Date: Fri, 12 Jan 2007 05:37:03 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Ivan Voras <ivoras@fer.hr> Cc: freebsd-geom@freebsd.org Subject: Re: How to mirror a geli partition? Message-ID: <20070112043703.GA87362@garage.freebsd.pl> In-Reply-To: <eo6lfo$418$1@sea.gmane.org> References: <eo5qpb$1uev$4@nermal.rz1.convenimus.net> <eo6lfo$418$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Jan 12, 2007 at 01:41:19AM +0100, Ivan Voras wrote: > Christian Baer wrote: > > > This is actually the biggest problem I am facing. In what order do I do > > this? I was thinking along this way: > > 1 - Create partions and try to get them the same size. :-) > > 2 - Fill one (or both?) with random data. > > 3 - Make a geli provider out of one of them, newfs it. > > 4 - Do something like 'gmirror label -v -b load secret 1.eli' > > and 'gmirror insert 2.eli' > > I am not sure if I should reverse the order of 3 and 4. Or have I gotten > > the whole idea wrong? > > > > Can someone point me in the right direction? > > First mirror the partitions and then create geli drive on top of it. If > you do it the other way (encrypt each of the partition separately), you > will be asked for password twice and each drive will (AFAIK) get its own > internal key even if you use the same password (I'm not sure about that > one, though). Yes, you're correct. Doing mirror on top of two geli-encrypted providers would also consume twice as much CPU for crypto operations. I definiately recommend encrypting a mirror. -- Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFpxBvForvXbEpPzQRAq8XAKCZSE7o9KKmOATm0iMmlBDfJM3p7wCfaL1i 0Agb6W7QHBScRPTFg5/f00g= =Btm5 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070112043703.GA87362>