[DRBD-user] Best practice: drbd+lvm+gfs2+dm-crypt on dual primary

Digimer lists at alteeve.ca
Mon Feb 2 18:10:03 CET 2015

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.


On 02/02/15 12:02 PM, Ivan wrote:
>
>
> On 02/02/2015 05:50 PM, Digimer wrote:
>> I see no particular problem with this. I use DRBD -> Clustered LVM ->
>> GFS2 all the time. If you wanted to add LUKS, I'd probably do it as DRBD
>> -> Clustered LVM -> LUKS'ed LV -> GFS2.
>
> I'm not sure that two (or more) LUKS partitions are identical given
> exactly the same cleartext content and the same keys. There must be some
> kind of sector randomization when writing data to make cryptoanalysis
> harder, so it makes me think that it's not the case (that would require
> testing though).
> If I'm right, I don't see how DRBD could work in that setup. (or maybe I
> just need more sleep).

LUKS is working on the LV, which will be backed by the PV on DRBD. DRBD 
doesn't know data, so it will simply replicate the LUKS structure 
faithfully to both nodes.

Remember, for all intent and purpose, there is only one device/luks 
partition. DRBD is really no different from LUKS on /dev/mdX devices in 
this regard.

-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without 
access to education?



More information about the drbd-user mailing list