Date: Thu, 03 Oct 2013 22:16:11 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: zfs over geli over zfs Message-ID: <524DDE9B.1080801@FreeBSD.org> In-Reply-To: <524D9950.70400@gmx.com> References: <524C3CF0.8050502@gmx.com> <524C6259.9030609@FreeBSD.org> <524D9950.70400@gmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --a17K2aSAteCGFFUq3EwKQDDKIFkGn8MWo Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 03/10/2013 17:20, Nikos Vassiliadis wrote: > I am after a really specific use-case and the last minute transactions > are important. Using a zpool over geli over a zvol. I'd like to know if= > during shutdown the kernel flushes all zfs files caches in order so > these last minutes transactions won't be lost. The unmounting order is > far from obvious (zfs over geli over zfs) and i wonder if such a scheme= > will succeed. I can't afford losing the last transactions of my home di= r > every time i shutdown my laptop;) If it's a normal clean shutdown, then yes, all pending transactions will be committed to persistent storage. Normally you'ld do something like this by creating geli devices on disk partitions (usually via gpt nowadays), and then creating your zpool from those geli devices. (Typically you'ld just use one geli device in your zvol, which doesn't offer any resilience but avoids potential cryptographical fubars like having two crypttexts known to come from the same plaintext: something that can make it considerably easier to break the encryption. Using a zfs exported as a raw device layered with geli is a good way to get round that, but I think you're probably better off creating a standard UFS on top of the geli partition, rather than creating a second layer of zpool and zfses. (I don't actually know: this is just me guessing without ever having tried this in practice. I'll willingly cede to anyone with actual experience of this sort of thing.) Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --a17K2aSAteCGFFUq3EwKQDDKIFkGn8MWo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iKUEARECAGYFAlJN3ptfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEI1NTUyQTk2Mjc0RUQyNDg1NzM0MEVCNEYw QzhFNEU3NjBBRTkwOEMACgkQ8Mjk52CukIyTGgCWI6X6LC94rgo+RQNtmvcaEaGx hgCeMch1f1At+LoENn2MeD2bfgARNpk= =gAkw -----END PGP SIGNATURE----- --a17K2aSAteCGFFUq3EwKQDDKIFkGn8MWo--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?524DDE9B.1080801>