[dm-crypt] KISS (was disappearing luks header and other mysteries)
arno at wagner.name
Sun Sep 21 11:58:07 CEST 2014
On Sat, Sep 20, 2014 at 02:29:43 CEST, Sven Eschenberg wrote:
> Well, it is not THAT easy.
Actially it is.
> If you want resilience/availability, you'll need RAID. Now what do you put
> ontop of the RAID when you need to slice it?
And there the desaster starts: Don't slice RAID. It isnot a good
> Put a disklabel/partition on
> top of it and stick with a static setup or use LVM which can span multiple
> RAIDs (and types) supports snapshotting etc. . Depending on your needs and
> usage you will end up with LVM in the end. If you want encryption, you'll
> need a crypto layer (or you put it in the FS alongside volume slicing).
> Partitions underaneath the RAID, not necessary if the RAID implementation
> can subslice physical devices and arrange for different levels on the same
> disk. Except unfortunately, when you need a bootloader.
> I don't see any alternative which would be KISS enough, except merging the
> layers to avoid collissions due to stacking order etc. . Simple usage and
> debugging for the user, but the actual single merged layer would be
> anything but KISS.
You miss one thing: LVM breaks layereing and rather badly so. That
is a deadly sin. Partitioning should only ever been done on
monolithic devices. There is a good reason for that, namely that
parition-raid, filesystems and LUKS all respect partitioning per
default, and hence it actually takes work to break the container
LVM rides all over that and hence it is absolutely no surprise
at all that people keep breaking things using it. It is like
a chainsaw without safety features. Until those safety-features
are present and work reliably, LVM should be avoided in all
situation where there is an alternative. There almost always is.
But please, be my guest shooting yourself in the foot all
you like. I will just not refrain from telling you "I told
> On Tue, September 16, 2014 10:07, Arno Wagner wrote:
> > On Tue, Sep 16, 2014 at 08:39:45 CEST, Heinz Diehl wrote:
> >> On 16.09.2014, Boylan, Ross wrote:
> >> > 1. Partition
> >> > 2. RAID
> >> > 3. LVM
> >> > 4. LUKS
> >> > That is decidedly too many. KISS is not even in the building
> >> > anymore with that.
> >> It is. Every single process does one thing. The problem is that most
> >> of the distributions out there automatically install LVM. In my case,
> >> I always chose four primary partitions manually, because they fit my
> >> needs and are simple to manage, while not adding more complexity than
> >> neccessary (/, /boot, /home, swap).
> > The primary indicator that it is too complex is that debugging
> > this fails. There is siome modern "engineering" faction that
> > likes to pile up complexity until things start to fail. This is
> > a symptom.
> > Arno
> > --
> > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
> > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D
> > 9718
> > ----
> > A good decision is based on knowledge and not on numbers. -- Plato
> > If it's in the news, don't worry about it. The very definition of
> > "news" is "something that hardly ever happens." -- Bruce Schneier
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt