Date: Fri, 16 Nov 2018 23:18:09 +0100 From: Marco Steinbach <coco@executive-computing.de> To: freebsd-geom@freebsd.org Subject: eli encrypted providers for zfs raidz1 Message-ID: <20181116231809.40a8f74c@bsdbuch.c0c0.intra>
next in thread | raw e-mail | index | archive | help
Hi. I'm using 11.2-RELEASE r335510 amd64 GENERIC in an Oracle VirtualBox setup on FreeBSD, which is what comes out of the box, when installing 11.2 from the distribution media. I'm trying to wrap my head around on how to avoid a zpool resilver on a non-booting ZFS raidz1 of off four equally sized (GPT) partitions on four distinct drives using eli for encyption. IOW: I do struggle with finding a way to attach all the providers such, that ZFS does not initiate a resilver due to the providers being attached sequentially. I've created and initialized the partitions as follows (generic notation, comments on chosen encryption algo welome, since this testing setup lacks AES-NI): # gpart create -s gpt /dev/ada[2-5] # gpart add -t freebsd-zfs /dev/ada[2-5] # geli init -e AES-CBC -l 128 /dev/ada[2-5]p1 Then I attached the geli partitions like so: # geli attach /dev/ada[2-5]p1 And finally created a raidz1 spanning all four partitions: # zpool create u0001 raidz1 /dev/ada[2-5]p1.eli That works flawlessly. And naturally, after a reboot none of the encrypted devices is available to the zpool then, unless I attach them. Doing so using geli attach requires me to attach them sequentially, which then results in ZFS resilvering the pool. So, here's my questions: 1. Is the inavoidable resilver intended behaviour based on current implementation, or am I missing something ? 2. In case I use a bootable zfsroot (cudos to allanjude@, I highly recommend his BSDCan presentations on the matter), is there a way to hand over the zfsroot passphrase to eli for automatically attaching other providers ? Please note, that I'd like to stick as close as possible to what the base system offers for this use-case. MfG CoCo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181116231809.40a8f74c>