From owner-freebsd-current@FreeBSD.ORG  Tue Aug 28 10:47:38 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F287516A420
	for <freebsd-current@freebsd.org>; Tue, 28 Aug 2007 10:47:37 +0000 (UTC)
	(envelope-from pjd@garage.freebsd.pl)
Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl
	[83.17.198.132])
	by mx1.freebsd.org (Postfix) with ESMTP id 5C18F13C46B
	for <freebsd-current@freebsd.org>; Tue, 28 Aug 2007 10:47:37 +0000 (UTC)
	(envelope-from pjd@garage.freebsd.pl)
Received: by mail.garage.freebsd.pl (Postfix, from userid 65534)
	id 0F80D456AB; Tue, 28 Aug 2007 12:47:35 +0200 (CEST)
Received: from localhost (pjd.wheel.pl [10.0.1.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.garage.freebsd.pl (Postfix) with ESMTP id D3ADF45684;
	Tue, 28 Aug 2007 12:47:29 +0200 (CEST)
Date: Tue, 28 Aug 2007 12:46:25 +0200
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: Christian Walther <cptsalek@gmail.com>
Message-ID: <20070828104625.GB36596@garage.freebsd.pl>
References: <46D2C812.8090106@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="3lcZGd9BuhuYXNfi"
Content-Disposition: inline
In-Reply-To: <46D2C812.8090106@gmail.com>
User-Agent: Mutt/1.4.2.3i
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 7.0-CURRENT i386
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	mail.garage.freebsd.pl
X-Spam-Level: 
X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 
	autolearn=ham version=3.0.4
Cc: freebsd-current@freebsd.org
Subject: Re: Encrypted zfs?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2007 10:47:38 -0000


--3lcZGd9BuhuYXNfi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 27, 2007 at 12:48:18PM +0000, Christian Walther wrote:
> Hello list,
>=20
> I'm currently using a zraid consisting of three drives. Lately I wonder=
=20
> what the best way would be to encrypt it.
> I read the chapter dealing with disk encryption in the handbook, and=20
> decided to use GELI. Is there anyone here on the list who has some=20
> experiences with ZFS on encrypted GELI devices? Are there some=20
> performance specs around?
>=20
> And what is even more important: What is the best of moving the zraid to=
=20
> encrypted devices?
> I can't remove one of the disks because they are in use. So I figure one=
=20
> way would be to buy another disk, set up encryption and add it to the=20
> pool. I could then remove one disk after the other, encrypt it, remove=20
> the (now broken one) from the zpool, and add the newly encrypted device.
> Since buying disks costs money I wonder how save it would be to follow=20
> this procedure without adding a new disk. From my point of view I'll=20
> loose redundancy as soon as I remove one of the three disks. But is=20
> there another problem or something dangerous I don't see her?

slayer:root:~# zpool list
NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
private                 334G   64,6G    269G    19%  ONLINE     -
tank                   1,45T    607G    881G    40%  ONLINE     -

slayer:root:~# zpool status
  pool: private
 state: ONLINE
 scrub: none requested
config:

        NAME           STATE     READ WRITE CKSUM
        private        ONLINE       0     0     0
          raidz1       ONLINE       0     0     0
            ad1s2.eli  ONLINE       0     0     0
            ad6.eli    ONLINE       0     0     0
            ad7s2.eli  ONLINE       0     0     0

errors: No known data errors

  pool: tank
 state: ONLINE
 scrub: none requested
config:

        NAME         STATE     READ WRITE CKSUM
        tank         ONLINE       0     0     0
          raidz1     ONLINE       0     0     0
            ad3.eli  ONLINE       0     0     0
            ad4.eli  ONLINE       0     0     0
            ad5.eli  ONLINE       0     0     0
            ad8.eli  ONLINE       0     0     0
            ad9.eli  ONLINE       0     0     0

errors: No known data errors

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--3lcZGd9BuhuYXNfi
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFG0/0BForvXbEpPzQRAlQHAJ4jOerKHHhDLOAXuTeA8r9EiSvzRQCeOrGe
yTo+CK8aKlHZpe6Sg+FyoXw=
=jnb+
-----END PGP SIGNATURE-----

--3lcZGd9BuhuYXNfi--