Date: Tue, 25 Jan 2011 15:29:37 +0100 From: Rolf Nielsen <listreader@lazlarlyricon.com> To: "J. Porter Clark" <jpc@porterclark.com> Cc: freebsd-questions@freebsd.org Subject: Re: How to label a GELI device Message-ID: <4D3EDE51.6070404@lazlarlyricon.com> In-Reply-To: <20110125140705.GA20041@auricle.charter.net> References: <20110125014223.GA13385@auricle.charter.net> <4D3E8DC0.9060605@gmx.com> <20110125140705.GA20041@auricle.charter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
2011-01-25 15:07, J. Porter Clark skrev: > On Tue, Jan 25, 2011 at 10:45:52AM +0200, Nikos Vassiliadis wrote: >> J. Porter Clark wrote: >>> I have an encrypted partition, /dev/da0s1d. I can use geli >>> attach da0s1d and obtain a device /dev/da0s1d.eli, which is a >>> UFS filesystem. All that works just fine. >>> >>> I'd like to label /dev/da0s1d so that I don't have to refer to >>> the exact drive number, etc., which might change if I reboot >>> with a USB stick in the system or whatever. But glabel puts the >>> label in the last sector, which is where GELI stores metadata. >> >> You don't have to worry about this. geli uses the last sector for >> its metadata and creates a device with one sector less to its clients. >> The original device is 2048 sectors, the device geli provides is 2047 >> sectors: >>> moby# diskinfo /dev/md0 /dev/md0.eli >>> /dev/md0 512 1048576 2048 0 0 >>> /dev/md0.eli 512 1048064 2047 0 0 >> >> There is no way for the "internal" GEOM to mess with the "external's" >> metadata. > > That's fine, but I want to label the "external" /dev/md0, not > the "internal" /dev/md0.eli. > > What I eventually want to do is to "geli attach" the device > using a name that doesn't depend on drive numbering. > Correct me if I'm wrong anyone. You need to first label da0s1d e.g. like so glabel label data da0s1d then geli init the labeled device e.g. like so geli init -l 256 -s 4096 label/data then geli attach label/data That will give you a device node called /dev/label/data.eli, that you can newfs and mount. Unfortunately, since you already encrypted da0s1d, you may have to back it up, and restore the data after you've redone it. I had this problem a few years ago, and I had to back up and restore, but perhaps it's been made simpler now? Though I doubt it. Rolf Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D3EDE51.6070404>