Ok, so basically this is something that is not handled well/not thought
out then by at least LUKS, if what you're saying is the future path to
put headers at the beginning and end of the drive (which with the swap I
indicated this would have the 'end' header in the 'middle' of the drive
as it would have been expanded by the underlaying hardware raid) it's
not something that I would want to put into production use.
At least not until there is a process in place that will allow the user
to tell dmcrypt to re-check the size of the physical volume and update
the headers automatically. (similar to say pvresize for lvm2 or jfs's
resize mount option or xfs_growfs).
Otherwise it would be way too involved when dealing with hundreds of
drives for the administrators.
Thanks.
Steve
From: Arno Wagner <arno@...
<http://gmane.org/get-address.php?address=arno%2dJoEyUyqlpX17tPAFqOLdPg%40public.gmane.org>>
Subject: Re: growing physical volumes that are encrypted?
<http://news.gmane.org/find-root.php?message_id=%3c20090308012003.GB28601%40tik.ee.ethz.ch%3e>
Newsgroups: gmane.linux.kernel.device-mapper.dm-crypt
<http://news.gmane.org/gmane.linux.kernel.device%2dmapper.dm%2dcrypt>
Date: 2009-03-08 01:20:03 GMT (17 hours and 33 minutes ago)
On Sat, Mar 07, 2009 at 02:24:11PM -0600, Steve Costaras wrote:
>
> I change out drives often for various reasons (failure, capacity
> expansion, et al). The idea came up to encrypt all data on the drives
> to mitigate the possibility that when drives leave there is anything on
> them that is usable.
>
> The issue at hand is how does (if at all) dmcrypt will support expansion
> of block devices. Basically, all drives are attached to hardware raid
> controllers. Those controllers present to the OS large volumes (say
> 10TB+) for each 'drive' that dmcrypt would see. This then would get
> put into lvm2 to be carved up as needed. Functionally when we
> outgrow a technology (say 1TB drives with 2TB ones) we would swap out
> the drives in the array. This would make a 10TB 'disk' appear as a
> 20TB disk to dmcrypt. If I use this to encrypt each volume would
> dmcrypt be able to expand to the non-encrypted space or will it just
> flake out when it sees that the drive it's trying to encrypt has changed
> size?
Well, dm-crypt does not care about device size. It en-/de-crypts
one device with the passphrase given. As dm-crypt has no metadate,
the actual device size is not and cannot be stored anywere. It
is also entirely immaterial for its operation.
As far as I remember, the same is true for LUKS. Take care,
however, that there are plans to implement a LUKS header
copy backup at the end of the device.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
arno@... <http://gmane.org/get-address.php?address=arno%2dJoEyUyqlpX2WDMOabwocfg%40public.gmane.org>e
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
