On Monday, 30 April 2018 6:41:16 PM AEST Ondrej Kozina wrote:
> On 04/30/2018 10:05 AM, Steven Haigh wrote:
> > On 2018-04-30 18:02, Ondrej Kozina wrote:
> >> On 04/30/2018 03:52 AM, Steven Haigh wrote:
> >>> Hi all,
> >>>
> >>> I've recently deployed a new system and noticed that the backup image
> >>> of
> >>> a few Windows VMs running on Xen is much larger on the new system than
> >>> the older ones - which don't have the luks layer.
> >>>
> >>> The setup is as follows:
> >>> 2 x Intel 960Gb SSDs
> >>>
> >>> /dev/md1 = mdadm RAID1
> >>> /dev/mapper/{uuid} = luks on top of /dev/md1
> >>> /dev/vg_* = lvm on top of luks
> >>>
> >>> I create the backup by creating an LVM snapshot of the LV, then using
> >>> dd
> >>> to copy that snapshot to a file - piping through pigz on the way.
> >>>
> >>> I have noticed that since moving to SSDs and luks between the RAID and
> >>> LVM layers, the backup size for a ~50Gb windows system has increased
> >>> from ~12Gb to ~42Gb.
> >>
> >> dm-crypt (kernel) doesn't allow discards pass-down by default. You may
> >> override it by adding --allow-discards parameter to cryptsetup open or
> >> luksOpen commands.
> >>
> >> If you have cryptsetup >= 2.0 and you also use LUKS2 on-disk format,
> >> you may store this flag (--allow-discards) in LUKS2 metadata so that
> >> it's applied on every device activation later.
> >>
> >> cryptsetup open /dev/md1 <crypt_name> --allow-discards --persistent.
> >>
> >> Later, whenever you activate the device (by systemd service or
> >> manually) the --allow-discards flag is applied automatically and you
> >> don't have to add it yourself.
> >>
> >> See cryptsetup status <crypt_name> output if the discards are allowed
> >> for the device.
> >
> > For the record, I did add 'luks,discard' to /etc/crypttab
> >
> > Is this still correct?
>
> What does 'cryptsetup status' show? It may be blocked in different
> device, not only in dm-crypt... If discards granularity sent from VM
> doesn't fit some device in stack it gets dropped on the way.
/dev/mapper/luks-ab6c52a3-bb2c-472e-9b1b-82a440f77287 is active and is in use.
type: LUKS1
cipher: aes-xts-plain64
keysize: 256 bits
device: /dev/md1
offset: 4096 sectors
size: 1875118720 sectors
mode: read/write
flags: discards
--
Steven Haigh
📧 netwiz@xxxxxxxxx 💻 https://www.crc.id.au
📞 +61 (3) 9001 6090 📱 0412 935 897
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
