Date: Tue, 21 Aug 2012 10:45:13 -0700 From: Xin Li <delphij@delphij.net> To: Zeus Panchenko <zeus@ibs.dn.ua> Cc: freebsd-fs@FreeBSD.ORG, freebsd-geom@FreeBSD.ORG Subject: Re: `zpool create' fails on geli ... Message-ID: <5033C929.7020707@delphij.net> In-Reply-To: <20120821190742.54449@relay.ibs.dn.ua> References: <20120821190742.54449@relay.ibs.dn.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, On 08/21/12 09:07, Zeus Panchenko wrote: > hi all, > > SYNOPSIS: `zpool create poolname device.eli' available on .eli > device only after dd some random data to .eli first > > I am trying to get ZFS on GELI disk ... > > Here is the issue: > > #> geli init -K /path/key -s 4096 -a hmac/sha256 -e aes-xts > /dev/ada2 Enter new passphrase: Reenter new passphrase: [...] > #> geli attach -k /path/key /dev/ada2 Normally you will want to fill the device with random data before using. Note that you have specified -a, which makes geli to do checksum authentication, that's not needed because ZFS have built-in end-to-end checksums already. > now I have .eli device > > #> ls -al /dev/*eli lrwxr-xr-x 1 root wheel 8 Aug 16 > 15:43 /dev/ad14.eli -> ada2.eli crw-r----- 1 root operator 0, > 99 Aug 16 15:43 /dev/ada2.eli > > now I am trying to create zfs on it: > >> zpool create geliz /dev/ada2.eli > cannot create 'geliz': one or more devices is currently > unavailable > > `zpool create -f ...' gave the same result and in messages I have > plenty rows like these: These are expected behavior. > cat /var/log/messages ... GEOM_ELI: ada2.eli: 131072 bytes > corrupted at offset 444539600896. GEOM_ELI: ada2.eli: 131072 bytes > corrupted at offset 444539863040. [...] > ... > > but after #> dd if=/dev/random of=/dev/ada2.eli bs=10m count=10 > 10+0 records in 10+0 records out 104857600 bytes transferred in > 7.124000 secs (14718922 bytes/sec) > > I was able to do it! > > #> zpool create geliz /dev/ada2.eli > > pool was successfully created > > but pool status looks weird for me: > > #> zpool status geliz pool: geliz state: ONLINE status: One or more > devices has experienced an unrecoverable error. An attempt was > made to correct the error. Applications are unaffected. action: > Determine if the device needs to be replaced, and clear the errors > using 'zpool clear' or replace the device with 'zpool replace'. > see: http://www.sun.com/msg/ZFS-8000-9P scan: none requested > config: > > NAME STATE READ WRITE CKSUM geliz ONLINE 0 > 0 0 ada2.eli ONLINE 10 0 0 > > errors: No known data errors > > after `zscub' and `zpool clear' I have clean pool: Did you see any GELI checksum errors when having this? > #> zpool status geliz pool: geliz state: ONLINE scan: scrub > repaired 0 in 0h0m with 0 errors on Thu Aug 16 16:36:44 2012 > config: > > NAME STATE READ WRITE CKSUM geliz ONLINE 0 > 0 0 ada2.eli ONLINE 0 0 0 > > errors: No known data errors > > > QUESTION: > > 1. Am I correct to think I really have correct ZFS over GELI set? > > 2. Why it was needed to dd? What am I missing here, please? My suggestions: 1. Don't use -a, it's a waste of CPU cycle (and disk space) to do checksums twice -- this won't give more redundancy or more chances to recover data in case of a hardware failure. 2. Do use dd to initialize the GELI device before use. There are several benefits of doing this -- the most important two are -- it wipes existing, possibly sensitive data, and make it harder for attackers to tell where is the important data. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQM8kpAAoJEG80Jeu8UPuzeOAH/i2kG/jN3j58wTe/gG2teKoM 08xy+Lv9lhljihJkUhRx1hAPtYdK1oMKVg7mnQbohSRzjGGqBRnT25ZUD8kbusmW ULDOmSBbnraStNQbBSpnyik/y2trzfne9YzjhH4aB1CKVJ2X4cHTaJIaGv9iQqI3 S8QjEpKCDcpKlEyGlhJ9TPaCqyzpJbw6p5TDGoVEsq9YIiE7BAbrjfw5Pe87HKK0 BAsLqmJYmQSjjLp/g4FK5vjr/zVpGgPcwP7oD0iSXCX7UI7M/Rhj8Rqyai1cv2/g ES7uhpy5ifAUalcuJjIFqox7QC5h2uT0e5/DPNttmXfL1d0yb3FdLPgWkV0GDF0= =v/ZJ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5033C929.7020707>