[DRBD-user] Moving dm_crypt+LVM to dm_crypt+DRBD+LVM

Andreas Heinlein aheinlein at gmx.com
Wed Dec 12 12:30:20 CET 2012

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.


I am currently planning a migration of a one-machine setups to a 
two-machine-cluster. Part of it will be migrating existing data to DRBD, 
and I hope you can help me with this.

The current storage layout looks like this:

ext4 -> LVM -> LUKS/dm_crypt -> mdadm raid -> sda2/sdb2

That is, we have a software raid (level 5), which is encrypted using 
LUKS. The encrypted device is PV for the LVM, which has one VG and 
multiple ext4 formatted LVs.

I'd like to add DRBD like this:

ext4 -> LVM -> LUKS/dm_crypt -> DRBD -> mdadm raid -> sda2/sdb2

My primary goal is to let only one machine do the encryption (which will 
be a new machine with AESNI) and then have DRDB distribute that 
encrypted data to two machines.

Is this possible, and how would I go about migrating the existing setup 
without losing any data? As I understand it, you would have to create a 
DRBD device with /dev/md0 as lower-level device on each machine. Then 
you would have to change the LUKS setup to open /dev/drbd0 as encrypted 
device; from then on the LVM layer should see no difference, since it is 
still using /dev/mapper/<crypted_volume> as PV, right?

What about metadata in this setup? Where would/could DRBD store it in 
this case? Do some of DRBDs features like checksum-based replication 
make sense in such a setup?

Thanks for your help,

More information about the drbd-user mailing list