[dm-crypt] LUKS in failover cluster
arno at wagner.name
Sat Oct 8 06:52:32 CEST 2011
On Fri, Oct 07, 2011 at 05:54:48PM -0700, Sohl, Jacob (LNG-SEA) wrote:
> Hi all,
> I've been working on a design for an encrypted fileserver using RHEL6.x.
> On a single server the stack is pretty simple:
> SAN LUNs > LUKS > LVM > XFS > Samba Server
> But I would like to have a second node for High-Availability failover
> (SAN storage is available to both nodes). I'm looking at Red Hat Cluster
> Suite with corosyn, rgmanager. rgmanager has the ability to manage LVM,
> XFS and Samba resources. In the event of node failure, it will migrate
> all resources to the healthy node. But the resources are only available
> if the SAN volumes are decrypted:
> cryptsetup luksOpen /dev/sdc1 crypt_vol
> Is it possible to have the raw volumes decrypted on both systems, maybe
> during boot. So the LUKS device (/dev/mapper/crypt_vol) will be
> available on the backup node in the event of primary node failure. The
> other resources - LVM, XFS, Samba - would only be on one node at a time,
> so no filesystem access from the passive node. If this is not possible
> then can you suggest another solution?
You can map ("decrypt") the devices and never use them. The
LVM/mount/whatever is completely optional.
In fact the mapper tool (cryptsetup) does nothing except
to decrypt the raw encrypted device to a raw decrypted device
> Also, scalability is a requirement in my design, hence XFS. I was
> thinking I needed to use multiple LUKS PVs in LVM to grow the
> filesystem. But I would end up with multiple LUKS devices to keep track
> of. I recently found out that LUKS can resize.
LUKS _cannot_ resize. The thing is that LUKS does not care about
device size. So if you enlarge a device/partition with an intact
LUKS header, "cryptsetup luksOpen" will just map the larger
If you have multiple devices, you can "slave" the additional ones
to a "master" device using something like "decrypt_derived".
This just takes the master key from the opened "master" container,
runns it though a hash and uses this as key for the "slave"
> Would it be better to
> create one LUKS device on top of LVM? Then create a filesystem on that?
> (Though that would affect resource dependencies.)
Sre you sure you need LVM at all?
> But basically:
> SAN LUNs > LVM > LUKS > XFS > Samba Server
> Other people will be accessing/managing this system, so I want
> manageability through simplicity.
Hence the question whether you actually need LVM.
It strikes me that typically LVM is not needed and
just complicates matters.
> Don't want to have the wrong volumes
> (re)encrypted, headers damaged, etc.
I think this setup is already too complicated for most people
to manage. A full backup should be part of your plans.
Resize with backup is actually easier, as you can just
backup, kill everything and do a clean new config.
> Anyways, thanks for your help.
Just to make sure: You _have_ read the FAQ?
> Jacob Sohl | Systems Engineer
> Applied Discovery(r)
> Mobile: 360-620-2695
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt