From: Ondrej Kozina <okozina@redhat.com>
To: peljasz@yahoo.co.uk
Cc: LVM general discussion and development <linux-lvm@redhat.com>
Subject: Re: [linux-lvm] LVM cache/dm-cache questions.
Date: Mon, 29 Aug 2016 13:22:56 +0200 [thread overview]
Message-ID: <08940795-857f-f519-5866-bc1a20f86b3b@redhat.com> (raw)
In-Reply-To: <fda6b9fe-44c6-3274-748a-394a5717c48b@yahoo.co.uk>
On 08/29/2016 11:42 AM, lejeczek wrote:
>
>
> On 26/08/16 15:45, Ondrej Kozina wrote:
>> On 08/26/2016 04:01 PM, lejeczek wrote:
>>> whatever you might call it, it works, luks encrypting,
>>> opening & mounting @boot - so I only wonder (which was my
>>> question) why not cache pool LVs. Is it not supported...
>>> would be great if a developer sees this question, I'm not
>>> sure jut yet about filing a bug report.
>>
>> In general LVM2 doesn't auto-activate or interpret unknown
>> device types. LUKS header is considered unknown from LVM2
>> perspective. Simply put LVM2 doesn't understand LUKS
>> header data. Not sure what you tried to do with cache pool
>> LV, but in my opinion any effort to encrypt (live or
>> detached) cache pool LV may end with severe data
>> corruption...
>>
>> As of now I think you have in general two options:
>>
>> a) encrypt both PVs because obviously if you only encrypt
>> the origin PV you end up with decrypted plaintext data
>> stored in cache pool. Probably this is the exact scenario
>> you were about to avoid?
>>
>> Unfortunately a) is suboptimal with regard to performance
>> since you'd perform the encryption of data blocks twice.
>>
>> Option b): encrypt the top level LV (the one constructed
>> from both cache and origin LV). This way ciphertext would
>> be stored twice in cache PV and origin PV but the
>> encryption would be performed only once.
>>
> gee, guys, thanks Ondrej,
> this I was saying from the beginning did not work - option b
> - does not work. I can Not encrypt top level cache pool LV.
> It does work with any other LV I have, but cache pool fails
> (like I said earlier) with:
>
> Command failed with code 22.
Could you post here 'lsblk' and 'lvs' output together with exact
cryptsetup command you have executed to luksFormat your top level cached
LV? Please add also --debug option among your original cryptsetup options.
Regards
Ondrej
next prev parent reply other threads:[~2016-08-29 11:22 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-12 0:36 [linux-lvm] LVM cache/dm-cache questions sergei
2016-06-20 16:27 ` Brassow Jonathan
2016-06-20 21:34 ` Sergei Franco
2016-08-25 11:51 ` lejeczek
2016-08-25 14:47 ` Xen
2016-08-26 12:45 ` lejeczek
2016-08-26 13:28 ` Xen
2016-08-26 14:01 ` lejeczek
2016-08-26 14:45 ` Ondrej Kozina
2016-08-29 9:42 ` lejeczek
2016-08-29 11:22 ` Ondrej Kozina [this message]
2016-08-29 14:22 ` lejeczek
2016-08-29 15:08 ` Ondrej Kozina
2016-08-30 8:39 ` lejeczek
2016-08-29 16:07 ` Xen
2016-08-26 17:55 ` Xen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=08940795-857f-f519-5866-bc1a20f86b3b@redhat.com \
--to=okozina@redhat.com \
--cc=linux-lvm@redhat.com \
--cc=peljasz@yahoo.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).