Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
On Tue, Jan 15, 2008 at 09:52:13AM +0100, Tomasz Chmielewski wrote: > Lars Ellenberg schrieb: > > >>>you did hear about udev and scsi id, did you? > >>For iSCSI, true, I could use a link like /dev/iscsi/blah -> /dev/sdX and > >>put that /dev/iscsi/blah as a filter for lvm.conf. > >> > >>dm-crypt devices don't have any ID or anything unique (that I know). > > > >you are supposed to be able to pass wanted major/minor numbers to > >dmsetup. lvm e.g. is able to provide "persistent minors" > >(persistent major theoretically only "mostly", not strictly, with kernel > >2.6, though for al practical purposes I found that to be good enough, > >you get the same major anyways) > > All right, once I figure out how, I'll keep the list updated. > > > >>2. On system startup, find out which one of /dev/dm-XY devices is our > >>crypted device. How to do it? If the device has unique size, just parse > >>the output of fdisk -l. If there are multiple devices with the same > >>size, it gets problematic. > > > >you could also use dm-crypt on top of drbd, > >instead of below it? I guess that would be the easiest way. > > Indeed, but not in this setup. > Here, the whole disk is encrypted, but only a part of it is replicated > with DRBD. > Of course I could partition the disk into parts encrypted separately, > but then it's harder to maintain. btw. there probably is a (policy?) reason that the whole disk is encrypted. if you have drbd above the decryption layer, then drbd replicates _cleartext_, which probably was not intended to leave the machine. if you have however the drbd below, it is all crypted traffic again, because drbd then neve ever sees cleartext. -- : commercial DRBD/HA support and consulting: sales at linbit.com : : Lars Ellenberg Tel +43-1-8178292-0 : : LINBIT Information Technologies GmbH Fax +43-1-8178292-82 : : Vivenotgasse 48, A-1120 Vienna/Europe http://www.linbit.com : __ please use the "List-Reply" function of your email client.