[DRBD-user] drbd and LVM -> always getting duplicate volumes (was: can't use LVM2 on drbd devices)

Tomasz Chmielewski mangoo at wpkg.org
Sun Jan 27 16:28:08 CET 2008

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.


Lars Ellenberg schrieb:

(...)

>>> you could also use dm-crypt on top of drbd,
>>> instead of below it? I guess that would be the easiest way.
>> Indeed, but not in this setup.
>> Here, the whole disk is encrypted, but only a part of it is replicated 
>> with DRBD.
>> Of course I could partition the disk into parts encrypted separately, 
>> but then it's harder to maintain.
> 
> btw.
> there probably is a (policy?) reason that the whole disk is encrypted.

Yes, one machine is placed in a (possibly insecure) rented datacentre.

Starting a machine located in a possibly insecure place, in a secure 
way, is another thing of course.


> if you have drbd above the decryption layer,
> then drbd replicates _cleartext_,
> which probably was not intended to leave the machine.
> if you have however the drbd below,
> it is all crypted traffic again,
> because drbd then neve ever sees cleartext.

The whole transmission is using VPN, so no problem here.



-- 
Tomasz Chmielewski
http://wpkg.org



More information about the drbd-user mailing list