From owner-freebsd-questions@FreeBSD.ORG Thu Dec 27 15:06:00 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8FBB216A41A for ; Thu, 27 Dec 2007 15:06:00 +0000 (UTC) (envelope-from hugo@barafranca.com) Received: from mail.barafranca.com (mail.barafranca.com [67.19.101.164]) by mx1.freebsd.org (Postfix) with ESMTP id 6F3AF13C468 for ; Thu, 27 Dec 2007 15:06:00 +0000 (UTC) (envelope-from hugo@barafranca.com) Received: from localhost (localhost [127.0.0.1]) by mail.barafranca.com (Postfix) with ESMTP id 7CC41C385C; Thu, 27 Dec 2007 15:13:50 +0000 (UTC) Received: from mail.barafranca.com ([67.19.101.164]) by localhost (mail.barafranca.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96312-03; Thu, 27 Dec 2007 15:13:10 +0000 (UTC) Received: from [10.0.10.40] (adslfixo-b3-115-114.telepac.pt [213.13.115.114]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.barafranca.com (Postfix) with ESMTP id 9CB3AC3833; Thu, 27 Dec 2007 15:13:09 +0000 (UTC) Message-ID: <4773BF26.6010602@barafranca.com> Date: Thu, 27 Dec 2007 15:05:10 +0000 From: Hugo Silva User-Agent: Thunderbird 2.0.0.9 (X11/20071213) MIME-Version: 1.0 To: jy-p@fixedpointgroup.com, freebsd-questions@freebsd.org References: <4773176E.7060702@fixedpointgroup.com> In-Reply-To: <4773176E.7060702@fixedpointgroup.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at barafranca.com X-Spam-Status: No, score=0 tagged_above=-1 required=4 tests=[none] X-Spam-Score: 0 X-Spam-Level: Cc: Subject: Re: zfs-geli-zfs: opinions/suggestions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Dec 2007 15:06:00 -0000 Jacob Yocom-Piatt wrote: > lo all, > > have a freebsd 7.0-beta4 machine attached to an external disk > enclosure and would like feedback on the following setup: have RAID-Z > on 4 disks, ZFS volume that takes up entire RAID-Z, use ZVOL from > volume for encryption via geli, use .eli (decrypted) device to make > another ZFS pool. the idea being "no time/resources wasted doing fscks > plus encryption sans hardware RAID". Unless I'm misunderstanding your objective, geli'ing the disks and creating a pool ontop of the encrypted disks (zpool create secure raidz da0.eli da1.eli da2.eli da3.eli) would also work, and would be far easier to maintain. Your data would still be encrypted and you would still need to provide the passphrase to make the pool accessible. Best regards, Hugo > > translated to commands this reads: > > # zpool create p_a raidz /dev/mfid1 /dev/mfid2 /dev/mfid3 /dev/mfid4 > # zpool list > NAME SIZE USED AVAIL CAP HEALTH ALTROOT > p_a 2.72T 4.02G 2.71T 0% ONLINE - > # zfs create -V 2048g p_a/vol > # geli init -K /root/p_a.key -s 4096 -l 256 /dev/zvol/p_a/vol > # geli attach -k /root/p_a.key /dev/zvol/p_a/vol > # zpool create a /dev/zvol/p_a/vol.eli > > i got a reboot while scp-ing some files to /a (only got ~3 GB in) from > another machine with the above setup. am currently waiting far too > long for a rm -R to complete under /a. will test if any of > this behavior is repeatable. > > i welcome opinions or suggestions on the stability of such a setup > (ZFS-geli-ZFS) and if this is not stable, as the reboot i just > experienced would indicate, suggestions on alternative configurations > that allow use of geli and minimize or eliminate fsck time. i do have > a preference for no hardware RAID since it ties us to a particular > card. will furnish a proper bug report if the reboots are repeatable > in the aforementioned scenario. > > NOTE: please CC me since i am not yet subscribed to this list > > cheers, > jake >