Re: Any options on crypt+zfs ?
On Sat, April 21, 2012 12:46, Ronald Klop wrote: On Mon, 16 Apr 2012 19:32:43 +0200, Nenhum_de_Nos math...@eternamente.info wrote: hail, I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small capacity though, to test and study if I can make my home server this box and this way. It will be a simple server, three users tops. I followed the handbook and made the geli step on the disks: Geom name: label/zfs1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software UsedKey: 0 Flags: NONE KeysAllocated: 38 KeysTotal: 38 Providers: 1. Name: label/zfs1.eli Mediasize: 160041881600 (149G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: label/zfs1 Mediasize: 160041885184 (149G) Sectorsize: 512 Mode: r1w1e1 all disks are this way (just 4 disks are on geli zfs). would it be faster, if I had geli over zfs, and not the other way (as is now) ? my performance is too low (I know the hardware is not that much, but I compared it to a friend's arm based AP-Router gadget and my setup is when much equal. I have 1.6 GHz Atom and 2GB ram, he has not half this ... I know can't compare arm and x86 clock for clock ...) I'll try to run geli on single disk, to see how much ZFS is impacting on performance, but, is there any other way around ? All I want is RAID5, and FreeBSD has not developed RAID5 from GEOM (AFAIK) since a long time. ZFS is the way people go in recent years. suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geom mirror/stripe to a newer approach that would be supported by FreeBSD. I have an external enclosure for 4 SATA disks (port multiplier included) using 4 disks, another port multiplier 5x1 using now 3 disks, and: ahci1@pci0:13:0:0: class=0x010601 card=0x10601b21 chip=0x06121b21 rev=0x01 hdr=0x00 vendor = 'ASMedia Technology Inc.' class = mass storage subclass = SATA with two eSATA to the Port Multipliers. First try to look for the bottleneck. What is the performance without GELI? And what performance do you want to have? If you want performance, why do you use encryption on low-end hardware? Ronald. Hi Ronald, GELI is it. Without GELI I can get to almost 10MB/s (Fast Ethernet wire speed). But when GELI is on the way, 3MB/s is never reached. well, I don't want to have a gigabit wire speed encrypted file server. All I want is to look for the ways to make mine as fast as it can be. If 2MB/s is the fastest it can go, then I'll see if it is enough or not. I just need to make sure I'm in the fastest config possible. I got to see that Via Padlock and their site says is really fast (wouldn't they ?!), so I'm trying to get a board from them to see it myself. But first I need to get rid of the atom board, as this is my home, I can't have so many machines :) thanks for all, matheus thanks, matheus machine: ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) Copyright (c) 1992-2012 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) CPU: Genuine Intel(R) CPU@ 1.60GHz (1600.04-MHz K8-class CPU) Origin = GenuineIntel Id = 0x20661 Family = 6 Model = 26 Stepping = 1 Features=0xbfe9fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x40e3bdSSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE AMD Features=0x20100800SYSCALL,NX,LM AMD Features2=0x1LAHF TSC: P-state invariant, performance statistics real memory = 2147352576 (2047 MB) avail memory = 2046488576 (1951 MB) MPTable: Soekris net6501 Event timer LAPIC quality 400 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 ioapic0: Assuming intbase of 0 ioapic0 Version 2.0 irqs 0-23 on motherboard kbd0 at kbdmux0 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: software crypto on motherboard ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style
Re: Any options on crypt+zfs ?
On Mon, 16 Apr 2012 19:32:43 +0200, Nenhum_de_Nos math...@eternamente.info wrote: hail, I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small capacity though, to test and study if I can make my home server this box and this way. It will be a simple server, three users tops. I followed the handbook and made the geli step on the disks: Geom name: label/zfs1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software UsedKey: 0 Flags: NONE KeysAllocated: 38 KeysTotal: 38 Providers: 1. Name: label/zfs1.eli Mediasize: 160041881600 (149G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: label/zfs1 Mediasize: 160041885184 (149G) Sectorsize: 512 Mode: r1w1e1 all disks are this way (just 4 disks are on geli zfs). would it be faster, if I had geli over zfs, and not the other way (as is now) ? my performance is too low (I know the hardware is not that much, but I compared it to a friend's arm based AP-Router gadget and my setup is when much equal. I have 1.6 GHz Atom and 2GB ram, he has not half this ... I know can't compare arm and x86 clock for clock ...) I'll try to run geli on single disk, to see how much ZFS is impacting on performance, but, is there any other way around ? All I want is RAID5, and FreeBSD has not developed RAID5 from GEOM (AFAIK) since a long time. ZFS is the way people go in recent years. suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geom mirror/stripe to a newer approach that would be supported by FreeBSD. I have an external enclosure for 4 SATA disks (port multiplier included) using 4 disks, another port multiplier 5x1 using now 3 disks, and: ahci1@pci0:13:0:0: class=0x010601 card=0x10601b21 chip=0x06121b21 rev=0x01 hdr=0x00 vendor = 'ASMedia Technology Inc.' class = mass storage subclass = SATA with two eSATA to the Port Multipliers. First try to look for the bottleneck. What is the performance without GELI? And what performance do you want to have? If you want performance, why do you use encryption on low-end hardware? Ronald. thanks, matheus machine: ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) Copyright (c) 1992-2012 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) CPU: Genuine Intel(R) CPU@ 1.60GHz (1600.04-MHz K8-class CPU) Origin = GenuineIntel Id = 0x20661 Family = 6 Model = 26 Stepping = 1 Features=0xbfe9fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x40e3bdSSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE AMD Features=0x20100800SYSCALL,NX,LM AMD Features2=0x1LAHF TSC: P-state invariant, performance statistics real memory = 2147352576 (2047 MB) avail memory = 2046488576 (1951 MB) MPTable: Soekris net6501 Event timer LAPIC quality 400 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 ioapic0: Assuming intbase of 0 ioapic0 Version 2.0 irqs 0-23 on motherboard kbd0 at kbdmux0 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: software crypto on motherboard ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Any options on crypt+zfs ?
On 2012-04-16, at 22:54, Nenhum_de_Nos math...@eternamente.info wrote: On Mon, April 16, 2012 22:42, Andriy Bakay wrote: On 2012-04-16, at 13:32 , Nenhum_de_Nos wrote: hail, I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small capacity though, to test and study if I can make my home server this box and this way. It will be a simple server, three users tops. I followed the handbook and made the geli step on the disks: Geom name: label/zfs1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software UsedKey: 0 Flags: NONE KeysAllocated: 38 KeysTotal: 38 Providers: 1. Name: label/zfs1.eli Mediasize: 160041881600 (149G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: label/zfs1 Mediasize: 160041885184 (149G) Sectorsize: 512 Mode: r1w1e1 all disks are this way (just 4 disks are on geli zfs). would it be faster, if I had geli over zfs, and not the other way (as is now) ? my performance is too low (I know the hardware is not that much, but I compared it to a friend's arm based AP-Router gadget and my setup is when much equal. I have 1.6 GHz Atom and 2GB ram, he has not half this ... I know can't compare arm and x86 clock for clock ...) I'll try to run geli on single disk, to see how much ZFS is impacting on performance, but, is there any other way around ? All I want is RAID5, and FreeBSD has not developed RAID5 from GEOM (AFAIK) since a long time. ZFS is the way people go in recent years. suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geom mirror/stripe to a newer approach that would be supported by FreeBSD. I have an external enclosure for 4 SATA disks (port multiplier included) using 4 disks, another port multiplier 5x1 using now 3 disks, and: ahci1@pci0:13:0:0:class=0x010601 card=0x10601b21 chip=0x06121b21 rev=0x01 hdr=0x00 vendor = 'ASMedia Technology Inc.' class = mass storage subclass = SATA with two eSATA to the Port Multipliers. thanks, matheus machine: ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) Copyright (c) 1992-2012 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) CPU: Genuine Intel(R) CPU@ 1.60GHz (1600.04-MHz K8-class CPU) Origin = GenuineIntel Id = 0x20661 Family = 6 Model = 26 Stepping = 1 Features=0xbfe9fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x40e3bdSSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE AMD Features=0x20100800SYSCALL,NX,LM AMD Features2=0x1LAHF TSC: P-state invariant, performance statistics real memory = 2147352576 (2047 MB) avail memory = 2046488576 (1951 MB) MPTable: Soekris net6501 Event timer LAPIC quality 400 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 ioapic0: Assuming intbase of 0 ioapic0 Version 2.0 irqs 0-23 on motherboard kbd0 at kbdmux0 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: software crypto on motherboard -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org The ideal solution will be ZFS with crypto support, but unfortunately this is only available on Oracle Sun 5.11 for now. The GELI is very good, but it is mostly for single device/file image encryption. Each new GELI device in the ZFS mirror/RAIDZ configuration will add extra overhead. GELI on top of ZFS volume/file-backed will be even worse. You could consider PEFS from ports on top of any ZFS pool. PEFS is a kernel level stacked cryptographic filesystem for FreeBSD: http://www.freshports.org/sysutils/pefs-kmod/ http://wiki.freebsd.org/PEFS https://github.com/glk/pefs P.S. ZFS RAIDZ1/RAIDZ2 pool is more sophisticated solution than RAID5/RAID6. Thanks Andriy, I'll read about it. Can I consider this PEFS so stable as GELI ? thanks, matheus -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read
Any options on crypt+zfs ?
hail, I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small capacity though, to test and study if I can make my home server this box and this way. It will be a simple server, three users tops. I followed the handbook and made the geli step on the disks: Geom name: label/zfs1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software UsedKey: 0 Flags: NONE KeysAllocated: 38 KeysTotal: 38 Providers: 1. Name: label/zfs1.eli Mediasize: 160041881600 (149G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: label/zfs1 Mediasize: 160041885184 (149G) Sectorsize: 512 Mode: r1w1e1 all disks are this way (just 4 disks are on geli zfs). would it be faster, if I had geli over zfs, and not the other way (as is now) ? my performance is too low (I know the hardware is not that much, but I compared it to a friend's arm based AP-Router gadget and my setup is when much equal. I have 1.6 GHz Atom and 2GB ram, he has not half this ... I know can't compare arm and x86 clock for clock ...) I'll try to run geli on single disk, to see how much ZFS is impacting on performance, but, is there any other way around ? All I want is RAID5, and FreeBSD has not developed RAID5 from GEOM (AFAIK) since a long time. ZFS is the way people go in recent years. suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geom mirror/stripe to a newer approach that would be supported by FreeBSD. I have an external enclosure for 4 SATA disks (port multiplier included) using 4 disks, another port multiplier 5x1 using now 3 disks, and: ahci1@pci0:13:0:0: class=0x010601 card=0x10601b21 chip=0x06121b21 rev=0x01 hdr=0x00 vendor = 'ASMedia Technology Inc.' class = mass storage subclass = SATA with two eSATA to the Port Multipliers. thanks, matheus machine: ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) Copyright (c) 1992-2012 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) CPU: Genuine Intel(R) CPU@ 1.60GHz (1600.04-MHz K8-class CPU) Origin = GenuineIntel Id = 0x20661 Family = 6 Model = 26 Stepping = 1 Features=0xbfe9fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x40e3bdSSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE AMD Features=0x20100800SYSCALL,NX,LM AMD Features2=0x1LAHF TSC: P-state invariant, performance statistics real memory = 2147352576 (2047 MB) avail memory = 2046488576 (1951 MB) MPTable: Soekris net6501 Event timer LAPIC quality 400 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 ioapic0: Assuming intbase of 0 ioapic0 Version 2.0 irqs 0-23 on motherboard kbd0 at kbdmux0 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: software crypto on motherboard -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Any options on crypt+zfs ?
On 2012-04-16, at 13:32 , Nenhum_de_Nos wrote: hail, I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small capacity though, to test and study if I can make my home server this box and this way. It will be a simple server, three users tops. I followed the handbook and made the geli step on the disks: Geom name: label/zfs1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software UsedKey: 0 Flags: NONE KeysAllocated: 38 KeysTotal: 38 Providers: 1. Name: label/zfs1.eli Mediasize: 160041881600 (149G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: label/zfs1 Mediasize: 160041885184 (149G) Sectorsize: 512 Mode: r1w1e1 all disks are this way (just 4 disks are on geli zfs). would it be faster, if I had geli over zfs, and not the other way (as is now) ? my performance is too low (I know the hardware is not that much, but I compared it to a friend's arm based AP-Router gadget and my setup is when much equal. I have 1.6 GHz Atom and 2GB ram, he has not half this ... I know can't compare arm and x86 clock for clock ...) I'll try to run geli on single disk, to see how much ZFS is impacting on performance, but, is there any other way around ? All I want is RAID5, and FreeBSD has not developed RAID5 from GEOM (AFAIK) since a long time. ZFS is the way people go in recent years. suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geom mirror/stripe to a newer approach that would be supported by FreeBSD. I have an external enclosure for 4 SATA disks (port multiplier included) using 4 disks, another port multiplier 5x1 using now 3 disks, and: ahci1@pci0:13:0:0:class=0x010601 card=0x10601b21 chip=0x06121b21 rev=0x01 hdr=0x00 vendor = 'ASMedia Technology Inc.' class = mass storage subclass = SATA with two eSATA to the Port Multipliers. thanks, matheus machine: ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) Copyright (c) 1992-2012 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) CPU: Genuine Intel(R) CPU@ 1.60GHz (1600.04-MHz K8-class CPU) Origin = GenuineIntel Id = 0x20661 Family = 6 Model = 26 Stepping = 1 Features=0xbfe9fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x40e3bdSSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE AMD Features=0x20100800SYSCALL,NX,LM AMD Features2=0x1LAHF TSC: P-state invariant, performance statistics real memory = 2147352576 (2047 MB) avail memory = 2046488576 (1951 MB) MPTable: Soekris net6501 Event timer LAPIC quality 400 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 ioapic0: Assuming intbase of 0 ioapic0 Version 2.0 irqs 0-23 on motherboard kbd0 at kbdmux0 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: software crypto on motherboard -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org The ideal solution will be ZFS with crypto support, but unfortunately this is only available on Oracle Sun 5.11 for now. The GELI is very good, but it is mostly for single device/file image encryption. Each new GELI device in the ZFS mirror/RAIDZ configuration will add extra overhead. GELI on top of ZFS volume/file-backed will be even worse. You could consider PEFS from ports on top of any ZFS pool. PEFS is a kernel level stacked cryptographic filesystem for FreeBSD: http://www.freshports.org/sysutils/pefs-kmod/ http://wiki.freebsd.org/PEFS https://github.com/glk/pefs P.S. ZFS RAIDZ1/RAIDZ2 pool is more sophisticated solution than RAID5/RAID6. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Any options on crypt+zfs ?
On Mon, April 16, 2012 22:42, Andriy Bakay wrote: On 2012-04-16, at 13:32 , Nenhum_de_Nos wrote: hail, I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small capacity though, to test and study if I can make my home server this box and this way. It will be a simple server, three users tops. I followed the handbook and made the geli step on the disks: Geom name: label/zfs1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: software UsedKey: 0 Flags: NONE KeysAllocated: 38 KeysTotal: 38 Providers: 1. Name: label/zfs1.eli Mediasize: 160041881600 (149G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: label/zfs1 Mediasize: 160041885184 (149G) Sectorsize: 512 Mode: r1w1e1 all disks are this way (just 4 disks are on geli zfs). would it be faster, if I had geli over zfs, and not the other way (as is now) ? my performance is too low (I know the hardware is not that much, but I compared it to a friend's arm based AP-Router gadget and my setup is when much equal. I have 1.6 GHz Atom and 2GB ram, he has not half this ... I know can't compare arm and x86 clock for clock ...) I'll try to run geli on single disk, to see how much ZFS is impacting on performance, but, is there any other way around ? All I want is RAID5, and FreeBSD has not developed RAID5 from GEOM (AFAIK) since a long time. ZFS is the way people go in recent years. suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geom mirror/stripe to a newer approach that would be supported by FreeBSD. I have an external enclosure for 4 SATA disks (port multiplier included) using 4 disks, another port multiplier 5x1 using now 3 disks, and: ahci1@pci0:13:0:0: class=0x010601 card=0x10601b21 chip=0x06121b21 rev=0x01 hdr=0x00 vendor = 'ASMedia Technology Inc.' class = mass storage subclass = SATA with two eSATA to the Port Multipliers. thanks, matheus machine: ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) Copyright (c) 1992-2012 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) CPU: Genuine Intel(R) CPU@ 1.60GHz (1600.04-MHz K8-class CPU) Origin = GenuineIntel Id = 0x20661 Family = 6 Model = 26 Stepping = 1 Features=0xbfe9fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x40e3bdSSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE AMD Features=0x20100800SYSCALL,NX,LM AMD Features2=0x1LAHF TSC: P-state invariant, performance statistics real memory = 2147352576 (2047 MB) avail memory = 2046488576 (1951 MB) MPTable: Soekris net6501 Event timer LAPIC quality 400 FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 ioapic0: Assuming intbase of 0 ioapic0 Version 2.0 irqs 0-23 on motherboard kbd0 at kbdmux0 ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: software crypto on motherboard -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org The ideal solution will be ZFS with crypto support, but unfortunately this is only available on Oracle Sun 5.11 for now. The GELI is very good, but it is mostly for single device/file image encryption. Each new GELI device in the ZFS mirror/RAIDZ configuration will add extra overhead. GELI on top of ZFS volume/file-backed will be even worse. You could consider PEFS from ports on top of any ZFS pool. PEFS is a kernel level stacked cryptographic filesystem for FreeBSD: http://www.freshports.org/sysutils/pefs-kmod/ http://wiki.freebsd.org/PEFS https://github.com/glk/pefs P.S. ZFS RAIDZ1/RAIDZ2 pool is more sophisticated solution than RAID5/RAID6. Thanks Andriy, I'll read about it. Can I consider this PEFS so stable as GELI ? thanks, matheus -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
