<div dir="ltr"><span style="font-size:13px">Well in fact I'm not familiar on this system, I'd like to find out what known setup works and are there guides on these setups.</span><div style="font-size:13px"><br></div><div style="font-size:13px">I could tell you how to solve it on an enterprises storage e.g. EMC, but, I'm just started on DRBD.</div><div style="font-size:13px"><br></div><div style="font-size:13px"><br></div><div style="font-size:13px"><br></div><div style="font-size:13px">Ps.: unlocking should be done by usb stick and an keyfile or even better remotely through putty. </div><div style="font-size:13px"><br></div><div style="font-size:13px">The target is to have a encrypted GFS2 Store in an untrusted environment</div><div style="font-size:13px"><br></div><div style="font-size:13px"><br></div><div style="font-size:13px">I'm affraid on reading blogs telling me, that there could be a possible corruption, or showing me only 50 % ot an setup</div><div style="font-size:13px">that finally "should" work</div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-02-02 18:10 GMT+01:00 Digimer <span dir="ltr"><<a href="mailto:lists@alteeve.ca" target="_blank">lists@alteeve.ca</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 02/02/15 12:02 PM, Ivan wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
On 02/02/2015 05:50 PM, Digimer wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I see no particular problem with this. I use DRBD -> Clustered LVM -><br>
GFS2 all the time. If you wanted to add LUKS, I'd probably do it as DRBD<br>
-> Clustered LVM -> LUKS'ed LV -> GFS2.<br>
</blockquote>
<br>
I'm not sure that two (or more) LUKS partitions are identical given<br>
exactly the same cleartext content and the same keys. There must be some<br>
kind of sector randomization when writing data to make cryptoanalysis<br>
harder, so it makes me think that it's not the case (that would require<br>
testing though).<br>
If I'm right, I don't see how DRBD could work in that setup. (or maybe I<br>
just need more sleep).<br>
</blockquote>
<br></span>
LUKS is working on the LV, which will be backed by the PV on DRBD. DRBD doesn't know data, so it will simply replicate the LUKS structure faithfully to both nodes.<br>
<br>
Remember, for all intent and purpose, there is only one device/luks partition. DRBD is really no different from LUKS on /dev/mdX devices in this regard.<span class="im HOEnZb"><br>
<br>
-- <br>
Digimer<br>
Papers and Projects: <a href="https://alteeve.ca/w/" target="_blank">https://alteeve.ca/w/</a><br>
What if the cure for cancer is trapped in the mind of a person without access to education?<br></span><div class="HOEnZb"><div class="h5">
______________________________<u></u>_________________<br>
drbd-user mailing list<br>
<a href="mailto:drbd-user@lists.linbit.com" target="_blank">drbd-user@lists.linbit.com</a><br>
<a href="http://lists.linbit.com/mailman/listinfo/drbd-user" target="_blank">http://lists.linbit.com/<u></u>mailman/listinfo/drbd-user</a><br>
</div></div></blockquote></div><br></div>