subject:"Re\: zfs\-geli\-zfs\: opinions\/suggestions"

Re: zfs-geli-zfs: opinions/suggestions

2007-12-27 Thread Jacob Yocom-Piatt


Hugo Silva wrote:

Jacob Yocom-Piatt wrote:

lo all,

have a freebsd 7.0-beta4 machine attached to an external disk 
enclosure and would like feedback on the following setup: have RAID-Z 
on 4 disks, ZFS volume that takes up entire RAID-Z, use ZVOL from 
volume for encryption via geli, use .eli (decrypted) device to make 
another ZFS pool. the idea being "no time/resources wasted doing 
fscks plus encryption sans hardware RAID".


Unless I'm misunderstanding your objective, geli'ing the disks and 
creating a pool ontop of the encrypted disks (zpool create secure 
raidz da0.eli da1.eli da2.eli da3.eli) would also work, and would be 
far easier to maintain. Your data would still be encrypted and you 
would still need to provide the passphrase to make the pool accessible.





this is a fine idea and removes a ZFS layer but i expect it will require 
a short sh script (read input and pipe into loop over disks) unless i 
want to enter a passphrase per disk. if anybody's already got such a 
script, would be nice to have since my script skills are kinda weak.


will geli each of the disks and test it out to see if it is more stable 
than the original config. thanks for your input, hugo!


cheers,
jake



Best regards,

Hugo


translated to commands this reads:

# zpool create p_a raidz /dev/mfid1 /dev/mfid2 /dev/mfid3 /dev/mfid4
# zpool list
NAMESIZEUSED   AVAILCAP  HEALTH ALTROOT
p_a2.72T   4.02G   2.71T 0%  ONLINE -
# zfs create -V 2048g p_a/vol
# geli init -K /root/p_a.key -s 4096 -l 256 /dev/zvol/p_a/vol
# geli attach -k /root/p_a.key /dev/zvol/p_a/vol
# zpool create a /dev/zvol/p_a/vol.eli

i got a reboot while scp-ing some files to /a (only got ~3 GB in) 
from another machine with the above setup. am currently waiting far 
too long for a rm -R  to complete under /a. will test if 
any of this behavior is repeatable.


i welcome opinions or suggestions on the stability of such a setup 
(ZFS-geli-ZFS) and if this is not stable, as the reboot i just 
experienced would indicate, suggestions on alternative configurations 
that allow use of geli and minimize or eliminate fsck time. i do have 
a preference for no hardware RAID since it ties us to a particular 
card. will furnish a proper bug report if the reboots are repeatable 
in the aforementioned scenario.


NOTE: please CC me since i am not yet subscribed to this list

cheers,
jake



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
"[EMAIL PROTECTED]"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: zfs-geli-zfs: opinions/suggestions

2007-12-27 Thread Hugo Silva


Jacob Yocom-Piatt wrote:

lo all,

have a freebsd 7.0-beta4 machine attached to an external disk 
enclosure and would like feedback on the following setup: have RAID-Z 
on 4 disks, ZFS volume that takes up entire RAID-Z, use ZVOL from 
volume for encryption via geli, use .eli (decrypted) device to make 
another ZFS pool. the idea being "no time/resources wasted doing fscks 
plus encryption sans hardware RAID".


Unless I'm misunderstanding your objective, geli'ing the disks and 
creating a pool ontop of the encrypted disks (zpool create secure raidz 
da0.eli da1.eli da2.eli da3.eli) would also work, and would be far 
easier to maintain. Your data would still be encrypted and you would 
still need to provide the passphrase to make the pool accessible.


Best regards,

Hugo


translated to commands this reads:

# zpool create p_a raidz /dev/mfid1 /dev/mfid2 /dev/mfid3 /dev/mfid4
# zpool list
NAMESIZEUSED   AVAILCAP  HEALTH ALTROOT
p_a2.72T   4.02G   2.71T 0%  ONLINE -
# zfs create -V 2048g p_a/vol
# geli init -K /root/p_a.key -s 4096 -l 256 /dev/zvol/p_a/vol
# geli attach -k /root/p_a.key /dev/zvol/p_a/vol
# zpool create a /dev/zvol/p_a/vol.eli

i got a reboot while scp-ing some files to /a (only got ~3 GB in) from 
another machine with the above setup. am currently waiting far too 
long for a rm -R  to complete under /a. will test if any of 
this behavior is repeatable.


i welcome opinions or suggestions on the stability of such a setup 
(ZFS-geli-ZFS) and if this is not stable, as the reboot i just 
experienced would indicate, suggestions on alternative configurations 
that allow use of geli and minimize or eliminate fsck time. i do have 
a preference for no hardware RAID since it ties us to a particular 
card. will furnish a proper bug report if the reboots are repeatable 
in the aforementioned scenario.


NOTE: please CC me since i am not yet subscribed to this list

cheers,
jake



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: zfs-geli-zfs: opinions/suggestions

Re: zfs-geli-zfs: opinions/suggestions

2 matches

Site Navigation

Mail list logo

Footer information