Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Jan 2007 05:37:03 +0100
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Ivan Voras <ivoras@fer.hr>
Cc:        freebsd-geom@freebsd.org
Subject:   Re: How to mirror a geli partition?
Message-ID:  <20070112043703.GA87362@garage.freebsd.pl>
In-Reply-To: <eo6lfo$418$1@sea.gmane.org>
References:  <eo5qpb$1uev$4@nermal.rz1.convenimus.net> <eo6lfo$418$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--G4iJoqBmSsgzjUCe
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 12, 2007 at 01:41:19AM +0100, Ivan Voras wrote:
> Christian Baer wrote:
>=20
> > This is actually the biggest problem I am facing. In what order do I do
> > this? I was thinking along this way:
> > 1 - Create partions and try to get them the same size. :-)
> > 2 - Fill one (or both?) with random data.
> > 3 - Make a geli provider out of one of them, newfs it.
> > 4 - Do something like 'gmirror label -v -b load secret 1.eli'
> >     and 'gmirror insert 2.eli'
> > I am not sure if I should reverse the order of 3 and 4. Or have I gotten
> > the whole idea wrong?
> >=20
> > Can someone point me in the right direction?
>=20
> First mirror the partitions and then create geli drive on top of it. If
> you do it the other way (encrypt each of the partition separately), you
> will be asked for password twice and each drive will (AFAIK) get its own
> internal key even if you use the same password (I'm not sure about that
> one, though).

Yes, you're correct. Doing mirror on top of two geli-encrypted providers
would also consume twice as much CPU for crypto operations.
I definiately recommend encrypting a mirror.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--G4iJoqBmSsgzjUCe
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFFpxBvForvXbEpPzQRAq8XAKCZSE7o9KKmOATm0iMmlBDfJM3p7wCfaL1i
0Agb6W7QHBScRPTFg5/f00g=
=Btm5
-----END PGP SIGNATURE-----

--G4iJoqBmSsgzjUCe--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070112043703.GA87362>