[DRBD-user] dm-crypt on top of DRBD for live migration

Andreas Kurz andreas at hastexo.com
Wed Dec 7 22:17:05 CET 2011

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.


Hello Berengar,

On 12/07/2011 01:30 PM, Berengar Lehr wrote:
> We want to use LVM, dm-crypt and DRBD in a 2-machine setup for KVM.
> 
> We think, a proper setup could be something like this (dm-crypt below DRBD):
> 
> 
>    Machine 1               Machine 2
> 
>       KVM  -> -> -> -> -> ->  KVM
>        |   (live migration)    .
>        |                       .
>       DRBD - - - - - - - - - DRBD
>        |                       |
>       LVM                     LVM
>        |                       |
>     dm-crypt                dm-crypt
>        |                       |
>  Disk/Partition          Disk/Partition
> 
> The KVM guest machines should run on machine 1. Live migration to
> machine 2 should be supported.
> 
> Using this setup, every write to DRBD would be (independently) crypted
> on both machines,
> leading to additional (unnecessary?) cpu load on machine 2 before live
> migrating, and additional
> cpu load on machine 1 after live migration.

We are successfully using exactly this setup ... I describe it in
another post: http://www.gossamer-threads.com/lists/drbd/users/22383#22383

> 
> Could these additional cpu loads be avoided using a setup like this
> (dm-crypt in top of DRBD):
> 
> 
>    Machine 1               Machine 2
> 
>       KVM  -> -> -> -> -> ->  KVM
>        |   (live migration)    .
>        |                       .(b)
>     dm-crypt                dm-crypt
>        |                       |(a)
>       DRBD - - - - - - - - - DRBD
>        |                       |
>       LVM                     LVM
>        |                       |
>  Disk/Partition          Disk/Partition
> 
> In this setup, dm-crypt runs on both machines, too, but is not used on
> machine 2 until KVM
> guests send write-requests after the live migration. So crypting is
> done only by one machine
> at every time point.
> 
> Is such a setup safe and stable?

Looks sane, but never tried for practical reasons: you need to run
cryptsetup for every volume after promoting its underlying DRBD device.
Might be tedious work if you use one device per VM.

To automate this -- e.g. to include this in your Pacemaker HA cluster
setup -- you could use cryptsetup with a keyfile ... the question is for
what reason you want to encrypt your data, as the key needs to be
available on the server or at least on an attached device .... Maybe
someone has a better idea here.

In the first setup you only ever need to run cryptsetup to activate the
PV for your data VG after every reboot. So this is hopefully a rare case.

> 
> What about caching at points (a) or (b) on machine 2?
> Can KVM read cached, outdated data from dm-crypt after live migration?

Flushing all virtual-disk caches during live-migrating is the
responsibility of qemu AFAIK, so I don't expect problems here with
another dm-crypt layer ... please someone correct me who knows more
details on that.

Regards,
Andreas

-- 
Need help with DRBD?
http://www.hastexo.com/now

> 
> Is there a workaround?
> 
> Thank You
> B. Lehr & M. Müller
> 
> --
> Mate ist gesunder Schlaf in Halbliterflaschen
> _______________________________________________
> drbd-user mailing list
> drbd-user at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/drbd-user




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 286 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linbit.com/pipermail/drbd-user/attachments/20111207/d3d7c8b7/attachment.pgp>


More information about the drbd-user mailing list