Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
Am 12.12.2012 12:49, schrieb Felix Frank: > Hi, > > On 12/12/2012 12:30 PM, Andreas Heinlein wrote: >> Hello, >> >> I am currently planning a migration of a one-machine setups to a >> two-machine-cluster. Part of it will be migrating existing data to DRBD, >> and I hope you can help me with this. >> >> The current storage layout looks like this: >> >> ext4 -> LVM -> LUKS/dm_crypt -> mdadm raid -> sda2/sdb2 >> >> That is, we have a software raid (level 5), which is encrypted using >> LUKS. The encrypted device is PV for the LVM, which has one VG and >> multiple ext4 formatted LVs. > Sorry, I know this isn't the issue at hand but - RAID5? With two disks? > It's sort of begging the question ;-) Whoops... forgot sdc2, of course :-) > >> I'd like to add DRBD like this: >> >> ext4 -> LVM -> LUKS/dm_crypt -> DRBD -> mdadm raid -> sda2/sdb2 >> >> My primary goal is to let only one machine do the encryption (which will >> be a new machine with AESNI) and then have DRDB distribute that >> encrypted data to two machines. > That sounds quite reasonable to me. > >> Is this possible, and how would I go about migrating the existing setup >> without losing any data? As I understand it, you would have to create a >> DRBD device with /dev/md0 as lower-level device on each machine. Then >> you would have to change the LUKS setup to open /dev/drbd0 as encrypted >> device; from then on the LVM layer should see no difference, since it is >> still using /dev/mapper/<crypted_volume> as PV, right? >> >> What about metadata in this setup? Where would/could DRBD store it in >> this case? Do some of DRBDs features like checksum-based replication >> make sense in such a setup? > Metadata is a good keyword here. You may just want to take the easy path > and find an external meta disk (e.g. another partition on sda or sdb or > both or whetver :-) > That way you're free of the hassle of arranging internal metadata in a > way that won't compromise your encrypted volume. I think it would be possible to create a new mdraid with sda3/sdab3/sdc3 to hold the metadata on both ends. > > I'm not familiar with checksum-based replication. Is that a thing? Are > you not confusing it with checksum based syncing? > If it *is* a thing, I sort of doubt you'd be gaining much, because I > imagine that encrypted block storage is prone to relatively large > changes on disk. But I may be completely off track there. Yes, I confused something here. Forget about this one... > > Seeing as performance is obviously not an issue at all in your setup, I > disbelieve that you will have to be especially careful about your DRBD > setup. Well, depends on what you call 'performance'. How'd you get this idea? I'd like to be at least able to saturate a 1GBit/s link with this setup, which software-encryption on the current machine definitely does not. Thanks for your help! Andreas