From owner-freebsd-current@FreeBSD.ORG Tue Aug 28 11:34:48 2007 Return-Path: Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E294816A419 for ; Tue, 28 Aug 2007 11:34:48 +0000 (UTC) (envelope-from hugo@barafranca.com) Received: from mail.barafranca.com (mail.barafranca.com [67.19.101.164]) by mx1.freebsd.org (Postfix) with ESMTP id BF9E213C459 for ; Tue, 28 Aug 2007 11:34:48 +0000 (UTC) (envelope-from hugo@barafranca.com) Received: from localhost (localhost [127.0.0.1]) by mail.barafranca.com (Postfix) with ESMTP id 41D2EC384C; Tue, 28 Aug 2007 12:17:31 +0000 (UTC) Received: from mail.barafranca.com ([67.19.101.164]) by localhost (mail.barafranca.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 78368-05; Tue, 28 Aug 2007 12:16:52 +0000 (UTC) Received: from nexus.bsdlan.org (a213-22-26-22.cpe.netcabo.pt [213.22.26.22]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.barafranca.com (Postfix) with ESMTP id 10ED5C3866; Tue, 28 Aug 2007 12:16:51 +0000 (UTC) Message-ID: <46D40833.2030007@barafranca.com> Date: Tue, 28 Aug 2007 12:34:11 +0100 From: Hugo Silva User-Agent: Thunderbird 2.0.0.6 (X11/20070816) MIME-Version: 1.0 To: Pawel Jakub Dawidek References: <46D2C812.8090106@gmail.com> <20070828104625.GB36596@garage.freebsd.pl> In-Reply-To: <20070828104625.GB36596@garage.freebsd.pl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at barafranca.com X-Spam-Status: No, score=0 tagged_above=-1 required=4 tests=[none] X-Spam-Score: 0 X-Spam-Level: Cc: freebsd-current@FreeBSD.ORG Subject: Re: Encrypted zfs? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2007 11:34:49 -0000 Pawel Jakub Dawidek wrote: > On Mon, Aug 27, 2007 at 12:48:18PM +0000, Christian Walther wrote: > >> Hello list, >> >> I'm currently using a zraid consisting of three drives. Lately I wonder >> what the best way would be to encrypt it. >> I read the chapter dealing with disk encryption in the handbook, and >> decided to use GELI. Is there anyone here on the list who has some >> experiences with ZFS on encrypted GELI devices? Are there some >> performance specs around? >> >> And what is even more important: What is the best of moving the zraid to >> encrypted devices? >> I can't remove one of the disks because they are in use. So I figure one >> way would be to buy another disk, set up encryption and add it to the >> pool. I could then remove one disk after the other, encrypt it, remove >> the (now broken one) from the zpool, and add the newly encrypted device. >> Since buying disks costs money I wonder how save it would be to follow >> this procedure without adding a new disk. From my point of view I'll >> loose redundancy as soon as I remove one of the three disks. But is >> there another problem or something dangerous I don't see her? >> > > slayer:root:~# zpool list > NAME SIZE USED AVAIL CAP HEALTH ALTROOT > private 334G 64,6G 269G 19% ONLINE - > tank 1,45T 607G 881G 40% ONLINE - > > slayer:root:~# zpool status > pool: private > state: ONLINE > scrub: none requested > config: > > NAME STATE READ WRITE CKSUM > private ONLINE 0 0 0 > raidz1 ONLINE 0 0 0 > ad1s2.eli ONLINE 0 0 0 > ad6.eli ONLINE 0 0 0 > ad7s2.eli ONLINE 0 0 0 > > errors: No known data errors > > pool: tank > state: ONLINE > scrub: none requested > config: > > NAME STATE READ WRITE CKSUM > tank ONLINE 0 0 0 > raidz1 ONLINE 0 0 0 > ad3.eli ONLINE 0 0 0 > ad4.eli ONLINE 0 0 0 > ad5.eli ONLINE 0 0 0 > ad8.eli ONLINE 0 0 0 > ad9.eli ONLINE 0 0 0 > > errors: No known data errors > > How's the performance on the geli-backed pool ? I've done this experiment myself, but with ggate and over the world, so couldn't measure any kind of useful data (when it comes to performance). Best regards, Hugo