-   Linux - Security (
-   -   drbd with cryptsetup (

tripialos 02-13-2013 04:30 PM

drbd with cryptsetup
Hi guys

I want to encrypt my drbd block with cryptsetup.

I know that this is possible since i have seen this implementation in action with my own eyes but unfortunately i wasn`t able to get a tut on how to do this.

I did searched a lot on the web to find some sort of tutorial but at the end i haven't managed to complete the task.

For now my question is:

Do i first need to create a cryptsetup partiotion, and then set the drbd to use the generated cryptsetup partition or

first create the drbd and then use crypt setup.


r0b0 02-15-2013 04:25 AM

You have to have the "underlying" block device active first. So, you have to have your drbd device all created and available on the host first. I don't know if drbd devices are supposed to be partitioned or not but do as is usual for drbd.

After you have your drbd block device available on the host, you can start working with the cryptsetup tool. It will take the drbd device, run its thing on it and it will create a new device (/dev/dm/something) which will be the plain-text equivalent of your device. This will be the device that you will create filesystem on and that you will mount.

tripialos 02-15-2013 01:20 PM

OK, i found the solution to this

1) Create a partition..say hda2
2) Create your LUKS container on the hda2 partition (luksFormat the /dev/hda2)
3) Open and mount the LUKS partition
4) Create your drbd block pointing to the relevant mounted partition

In order to for the above to work the partition must be mounted prior drbd starts

All times are GMT -5. The time now is 03:36 AM.