Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
We want to use LVM, dm-crypt and DRBD in a 2-machine setup for KVM. We think, a proper setup could be something like this (dm-crypt below DRBD): Machine 1 Machine 2 KVM -> -> -> -> -> -> KVM | (live migration) . | . DRBD - - - - - - - - - DRBD | | LVM LVM | | dm-crypt dm-crypt | | Disk/Partition Disk/Partition The KVM guest machines should run on machine 1. Live migration to machine 2 should be supported. Using this setup, every write to DRBD would be (independently) crypted on both machines, leading to additional (unnecessary?) cpu load on machine 2 before live migrating, and additional cpu load on machine 1 after live migration. Could these additional cpu loads be avoided using a setup like this (dm-crypt in top of DRBD): Machine 1 Machine 2 KVM -> -> -> -> -> -> KVM | (live migration) . | .(b) dm-crypt dm-crypt | |(a) DRBD - - - - - - - - - DRBD | | LVM LVM | | Disk/Partition Disk/Partition In this setup, dm-crypt runs on both machines, too, but is not used on machine 2 until KVM guests send write-requests after the live migration. So crypting is done only by one machine at every time point. Is such a setup safe and stable? What about caching at points (a) or (b) on machine 2? Can KVM read cached, outdated data from dm-crypt after live migration? Is there a workaround? Thank You B. Lehr & M. Müller -- Mate ist gesunder Schlaf in Halbliterflaschen