Is it possible to create a LUKS encrypted filesystem that is accessible by both nodes of a dual primary DRBD system?
Here is what I tried to do:
- Create two nodes and establish a partition on each with an ext3 filesystem.
- Replicate the partition with dual primary DRBD.
- On one node, create a sparse file on the partition being replicated that is allowed to grow in size up to the capacity of the partition.
- Associate a loop device with the sparse file on each node (DRBD has replicated the sparse file).
- Encrypt the loop device with LUKS format using cryptsetup on one node.
- Open (unlock) the encrypted device on both nodes (opening the device on one node did not open the device on the other node).
- Format the encrypted device with an ext3 filesystem on one node.
- Mount the encrypted device on each node.
Now both nodes have an encrypted filesystem open and mounted. What I expect is that modifications to the encrypted filesystem will appear on both nodes. For example, if I create a file on one on node it should appear on the other node.
The problem I have is that a file created on one node does not appear on the other node while the secure device is open. Modifications to the filesystem appear only after I close, then re-open the secure device on each node. This implies that DRBD is copying the underlying blocks, but the LUKS encryption is hiding the updates.
Is LUKS caching the apparent filesystem? If so, is there a way minimize caching? Or is there a completely different way I should go about replicating encrypted data?
I already have this working with primary/secondary DRBD. It is my goal to make the data active on both nodes; thus, my attempt to use primary/primary.
