From owner-freebsd-fs@FreeBSD.ORG Tue Aug 21 17:45:15 2012 Return-Path: Delivered-To: freebsd-fs@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 052A31065673; Tue, 21 Aug 2012 17:45:15 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id DA4368FC18; Tue, 21 Aug 2012 17:45:14 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 61D21173BA; Tue, 21 Aug 2012 10:45:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1345571114; bh=lYfyxspiFKQTOJUncZZH42DYLP3uPcBzRKjMXvjTPLY=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=aWL1aXLowkF7X5EJAyghYEQHC7xPP67CpDSl/8tmOdMBUXP9OnVtWXmr8E/onUEY3 XQ6fULr6H8ZhNtOetNdPJqdYc8JxnnA1cTTgR9mWxkEa3p8H8VlW2bJUcM4kldEUOs yBIRaQnGiX2nTRe0FX6YnQTlwrI9x6XWurL8Iuik= Message-ID: <5033C929.7020707@delphij.net> Date: Tue, 21 Aug 2012 10:45:13 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.6esrpre) Gecko/20120727 Thunderbird/10.0.6 MIME-Version: 1.0 To: Zeus Panchenko References: <20120821190742.54449@relay.ibs.dn.ua> In-Reply-To: <20120821190742.54449@relay.ibs.dn.ua> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-fs@FreeBSD.ORG, freebsd-geom@FreeBSD.ORG Subject: Re: `zpool create' fails on geli ... X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2012 17:45:15 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, On 08/21/12 09:07, Zeus Panchenko wrote: > hi all, > > SYNOPSIS: `zpool create poolname device.eli' available on .eli > device only after dd some random data to .eli first > > I am trying to get ZFS on GELI disk ... > > Here is the issue: > > #> geli init -K /path/key -s 4096 -a hmac/sha256 -e aes-xts > /dev/ada2 Enter new passphrase: Reenter new passphrase: [...] > #> geli attach -k /path/key /dev/ada2 Normally you will want to fill the device with random data before using. Note that you have specified -a, which makes geli to do checksum authentication, that's not needed because ZFS have built-in end-to-end checksums already. > now I have .eli device > > #> ls -al /dev/*eli lrwxr-xr-x 1 root wheel 8 Aug 16 > 15:43 /dev/ad14.eli -> ada2.eli crw-r----- 1 root operator 0, > 99 Aug 16 15:43 /dev/ada2.eli > > now I am trying to create zfs on it: > >> zpool create geliz /dev/ada2.eli > cannot create 'geliz': one or more devices is currently > unavailable > > `zpool create -f ...' gave the same result and in messages I have > plenty rows like these: These are expected behavior. > cat /var/log/messages ... GEOM_ELI: ada2.eli: 131072 bytes > corrupted at offset 444539600896. GEOM_ELI: ada2.eli: 131072 bytes > corrupted at offset 444539863040. [...] > ... > > but after #> dd if=/dev/random of=/dev/ada2.eli bs=10m count=10 > 10+0 records in 10+0 records out 104857600 bytes transferred in > 7.124000 secs (14718922 bytes/sec) > > I was able to do it! > > #> zpool create geliz /dev/ada2.eli > > pool was successfully created > > but pool status looks weird for me: > > #> zpool status geliz pool: geliz state: ONLINE status: One or more > devices has experienced an unrecoverable error. An attempt was > made to correct the error. Applications are unaffected. action: > Determine if the device needs to be replaced, and clear the errors > using 'zpool clear' or replace the device with 'zpool replace'. > see: http://www.sun.com/msg/ZFS-8000-9P scan: none requested > config: > > NAME STATE READ WRITE CKSUM geliz ONLINE 0 > 0 0 ada2.eli ONLINE 10 0 0 > > errors: No known data errors > > after `zscub' and `zpool clear' I have clean pool: Did you see any GELI checksum errors when having this? > #> zpool status geliz pool: geliz state: ONLINE scan: scrub > repaired 0 in 0h0m with 0 errors on Thu Aug 16 16:36:44 2012 > config: > > NAME STATE READ WRITE CKSUM geliz ONLINE 0 > 0 0 ada2.eli ONLINE 0 0 0 > > errors: No known data errors > > > QUESTION: > > 1. Am I correct to think I really have correct ZFS over GELI set? > > 2. Why it was needed to dd? What am I missing here, please? My suggestions: 1. Don't use -a, it's a waste of CPU cycle (and disk space) to do checksums twice -- this won't give more redundancy or more chances to recover data in case of a hardware failure. 2. Do use dd to initialize the GELI device before use. There are several benefits of doing this -- the most important two are -- it wipes existing, possibly sensitive data, and make it harder for attackers to tell where is the important data. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQM8kpAAoJEG80Jeu8UPuzeOAH/i2kG/jN3j58wTe/gG2teKoM 08xy+Lv9lhljihJkUhRx1hAPtYdK1oMKVg7mnQbohSRzjGGqBRnT25ZUD8kbusmW ULDOmSBbnraStNQbBSpnyik/y2trzfne9YzjhH4aB1CKVJ2X4cHTaJIaGv9iQqI3 S8QjEpKCDcpKlEyGlhJ9TPaCqyzpJbw6p5TDGoVEsq9YIiE7BAbrjfw5Pe87HKK0 BAsLqmJYmQSjjLp/g4FK5vjr/zVpGgPcwP7oD0iSXCX7UI7M/Rhj8Rqyai1cv2/g ES7uhpy5ifAUalcuJjIFqox7QC5h2uT0e5/DPNttmXfL1d0yb3FdLPgWkV0GDF0= =v/ZJ -----END PGP SIGNATURE-----