Thanks Lars - will digest your response a bit, get back - appreciate the help!
-Original Message-
From: Lars Ellenberg lars.ellenb...@linbit.com
To: pacemaker pacemaker@oss.clusterlabs.org
Sent: Wed, Mar 6, 2013 5:40 am
Subject: Re: [Pacemaker] Pacemaker DRBD as Physical Volume on Encrypted RAID1
On Mon, Mar 04, 2013 at 04:27:24PM -0500, senrab...@aol.com wrote:
Hi All:
We're new to pacemaker (just got some great help from this forum
getting it working with LVM as backing device), and would like to
explore the Physical Volume option. We're trying configure on top of
an existing Encrypted RAID1 set up and employ LVM.
NOTE: our goal is to run many virtual servers, each in its own
logical volume and it looks like putting LVM on top of the DRBD would
allow us to add logical volumes on the fly, but also have a
simpler setup with one drbd device for all the logical volumes and
one related pacemaker config. Hence, exploring DRBD as a physical
volume.
A single DRBD has a single activity log,
running many virtual servers from there will very likely cause
the worst possible workload (many totally random writes).
You really want to use DRBD 8.4.3,
see https://blogs.linbit.com/p/469/843-random-writes-faster/
for why.
Q: For pacemaker to work, how do we do the DRBD disk/device mapping
in the drbd.conf file? And should we set things up and encrypt last,
or can we apply DRBD and Pacemaker to an existing Encypted RAID1
setup?
Neither Pacemaker nor DRBD do particularly care.
If you want to stack the encryption layer on top of DRBD, fine.
(you'd probably need to teach some pacemaker resource agent to start
the encryption layer).
If you want to stack DRBD on top of the encryption layer, just as fine.
Unless you provide the decryption key in plaintext somewhere, failover
will likely be easier to automate if you have DRBD on top of encryption,
so if you want the real device encrypted, I'd recommend to put
encryption below DRBD.
Obviously, the DRBD replication traffic will still be plaintext in
that case.
The examples we've seen show mapping between the drbd device and a
physical disk (e.g., sdb) in the drbd.conf, and then pvcreate
/dev/drbdnum and creating a volume group and logical volume on the
drbd device.
So for this type of set up, drbd.conf might look like:
device/dev/drbd1;
disk /dev/sdb;
address xx.xx.xx.xx:7789;
meta-disk internal;
In our case, because we have an existing RAID1 (md2) and it's
encrypted (md2_crypt or /dev/dm-7 ... we're unsure which partition
actually has the data), any thoughts on how to do the DRBD mapping?
E.g.,
device /dev/drbd1 minor 1;
disk /dev/???;
address xx.xx.xx.xx:7789;
meta-disk internal;
I.e., what goes in the disk /dev/?;? Would it be disk
/dev/md2_crypt;?
Yes.
And can we do our setup on an existing Encrypted RAID1 setup
Yes.
(if we do pvcreate on drbd1, we get errors)?
Huh?
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
___
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
___
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
