From owner-freebsd-questions@freebsd.org Thu Aug 31 22:33:11 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1E774E07CD7 for ; Thu, 31 Aug 2017 22:33:11 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "bs1.fjl.org.uk", Issuer "bs1.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 78B226A97D for ; Thu, 31 Aug 2017 22:33:09 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from [192.168.1.35] (host86-191-18-76.range86-191.btcentralplus.com [86.191.18.76]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id v7VMWvOa016094 for ; Thu, 31 Aug 2017 23:32:57 +0100 (BST) (envelope-from frank2@fjl.co.uk) Subject: Re: using gmirror and zfs mirror on the same box -- thoughts? To: freebsd-questions@freebsd.org References: <012a6d18-7f67-9855-1740-479329bf9a65@gmail.com> From: Frank Leonhardt Message-ID: <8930b791-c872-cc6c-55b0-189f405a3b05@fjl.co.uk> Date: Thu, 31 Aug 2017 23:32:59 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <012a6d18-7f67-9855-1740-479329bf9a65@gmail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Aug 2017 22:33:11 -0000 On 17/08/2017 23:48, Shamim Shahriar wrote: > Good evening all, hope everyone is well. > > I have a strange requirement for a particular system that will sit at > a remote location. I intend to use mirror, but at the same time > encrypt the system. Boot time encryption is not an option -- I need > the system to boot up normally (with network and ssh running, so I can > do the rest remotely) and do not wish to risk the normal bootup due to > some issues with either geli or other matters (fsck after a power out > comes to mind). I would like to have the OS part mirrored as well the > data part. As for the data part -- I definitely wish to use zfs with > encryption. Encrypting OS is not necessary (but if can be done safely, > ideas are welcome) > > Now, I can use multiple zpool, but then all of them will try to be > active/functional when the machine boots. If I intend to encrypt the > data pool (geli), then it needs to wait until the encryption part is > taken care of. > > So, I am thinking (probably in a very wrong way, corrections welcome), > if I get the OS part gmirror-ed, then that comes up with the OS, I > have network and ssh to get into the system, and then manually run the > encryption and zfs part. > > The system has 8GB RAM, which I am assuming should be good enough for > geli, gmirror and zfs parts. > > If anyone has any better suggestion/scenerio to share, that is greatly > welcome. If you think this might actually be disfunctional, please > share your thoughts on that (preferably with explanation as to why > this is a bad idea). if you have any suggestion that you think is a > much better option, please do feel free to share. Hi Shamim, This sounds like a very good idea to me. I often go for mixed systems; boot off geom mirrored UFS drives and use ZFS for storage. At one time you had to boot from UFS, and it's only been simple to boot from ZFS since 10.0 (IIRC). Although you can boot from a complex raidz array it has problems. For example, when you swap a failed drive you don't get the boot code back unless you put it there. And there's also more to go wrong (HBA, SAS expander and so on). If you boot from a pair of SATA drives directly connected to the motherboard it's just more likely to work. And the final "good thing" about booting from a mirrored UFS is that you can use the drive for faster database storage - eli a partition for this if needed. Booting from a geom mirror seems to have broken since 11 - you might want to read this: http://blog.frankleonhardt.com/2017/zfs-is-not-always-the-answer-bring-back-gmirror/ Regards, Frank.