[DRBD-user] Best practice: drbd+lvm+gfs2+dm-crypt on dual primary

Ivan ivan at c3i.bg
Mon Feb 2 18:02:33 CET 2015

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.



On 02/02/2015 05:50 PM, Digimer wrote:
> I see no particular problem with this. I use DRBD -> Clustered LVM ->
> GFS2 all the time. If you wanted to add LUKS, I'd probably do it as DRBD
> -> Clustered LVM -> LUKS'ed LV -> GFS2.

I'm not sure that two (or more) LUKS partitions are identical given 
exactly the same cleartext content and the same keys. There must be some 
kind of sector randomization when writing data to make cryptoanalysis 
harder, so it makes me think that it's not the case (that would require 
testing though).
If I'm right, I don't see how DRBD could work in that setup. (or maybe I 
just need more sleep).


>
> This is a concern for any use of LUKS in HA. If you require a
> passphrase, automated recovery will always fail. So you have to put it
> under manual failover, which isn't very HA.
>
> For more specific suggestions, you will need to tell us more about your
> (planned) environment.
>
> On 02/02/15 03:20 AM, Patrick Prilisauer wrote:
>> Hallo to all,
>>
>> I have just started using drbd. Is there a existing best practice or
>> possible issues on this combination?
>>
>> Thanks to all,
>> Br
>>
>>
>> _______________________________________________
>> drbd-user mailing list
>> drbd-user at lists.linbit.com
>> http://lists.linbit.com/mailman/listinfo/drbd-user
>>
>
>



More information about the drbd-user mailing list