Date: Sat, 17 Nov 2018 12:50:09 +0200 From: Nikos Vassiliadis <nvass@gmx.com> To: Marco Steinbach <coco@executive-computing.de>, freebsd-geom@freebsd.org Subject: Re: eli encrypted providers for zfs raidz1 Message-ID: <0824ef45-642d-d8ff-c5e6-e627f9f18e0d@gmx.com> In-Reply-To: <20181116231809.40a8f74c@bsdbuch.c0c0.intra> References: <20181116231809.40a8f74c@bsdbuch.c0c0.intra>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Marco, On 11/17/18 12:18 AM, Marco Steinbach wrote: > Hi. > > I'm using 11.2-RELEASE r335510 amd64 GENERIC in an Oracle VirtualBox > setup on FreeBSD, which is what comes out of the box, when installing > 11.2 from the distribution media. > > > I'm trying to wrap my head around on how to avoid a zpool resilver on a > non-booting ZFS raidz1 of off four equally sized (GPT) partitions on > four distinct drives using eli for encyption. > > IOW: I do struggle with finding a way to attach all the > providers such, that ZFS does not initiate a resilver due to the > providers being attached sequentially. > > I've created and initialized the partitions as follows (generic > notation, comments on chosen encryption algo welome, since this > testing setup lacks AES-NI): > # gpart create -s gpt /dev/ada[2-5] > # gpart add -t freebsd-zfs /dev/ada[2-5] > # geli init -e AES-CBC -l 128 /dev/ada[2-5]p1 > > Then I attached the geli partitions like so: > # geli attach /dev/ada[2-5]p1 > > And finally created a raidz1 spanning all four partitions: > # zpool create u0001 raidz1 /dev/ada[2-5]p1.eli > > That works flawlessly. And naturally, after a reboot none of the > encrypted devices is available to the zpool then, unless I attach them. > > Doing so using geli attach requires me to attach them sequentially, > which then results in ZFS resilvering the pool. Why don't you just export the pool before shutting down? Since you already attach GELI manually, it'd make sense to import the pool manually as well. You could automate the import using devd and some scripting, that is, detect when all GELIs are there and then run zpool import. > So, here's my questions: > > 1. Is the inavoidable resilver intended behaviour based on current > implementation, or am I missing something ? It makes sense to resilver, given that ZFS will try to import the pool as soon as enough devices appear. I am not sure whether it is unavoidable though. > 2. In case I use a bootable zfsroot (cudos to allanjude@, I highly > recommend his BSDCan presentations on the matter), is there a way to > hand over the zfsroot passphrase to eli for automatically attaching > other providers ? > > Please note, that I'd like to stick as close as possible to what the > base system offers for this use-case. > > MfG CoCo > > _______________________________________________ > freebsd-geom@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0824ef45-642d-d8ff-c5e6-e627f9f18e0d>