From owner-freebsd-questions@FreeBSD.ORG Thu Oct 10 18:08:48 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id A89677AF for ; Thu, 10 Oct 2013 18:08:48 +0000 (UTC) (envelope-from terje@elde.net) Received: from keepquiet.net (keepquiet.net [IPv6:2a01:4f8:130:84c1::deaf:babe]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 162052082 for ; Thu, 10 Oct 2013 18:08:47 +0000 (UTC) Received: from [10.130.11.119] (cm-84.210.76.250.getinternet.no [84.210.76.250]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: terje@elde.net) by keepquiet.net (Postfix) with ESMTPSA id 098242E06E; Thu, 10 Oct 2013 20:08:42 +0200 (CEST) Content-Type: multipart/signed; boundary="Apple-Mail=_052FB60A-7917-462B-A4D0-F3274E3EB14F"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: Geli and ZFS From: Terje Elde In-Reply-To: Date: Thu, 10 Oct 2013 20:08:31 +0200 Message-Id: <77878DF1-8266-406D-BD76-02295AE09CF0@elde.net> References: To: yudi v X-Mailer: Apple Mail (2.1510) X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Oct 2013 18:08:48 -0000 --Apple-Mail=_052FB60A-7917-462B-A4D0-F3274E3EB14F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Oct 9, 2013, at 6:43 AM, yudi v wrote: > Generally, it's recommended to let ZFS manage the whole disk if = possible, > so I was wondering if the second option is better. > I will be using couple of 3TB HDDs mirrored for data and want to = encrypt > them. IIRC, there is/was a major performance-difference on Solaris between = using ZFS on a partition, or a whole disk. FreeBSD is happy with = either. The two alternatives you mentioned were: ZFS over GELI over disk and ZFS over GELI over ZFS over disk While ZFS wouldn't get the raw disk in setup #1, the left-most ZFS = wouldn't get it in the second scenario either. > I am hoping someone with an in-depth understanding of ZFS will be able = to > offer some insight. What I usually do and recommend is using GPT with labels for the = partitions you'll put GELI/ZFS on. There's a couple of different reasons for this: * It'll let you create your zpool on /dev/gpt/label, which will make it = easy to find even when the device moves (harddisk-renumbering, changes = from internal ATA to USB enclosure=85 ) * You don't run things through ZFS twice. * The disk is fully encrypted. * etc Terje --Apple-Mail=_052FB60A-7917-462B-A4D0-F3274E3EB14F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEkBAEBCgAGBQJSVu0lAAoJEKIog3c0EBYzZh8IPjeiHx14sJsoTDWtZtmz+W3t 5YFsutQlYgL/iXN0Wao6BJ/07UvwJn3LhVOGbGHkmDXJ5Z/4NjRjyXT7VBZlgaER XgHfT0kooCy66MAVhjpWavuYTe1/s4BkofR1TI0U9fHuptj8QGFJ7oTNEPh38/o3 0E53XBWqI9VdXN3t8nzS8ul7gwFijkjlei/Vryq6AvUGKMYiBwPpDg8ke+AiG+T5 G72uEeQBJ2UkZlzISALOoHHZaaZ7wgJ3sFfYt3AfcQL0LeAgs7rWk1NztOjERcd1 bQXF24HweFoGCJGrXeDATZumn2dVYuSleHEdTfRCIMk9SewRICdL02U5UJJNrsQT Yh6MLpGLBw== =QYmE -----END PGP SIGNATURE----- --Apple-Mail=_052FB60A-7917-462B-A4D0-F3274E3EB14F--