Date: Sun, 05 Sep 2010 10:27:16 -0400 From: jhell <jhell@DataIX.net> To: Carl <k0802647@telus.net> Cc: freebsd-fs@freebsd.org Subject: Re: geli'd swap and core dumps Message-ID: <4C83A8C4.3040805@DataIX.net> In-Reply-To: <4C834D1A.2010405@telus.net> References: <4C834D1A.2010405@telus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------010407090100070106080600 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/05/2010 03:56, Carl wrote: > I would like to encrypt my swap partition like Pawel does on his > company's production servers: > > > http://blogs.freebsdish.org/pjd/2010/08/06/from-sysinstall-to-zfs-only-configuration/ > > > Does Pawel's method result in kernel panics having no functional dump > device? > > What are best practices for achieving encrypted swap and functional core > dump recovery? Or are these mutually exclusive goals? > Encrypt your swap let it do its job as a swap device and if you are planning to gather core dumps you always have the choice of a dedicated encrypted dumpdev that is not ``onetime'' encrypted. Personally I use USB dedicated hardware for dumps thumb-drives or whatever is available at the time and allows me to grab the core from it after -> analyze it... if its interesting I can pull the dumpdev, label it and keep it till a time that I deem it recyclable. Dumps that are being done now are minidump's unless you have chosen to explicitly do a full dump ``debug.minidump'' so the size of your dumpdev should be approximate to the size of kmem at the time the dump occurs. Most times a 1GB flash card or thumb-drive suits this purpose allowing for a safe amount of room to grow. Attached is a script that was obtained from one of the ZFS wiki's out there that calculates and prints out some things about KMEM. PS: There has also been some work around getting network dumps working so you may just want to look into that. As for how far along ? I am unsure. Would be nice to have a central crash dump repository though. Regards, - -- jhell,v -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMg6jEAAoJEJBXh4mJ2FR+/ZoIAIBbdYIuPVv29fCpfykEXVjO ghg4Il6w6FKCPCU0Mh78lWLE3r3vfLdRk8RgYl/CGC3QxkIcc/PBr7Ohi+3bjKz6 Rmb1cTg9vhamm4JqxlNQ/KAxnjdqRzCdhHNIHVKHDrTFhlUrZh9q9KzSwwndyPJl NtqCsuz4Fpvyhrx6ErzzdBEtJCxhyDqlLxCwGgHRrGmFIcfZjMYgMqfyuc0oIbJn N/XU0KH6ZPAVmT9zIgb62QZ+zMU4VerwLmSgcTA2k6FVlum4MED1ACGgzs8XuDQ/ m7B7Gl8iZPNXjf8DxZHKBmqBR49QABkOmRQzRS8s9wYUoRJBjYuA97f55i/6Pp4= =EAdn -----END PGP SIGNATURE----- --------------010407090100070106080600 Content-Type: text/plain; name="kmem.sh" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="kmem.sh" #!/bin/sh - TEXT=`kldstat | awk 'BEGIN {print "16i 0";} NR>1 {print toupper($4) "+"} END {print "p"}' | dc` DATA=`vmstat -m | sed -Ee '1s/.*/0/;s/.* ([0-9]+)K.*/\1+/;$s/$/1024*p/' | dc` TOTAL=$((DATA + TEXT)) echo TEXT=$TEXT, `echo $TEXT | awk '{print $1/1048576 " MB"}'` echo DATA=$DATA, `echo $DATA | awk '{print $1/1048576 " MB"}'` echo TOTAL=$TOTAL, `echo $TOTAL | awk '{print $1/1048576 " MB"}'` --------------010407090100070106080600 Content-Type: application/octet-stream; name="kmem.sh.sig" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="kmem.sh.sig" iQEcBAABAgAGBQJMg6jEAAoJEJBXh4mJ2FR+XnoH/iK1U3AXt6mDpSzJQJgburMIB57VnEE9 U3qsaG2MlVpHKiaeSkbUQZ7F9ZdSK1IPHfSwS15s6YZYSN406JGoOFc51jlvM1SUWsuIrwze jVuPapCJ/RtCY0sKF13FbfXy4zml5orF/JvtG8Ii91iqxKSLhIAIo/NmJsT9YC8nYq1B2Sgs QtaFBFar622k1eVpLLnTGcpcdRqEUnRxXJIsRZX915vv7ttzc6QO/BbbKdRjOI7H6itb8L3H lEeaEfLIdtSjQnjf1xw2BOzFTL3tMr7IRqAyjXKSIkH+Py0t3Y1we98lalkzflsZVLnYXXIj kVVtXACf2EoHT4TqbbeOrU8= --------------010407090100070106080600--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C83A8C4.3040805>