On 04/30/2018 10:05 AM, Steven Haigh wrote:
On 2018-04-30 18:02, Ondrej Kozina wrote:
On 04/30/2018 03:52 AM, Steven Haigh wrote:
Hi all,
I've recently deployed a new system and noticed that the backup image
of
a few Windows VMs running on Xen is much larger on the new system than
the older ones - which don't have the luks layer.
The setup is as follows:
2 x Intel 960Gb SSDs
/dev/md1 = mdadm RAID1
/dev/mapper/{uuid} = luks on top of /dev/md1
/dev/vg_* = lvm on top of luks
I create the backup by creating an LVM snapshot of the LV, then using
dd
to copy that snapshot to a file - piping through pigz on the way.
I have noticed that since moving to SSDs and luks between the RAID and
LVM layers, the backup size for a ~50Gb windows system has increased
from ~12Gb to ~42Gb.
dm-crypt (kernel) doesn't allow discards pass-down by default. You may
override it by adding --allow-discards parameter to cryptsetup open or
luksOpen commands.
If you have cryptsetup >= 2.0 and you also use LUKS2 on-disk format,
you may store this flag (--allow-discards) in LUKS2 metadata so that
it's applied on every device activation later.
cryptsetup open /dev/md1 <crypt_name> --allow-discards --persistent.
Later, whenever you activate the device (by systemd service or
manually) the --allow-discards flag is applied automatically and you
don't have to add it yourself.
See cryptsetup status <crypt_name> output if the discards are allowed
for the device.
For the record, I did add 'luks,discard' to /etc/crypttab
Is this still correct?
What does 'cryptsetup status' show? It may be blocked in different
device, not only in dm-crypt... If discards granularity sent from VM
doesn't fit some device in stack it gets dropped on the way.
O.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt
