Don't know about your particlar setup, but I have several RAID1 (including two 3-way and one with an SSD) below dm-crypt. Works pretty well. The main question I see is what you want with the encrypton. Of course, you can blanket encrypt everything, wich seems to be what you want, except for /boot. Personally, I want it the other way round, but I have not allways all encrypted devices mapped and different passphrases for them. Arno On Thu, Mar 10, 2011 at 07:06:31PM +0100, Robert.Heinzmann@xxxxxxxxxxxxxxx wrote: > Hello list, > > I have a more general question regarding dm_crypt. > > Q: What is the best way to incorporate dm_crypt in a production ready device stack ? > > Summing I have multipathing (optional) and I want flexible storage management with pvresize, multiple filesystems and everything (e.g. in "the clouds") LVM is the way to go. So my ideal (and working) setup would look like this: > > Filesystem: [ /boot ] [ / ] [ /var ] > LVM [ ] [ lv1 ] [ lv2 ] > LVM [ ] [ vg (RootVG) ] > LVM [ ] [ pv ] > Crypt: [ ] [ DM_CRYPT ] > Partition: [ part1 - (boot) ] [ part2 ] > SCSI: [ Block Device ] > DMMP: [ Path1 ][ Path2 ] (Optional Layer) > Disk: [ LUN ] > > Do you see any problems (from the dm_crypt side) with this setup in terms of deadlocks, or unsupported stacking or is this a "supposed to work" configuration ? > > I know that device mapper always causes performance penalty because of missing barrier support (earlier Kernels) and I/O splitting in 4k units, however I have a BBU, so not a problem really and performance penalty is allowed. > > I have seen that the split to 4k causes latency to increase dramatically, however this seems to be a "minor" issue also (altought no solution so far). > > Mit freundlichen Gr??en / Kind Regards > Robert Heinzmann > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
