drbd-user March 2010 archive
Main Archive Page > Month Archives  > drbd-user archives
drbd-user: Re: [DRBD-user] local mirror

Re: [DRBD-user] local mirror

From: Christian Iversen <chrivers_at_nospam>
Date: Sun Mar 07 2010 - 16:43:16 GMT
To: drbd-user@lists.linbit.com

On 2010-03-04 16:55, Lars Ellenberg wrote:
> On Mon, Mar 01, 2010 at 01:16:52PM +0100, Christian Iversen wrote:
>> On 2010-02-27 18:57, Dawid Marcin Grzesiak wrote:
>>> Hi,
>>>
>>> I just wonder if I can use DRBD to asynchronously mirror two block
>>> devices locally.
>>>
>>> For example I want to have a primary (dedicated, so quite secure) server
>>> and on the other hand secondary (VPS, so quite insecure).
>>>
>>> I want to mirror block devices, but I want to keep it encrypted on VPS,
>>> but not on dedicated server.
>>>
>>> Sure I can set encrypted partition up on VPS and share it via DRBD, but
>>> then the encryption key will need to be entered and will be stored in
>>> the RAM on VPS.
>>>
>>> Better is to map plain block device from secondary server on the primary
>>> server, setup the encrypted partition there (thus encryption key never
>>> leave the primary server) and then setup data mirroring locally.
>>>
>>> I imagine that it is possible with NBD and RAID, but:
>>> 1. I'm worrying if NBD network protocol is stable enough.
>>> 2. This will be synchronized mirroring.
>>> 3. What about resynch? Is it have intelligent algorithm to make it fast
>>> and save bandwidth?
>>>
>>> Is it possible with DRBD?
>>
>> In a sense, yes.
>>
>> You can set up the VPS to export your block device with iSCSI.
>>
>> Then use an iSCSI-client on your server, to import your block device
>> into your local (primary) servers namespace. There, you use
>> cryptsetup with LUKS to give access to the decrypted block device.
>>
>> Then just use DRBD between "/dev/localdisk" and
>> "/dev/decrypted-remote-disk".
>>
>> This should work fine, albeit probably slowly.
>>
>> If you don't know iSCSI, it's kind of like NBD but 100 times better :)
>
> Others would put this the other way around.
> Probably a matter of preference, requirements and environment.

Well, maybe. I've tried both, and for our uses, iSCSI fit much better.

> Also, DRBD is for replication between two nodes,
> not for replication between two block devies on the same node.

Agreed :)

> So if that is what you are up to, you rather want to
> look at sofware raid more closely again.
> man mdadm, specifically: bitmap, write-mostly, write-behind ...

Well, true. And I agree it's an odd use case.

There could be some advantages to using local/local DRBD though. Namely,
it would be very easy to switch to the classic local/remote DRBD, or
even a crazy remote/remote over double iSCSI. Who knows? I thought it
sounded like a fun idea to try.

> Yes, we are not only about DRBD.
> We know some other stuff as well ;-)
> Just use the right tool for the job.

Indeed, always useful advise :)

P.S: Have you thought about setting a Reply-To-header? I'm almost
responding to the auther every time.

-- Med venlig hilsen Christian Iversen _______________________________________________ drbd-user mailing list drbd-user@lists.linbit.com http://lists.linbit.com/mailman/listinfo/drbd-user