and plugins. Yes, without any plug in and yes single drive only tested. I even tested without parity. No cross shares ever. The share was only on the encrypted drive and everything else was excluded. 

Share this post


Link to post

Looking in your syslog I see a few of these:

Jul 22 19:16:33 Tower kernel: Buffer I/O error on dev md2, logical block 0, async page read

Something is broken with your h/w.

Share this post


Link to post
Looking in your syslog I see a few of these:

Jul 22 19:16:33 Tower kernel: Buffer I/O error on dev md2, logical block 0, async page read

Something is broken with your h/w.

I noticeded those also on the first syslog but I'm used to see them when a disk is being cleared, and disk2 was being cleared, IIRC they started appearing from v6.4 on during clears but appear to be harmless.

 

 

Share this post


Link to post
Posted (edited)

Try running the memory test from the unraid boot menu just to eliminate any potential memory issues. I suspect you have some sort of hardware issue that is only showing up under a specific type of load such as on-the-fly disk encryption. These are a PITA to diagnose.

 

You can create a bootable USB with a newer version of memtest86 off of their website which would pound the snot out of your RAM. They don't allow their current version with other distributions such as unraid.

Edited by jbartlett

Share this post


Link to post
35 minutes ago, limetech said:

Looking in your syslog I see a few of these:


Jul 22 19:16:33 Tower kernel: Buffer I/O error on dev md2, logical block 0, async page read

Something is broken with your h/w.

to what points this, if it was indeed a hardware-issue?
 

Share this post


Link to post
Posted (edited)
9 minutes ago, jbartlett said:

Try running the memory test from the unraid boot menu just to eliminate any potential memory issues. I suspect you have some sort of hardware issue that is only showing up under a specific type of load such as on-the-fly disk encryption. These are a PITA to diagnose.

 

You can create a bootable USB with a newer version of memtest86 off of their website which would pound the snot out of your RAM. They don't allow their current version with other distributions such as unraid.

i did a complete memtest from the bootmenu, without any errors. And i switched the ram afterwards, with the same result.

 

Edited by Dave-Kay

Share this post


Link to post

I still believe it's some compatibility/kernel issue with that specif hardware, do you have another server/computer you could test with encryption?

Share this post


Link to post
Posted (edited)

yeah, i think im going to test it on my system this weekend (the other is the brandnew system of bubiman)
but i think testing it on my unraid, will not prove much, either way.

Edited by Dave-Kay

Share this post


Link to post
4 minutes ago, Dave-Kay said:

but i think testing it on my unraid, will not prove much, either way.

Just that it's not broken in general, many users using encryption, the problem in this case is that nothing out of the ordinary appears on the diags, at least nothing that I can see, so difficult to see what's causing the problems.

Share this post


Link to post
Just now, johnnie.black said:

Just that it's not broken in general, many users using encryption, the problem in this case is that nothing out of the ordinary appears on the diags, at least nothing that I can see, so difficult to see what's causing the problems.

You're right, but i don't think its broken in general, there would be at least some more posts about it.
The difficulty here is a few steps higer even, because there is nothing pointing to any problems on the system... until you use encryption, sryl NOTHING! It runs flawlessly with even a bunch of Vms and a bunch of dockers.

 

Share this post


Link to post
On 7/23/2019 at 11:36 AM, Dave-Kay said:

So i had to hard reset the server because he wouldn't neither finish the sync, nor tell me what is going on in any way.

after next boot this appeared out of nowhere. (see image)
 

Screenshot 2019-07-23 20.34.02.png

To potentially answer this question, these are being reported as USB devices. Potentially from your USB keyboard surprisingly enough, plugged into the IO panel. If you have my DiskSpeed docker installed, it has USB tree functionality that'll give a little more info than lsusb does.

 

[1:0:0:0]    cd/dvd  AMI      Virtual CDROM0   1.00  /dev/sr0   /dev/sg1
  state=running queue_depth=1 scsi_level=0 type=5 device_blocked=0 timeout=30
  dir: /sys/bus/scsi/devices/1:0:0:0  [/sys/devices/pci0000:00/0000:00:15.0/usb1/1-3/1-3.1/1-3.1:1.0/host1/target1:0:0/1:0:0:0]

Share this post


Link to post
13 minutes ago, jbartlett said:

To potentially answer this question, these are being reported as USB devices. Potentially from your USB keyboard surprisingly enough, plugged into the IO panel. If you have my DiskSpeed docker installed, it has USB tree functionality that'll give a little more info than lsusb does.

 

[1:0:0:0]    cd/dvd  AMI      Virtual CDROM0   1.00  /dev/sr0   /dev/sg1
  state=running queue_depth=1 scsi_level=0 type=5 device_blocked=0 timeout=30
  dir: /sys/bus/scsi/devices/1:0:0:0  [/sys/devices/pci0000:00/0000:00:15.0/usb1/1-3/1-3.1/1-3.1:1.0/host1/target1:0:0/1:0:0:0]

I think i found, what was going on with this. It is some kind of virtualization capability of the board. I think there must have been a cmos reset or setup default loading in between, which activated the virtual devices in Bios.

Share this post


Link to post
31 minutes ago, Dave-Kay said:

I think i found, what was going on with this. It is some kind of virtualization capability of the board. I think there must have been a cmos reset or setup default loading in between, which activated the virtual devices in Bios.

That would explain the entries in lsusb simply givng "American Megatrends, Inc." which confused me as to the source. Interesting feature, haven't seen that before.

Share this post


Link to post
Posted (edited)
1 hour ago, jbartlett said:

That would explain the entries in lsusb simply givng "American Megatrends, Inc." which confused me as to the source. Interesting feature, haven't seen that before.

The asrockstuff is serious stuff. i have a C2550D4I and it is really nice. there was even the bug in the CPU an asrock changed it for a new one without the bug, after it had some trouble.
The board my friend has ist even more advanced and the performance with unraid was outstanding. But i didn't have the time to sort all features out, because i was focused on this problem.
I think the best what could happen was, that there is a hardwareerror for real and asrock changes this board, too... but for that, we need to find out more, there is, at the moment, no real thing to prove hardwareerrors.
and above all that, i told him to choose asrock and to choose unraid...so i feel kind of responsible in a way 🙂

Edited by Dave-Kay

Share this post


Link to post

You've got three SATA controllers on there with red, white, and black ports - have you tried changing which one the encrypted drive is connected to? You'll need a mini-SAS cable for the black ones.

 

Do you have a SATA PCIe card? That would eliminate the onboard controllers as an issue.

Share this post


Link to post
Posted (edited)
12 minutes ago, jbartlett said:

You've got three SATA controllers on there with red, white, and black ports - have you tried changing which one the encrypted drive is connected to? You'll need a mini-SAS cable for the black ones.

 

Do you have a SATA PCIe card? That would eliminate the onboard controllers as an issue.

ok, thanks...and fuck, this is a really good idea, while i tested other Ports (of course) i left my controller in the closet
The mini-SAS cable is in the package btw.

 

Edited by Dave-Kay

Share this post


Link to post

Ok I got the system back at my place and gonne try an other SATA controler later this day.

Is there anything else I could try or get you a log file?

Share this post


Link to post

Just a small update. The friend was told to send the board in, after it failed on luks under debian....

 

Share this post


Link to post

Hello,

I am sorry it took me so long but here is an update:

 

I returned the board, got a new one and found time to install it yesterday .... the error is still there.

So it is not the hardware, it must be the software.

 

I have captured a video https://www.youtube.com/watch?v=1mokFtmuvow copying files to a non-encrypted and to an encypted hdd. The error seams not to appear while copying small files (680mb) but on large files (24gb). After some time copying the large file the speed goes down till I get an windows explorer error.

 

I realy need help with this. What should I try? What log files do you need?

 

Thanks for your help

 

 

Share this post


Link to post
5 hours ago, johnnie.black said:

Does this still happen?

Gonne try debian tomorrow and will report back then

Share this post


Link to post
On 9/7/2019 at 8:45 AM, johnnie.black said:

Does this still happen?

Short version:

It is working under debian with luks

 

Long version:

I downloaded a Debian 10 KDE Live image, put it on an USB Stick and powered up the system. I used the same drive for the encryption as under unraid. I followed this https://linuxwiki.de/cryptsetup tutorial to create an encrypted partition and used this https://www.thomas-krenn.com/de/wiki/Einfache_Samba_Freigabe_unter_Debian tutorial to configure samba.

I copied the same 24gb .zip file as with my unraid test and it is working https://youtu.be/7KjoiDDAKFA . The speed is slowing down a couple of times but it is working. 

 

So it is not the hardware it is unraid that is causing the problems (?)

What should I do next?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.