Date: Tue, 28 Aug 2007 12:46:25 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Christian Walther <cptsalek@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: Encrypted zfs? Message-ID: <20070828104625.GB36596@garage.freebsd.pl> In-Reply-To: <46D2C812.8090106@gmail.com> References: <46D2C812.8090106@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--3lcZGd9BuhuYXNfi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 27, 2007 at 12:48:18PM +0000, Christian Walther wrote: > Hello list, >=20 > I'm currently using a zraid consisting of three drives. Lately I wonder= =20 > what the best way would be to encrypt it. > I read the chapter dealing with disk encryption in the handbook, and=20 > decided to use GELI. Is there anyone here on the list who has some=20 > experiences with ZFS on encrypted GELI devices? Are there some=20 > performance specs around? >=20 > And what is even more important: What is the best of moving the zraid to= =20 > encrypted devices? > I can't remove one of the disks because they are in use. So I figure one= =20 > way would be to buy another disk, set up encryption and add it to the=20 > pool. I could then remove one disk after the other, encrypt it, remove=20 > the (now broken one) from the zpool, and add the newly encrypted device. > Since buying disks costs money I wonder how save it would be to follow=20 > this procedure without adding a new disk. From my point of view I'll=20 > loose redundancy as soon as I remove one of the three disks. But is=20 > there another problem or something dangerous I don't see her? slayer:root:~# zpool list NAME SIZE USED AVAIL CAP HEALTH ALTROOT private 334G 64,6G 269G 19% ONLINE - tank 1,45T 607G 881G 40% ONLINE - slayer:root:~# zpool status pool: private state: ONLINE scrub: none requested config: NAME STATE READ WRITE CKSUM private ONLINE 0 0 0 raidz1 ONLINE 0 0 0 ad1s2.eli ONLINE 0 0 0 ad6.eli ONLINE 0 0 0 ad7s2.eli ONLINE 0 0 0 errors: No known data errors pool: tank state: ONLINE scrub: none requested config: NAME STATE READ WRITE CKSUM tank ONLINE 0 0 0 raidz1 ONLINE 0 0 0 ad3.eli ONLINE 0 0 0 ad4.eli ONLINE 0 0 0 ad5.eli ONLINE 0 0 0 ad8.eli ONLINE 0 0 0 ad9.eli ONLINE 0 0 0 errors: No known data errors --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --3lcZGd9BuhuYXNfi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG0/0BForvXbEpPzQRAlQHAJ4jOerKHHhDLOAXuTeA8r9EiSvzRQCeOrGe yTo+CK8aKlHZpe6Sg+FyoXw= =jnb+ -----END PGP SIGNATURE----- --3lcZGd9BuhuYXNfi--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070828104625.GB36596>