3

Basic situation:

I'm looking to manually reconstruct a RAID5 array for which the controller has lost the configuration. To complicate matters, the volume is encrypted with full disk encryption (to which I have the key, at least), and the RAID card used is not (IMO) very enterprise-grade, lacking the options to "do it manually" when things go wrong, and now I'm looking for how to remount this array (or manually reconstruct it from the valid disks I have).

Back Story:

We have/had a file "server" at a small, remote site running on a high end workstation. The file share was hosted from a single volume spanning 8 SATA disks on an Adpatec 3805 RAID card, configured in RAID5. (I know, but wait, it gets better.) Since this was a remote site, connected by a T1, and only contained user files we don't care about, it wasn't backed up. Fortunately, we care about security, so all the volumes on the system were encrypted with full-disk encryption.

In any event, someone cut power to the machine about a week ago, which resulted in the volume showing up as failed on the controller, and the array showing up as missing or missing required members. All the disks are functional, and, as far as I can tell, not corrupted. Oh, and while the data's not valuable enough to backup, it turns out that it's too valuable to lose, so I get to figure out how to get the data back, so we can put it on the newish replacement server we're sending out there, two weeks too late (which will be backed up this time, in addition to being a real server, at least).

Work Thus Far:

Normally, on a RAID controller in a server, I'd just reload the array config from the disks, overwriting the invalid config on the controller and be done with it, but this RAID card doesn't have that option, and all two of the available troubleshooting/array recovery options suggested by Adaptec have been tried. (Try to force array online, check to see if array is manageable through BIOS-level configuration utility).

Anyway, before doing any further work, I'm currently taking disk images of the drives, for both the sake of having something resembling a backup as well as giving myself the ability to do testing and work that might otherwise destroy the data.

Solution?

Given that Adaptec's utilities are not being helpful, and don't contain a manual option, what options do I have/how can I approach getting this array and its volume mounted again so I can decrypt the volume and suck the data off?

I'm afraid my low-level RAID knowledge is not that great, but it seems to me that since I have the drives (and the order in which they were connected) and know how the array was configured, I should be able to pass that information to a program, (mdam, perhaps?) mount the array, decrypt the volume and pull off the data fairly trivially, (assuming it's not corrupt) but I'm having trouble finding how to actually do that, short of "buy our software" or "use our recovery service."

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
  • Do you know the stripe size? – longneck Nov 13 '12 at 17:51
  • This statement: "while the data's not valuable enough to backup, it turns out that it's too valuable to lose" seems contradictory. Do you mean that you can't afford to let the drives/data go and possibly be reconstructed by another entity/party? If so, why not just destroy the drives? – joeqwerty Nov 13 '12 at 17:53
  • @longneck I believe so. Well, I've been told what the stripe size is. Failing that, there's only 8 possibilities on that card, and I'm not opposed to trying them all on the disk images I'm taking and seeing what works. – HopelessN00b Nov 13 '12 at 17:53
  • 1
    @joeqwerty Yes, it's very much a contradictory statement, but it comes from management, so I'm not surprised. Sending the drives out to have the array reconstructed by a 3rd party is an option (fixing it ourselves for free, or free-ish is preferred), but saying `the data's gone, this is why we advised backing it up` is *not* an option. – HopelessN00b Nov 13 '12 at 17:56
  • So did you rescan the drives? What do you see in the RAID BIOS right now? – Michael Hampton Nov 13 '12 at 17:56
  • 1
    @MichaelHampton The drive all present to the RAID controller as optimal, the BIOS startup screen says the array is missing required members, and the BIOS utility shows no array present to `Manage`. When booted into the OS, the Adaptec storage utility show the logical volume on the array as failed. – HopelessN00b Nov 13 '12 at 18:00
  • Have you tried booting with one drive at a time removed? If one drive has a corrupt configuration stored on it, the RAID controller may be grabbing that one. – longneck Nov 13 '12 at 18:06
  • If you already have images of the drives, I would try and copy the first x bytes from all of the images and concatenate them in to a single file. Try the stripe size possibilities for x. See what fdisk makes of the file. – longneck Nov 13 '12 at 18:08
  • @longneck no, I deliberately didn't touch the drives until completing disk images. Will try that next. – HopelessN00b Nov 13 '12 at 18:45
  • I love a good saga. Thank $deity you are a high-rep user that doesn't leave us hangin'. – longneck Nov 13 '12 at 21:54

1 Answers1

1

OK, so it looks like you can use the arcconf command line utility to force the state of the logical drive. An example:

arcconf setstate 1 logicaldrive 1 optimal advanced nocheck

This might get you to the point where you can decrypt the logical drive, or it might do nothing. But from reading the manual, it's the next thing I would try.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • 1
    Ah, a solution that doesn't involve taking the controller out of the mix. Shall try that as soon as I get a chance and let you know. – HopelessN00b Nov 13 '12 at 18:44