Date: Mon, 16 Apr 2012 23:54:41 -0300 From: "Nenhum_de_Nos" <matheus@eternamente.info> Cc: freebsd-stable@freebsd.org Subject: Re: Any options on crypt+zfs ? Message-ID: <03b2fb71a732191083c37a3211d8a7ac.squirrel@eternamente.info> In-Reply-To: <26CF73B3-11CA-4199-9B2C-EE7824041BB0@irbisnet.com> References: <090f695268b53508b424fde0025497bd.squirrel@eternamente.info> <26CF73B3-11CA-4199-9B2C-EE7824041BB0@irbisnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, April 16, 2012 22:42, Andriy Bakay wrote: > On 2012-04-16, at 13:32 , Nenhum_de_Nos wrote: > >> hail, >> >> I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small capacity though, to >> test and study if I can make my home server this box and this way. It will be a simple server, >> three users tops. >> >> I followed the handbook and made the geli step on the disks: >> >> Geom name: label/zfs1.eli >> State: ACTIVE >> EncryptionAlgorithm: AES-XTS >> KeyLength: 128 >> Crypto: software >> UsedKey: 0 >> Flags: NONE >> KeysAllocated: 38 >> KeysTotal: 38 >> Providers: >> 1. Name: label/zfs1.eli >> Mediasize: 160041881600 (149G) >> Sectorsize: 4096 >> Mode: r1w1e1 >> Consumers: >> 1. Name: label/zfs1 >> Mediasize: 160041885184 (149G) >> Sectorsize: 512 >> Mode: r1w1e1 >> >> >> all disks are this way (just 4 disks are on geli zfs). >> >> would it be faster, if I had geli over zfs, and not the other way (as is now) ? >> >> my performance is too low (I know the hardware is not that much, but I compared it to a friend's >> arm based AP-Router gadget and my setup is when much equal. I have 1.6 GHz Atom and 2GB ram, he >> has not half this ... I know can't compare arm and x86 clock for clock ...) >> >> I'll try to run geli on single disk, to see how much ZFS is impacting on performance, but, is >> there any other way around ? All I want is RAID5, and FreeBSD has not developed RAID5 from GEOM >> (AFAIK) since a long time. ZFS is the way people go in recent years. >> >> suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geom mirror/stripe to a >> newer >> approach that would be supported by FreeBSD. >> >> I have an external enclosure for 4 SATA disks (port multiplier included) using 4 disks, another >> port multiplier 5x1 using now 3 disks, and: >> >> ahci1@pci0:13:0:0: class=0x010601 card=0x10601b21 chip=0x06121b21 rev=0x01 hdr=0x00 >> vendor = 'ASMedia Technology Inc.' >> class = mass storage >> subclass = SATA >> >> with two eSATA to the Port Multipliers. >> >> thanks, >> >> matheus >> >> machine: >> ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) >> Copyright (c) 1992-2012 The FreeBSD Project. >> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 >> The Regents of the University of California. All rights reserved. >> FreeBSD is a registered trademark of The FreeBSD Foundation. >> FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 >> root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 >> ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) >> CPU: Genuine Intel(R) CPU @ 1.60GHz (1600.04-MHz K8-class CPU) >> Origin = "GenuineIntel" Id = 0x20661 Family = 6 Model = 26 Stepping = 1 >> Features=0xbfe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> >> Features2=0x40e3bd<SSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE> >> AMD Features=0x20100800<SYSCALL,NX,LM> >> AMD Features2=0x1<LAHF> >> TSC: P-state invariant, performance statistics >> real memory = 2147352576 (2047 MB) >> avail memory = 2046488576 (1951 MB) >> MPTable: <Soekris net6501 > >> Event timer "LAPIC" quality 400 >> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs >> FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads >> cpu0 (BSP): APIC ID: 0 >> cpu1 (AP/HT): APIC ID: 1 >> ioapic0: Assuming intbase of 0 >> ioapic0 <Version 2.0> irqs 0-23 on motherboard >> kbd0 at kbdmux0 >> ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) >> ACPI: Table initialisation failed: AE_NOT_FOUND >> ACPI: Try disabling either ACPI or apic support. >> cryptosoft0: <software crypto> on motherboard >> >> -- >> We will call you Cygnus, >> The God of balance you shall be >> >> A: Because it messes up the order in which people normally read text. >> Q: Why is top-posting such a bad thing? >> >> http://en.wikipedia.org/wiki/Posting_style >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > The ideal solution will be ZFS with crypto support, but unfortunately this is only available on > Oracle Sun 5.11 for now. > > The GELI is very good, but it is mostly for single device/file image encryption. Each new GELI > device in the ZFS mirror/RAIDZ configuration will add extra overhead. > > GELI on top of ZFS volume/file-backed will be even worse. > > You could consider PEFS from ports on top of any ZFS pool. PEFS is a kernel level stacked > cryptographic filesystem for FreeBSD: > > http://www.freshports.org/sysutils/pefs-kmod/ > http://wiki.freebsd.org/PEFS > https://github.com/glk/pefs > > P.S. ZFS RAIDZ1/RAIDZ2 pool is more sophisticated solution than RAID5/RAID6. Thanks Andriy, I'll read about it. Can I consider this PEFS so stable as GELI ? thanks, matheus -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03b2fb71a732191083c37a3211d8a7ac.squirrel>