|Main Archive Page > Month Archives > drbd-user archives|
On 2010-03-04 16:55, Lars Ellenberg wrote:
> On Mon, Mar 01, 2010 at 01:16:52PM +0100, Christian Iversen wrote:
>> On 2010-02-27 18:57, Dawid Marcin Grzesiak wrote:
>>> I just wonder if I can use DRBD to asynchronously mirror two block
>>> devices locally.
>>> For example I want to have a primary (dedicated, so quite secure) server
>>> and on the other hand secondary (VPS, so quite insecure).
>>> I want to mirror block devices, but I want to keep it encrypted on VPS,
>>> but not on dedicated server.
>>> Sure I can set encrypted partition up on VPS and share it via DRBD, but
>>> then the encryption key will need to be entered and will be stored in
>>> the RAM on VPS.
>>> Better is to map plain block device from secondary server on the primary
>>> server, setup the encrypted partition there (thus encryption key never
>>> leave the primary server) and then setup data mirroring locally.
>>> I imagine that it is possible with NBD and RAID, but:
>>> 1. I'm worrying if NBD network protocol is stable enough.
>>> 2. This will be synchronized mirroring.
>>> 3. What about resynch? Is it have intelligent algorithm to make it fast
>>> and save bandwidth?
>>> Is it possible with DRBD?
>> In a sense, yes.
>> You can set up the VPS to export your block device with iSCSI.
>> Then use an iSCSI-client on your server, to import your block device
>> into your local (primary) servers namespace. There, you use
>> cryptsetup with LUKS to give access to the decrypted block device.
>> Then just use DRBD between "/dev/localdisk" and
>> This should work fine, albeit probably slowly.
>> If you don't know iSCSI, it's kind of like NBD but 100 times better :)
> Others would put this the other way around.
> Probably a matter of preference, requirements and environment.
Well, maybe. I've tried both, and for our uses, iSCSI fit much better.
> Also, DRBD is for replication between two nodes,
> not for replication between two block devies on the same node.
> So if that is what you are up to, you rather want to
> look at sofware raid more closely again.
> man mdadm, specifically: bitmap, write-mostly, write-behind ...
Well, true. And I agree it's an odd use case.
There could be some advantages to using local/local DRBD though. Namely,
it would be very easy to switch to the classic local/remote DRBD, or
even a crazy remote/remote over double iSCSI. Who knows? I thought it
sounded like a fun idea to try.
> Yes, we are not only about DRBD.
> We know some other stuff as well ;-)
> Just use the right tool for the job.
Indeed, always useful advise :)
P.S: Have you thought about setting a Reply-To-header? I'm almost
responding to the auther every time.
-- Med venlig hilsen Christian Iversen _______________________________________________ drbd-user mailing list firstname.lastname@example.org http://lists.linbit.com/mailman/listinfo/drbd-user