From owner-freebsd-stable@FreeBSD.ORG Tue Apr 17 11:55:54 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E7FA1065673 for ; Tue, 17 Apr 2012 11:55:54 +0000 (UTC) (envelope-from andriy@irbisnet.com) Received: from nm20-vm0.bullet.mail.sp2.yahoo.com (nm20-vm0.bullet.mail.sp2.yahoo.com [98.139.91.218]) by mx1.freebsd.org (Postfix) with SMTP id 3846D8FC16 for ; Tue, 17 Apr 2012 11:55:54 +0000 (UTC) Received: from [98.139.91.63] by nm20.bullet.mail.sp2.yahoo.com with NNFMP; 17 Apr 2012 11:55:48 -0000 Received: from [98.139.44.69] by tm3.bullet.mail.sp2.yahoo.com with NNFMP; 17 Apr 2012 11:54:48 -0000 Received: from [127.0.0.1] by omp1006.access.mail.sp2.yahoo.com with NNFMP; 17 Apr 2012 11:54:48 -0000 X-Yahoo-Newman-Id: 361725.38609.bm@omp1006.access.mail.sp2.yahoo.com Received: (qmail 97750 invoked from network); 17 Apr 2012 11:54:47 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1334663687; bh=cp6iop5Eo8nxT2y0b0nCZcHSbA8noBz0X5cDo6Di0mQ=; h=X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Received:References:In-Reply-To:Mime-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Cc:X-Mailer:From:Subject:Date:To; b=kgfaiOOBKq7AwwiQYQCMar3khdyzHH53UuJdgYosABWsfvgAQz60jcChKMk4aUSpD69VB661JSzof/mLDevbo+PyaDQq4xFJR4WtlThdu7eQ7E+TO6pBdsaHeoE7HCCRg2n/jgMs2k0h6WEvzHi9qwYCJQU6ae5ywoNhwK1MLMA= X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: N8z2EOUVM1lJwmL5.XE.VQaLYoCfIV8dOV7_Ny5vXVx2JGk weTrYTsHrsdujtDNG95Qz9RffwfNUEDAjiu6wQtI0bgNbuWXb449g4DeTGyR c.3wFE7Srg0JjM0oQ5THpMyR.t92n5B.DAOJ7FdNXdnriBUnaJLNW9nPNH9G xL2wJcZhe.yJzNHZKhJ9qfXCeoQ5McyO6LtI729EAXspr_lhZ09y3WirLI5c ml3Lo7YKrRrq2LG3RhZpOCr42aR99jixQbbNSdIQ19MY.CQsNUp0C_xJ3M3m uVlZ_9hU_a_TxqKq9qHEiFiJf2l2H6N_grgQjjPvKJkyluZDpYf5t4ZDZakl _YoRmsRQv38nQTPZsUxVNwRgftr1Jj.NISptbwNpSRtYfRONen0wiEJ94Y3j hfE8NRM4h0hBQ7hZQC47QcYhOofThVZ0wgh_8gDrP9QR20kdslQqvFeaSkpF GgUhi9AydJBAvXGo1z6aZUgEb5Ks_1SE.OsAmyr52_iG2hq3ljR_zfSAm0_w fOUGv49MT7vIlnwIEpuGAP5bxKpZ1Drd1O1gMhHzY1NETZJZlMK8BmpxIKbn J3230d8rT8JzyKV2XVlLCHJo6VrVDTKoj7L2HAI7zoysytbCFzgQooCB_CM1 n13oN2RnKtJFMdMCOqtNcgYsTr1GCZPvAJmX6vsUUyFDSEoUnG22cyxuazQd GU3x2S.U6ryQ- X-Yahoo-SMTP: dz9sigaswBA5kWoYWVTZrGHmIs2vaKgG1w-- Received: from smtp.irbisnet.com (andriy@174.113.73.248 with login) by smtp103.rog.mail.gq1.yahoo.com with SMTP; 17 Apr 2012 04:54:47 -0700 PDT Received: from [192.168.0.10] (Andriy-Bakays-iPhone.local [192.168.0.10]) by smtp.irbisnet.com (Postfix) with ESMTPSA id EACC4303E8; Tue, 17 Apr 2012 07:54:45 -0400 (EDT) References: <090f695268b53508b424fde0025497bd.squirrel@eternamente.info> <26CF73B3-11CA-4199-9B2C-EE7824041BB0@irbisnet.com> <03b2fb71a732191083c37a3211d8a7ac.squirrel@eternamente.info> In-Reply-To: <03b2fb71a732191083c37a3211d8a7ac.squirrel@eternamente.info> Mime-Version: 1.0 (1.0) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <5FB3BD6A-EF0E-492C-84B9-D12C505B0366@irbisnet.com> X-Mailer: iPhone Mail (9B176) From: Andriy Bakay Date: Tue, 17 Apr 2012 07:54:39 -0400 To: Nenhum_de_Nos Cc: Kurtsou Gleb , "freebsd-stable@freebsd.org" Subject: Re: Any options on crypt+zfs ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2012 11:55:54 -0000 On 2012-04-16, at 22:54, "Nenhum_de_Nos" wrote: >=20 > On Mon, April 16, 2012 22:42, Andriy Bakay wrote: >> On 2012-04-16, at 13:32 , Nenhum_de_Nos wrote: >>=20 >>> hail, >>>=20 >>> I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, sma= ll capacity though, to >>> test and study if I can make my home server this box and this way. It wi= ll be a simple server, >>> three users tops. >>>=20 >>> I followed the handbook and made the geli step on the disks: >>>=20 >>> Geom name: label/zfs1.eli >>> State: ACTIVE >>> EncryptionAlgorithm: AES-XTS >>> KeyLength: 128 >>> Crypto: software >>> UsedKey: 0 >>> Flags: NONE >>> KeysAllocated: 38 >>> KeysTotal: 38 >>> Providers: >>> 1. Name: label/zfs1.eli >>> Mediasize: 160041881600 (149G) >>> Sectorsize: 4096 >>> Mode: r1w1e1 >>> Consumers: >>> 1. Name: label/zfs1 >>> Mediasize: 160041885184 (149G) >>> Sectorsize: 512 >>> Mode: r1w1e1 >>>=20 >>>=20 >>> all disks are this way (just 4 disks are on geli zfs). >>>=20 >>> would it be faster, if I had geli over zfs, and not the other way (as is= now) ? >>>=20 >>> my performance is too low (I know the hardware is not that much, but I c= ompared it to a friend's >>> arm based AP-Router gadget and my setup is when much equal. I have 1.6 G= Hz Atom and 2GB ram, he >>> has not half this ... I know can't compare arm and x86 clock for clock .= ..) >>>=20 >>> I'll try to run geli on single disk, to see how much ZFS is impacting on= performance, but, is >>> there any other way around ? All I want is RAID5, and FreeBSD has not de= veloped RAID5 from GEOM >>> (AFAIK) since a long time. ZFS is the way people go in recent years. >>>=20 >>> suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geo= m mirror/stripe to a >>> newer >>> approach that would be supported by FreeBSD. >>>=20 >>> I have an external enclosure for 4 SATA disks (port multiplier included)= using 4 disks, another >>> port multiplier 5x1 using now 3 disks, and: >>>=20 >>> ahci1@pci0:13:0:0: class=3D0x010601 card=3D0x10601b21 chip=3D0x06121b= 21 rev=3D0x01 hdr=3D0x00 >>> vendor =3D 'ASMedia Technology Inc.' >>> class =3D mass storage >>> subclass =3D SATA >>>=20 >>> with two eSATA to the Port Multipliers. >>>=20 >>> thanks, >>>=20 >>> matheus >>>=20 >>> machine: >>> ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) >>> Copyright (c) 1992-2012 The FreeBSD Project. >>> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994= >>> The Regents of the University of California. All rights reserved. >>> FreeBSD is a registered trademark of The FreeBSD Foundation. >>> FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 >>> root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 >>> ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) >>> CPU: Genuine Intel(R) CPU @ 1.60GHz (1600.04-MHz K8-class CPU) >>> Origin =3D "GenuineIntel" Id =3D 0x20661 Family =3D 6 Model =3D 26 S= tepping =3D 1 >>> Features=3D0xbfe9fbff >>> Features2=3D0x40e3bd >>> AMD Features=3D0x20100800 >>> AMD Features2=3D0x1 >>> TSC: P-state invariant, performance statistics >>> real memory =3D 2147352576 (2047 MB) >>> avail memory =3D 2046488576 (1951 MB) >>> MPTable: >>> Event timer "LAPIC" quality 400 >>> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs >>> FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads >>> cpu0 (BSP): APIC ID: 0 >>> cpu1 (AP/HT): APIC ID: 1 >>> ioapic0: Assuming intbase of 0 >>> ioapic0 irqs 0-23 on motherboard >>> kbd0 at kbdmux0 >>> ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) >>> ACPI: Table initialisation failed: AE_NOT_FOUND >>> ACPI: Try disabling either ACPI or apic support. >>> cryptosoft0: on motherboard >>>=20 >>> -- >>> We will call you Cygnus, >>> The God of balance you shall be >>>=20 >>> A: Because it messes up the order in which people normally read text. >>> Q: Why is top-posting such a bad thing? >>>=20 >>> http://en.wikipedia.org/wiki/Posting_style >>> _______________________________________________ >>> freebsd-stable@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org= " >>=20 >> The ideal solution will be ZFS with crypto support, but unfortunately thi= s is only available on >> Oracle Sun 5.11 for now. >>=20 >> The GELI is very good, but it is mostly for single device/file image encr= yption. Each new GELI >> device in the ZFS mirror/RAIDZ configuration will add extra overhead. >>=20 >> GELI on top of ZFS volume/file-backed will be even worse. >>=20 >> You could consider PEFS from ports on top of any ZFS pool. PEFS is a kern= el level stacked >> cryptographic filesystem for FreeBSD: >>=20 >> http://www.freshports.org/sysutils/pefs-kmod/ >> http://wiki.freebsd.org/PEFS >> https://github.com/glk/pefs >>=20 >> P.S. ZFS RAIDZ1/RAIDZ2 pool is more sophisticated solution than RAID5/RAI= D6. >=20 > Thanks Andriy, I'll read about it. Can I consider this PEFS so stable as G= ELI ? >=20 > thanks, >=20 > matheus >=20 > --=20 > We will call you Cygnus, > The God of balance you shall be >=20 > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? >=20 > http://en.wikipedia.org/wiki/Posting_style > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" I cannot guarantee you it has same stability as GELI. PEFS is younger than G= ELI and less used. But I am using it on daily basis and did not have any pro= blems so far. I guess question about PEFS stability is more for Gleb Kurtsou.