Date: Mon, 16 Apr 2012 21:42:53 -0400 From: Andriy Bakay <andriy@irbisnet.com> To: Nenhum_de_Nos <matheus@eternamente.info> Cc: freebsd-stable@freebsd.org Subject: Re: Any options on crypt+zfs ? Message-ID: <26CF73B3-11CA-4199-9B2C-EE7824041BB0@irbisnet.com> In-Reply-To: <090f695268b53508b424fde0025497bd.squirrel@eternamente.info> References: <090f695268b53508b424fde0025497bd.squirrel@eternamente.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2012-04-16, at 13:32 , Nenhum_de_Nos wrote: > hail, >=20 > I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, = small capacity though, to > test and study if I can make my home server this box and this way. It = will be a simple server, > three users tops. >=20 > I followed the handbook and made the geli step on the disks: >=20 > Geom name: label/zfs1.eli > State: ACTIVE > EncryptionAlgorithm: AES-XTS > KeyLength: 128 > Crypto: software > UsedKey: 0 > Flags: NONE > KeysAllocated: 38 > KeysTotal: 38 > Providers: > 1. Name: label/zfs1.eli > Mediasize: 160041881600 (149G) > Sectorsize: 4096 > Mode: r1w1e1 > Consumers: > 1. Name: label/zfs1 > Mediasize: 160041885184 (149G) > Sectorsize: 512 > Mode: r1w1e1 >=20 >=20 > all disks are this way (just 4 disks are on geli zfs). >=20 > would it be faster, if I had geli over zfs, and not the other way (as = is now) ? >=20 > my performance is too low (I know the hardware is not that much, but I = compared it to a friend's > arm based AP-Router gadget and my setup is when much equal. I have 1.6 = GHz Atom and 2GB ram, he > has not half this ... I know can't compare arm and x86 clock for clock = ...) >=20 > I'll try to run geli on single disk, to see how much ZFS is impacting = on performance, but, is > there any other way around ? All I want is RAID5, and FreeBSD has not = developed RAID5 from GEOM > (AFAIK) since a long time. ZFS is the way people go in recent years. >=20 > suggestions are welcome, just want to upgrade my old 8.0 BETA3 using = geom mirror/stripe to a newer > approach that would be supported by FreeBSD. >=20 > I have an external enclosure for 4 SATA disks (port multiplier = included) using 4 disks, another > port multiplier 5x1 using now 3 disks, and: >=20 > ahci1@pci0:13:0:0: class=3D0x010601 card=3D0x10601b21 = chip=3D0x06121b21 rev=3D0x01 hdr=3D0x00 > vendor =3D 'ASMedia Technology Inc.' > class =3D mass storage > subclass =3D SATA >=20 > with two eSATA to the Port Multipliers. >=20 > thanks, >=20 > matheus >=20 > machine: > ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) > Copyright (c) 1992-2012 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, = 1994 > The Regents of the University of California. All rights = reserved. > FreeBSD is a registered trademark of The FreeBSD Foundation. > FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 > root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 > ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) > CPU: Genuine Intel(R) CPU @ 1.60GHz (1600.04-MHz K8-class CPU) > Origin =3D "GenuineIntel" Id =3D 0x20661 Family =3D 6 Model =3D 26 = Stepping =3D 1 > = Features=3D0xbfe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE= ,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> > = Features2=3D0x40e3bd<SSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PD= CM,MOVBE> > AMD Features=3D0x20100800<SYSCALL,NX,LM> > AMD Features2=3D0x1<LAHF> > TSC: P-state invariant, performance statistics > real memory =3D 2147352576 (2047 MB) > avail memory =3D 2046488576 (1951 MB) > MPTable: <Soekris net6501 > > Event timer "LAPIC" quality 400 > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs > FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads > cpu0 (BSP): APIC ID: 0 > cpu1 (AP/HT): APIC ID: 1 > ioapic0: Assuming intbase of 0 > ioapic0 <Version 2.0> irqs 0-23 on motherboard > kbd0 at kbdmux0 > ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) > ACPI: Table initialisation failed: AE_NOT_FOUND > ACPI: Try disabling either ACPI or apic support. > cryptosoft0: <software crypto> on motherboard >=20 > --=20 > We will call you Cygnus, > The God of balance you shall be >=20 > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? >=20 > http://en.wikipedia.org/wiki/Posting_style > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org" The ideal solution will be ZFS with crypto support, but unfortunately = this is only available on Oracle Sun 5.11 for now. The GELI is very good, but it is mostly for single device/file image = encryption. Each new GELI device in the ZFS mirror/RAIDZ configuration = will add extra overhead. GELI on top of ZFS volume/file-backed will be even worse. You could consider PEFS from ports on top of any ZFS pool. PEFS is a = kernel level stacked cryptographic filesystem for FreeBSD: http://www.freshports.org/sysutils/pefs-kmod/ http://wiki.freebsd.org/PEFS https://github.com/glk/pefs P.S. ZFS RAIDZ1/RAIDZ2 pool is more sophisticated solution than = RAID5/RAID6.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26CF73B3-11CA-4199-9B2C-EE7824041BB0>