[dm-crypt] shared block devices

[dm-crypt] shared block devices

[Michael Zabriskie]

By what I've been able to find online and what is in the man page for
cryptsetup:

"--non-exclusive
    This option is ignored. Non-exclusive access to the same block
device can cause data corruption thus this mode is no longer supported
by cryptsetup."

I have been able to gather that a shared block device type setup is not
supported. I.E. luks + clvm + gfs2, luks + asm, or luks + ocfs2 shared
across multiple servers. So what I am wondering is if this is on the
road map or if there is another open source technology out there that
can accomplish this?

Thanks.
-Michael

Re: [dm-crypt] shared block devices

[Milan Broz]

On 03/30/2011 07:29 PM, Michael Zabriskie wrote:
 
> I have been able to gather that a shared block device type setup is not
> supported. I.E. luks + clvm + gfs2, luks + asm, or luks + ocfs2 shared
> across multiple servers. So what I am wondering is if this is on the
> road map or if there is another open source technology out there that
> can accomplish this?

If you have LUKS device and mapped (plaintext) device is exported
through iSCSI/DRBD or whatever to several cluster nodes, it will work
(and use some clustered fs, or maybe clvmd on top of that).
(IOW encryption run only on some master server.)

What you cannot do is to map the underlying device on several nodes
and run LUKS on every node separately (in parallel).
(In principle, with proper barrier/flush support and clustered
fs on top it,  it should work but nobody tests and support these
configurations.) 

Or you have to open exactly on one node and migrate it as service
(similar to HA LVM mode).

(That --non-exclusive option was to map one underlying device to
several mappings on _one_ system, nothing to do with clustered
system.)

Anyway, what is the use case here?

Milan