2009/1/22 Duncan <[email protected]>: > Richard Freeman <[email protected]> posted [email protected], > excerpted below, on Thu, 22 Jan 2009 11:23:56 -0500: > >> All of this assumes that luks contains no bugs. If the encryption layer >> botches your data all bets are off. That happened to me with lvm - I >> managed to hose half my system that way (an fsck on one logical volume >> managed to hose all the other logical volumes in the same volume group). >> It is a rare problem, but I'm now just running on bare md devices >> (and just running on md gives me some options for expanding storage >> later). > > Hmm, interesting. I run my main system and a backup image of same direct > on partitioned mdp/RAID (RAID doesn't cure the fat-finger or botched > upgrade problem, that's what the backup image is for), so I have all my > applications available without lvm, but I use lvm2 on top of RAID for > most of my data partitions and their backups. I've never had a problem > with that using reiserfs on lvm2 on RAID-6 here, nor have I heard of > anyone else having that sort of problems with lvm, at least not since the > lvm2 era. > > The problems I've had with LVM are simply its inconvenience and > administration complexity when there are layers on layers, since there's > no way to put / on it without using an initramfs/initrd, which I didn't > want to use. The partitioned RAID is nice in that regard since the > kernel can handle that directly. If I were to redo it today, I'd > consider eliminating the LVM2 layer for the data for that reason alone. > well, i think that the lvm2 layer is still good even when used on a single disk. especially when you don't know how the partitions would look like. i've had big time saves by resizing lvm2 array than copying, removing partitions, recreating them and then recopying files into the newer ones. as for the / i'm considering using / + /boot on a usb disk (nowadays booting from usb devices is no pain) and would prevent me from exposing ciphered luks data. it's true that loosing the key would mean a total disaster, but it's simpler to have 2-3 2gb usb keys (which mean about 20-30€) as root and have an entire luks+raided partition. if you'd were to go even further putting another external usb key as authentication key for the encrypted partion would be even more secure.
-- dott. ing. beso
