[DRBD-user] DRBD on Encrypted FS

Noah Mehl noah at tritonlimited.com
Thu Oct 6 18:18:08 CEST 2011

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.


Bill,

I have never done the combination, but I have done both DRBD resources, as well as encrpyted PV's.  I can't see any reason why it wouldn't work because with that setup, DRBD would be agnostic to the encryption, and whatever else you're doing...

~Noah

On Oct 6, 2011, at 12:06 PM, Bill Asher wrote:

> Noah, no, I was trying to encrypt the file system during install first and found that doesn't work, so now I'm trying to do the encryption after the drbd resource is created, like you said.
> 
> Has anyone else done this or know that it works?
> 
> Thanks for you response..
> 
> -----Original Message-----
> From: drbd-user-bounces at lists.linbit.com [mailto:drbd-user-bounces at lists.linbit.com] On Behalf Of Noah Mehl
> Sent: Wednesday, October 05, 2011 6:57 PM
> To: drbd-user at lists.linbit.com
> Subject: Re: [DRBD-user] DRBD on Encrypted FS
> 
> Bill,
> 
> I would suggest creating a drbd resource, and then using that as the backing for an encrypted PV.  Is that what you're trying to do?
> 
> ~Noah
> 
> On Oct 5, 2011, at 6:24 PM, Bill Asher wrote:
> 
>> Today I did a little test to see if I could configure DRBD on encrypted LVs and what I found is it didn't work for me... Because the servers are located in a colo, security for the servers is the main reasoning.
>> All seems to go good until I tell DRBD to mirror filerA logical volume(/dev/vg/data) to filerB LV (/dev/vg/data).  I then received errors on the console like this, over and over:
>> 
>> "Block drbd0: open("/dev/vg/data") failed with -16"
>> 
>> I then rebooted to Ubuntu CD to look at the LVs and.. they were all gone. The only thing the partitioner sees is the two partitions I created, one for /boot the other for logical volumes, but all my lvm tables were gone.  I was able to repeat this issue on both my filers.
>> 
>> So my question is..
>> 
>> a) can this even be done, encrypting the filesystem then configureing DRBD
>> b) if encryption can be done, is my approach wrong?
>> 
>> Thank you in advance for your time.
>> 
>> NOTE:  This email, including any attached files, is confidential, may be legally privileged, and is solely for the intended recipient(s).  If you received this email in error, please destroy it and notify us immediately by reply email or phone (636-519-7070).  Any unauthorized use, dissemination, disclosure, copying or printing is strictly prohibited.
>> _______________________________________________
>> drbd-user mailing list
>> drbd-user at lists.linbit.com
>> http://lists.linbit.com/mailman/listinfo/drbd-user
> 
> 
> Scanned for viruses and content by the Tranet Spam Sentinel service.
> _______________________________________________
> drbd-user mailing list
> drbd-user at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/drbd-user
> 
> NOTE:  This email, including any attached files, is confidential, may be legally privileged, and is solely for the intended recipient(s).  If you received this email in error, please destroy it and notify us immediately by reply email or phone (636-519-7070).  Any unauthorized use, dissemination, disclosure, copying or printing is strictly prohibited.




More information about the drbd-user mailing list