From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 10 Mar 2011 19:57:40 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch [84.74.164.239]) by v4.tansi.org (Postfix) with ESMTPA id E943D2051C3 for ; Thu, 10 Mar 2011 19:57:39 +0100 (CET) Date: Thu, 10 Mar 2011 19:57:39 +0100 From: Arno Wagner Message-ID: <20110310185738.GA3908@tansi.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Question on Disk Layout (Stacking supported ?) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Don't know about your particlar setup, but I have several RAID1 (including two 3-way and one with an SSD) below dm-crypt. Works pretty well. The main question I see is what you want with the encrypton. Of course, you can blanket encrypt everything, wich seems to be what you want, except for /boot. Personally, I want it the other way round, but I have not allways all encrypted devices mapped and different passphrases for them. Arno On Thu, Mar 10, 2011 at 07:06:31PM +0100, Robert.Heinzmann@deutschepost.de wrote: > Hello list, > > I have a more general question regarding dm_crypt. > > Q: What is the best way to incorporate dm_crypt in a production ready device stack ? > > Summing I have multipathing (optional) and I want flexible storage management with pvresize, multiple filesystems and everything (e.g. in "the clouds") LVM is the way to go. So my ideal (and working) setup would look like this: > > Filesystem: [ /boot ] [ / ] [ /var ] > LVM [ ] [ lv1 ] [ lv2 ] > LVM [ ] [ vg (RootVG) ] > LVM [ ] [ pv ] > Crypt: [ ] [ DM_CRYPT ] > Partition: [ part1 - (boot) ] [ part2 ] > SCSI: [ Block Device ] > DMMP: [ Path1 ][ Path2 ] (Optional Layer) > Disk: [ LUN ] > > Do you see any problems (from the dm_crypt side) with this setup in terms of deadlocks, or unsupported stacking or is this a "supposed to work" configuration ? > > I know that device mapper always causes performance penalty because of missing barrier support (earlier Kernels) and I/O splitting in 4k units, however I have a BBU, so not a problem really and performance penalty is allowed. > > I have seen that the split to 4k causes latency to increase dramatically, however this seems to be a "minor" issue also (altought no solution so far). > > Mit freundlichen Gr??en / Kind Regards > Robert Heinzmann > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier