Date: Tue, 28 Aug 2007 12:46:25 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Christian Walther <cptsalek@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: Encrypted zfs? Message-ID: <20070828104625.GB36596@garage.freebsd.pl> In-Reply-To: <46D2C812.8090106@gmail.com> References: <46D2C812.8090106@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Mon, Aug 27, 2007 at 12:48:18PM +0000, Christian Walther wrote:
> Hello list,
>
> I'm currently using a zraid consisting of three drives. Lately I wonder
> what the best way would be to encrypt it.
> I read the chapter dealing with disk encryption in the handbook, and
> decided to use GELI. Is there anyone here on the list who has some
> experiences with ZFS on encrypted GELI devices? Are there some
> performance specs around?
>
> And what is even more important: What is the best of moving the zraid to
> encrypted devices?
> I can't remove one of the disks because they are in use. So I figure one
> way would be to buy another disk, set up encryption and add it to the
> pool. I could then remove one disk after the other, encrypt it, remove
> the (now broken one) from the zpool, and add the newly encrypted device.
> Since buying disks costs money I wonder how save it would be to follow
> this procedure without adding a new disk. From my point of view I'll
> loose redundancy as soon as I remove one of the three disks. But is
> there another problem or something dangerous I don't see her?
slayer:root:~# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
private 334G 64,6G 269G 19% ONLINE -
tank 1,45T 607G 881G 40% ONLINE -
slayer:root:~# zpool status
pool: private
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
private ONLINE 0 0 0
raidz1 ONLINE 0 0 0
ad1s2.eli ONLINE 0 0 0
ad6.eli ONLINE 0 0 0
ad7s2.eli ONLINE 0 0 0
errors: No known data errors
pool: tank
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
tank ONLINE 0 0 0
raidz1 ONLINE 0 0 0
ad3.eli ONLINE 0 0 0
ad4.eli ONLINE 0 0 0
ad5.eli ONLINE 0 0 0
ad8.eli ONLINE 0 0 0
ad9.eli ONLINE 0 0 0
errors: No known data errors
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd@FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQFG0/0BForvXbEpPzQRAlQHAJ4jOerKHHhDLOAXuTeA8r9EiSvzRQCeOrGe
yTo+CK8aKlHZpe6Sg+FyoXw=
=jnb+
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070828104625.GB36596>