Need to extend an LVM volume group backed by encrypted storage?
One of my passions is encryption. Red Hat has some great documentation on various encryption topics (Chapter3 of the RHEL6 Security Guide comes to mind) but there are still tons of things we haven't covered. Here in the support group where I work, we usually only create articles as we work cases -- we have a problem, we find the resolution, and then we write an article about it.
Anyway, enough talking. RE the subject, take a look:
I still need to write up an article breaking down how to resize dm-crypt volumes .. but aside from that, if you have any feedback on the above article, don't hesitate to let us know!
Responses
I'll plead ignorance here, since my "encryption at rest" experience is primarily hardware-based - never really bothered with LUKS because of it.
My first response to the article would be, "what's the advantage of encrypting individual PVs rather than doing the encryption at the volume-level?" Encrypting PVs rather than LVs seems to add a lot of administrative overhead and a lot more potential points of failure? Also seems like, were one to create a RAID-set from individually-encrypted PVs, you'd increase your performance overhead when interacting with such devices (if you had a three-disk stripe of individually-encrypted PVs, you'd be doing three encryption operations per read/write versus just one for a volume-level encryption).
Overall, this seems like one of those places where a vendor would say "only volume-level encryption is supported".
But, again, my response to the article is based on supposition rather than experience.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
