Am Freitag, 2. Januar 2009 19:36:28 schrieb Jens Müller: > Dirk Heinrichs schrieb: > > Just to make sure I understand what you want to do: You have encrypted > > physical volumes which you want to combine into an LVM volume group and > > then put logical volumes into this VG? > > Raid part 1 \ > Raid part 2 >- Raid5 -> /dev/md127 = PV1 > Raid part 3 / > > ...(possibly others)... > PV1 --LVM--> VG1 ---> LV1: \dev\mapper\vg1-crypt > > LV1: \dev\mapper\vg1-crypt --cryptsetup--> \dev\mapper\crypt_pv > > \dev\mapper\crypt_pv = PV2 --LVM--> VG1 ---> (all the partitions) > > Basically, I have one encrypted "physical" volume, but I want to be > flexible ...
If you have one encrypted PV from which you build a VG, then every LV inside it will automatically be encrypted. So where's the flexibility? Means: PV1 --cryptsetup--> PV1_crypt --vgcreate--> VG1 --lvcreate--> LVx To be able to choose wether to encrypt each LV or not, you need to encrypt at LV level, like: PV1 --vgcreate--> VG1 --lvcreate--> LVx --cryptsetup--> LVx_crypt For the latter I have some scripts ready to create an initramfs which can be combined with the kernel (It's for EVMS, but it should be easy to adapt to LVM. HTH... Dirk
signature.asc
Description: This is a digitally signed message part.