[linux-lvm] /dev/dm-* or /dev/mapper/*
Edward Siefker
hatta00 at fastmail.fm
Mon Aug 17 00:08:53 UTC 2009
I originally set up raid-luks-lvm on this machine with debian's
installer tool, now I am trying to add another encrypted raid1 device to
the existing volume group. I already have the raid device set up and
encrypted, that's no problem. Now the linux gazette
(http://linuxgazette.net/140/pfeiffer.html) tells me I should run
'pvcreate' on the device in /dev/mapper. However, if I examine my
existing physical volumes with 'pvscan' I get the following:
iblis:/home/hatta# pvscan
PV /dev/dm-0 VG iblis-volumes lvm2 [931.32 GB / 0 free]
Total: 1 [931.32 GB] / in use: 1 [931.32 GB] / in no VG: 0 [0 ]
Apparently I am using /dev/dm-0 instead of /dev/mapper/md1_crypt. I
wondered if these were maybe two names for the same thing, so I checked
ls:
iblis:/home/hatta# ls -ld /dev/dm-0 /dev/mapper/md1_crypt
brw-rw---- 1 root disk 253, 0 2009-08-16 12:02 /dev/dm-0
brw-rw---- 1 root disk 253, 0 2009-08-16 12:02 /dev/mapper/md1_crypt
Same major and minor number, if that means anything. Next I ran
'dmcrypt info' on each:
iblis:/home/hatta# dmsetup info /dev/dm-0
Device /dev/dm-0 not found
Command failed
iblis:/home/hatta# dmsetup info /dev/mapper/md1_crypt
Name: md1_crypt
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 7
Event number: 0
Major, minor: 253, 0
Number of targets: 1
It works on one, and not the other. So they're not the same thing. My
new device 'md2_crypt' corresponds to /dev/dm-8, if I am to trust the
major/minor numbers. Should I run pvcreate on /dev/dm-8 or
/dev/mapper/md2_crypt?
And this is a somewhat broader question. If I have two encrypted
volumes like this in the same volume group, and I have a partition that
spans both physical volumes, what happens when one of those volumes is
not yet unlocked? There is a short time during bootup that md1_crypt is
unlocked and md2_crypt is not yet unlocked. The boot scripts are
definitely doing something with my logical volumes in that period, since
I can use a keyfile in /root (which is in a logical volume on md1_crypt)
to unlock md2_crypt.
This seems dangerous to me, what would happen if I added md2_crypt to
that volume group, and extended that filesystem over both physical
volumes? Is it possible for my keyfile in /root to end up on md2_crypt
and be inaccessible? Suppose I had trouble entering my passphrase 3
times and cryptsetup gave up. What would happen then? Would my system
try to mount a logical volume that only half exists? Could that corrupt
the filesystem?
--
hatta00 at fastmail.fm
--
http://www.fastmail.fm - A fast, anti-spam email service.
More information about the linux-lvm
mailing list