From owner-freebsd-questions@FreeBSD.ORG Thu Oct 3 21:16:17 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 06B0A5DD for ; Thu, 3 Oct 2013 21:16:17 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 87C34201C for ; Thu, 3 Oct 2013 21:16:16 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.7/8.14.7) with ESMTP id r93LGBOw090535 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Thu, 3 Oct 2013 22:16:12 +0100 (BST) (envelope-from matthew@FreeBSD.org) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk r93LGBOw090535 Authentication-Results: smtp.infracaninophile.co.uk/r93LGBOw090535; dkim=none reason="no signature"; dkim-adsp=none (unprotected policy) Message-ID: <524DDE9B.1080801@FreeBSD.org> Date: Thu, 03 Oct 2013 22:16:11 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: zfs over geli over zfs References: <524C3CF0.8050502@gmx.com> <524C6259.9030609@FreeBSD.org> <524D9950.70400@gmx.com> In-Reply-To: <524D9950.70400@gmx.com> X-Enigmail-Version: 1.5.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="a17K2aSAteCGFFUq3EwKQDDKIFkGn8MWo" X-Virus-Scanned: clamav-milter 0.97.8 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2013 21:16:17 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --a17K2aSAteCGFFUq3EwKQDDKIFkGn8MWo Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 03/10/2013 17:20, Nikos Vassiliadis wrote: > I am after a really specific use-case and the last minute transactions > are important. Using a zpool over geli over a zvol. I'd like to know if= > during shutdown the kernel flushes all zfs files caches in order so > these last minutes transactions won't be lost. The unmounting order is > far from obvious (zfs over geli over zfs) and i wonder if such a scheme= > will succeed. I can't afford losing the last transactions of my home di= r > every time i shutdown my laptop;) If it's a normal clean shutdown, then yes, all pending transactions will be committed to persistent storage. Normally you'ld do something like this by creating geli devices on disk partitions (usually via gpt nowadays), and then creating your zpool from those geli devices. (Typically you'ld just use one geli device in your zvol, which doesn't offer any resilience but avoids potential cryptographical fubars like having two crypttexts known to come from the same plaintext: something that can make it considerably easier to break the encryption. Using a zfs exported as a raw device layered with geli is a good way to get round that, but I think you're probably better off creating a standard UFS on top of the geli partition, rather than creating a second layer of zpool and zfses. (I don't actually know: this is just me guessing without ever having tried this in practice. I'll willingly cede to anyone with actual experience of this sort of thing.) Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --a17K2aSAteCGFFUq3EwKQDDKIFkGn8MWo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iKUEARECAGYFAlJN3ptfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEI1NTUyQTk2Mjc0RUQyNDg1NzM0MEVCNEYw QzhFNEU3NjBBRTkwOEMACgkQ8Mjk52CukIyTGgCWI6X6LC94rgo+RQNtmvcaEaGx hgCeMch1f1At+LoENn2MeD2bfgARNpk= =gAkw -----END PGP SIGNATURE----- --a17K2aSAteCGFFUq3EwKQDDKIFkGn8MWo--