Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 17 Aug 2017 23:48:45 +0100
From:      Shamim Shahriar <shamim.shahriar@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   using gmirror and zfs mirror on the same box -- thoughts?
Message-ID:  <012a6d18-7f67-9855-1740-479329bf9a65@gmail.com>

Next in thread | Raw E-Mail | Index | Archive | Help
Good evening all, hope everyone is well.

I have a strange requirement for a particular system that will sit at a 
remote location. I intend to use mirror, but at the same time encrypt 
the system. Boot time encryption is not an option -- I need the system 
to boot up normally (with network and ssh running, so I can do the rest 
remotely) and do not wish to risk the normal bootup due to some issues 
with either geli or other matters (fsck after a power out comes to 
mind). I would like to have the OS part mirrored as well the data part. 
As for the data part -- I definitely wish to use zfs with encryption. 
Encrypting OS is not necessary (but if can be done safely, ideas are 
welcome)

Now, I can use multiple zpool, but then all of them will try to be 
active/functional when the machine boots. If I intend to encrypt the 
data pool (geli), then it needs to wait until the encryption part is 
taken care of.

So, I am thinking (probably in a very wrong way, corrections welcome), 
if I get the OS part gmirror-ed, then that comes up with the OS, I have 
network and ssh to get into the system, and then manually run the 
encryption and zfs part.

The system has 8GB RAM, which I am assuming should be good enough for 
geli, gmirror and zfs parts.

If anyone has any better suggestion/scenerio to share, that is greatly 
welcome. If you think this might actually be disfunctional, please share 
your thoughts on that (preferably with explanation as to why this is a 
bad idea). if you have any suggestion that you think is a much better 
option, please do feel free to share.

Best regards




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?012a6d18-7f67-9855-1740-479329bf9a65>