On Thu, 2012-09-13 at 14:42 -0700, Joshua Baker-LePain wrote: > On Thu, 13 Sep 2012 at 2:30pm, Whit Blauvelt wrote > > > This may be crazy, but has anyone used filesystem encryption (e.g. LUX) > > under Gluster? Or integrated encryption with Gluster in some other way? > > > > There's a certain demand to encrypt some of our storage, in case the > > hypothetical bad guy breaks into the server room and walks out with the > > servers. Is this a case where we can have encryption's advantages _or_ > > Gluster's? Or is there a practical way to have both? > > I haven't, but given that Gluster runs on top of a standard FS, I don't > see any reason why this wouldn't work. Rather than just Gluster on top of > ext3/4/XFS, it would be Gluster on top of ext3/4/XFS on top of an > LUKS encrypted partition. > > The main stumbling block I see isn't Gluster related at all, it's simply > how to do an unattended boot of a system with an encrypted partition... Generally in this scenario, the best solution is to have an un-encrypted root partition and a separate /data partition for gluster in this scenario. If you need to reboot your machine, you'll naturally have to enter a password before the data is available again, but the machine will be "up". HTH, James > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: <http://gluster.org/pipermail/gluster-users/attachments/20120913/38de80f1/attachment.pgp>
