Disk Encryption

Due to the sensitive nature of data that is stored in peopledb3, the underlying disk partition that stores all data for the database is a LUKS-encrypted partition.

Step-by-step guide

/dev/mapper/data			  /data			  ext4	  defaults,noatime  1 2

cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb
cryptsetup luksOpen /dev/sdb data

data /dev/disk/by-uuid/fbfca1b2-5a54-4920-93eb-1c3816449dd6 /root/keyfile luks

The keyfile on all 3 hosts is stored in /root/keyfile, and is used to unlock the encrypted partition at boot. The /etc/crypttab file is what facilitates this. The first field in the file, __data__ in this case, is the name of the partition that will be given to the device-mapper. This can be seen in the above {{/etc/fstab}} entry that specifies the device location as /dev/mapper/data. The device location in /etc/crypttab is specified by UUID since this value will remain consistent across reboots and hardware changes to the VM.

Related articles

• Page:
  mongodb cluster
• Page:
  backups for mongodb cluster
• Page:
  Disk Encryption