From: "Thomas Bächler" <thomas@archlinux.org>
To: Philippe Cerfon <philcerf@googlemail.com>
Cc: dm-crypt <dm-crypt@saout.de>, Milan Broz <mbroz@redhat.com>
Subject: Re: [dm-crypt] dm-crypt alignment + ssd + raid
Date: Fri, 04 Jun 2010 17:00:05 +0200 [thread overview]
Message-ID: <4C0914F5.4060001@archlinux.org> (raw)
In-Reply-To: <AANLkTik7xJWlSSgswt2-p-71j7bQ3SZq8KGeL2Fn2biu@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2099 bytes --]
Am 04.06.2010 14:31, schrieb Philippe Cerfon:
>> The scenario dm-crypt->LVM is easier, as there is no extra layer between
>> the LV and filesystem.
>
> Well,... I rethought the whole thing.
> I still think that RAID should be at the bottom, but then we can have either:
> a) disk-->RAID-->dm-crypt-->LVM-->fs
> or
> b) disk-->RAID-->LVM-->dm-crypt-->fs
Yes, both are supported.
> (a) seems to be more naturally, as LVM is (as you've said) directly
> below the fs,.. but... if I now add new disk because I want to enlarge
> the fs,... I'll end up in using at least different master keys, as
> dm-crypt is below LVM, right?
> This would be avoided with (b) as far as I understand.
That is correct. I use the dm-crypt->LVM setup on laptops, where a
second disk will never be added. If you expect the LVM to be split over
several VGs, then a per-logical-volume encryption seems more logical.
>>> 2) I guess at any of the levels from above, one can partition the
>>> exported block device, right?
>>> So e.g. partition the physical disks that each has one big sdX1, and
>>> create the RAID on it _OR_ create the RAID directly on the disk
>>> withoug partitioning.
>> I wouldn't rely on partitions, LVM is way more flexible.
> So what is suggested now?
>
> I start e.g. with /dev/sd[a-d],... putting the RAID/MD directly on
> sd[a-d] or on sd[a-d]1?
If you boot from an external medium (as you say below), then I see no
need to even partition the drives. Linux handles sd[a-d] (without
partition table) just fine.
> (I ask because this might have an effect on the alignment thingy)
>
> Then the raid gives me the "raid-device" /dev/md0. As I want several
> LUKS volumes on my RAID (all with different keys) I could now either
> partition md0, or set up LVM, right? Then on top of the
> partitions/volumes dm-crypt,... on top of this my filesystems.
Yes. I don't know how well partitioned md0 is supported. I would prefer
LVM in any case, because it is very flexible - in particular, it does
not rely on a specific physical layout of the volumes.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
next prev parent reply other threads:[~2010-06-04 15:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-01 14:34 [dm-crypt] dm-crypt alignment + ssd + raid Philippe Cerfon
2010-06-01 15:00 ` Thomas Bächler
2010-06-04 12:31 ` Philippe Cerfon
2010-06-04 12:33 ` Philippe Cerfon
2010-06-04 15:00 ` Thomas Bächler [this message]
2010-06-04 16:10 ` Mikko Rauhala
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C0914F5.4060001@archlinux.org \
--to=thomas@archlinux.org \
--cc=dm-crypt@saout.de \
--cc=mbroz@redhat.com \
--cc=philcerf@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.