Am Freitag, 2. Januar 2009 19:36:28 schrieb Jens Müller: > Dirk Heinrichs schrieb: > > Just to make sure I understand what you want to do: You have encrypted > > physical volumes which you want to combine into an LVM volume group and > > then put logical volumes into this VG? > > Raid part 1 \ > Raid part 2 >- Raid5 -> /dev/md127 = PV1 > Raid part 3 / > > ...(possibly others)... > PV1 --LVM--> VG1 ---> LV1: \dev\mapper\vg1-crypt > > LV1: \dev\mapper\vg1-crypt --cryptsetup--> \dev\mapper\crypt_pv > > \dev\mapper\crypt_pv = PV2 --LVM--> VG1 ---> (all the partitions) > > Basically, I have one encrypted "physical" volume, but I want to be > flexible ...
If you have one encrypted PV from which you build a VG, then every LV inside
it will automatically be encrypted. So where's the flexibility?
Means:
PV1 --cryptsetup--> PV1_crypt --vgcreate--> VG1 --lvcreate--> LVx
To be able to choose wether to encrypt each LV or not, you need to encrypt at
LV level, like:
PV1 --vgcreate--> VG1 --lvcreate--> LVx --cryptsetup--> LVx_crypt
For the latter I have some scripts ready to create an initramfs which can be
combined with the kernel (It's for EVMS, but it should be easy to adapt to
LVM.
HTH...
Dirk
signature.asc
Description: This is a digitally signed message part.

