From owner-freebsd-geom@FreeBSD.ORG Sat Jan 13 20:21:03 2007 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3A7E816A403 for ; Sat, 13 Jan 2007 20:21:03 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.freebsd.org (Postfix) with ESMTP id C4FB713C45B for ; Sat, 13 Jan 2007 20:21:01 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id C537D487FF; Sat, 13 Jan 2007 21:20:59 +0100 (CET) Received: from localhost (154.81.datacomsa.pl [195.34.81.154]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id BB852487F2; Sat, 13 Jan 2007 21:20:54 +0100 (CET) Date: Sat, 13 Jan 2007 21:20:18 +0100 From: Pawel Jakub Dawidek To: Christian Baer Message-ID: <20070113202018.GK90718@garage.freebsd.pl> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="M0YLxmUXciMpOLPE" Content-Disposition: inline In-Reply-To: X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r804 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=BAYES_00 autolearn=ham version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: What does geli attach -a do? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2007 20:21:03 -0000 --M0YLxmUXciMpOLPE Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 13, 2007 at 09:01:05PM +0100, Christian Baer wrote: > Good evening, folks! >=20 > Ok, I know what that does. I can read manpages. :-) >=20 > Is the effekt of this somehow documented by numbers though? Basicly > meaning: Does this function 'only' tell me if the data on the provider > is currupt? Or does it help to isolate it or can even restore broken > data (to a point). It'll tell you exact offset and size where corrupted data were detected. It won't help you bring you data back, it's a security feature, not a reliability feature, but can be used also to detect silent data corruptions. > If one of the latter ist the case, what are the numbers on this? How > much data (in per cent) may be broken, before no more isolation and/or > restoration is possible? >=20 > Does it make sense to use this in combination with a mirror? If you're afraid of silent data corruptions, then yes. When one half of the mirror will be corrupted and geli will detect it, gmirror will read the data from the other half. Unfortunately authentication-only mode is not supported in geli at the moment, so you have encryption/decription overhead. If you don't care about this overhead, and don't care about security, this is how you can create such configuration: # geli init -a HMAC/MD5 -s 4096 -P -K /dev/null /dev/da0 # geli init -a HMAC/MD5 -s 4096 -P -K /dev/null /dev/da1 # geli attach -p -k /dev/null /dev/da0 # geli attach -p -k /dev/null /dev/da1 # gmirror label foo /dev/da? --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --M0YLxmUXciMpOLPE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFqT8CForvXbEpPzQRAu+CAKCwG3WuCERNXll3LAd31ApwdcNDqwCdEV8f JsT6U1JPsHTJt3QVjc/7e8E= =3pv4 -----END PGP SIGNATURE----- --M0YLxmUXciMpOLPE--