|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
I’ve been working on a design for an encrypted fileserver using RHEL6.x. On a single server the stack is pretty simple:
SAN LUNs > LUKS > LVM > XFS > Samba Server
But I would like to have a second node for High-Availability failover (SAN storage is available to both nodes). I’m looking at Red Hat Cluster Suite with corosyn, rgmanager. rgmanager has the ability to manage LVM, XFS and Samba resources. In the event of node failure, it will migrate all resources to the healthy node. But the resources are only available if the SAN volumes are decrypted:
cryptsetup luksOpen /dev/sdc1 crypt_vol
Is it possible to have the raw volumes decrypted on both systems, maybe during boot. So the LUKS device (/dev/mapper/crypt_vol) will be available on the backup node in the event of primary node failure. The other resources - LVM, XFS, Samba – would only be on one node at a time, so no filesystem access from the passive node. If this is not possible then can you suggest another solution?
Also, scalability is a requirement in my design, hence XFS. I was thinking I needed to use multiple LUKS PVs in LVM to grow the filesystem. But I would end up with multiple LUKS devices to keep track of. I recently found out that LUKS can resize. Would it be better to create one LUKS device on top of LVM? Then create a filesystem on that? (Though that would affect resource dependencies.)
SAN LUNs > LVM > LUKS > XFS > Samba Server
Other people will be accessing/managing this system, so I want manageability through simplicity. Don’t want to have the wrong volumes (re)encrypted, headers damaged, etc.
Anyways, thanks for your help.
Jacob Sohl | Systems Engineer
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
[DM Devel] [Fedora Desktop] [ATA RAID] [Fedora Marketing] [Fedora Packaging] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]