[DRBD-user] drbd and LVM -> always getting duplicate volumes (was: can't use LVM2 on drbd devices)

Lars Ellenberg lars.ellenberg at linbit.com
Sun Jan 27 14:14:39 CET 2008

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.

On Tue, Jan 15, 2008 at 09:52:13AM +0100, Tomasz Chmielewski wrote:
> Lars Ellenberg schrieb:
> >>>you did hear about udev and scsi id, did you?
> >>For iSCSI, true, I could use a link like /dev/iscsi/blah -> /dev/sdX and 
> >>put that /dev/iscsi/blah as a filter for lvm.conf.
> >>
> >>dm-crypt devices don't have any ID or anything unique (that I know).
> >
> >you are supposed to be able to pass wanted major/minor numbers to
> >dmsetup. lvm e.g. is able to provide "persistent minors"
> >(persistent major theoretically only "mostly", not strictly, with kernel
> >2.6, though for al practical purposes I found that to be good enough,
> >you get the same major anyways)
> All right, once I figure out how, I'll keep the list updated.
> >>2. On system startup, find out which one of /dev/dm-XY devices is our 
> >>crypted device. How to do it? If the device has unique size, just parse 
> >>the output of fdisk -l. If there are multiple devices with the same 
> >>size, it gets problematic.
> >
> >you could also use dm-crypt on top of drbd,
> >instead of below it? I guess that would be the easiest way.
> Indeed, but not in this setup.
> Here, the whole disk is encrypted, but only a part of it is replicated 
> with DRBD.
> Of course I could partition the disk into parts encrypted separately, 
> but then it's harder to maintain.

there probably is a (policy?) reason that the whole disk is encrypted.
if you have drbd above the decryption layer,
then drbd replicates _cleartext_,
which probably was not intended to leave the machine.
if you have however the drbd below,
it is all crypted traffic again,
because drbd then neve ever sees cleartext.

: commercial DRBD/HA support and consulting: sales at linbit.com :
: Lars Ellenberg                            Tel +43-1-8178292-0  :
: LINBIT Information Technologies GmbH      Fax +43-1-8178292-82 :
: Vivenotgasse 48, A-1120 Vienna/Europe    http://www.linbit.com :
please use the "List-Reply" function of your email client.

More information about the drbd-user mailing list