Date: Sat, 13 Jan 2007 21:20:18 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Christian Baer <christian.baer@informatik.uni-dortmund.de> Cc: freebsd-geom@freebsd.org Subject: Re: What does geli attach -a do? Message-ID: <20070113202018.GK90718@garage.freebsd.pl> In-Reply-To: <eobdq1$74h$1@nermal.rz1.convenimus.net> References: <eobdq1$74h$1@nermal.rz1.convenimus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--M0YLxmUXciMpOLPE Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 13, 2007 at 09:01:05PM +0100, Christian Baer wrote: > Good evening, folks! >=20 > Ok, I know what that does. I can read manpages. :-) >=20 > Is the effekt of this somehow documented by numbers though? Basicly > meaning: Does this function 'only' tell me if the data on the provider > is currupt? Or does it help to isolate it or can even restore broken > data (to a point). It'll tell you exact offset and size where corrupted data were detected. It won't help you bring you data back, it's a security feature, not a reliability feature, but can be used also to detect silent data corruptions. > If one of the latter ist the case, what are the numbers on this? How > much data (in per cent) may be broken, before no more isolation and/or > restoration is possible? >=20 > Does it make sense to use this in combination with a mirror? If you're afraid of silent data corruptions, then yes. When one half of the mirror will be corrupted and geli will detect it, gmirror will read the data from the other half. Unfortunately authentication-only mode is not supported in geli at the moment, so you have encryption/decription overhead. If you don't care about this overhead, and don't care about security, this is how you can create such configuration: # geli init -a HMAC/MD5 -s 4096 -P -K /dev/null /dev/da0 # geli init -a HMAC/MD5 -s 4096 -P -K /dev/null /dev/da1 # geli attach -p -k /dev/null /dev/da0 # geli attach -p -k /dev/null /dev/da1 # gmirror label foo /dev/da? --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --M0YLxmUXciMpOLPE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFqT8CForvXbEpPzQRAu+CAKCwG3WuCERNXll3LAd31ApwdcNDqwCdEV8f JsT6U1JPsHTJt3QVjc/7e8E= =3pv4 -----END PGP SIGNATURE----- --M0YLxmUXciMpOLPE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070113202018.GK90718>