On 06/19/2017 12:40 AM, Scott Marlowe wrote:
> On Sun, Jun 18, 2017 at 2:20 PM, Condor <condor@stz-bg.com> wrote:
>> What I should expect, what is good and bad things that can be happened.
I've run Postgres on a LUKS volume for a few years now and it's all been
pretty quiet. One challenge is you need to supply the password if the
server restarts. Automating that in a way that doesn't simply reveal the
password is tricky.
I'm not using RAID, so I can't speak to combing LUKS + RAID.
If you are on AWS, nowadays they have encrypted EBS volumes which will
do all this for you automatically. If I were setting up this system
today that's probably what I would have used.
> I think the only real test here is to build a luks system, initiate
> some pgbench type runs, wait a minute, run checkpoint and then yank
> out the plug. Run a dozen or so times looking for data corruption.
I think this is really the right answer!
Paul
