[DRBD-user] Moving dm_crypt+LVM to dm_crypt+DRBD+LVM

Felix Frank ff at mpexnet.de
Wed Dec 12 12:49:17 CET 2012

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.

Hi,

On 12/12/2012 12:30 PM, Andreas Heinlein wrote:
> Hello,
> 
> I am currently planning a migration of a one-machine setups to a
> two-machine-cluster. Part of it will be migrating existing data to DRBD,
> and I hope you can help me with this.
> 
> The current storage layout looks like this:
> 
> ext4 -> LVM -> LUKS/dm_crypt -> mdadm raid -> sda2/sdb2
> 
> That is, we have a software raid (level 5), which is encrypted using
> LUKS. The encrypted device is PV for the LVM, which has one VG and
> multiple ext4 formatted LVs.

Sorry, I know this isn't the issue at hand but - RAID5? With two disks?
It's sort of begging the question ;-)

> I'd like to add DRBD like this:
> 
> ext4 -> LVM -> LUKS/dm_crypt -> DRBD -> mdadm raid -> sda2/sdb2
> 
> My primary goal is to let only one machine do the encryption (which will
> be a new machine with AESNI) and then have DRDB distribute that
> encrypted data to two machines.

That sounds quite reasonable to me.

> Is this possible, and how would I go about migrating the existing setup
> without losing any data? As I understand it, you would have to create a
> DRBD device with /dev/md0 as lower-level device on each machine. Then
> you would have to change the LUKS setup to open /dev/drbd0 as encrypted
> device; from then on the LVM layer should see no difference, since it is
> still using /dev/mapper/<crypted_volume> as PV, right?
> 
> What about metadata in this setup? Where would/could DRBD store it in
> this case? Do some of DRBDs features like checksum-based replication
> make sense in such a setup?

Metadata is a good keyword here. You may just want to take the easy path
and find an external meta disk (e.g. another partition on sda or sdb or
both or whetver :-)
That way you're free of the hassle of arranging internal metadata in a
way that won't compromise your encrypted volume.

I'm not familiar with checksum-based replication. Is that a thing? Are
you not confusing it with checksum based syncing?
If it *is* a thing, I sort of doubt you'd be gaining much, because I
imagine that encrypted block storage is prone to relatively large
changes on disk. But I may be completely off track there.

Seeing as performance is obviously not an issue at all in your setup, I
disbelieve that you will have to be especially careful about your DRBD
setup.

Cheers,
Felix

More information about the drbd-user mailing list