Until zfs-crypto arrives, I am using a pool for sensitive data inside several files encrypted via lofi crypto. The data is also valuable, of course, so the pool is mirrored, with one file on each of several pools (laptop rpool, and a couple of usb devices, not always connected).
These backing files are each in thier own dataset, on their respective pools. I have dedup and compress on within the pool, and off for the backing datasets. The ARC will contain data from the inner pool, of course, and this is plaintext. I don't have an l2arc in the laptop, but if I did, I would set secondarycache=none for all datasets in the encrypted pool to prevent cleartext data being written to it. However, should I set anything on the datasets holding the lofi backing files? The concern here is the possibility of double- (or even quadruple-) caching, once for the plaintext data, and once each for the mirrored lofi encrypted files. I have set primarycache=metadata for each of the /pool/lofi datasets holding these files, just in case. Is this necessary, or does lofi already take care of this issue (via directio, or whatever)? -- Dan.
pgpLm0VfAHKEa.pgp
Description: PGP signature
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
