Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
On 02/02/15 12:02 PM, Ivan wrote: > > > On 02/02/2015 05:50 PM, Digimer wrote: >> I see no particular problem with this. I use DRBD -> Clustered LVM -> >> GFS2 all the time. If you wanted to add LUKS, I'd probably do it as DRBD >> -> Clustered LVM -> LUKS'ed LV -> GFS2. > > I'm not sure that two (or more) LUKS partitions are identical given > exactly the same cleartext content and the same keys. There must be some > kind of sector randomization when writing data to make cryptoanalysis > harder, so it makes me think that it's not the case (that would require > testing though). > If I'm right, I don't see how DRBD could work in that setup. (or maybe I > just need more sleep). LUKS is working on the LV, which will be backed by the PV on DRBD. DRBD doesn't know data, so it will simply replicate the LUKS structure faithfully to both nodes. Remember, for all intent and purpose, there is only one device/luks partition. DRBD is really no different from LUKS on /dev/mdX devices in this regard. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education?