So it was possible to use one of the other keyslots to open the encryption?

No it wasn't. Luckely the luks parition was still mounted on my system so im making a backup, recreating the partiiton and the restoring ...

I found an article from RedHat on how to restore a luks1 partitions keys while it is still mounted but this isn't possible with luks2 :/

Just to give you an update. The other keyslot was the key i added earlier for testing which i removed ... So its time for me to copy over a lot of data to another system en recreate the luks volume. Thanks for your help!

Thanks for your response!

I will give it a try. Have a great rest of your day!

:D while your steps were very clear i think i fked up.

cryptsetup luksAddKey /dev/mapper/raid /etc/crypttab.d/keyfile-data.bin --new-key-slot 1 gave: Device /dev/mapper/raid is not a valid LUKS device.. I assume this is a typo from your end since /dev/md0 is my luks volume. But altering this gave me: slot is already in use kind of error.

That can be explained since i tested something simular like you suggested earlier. Afterwhich i removed my key i generated and added to the volume. Then i did cryptsetup luksRemoveKey /dev/md0.

Now when i try to add it i get No key available with this passphrase.

I don't have enough knowledge about cryptsetup to know what excactly i did wrong.

Do you by any change have an explaination?

In case this is usefull:

[root@nfs-rocky-1 ~]# cryptsetup luksDump /dev/md0
LUKS header information
Version:       	2
Epoch:         	6
Metadata area: 	16384 [bytes]
Keyslots area: 	16744448 [bytes]
UUID:          	485df758-6cec-49e3-aceb-438aaaedc833
Label:         	(no label)
Subsystem:     	(no subsystem)
Flags:       	(no flags)

Data segments:
  0: crypt
    offset: 16777216 [bytes]
    length: (whole device)
    cipher: aes-xts-plain64
    sector: 4096 [bytes]

Keyslots:
  1: luks2
    Key:        512 bits
    Priority:   normal
    Cipher:     aes-xts-plain64
    Cipher key: 512 bits
    PBKDF:      argon2id
    Time cost:  4
    Memory:     1048576
    Threads:    4
    Salt:       17 c5 ff 7f b9 10 43 41 16 5a c8 28 44 b9 df 64
                a8 1d 40 41 9f a1 70 85 34 06 52 8d ba 29 bd ef
    AF stripes: 4000
    AF hash:    sha256
    Area offset:290816 [bytes]
    Area length:258048 [bytes]
    Digest ID:  0
  2: luks2
    Key:        512 bits
    Priority:   normal
    Cipher:     aes-xts-plain64
    Cipher key: 512 bits
    PBKDF:      argon2id
    Time cost:  12
    Memory:     1048576
    Threads:    4
    Salt:       64 97 db 49 f1 18 b9 57 3b 02 53 37 b3 11 8e 44
                71 d1 70 b2 b9 58 4c db e2 6b 36 95 7c dd d2 be
    AF stripes: 4000
    AF hash:    sha256
    Area offset:548864 [bytes]
    Area length:258048 [bytes]
    Digest ID:  0
Tokens:
Digests:
  0: pbkdf2
    Hash:       sha256
    Iterations: 105703
    Salt:       ae ac f1 9f df 47 27 9e 64 28 52 53 9a 9b cd 77
                74 15 66 f6 8b 3c bd f4 29 dc f1 b1 c5 15 3b f6
    Digest:     07 5f 2f 6b d3 c5 bf b6 54 58 5e b4 44 df 8c b8
                2b da fa 5c 40 a5 89 cc 0e 3b 70 69 57 d5 7c f5
[root@nfs-rocky-1 ~]#

Is the /etc/crypttab.d path that you are using specificly chosen or can it be whatever? This path doesn't exists on my system and online i don't see any mentions of it.

I think prometheus + grafana might be what you are looking for. In combination with loki grafana can also be used for viewing log messages.

Civial war, can recommend

Thanks for your anwser i will look into your links!!!

Oh alright, thanks a lot for your explanation. I learned a lot, im going with the operator route!

Thank you for your help!

I did the step i mentioned above but this wasn't able to solve my issue :(

I meant firewalld im sorry

Ahh i havent hears of that, thank you very much!!!

Yes i do, i did know that but i wanted my config to be easy to copy paste between machines. Still thanks for your input

Oh alright, thanks for explaining!

And does this work for ingress? I searched a little bit around but as far as i understand metallb is for k8s services?

I currently use firewalld is their a diffrents in terms of security ?

Currently I only will need to use it for k8s so kube-vip will do the job for now.

Oh that is actually a great idea thanks!

I doubt many are looking for 8-bay DAS, anything larger than 4-bay you are probably better off with NAS. Many DAS have limited RAID support, which can make having more drives more risky.

But i already have a computer that works well enough, isnt it a waste to completly replace it with a nas?

That is what i currently have setup but cert-manager is giving me a headache and not working correctly so im looking into http instead since its easier to setup