Hi Thomas. Thanks for your answers :) On Tue, Jun 1, 2010 at 5:00 PM, Thomas Bächler <thomas@xxxxxxxxxxxxx> wrote: > I have used both scenarios in the past. The LUKS volume does not know > its payload size, so it will use the maximum space available. Ah nice :-) > In the scenario LVM->dm-crypt: Once you enlarge the underlying LV, you > can either 'cryptsetup resize' or 'cryptsetup luksClose && cryptsetup > luksOpen' for the volume to get the new size. The former does not even > require unmounting the file system. Even nicer. > The scenario dm-crypt->LVM is easier, as there is no extra layer between > the LV and filesystem. Well,... I rethought the whole thing. I still think that RAID should be at the bottom, but then we can have either: a) disk-->RAID-->dm-crypt-->LVM-->fs or b) disk-->RAID-->LVM-->dm-crypt-->fs (a) seems to be more naturally, as LVM is (as you've said) directly below the fs,.. but... if I now add new disk because I want to enlarge the fs,... I'll end up in using at least different master keys, as dm-crypt is below LVM, right? This would be avoided with (b) as far as I understand. > These days, I use LVM on top of dm-crypt. However, a LUKS volume > encrypted with aes-xts-plain should not be bigger than 1TB for security > reasons (I read that here, don't know the exact reason), so this might > be unsuitable for your needs. Oh :-O strange.. Milan, do you have an idea why this is the case? >> 2) I guess at any of the levels from above, one can partition the >> exported block device, right? >> So e.g. partition the physical disks that each has one big sdX1, and >> create the RAID on it _OR_ create the RAID directly on the disk >> withoug partitioning. > I wouldn't rely on partitions, LVM is way more flexible. So what is suggested now? I start e.g. with /dev/sd[a-d],... putting the RAID/MD directly on sd[a-d] or on sd[a-d]1? (I ask because this might have an effect on the alignment thingy) Then the raid gives me the "raid-device" /dev/md0. As I want several LUKS volumes on my RAID (all with different keys) I could now either partition md0, or set up LVM, right? Then on top of the partitions/volumes dm-crypt,... on top of this my filesystems. Milan,... perhaps you can (if you find some time),... help me with the alignment thingy. AFAIK cryptsetup 1.1.1 would automatically support this now with a kernel of at least 2.6.33, right? But does it also work out of the box for RAID/MD, for LVM and for the filesystems (as said I'd like to use ext4 and brtfs)? Or do I have to use special command line switches? And which userspace do I need to use? Does cfdisk work,... or do I have to use fdisk -u? And with -u,... is it then automatically algined or do I have to caculate something? What about that 4MB boundary you've mentioned with SSDs? Last but not least,... any other things I have to take care of? Is there a way to verify, whether the alignment really fits in the end? Once I understand it, I'll happliy try to contribute to the upcoming FAQ :) > (Having /boot > on LVM might not work and require a small partition, depending on the > bootloader) I have boot+bootloader anyway separately on usb-stick. ;-) Thanks in advance, Philippe. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
