> On the migration issue, I do not understand the question. > What is your concern here? > > Arno Hy Arno, thank you for your thoughts. Our concern about live migration from one machine to another is that using dm-crypt on two different machines might produce two different disc values even if to master keys are used. If both machines (they should be running in some kind of parallel mode during live migration) execute the same write-command writing the same data would result in the very same value on disc. Using DRBD would hence not result in write/read problems. We do not fully understand the way dm-crypt/LUKS works so we considered the following situation: Machine M1 is writing to decrypted disk DV1, dm-crypt is writing this data encrypted to PV1. This is done by generating a random key (RK1) used for encrypting the data D itself which is again encrypted by the master key (MK) and written to a special location on the disc (probably the first bytes of the sector). Now M2 was parallel writing the same data D to that sector before, using its own RK2. Now even if both disks have the same MK (which under any circumstances should be the case if we would be using the second setup). But due to the difference RK2 and RK1 both machines would write different data to disk and hence might run into a problem when DRBD synchronizes the data. This was the scenario we thought about (not knowing if dm-crypt/LUKS is using such randomized sector keys) but there might be other problems using dm-crypt outside the VM but above DRBD. Hope that helps to understand our considerations. Thank You B. Lehr & M. Müller _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
