From owner-freebsd-fs@FreeBSD.ORG Sun Sep 5 14:27:20 2010 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A864A10656C6 for ; Sun, 5 Sep 2010 14:27:20 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 590788FC14 for ; Sun, 5 Sep 2010 14:27:20 +0000 (UTC) Received: by gyg4 with SMTP id 4so1612861gyg.13 for ; Sun, 05 Sep 2010 07:27:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:content-type; bh=8ZYY9+CfmfUFJJfqRtTNbbbapTmb806QjmTJqOXefks=; b=Z1LO6vAyVHN11e/yIdErUcNiLRy4PNPDlYechtWByTV5k4fpvNYaDshIMuHxEMJ8WZ G4g95eqotXXkBQKFI47ZkzPG/QAdhwPeLDTMcTnhiGxedd1nGT4PCDyXD3gD3wnI0V9n TRuDrjhjaFmIzg8YQ61/KYgsGvK8r6Ky6do6I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type; b=pF6+BlnCO8ybsnG3RPDtBMXjNyOd6wXu6JV3DcUWCg3bZ0SuzIJaQvN086PacU5w5X tPHdMRIq4rPjm3YC5CF7JkTuK/D6nBf/v1GJbtDigSjrsP8prGzeZEP+KKEFQNirbRZ8 D4uysBdaDYp3R2ToLmgXUWh2GHQFKc8Kpj+qI= Received: by 10.151.149.10 with SMTP id b10mr477045ybo.226.1283696839423; Sun, 05 Sep 2010 07:27:19 -0700 (PDT) Received: from centel.dataix.local (adsl-99-181-137-20.dsl.klmzmi.sbcglobal.net [99.181.137.20]) by mx.google.com with ESMTPS id q21sm2367101ybk.15.2010.09.05.07.27.17 (version=SSLv3 cipher=RC4-MD5); Sun, 05 Sep 2010 07:27:18 -0700 (PDT) Sender: "J. Hellenthal" Message-ID: <4C83A8C4.3040805@DataIX.net> Date: Sun, 05 Sep 2010 10:27:16 -0400 From: jhell User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.8) Gecko/20100806 Lightning/1.0b1 Thunderbird MIME-Version: 1.0 To: Carl References: <4C834D1A.2010405@telus.net> In-Reply-To: <4C834D1A.2010405@telus.net> X-Enigmail-Version: 1.1.2 Content-Type: multipart/mixed; boundary="------------010407090100070106080600" Cc: freebsd-fs@freebsd.org Subject: Re: geli'd swap and core dumps X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Sep 2010 14:27:20 -0000 This is a multi-part message in MIME format. --------------010407090100070106080600 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/05/2010 03:56, Carl wrote: > I would like to encrypt my swap partition like Pawel does on his > company's production servers: > > > http://blogs.freebsdish.org/pjd/2010/08/06/from-sysinstall-to-zfs-only-configuration/ > > > Does Pawel's method result in kernel panics having no functional dump > device? > > What are best practices for achieving encrypted swap and functional core > dump recovery? Or are these mutually exclusive goals? > Encrypt your swap let it do its job as a swap device and if you are planning to gather core dumps you always have the choice of a dedicated encrypted dumpdev that is not ``onetime'' encrypted. Personally I use USB dedicated hardware for dumps thumb-drives or whatever is available at the time and allows me to grab the core from it after -> analyze it... if its interesting I can pull the dumpdev, label it and keep it till a time that I deem it recyclable. Dumps that are being done now are minidump's unless you have chosen to explicitly do a full dump ``debug.minidump'' so the size of your dumpdev should be approximate to the size of kmem at the time the dump occurs. Most times a 1GB flash card or thumb-drive suits this purpose allowing for a safe amount of room to grow. Attached is a script that was obtained from one of the ZFS wiki's out there that calculates and prints out some things about KMEM. PS: There has also been some work around getting network dumps working so you may just want to look into that. As for how far along ? I am unsure. Would be nice to have a central crash dump repository though. Regards, - -- jhell,v -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMg6jEAAoJEJBXh4mJ2FR+/ZoIAIBbdYIuPVv29fCpfykEXVjO ghg4Il6w6FKCPCU0Mh78lWLE3r3vfLdRk8RgYl/CGC3QxkIcc/PBr7Ohi+3bjKz6 Rmb1cTg9vhamm4JqxlNQ/KAxnjdqRzCdhHNIHVKHDrTFhlUrZh9q9KzSwwndyPJl NtqCsuz4Fpvyhrx6ErzzdBEtJCxhyDqlLxCwGgHRrGmFIcfZjMYgMqfyuc0oIbJn N/XU0KH6ZPAVmT9zIgb62QZ+zMU4VerwLmSgcTA2k6FVlum4MED1ACGgzs8XuDQ/ m7B7Gl8iZPNXjf8DxZHKBmqBR49QABkOmRQzRS8s9wYUoRJBjYuA97f55i/6Pp4= =EAdn -----END PGP SIGNATURE----- --------------010407090100070106080600 Content-Type: text/plain; name="kmem.sh" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="kmem.sh" #!/bin/sh - TEXT=`kldstat | awk 'BEGIN {print "16i 0";} NR>1 {print toupper($4) "+"} END {print "p"}' | dc` DATA=`vmstat -m | sed -Ee '1s/.*/0/;s/.* ([0-9]+)K.*/\1+/;$s/$/1024*p/' | dc` TOTAL=$((DATA + TEXT)) echo TEXT=$TEXT, `echo $TEXT | awk '{print $1/1048576 " MB"}'` echo DATA=$DATA, `echo $DATA | awk '{print $1/1048576 " MB"}'` echo TOTAL=$TOTAL, `echo $TOTAL | awk '{print $1/1048576 " MB"}'` --------------010407090100070106080600 Content-Type: application/octet-stream; name="kmem.sh.sig" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="kmem.sh.sig" iQEcBAABAgAGBQJMg6jEAAoJEJBXh4mJ2FR+XnoH/iK1U3AXt6mDpSzJQJgburMIB57VnEE9 U3qsaG2MlVpHKiaeSkbUQZ7F9ZdSK1IPHfSwS15s6YZYSN406JGoOFc51jlvM1SUWsuIrwze jVuPapCJ/RtCY0sKF13FbfXy4zml5orF/JvtG8Ii91iqxKSLhIAIo/NmJsT9YC8nYq1B2Sgs QtaFBFar622k1eVpLLnTGcpcdRqEUnRxXJIsRZX915vv7ttzc6QO/BbbKdRjOI7H6itb8L3H lEeaEfLIdtSjQnjf1xw2BOzFTL3tMr7IRqAyjXKSIkH+Py0t3Y1we98lalkzflsZVLnYXXIj kVVtXACf2EoHT4TqbbeOrU8= --------------010407090100070106080600--