From owner-freebsd-questions@freebsd.org Fri Sep 1 00:09:13 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B6A3E0CE94 for ; Fri, 1 Sep 2017 00:09:13 +0000 (UTC) (envelope-from shamim.shahriar@gmail.com) Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0711D6E02F for ; Fri, 1 Sep 2017 00:09:13 +0000 (UTC) (envelope-from shamim.shahriar@gmail.com) Received: by mail-wm0-x232.google.com with SMTP id v2so6616436wmf.0 for ; Thu, 31 Aug 2017 17:09:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+P3MnjQbnRjH3WpFEi2w18VlHozyhaa6CJwwkg8vuNw=; b=agHyRrx5K1HBIupgl73p1NCBychxbdLC1iwJemuZaFgKm7Am+AyF7YMDvKeRLYwVRQ G77c/QxtAFestpT5uZhXy4JuJWtEHKddyYuy2Ob+6MsssEn0fpZfEz1bfY/gu/15FQBF l9GJD2InNXkq3FaViKjl9467JmDVy4iGVPl2N2QPM9mopCCExBpj6lIgmX/x1NLGgVI0 dH+svs4tfAbJz/zR9VQOynIHUwEoeSi+S3Vph94vKleWjgKOCwCpga/rY+huMn0EwqYX SdfiWeqeMuIagyPOMOkMDFxV5/t99hQuTjU5cMJAfP7Gf+oltR9hNJ+q29Q9LBNdezzz o6vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+P3MnjQbnRjH3WpFEi2w18VlHozyhaa6CJwwkg8vuNw=; b=NeJsLS5aluP+B6iCQfUS/Xf183lGtucrWI9dlnpp+BHBOj+G+kNQIBs+52mb5PXxVe 1EJszo4p6Skq2T+WVUUS8CZIJG1rJZLdsnn/CWEIxp06ON/dLqgzdQd7VL08vyWTWKY+ oNZMh0DHfCTDWeejVQEr3n7XrRuapFc1AZMkKcGLrhvCqbuPqpmXvCfP/PIadaP6F8iD T5s5SsQocumLuUv0Dq2abO+kgXs9+aHOFaEEfKqrhjpgPOi3v73WhJNTPU3PMYKGWfAd PVi5SuTzLxb7KFxqjQz6IxpzXv/5HxhRsenmyWOGuHEcCNvL3FBEoxLnlZ38o7m+gPao hmFw== X-Gm-Message-State: AHPjjUgVgDQ/9sa9hCnDbhsE+++cpQeU9eelkl2jk3Bq/QoD/6UJvgYZ mfyxgfBXE7lbhf4pmJUu1V4FdgHP+A== X-Google-Smtp-Source: ADKCNb4P9ILWh8yg8o7tsegqVikUGvvoZc+xlqrfgX95vKUQWmtQFo00wqQKxYsAE1oZTxnFSK4IocxBtxEckVZYTXw= X-Received: by 10.80.183.34 with SMTP id g31mr122167ede.133.1504224550496; Thu, 31 Aug 2017 17:09:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.157.140 with HTTP; Thu, 31 Aug 2017 17:09:09 -0700 (PDT) Received: by 10.80.157.140 with HTTP; Thu, 31 Aug 2017 17:09:09 -0700 (PDT) In-Reply-To: <8930b791-c872-cc6c-55b0-189f405a3b05@fjl.co.uk> References: <012a6d18-7f67-9855-1740-479329bf9a65@gmail.com> <8930b791-c872-cc6c-55b0-189f405a3b05@fjl.co.uk> From: Shamim Shahriar Date: Fri, 1 Sep 2017 01:09:09 +0100 Message-ID: Subject: Re: using gmirror and zfs mirror on the same box -- thoughts? To: Frank Leonhardt Cc: "freebsd-questions@FreeBSD.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Sep 2017 00:09:13 -0000 Hi Frank, thanks for your feedback, much appreciated. I'm not sure about gmirror being broken -- I am experiment (currently) with 12 current on a very broken machine which seem to be working fine. The way the machine is broken -- it is a Lenovo tower, supposed to work either legacy or efi booting, but fails with efi booting in most cases with drives that occasionally boots, and cannot boot legacy or efi from gpt drives at all. Only thing seem to work properly is legacy bit with MBR. So I used a couple of 1tb drives, made MBR partitions -- 3 slices, first with root boot and the lot, 2nd with tmp and swap (did not want to mirror those, so the second HDD has /var/tmp and swap), third slice with zfs only. The first slices in gmirror, third slices geli encrypted zfs mirror. Seems to be working fine. So far I have not noticed any data error. I'm to some extent certain that if the machine could boot from gpt, I could have gotten away without having to do slices and use just partitions. But cannot confirm until I try out the actual machine. I'll need to check the link you sent, but that will be tomorrow. Badly in need of a shut eye. Thanks again. On 31 Aug 2017 11:33 pm, "Frank Leonhardt" wrote: On 17/08/2017 23:48, Shamim Shahriar wrote: > Good evening all, hope everyone is well. > > I have a strange requirement for a particular system that will sit at a > remote location. I intend to use mirror, but at the same time encrypt the > system. Boot time encryption is not an option -- I need the system to boot > up normally (with network and ssh running, so I can do the rest remotely) > and do not wish to risk the normal bootup due to some issues with either > geli or other matters (fsck after a power out comes to mind). I would like > to have the OS part mirrored as well the data part. As for the data part -- > I definitely wish to use zfs with encryption. Encrypting OS is not > necessary (but if can be done safely, ideas are welcome) > > Now, I can use multiple zpool, but then all of them will try to be > active/functional when the machine boots. If I intend to encrypt the data > pool (geli), then it needs to wait until the encryption part is taken care > of. > > So, I am thinking (probably in a very wrong way, corrections welcome), if > I get the OS part gmirror-ed, then that comes up with the OS, I have > network and ssh to get into the system, and then manually run the > encryption and zfs part. > > The system has 8GB RAM, which I am assuming should be good enough for > geli, gmirror and zfs parts. > > If anyone has any better suggestion/scenerio to share, that is greatly > welcome. If you think this might actually be disfunctional, please share > your thoughts on that (preferably with explanation as to why this is a bad > idea). if you have any suggestion that you think is a much better option, > please do feel free to share. > Hi Shamim, This sounds like a very good idea to me. I often go for mixed systems; boot off geom mirrored UFS drives and use ZFS for storage. At one time you had to boot from UFS, and it's only been simple to boot from ZFS since 10.0 (IIRC). Although you can boot from a complex raidz array it has problems. For example, when you swap a failed drive you don't get the boot code back unless you put it there. And there's also more to go wrong (HBA, SAS expander and so on). If you boot from a pair of SATA drives directly connected to the motherboard it's just more likely to work. And the final "good thing" about booting from a mirrored UFS is that you can use the drive for faster database storage - eli a partition for this if needed. Booting from a geom mirror seems to have broken since 11 - you might want to read this: http://blog.frankleonhardt.com/2017/zfs-is-not-always-the-an swer-bring-back-gmirror/ Regards, Frank. _______________________________________________ freebsd-questions@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"