From owner-freebsd-geom@FreeBSD.ORG Thu Sep 4 08:53:11 2014 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C980D4F5 for ; Thu, 4 Sep 2014 08:53:11 +0000 (UTC) Received: from constantine.ingresso.co.uk (constantine.ingresso.co.uk [IPv6:2a02:b90:3002:e550::3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 91A861833 for ; Thu, 4 Sep 2014 08:53:11 +0000 (UTC) Received: from dilbert.london-internal.ingresso.co.uk ([10.64.50.6] helo=dilbert.ingresso.co.uk) by constantine.ingresso.co.uk with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82 (FreeBSD)) (envelope-from ) id 1XPSmy-0007vL-0p; Thu, 04 Sep 2014 08:53:08 +0000 Received: from petefrench by dilbert.ingresso.co.uk with local (Exim 4.84 (FreeBSD)) (envelope-from ) id 1XPSmx-0005PO-Uk; Thu, 04 Sep 2014 09:53:07 +0100 To: freebsd-geom@freebsd.org, karl@denninger.net Subject: Re: Attempt to add multiple device attachment to "geli attach" In-Reply-To: <54076871.5010405@denninger.net> Message-Id: From: Pete French Date: Thu, 04 Sep 2014 09:53:07 +0100 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Sep 2014 08:53:11 -0000 > Take the following: > > label/pool0 > label/pool1 > label/pool2 > label/pool3 > > (all relative to /dev, of course) > > These are all gpt partitions on different devices (typically full disks=20 > less labels.) You "geli init" them and then attach them and build a=20 > raidz2 pool on that. > > OK, now the system is rebooted. If you use the rc.conf file's option to > request geli passwords during the boot you had better not screw up three > times for only ONE of these volumes or the pool WILL come up degraded! I hit this ne when I used to run ZFs on top of geli. The solution I came up with was to have a tiny partition which requested the password, and then for that devide to be used as the key file for all the others. That way the password is only requested once, but decrypts all drives if successful. We ran that way for a long tme and it worked well. Irrelevent to the oatch of course, which is a good thing, but just pounting ut one way round it in practice using the current setup. -pete.