| View previous topic :: View next topic |
| Author |
Message |
Twist
Guru
Joined: 03 Jan 2003
Posts: 412
Location: San Diego
|
 Posted: Tue Jul 17, 2012 5:56 am Post subject: |
 |
|
ryao,
First, thanks for your contributions in getting ZFS on gentoo, much appreciated.
I understand ZFS native encryption is only available in zpool 30+ implementations, and if I read it right Oracle hasn't released the necessary code for anybody else to implement it.
I'd like to have the data integrity of ZFS, but I'd also like to have full encryption while I'm at it. Do you see any potential issues in using for instance Truecrypt in raw block device mode underneath a ZFS pool? So say I have X physical disks, I encrypt each as raw with truecrypt, mount them as X block devices, then add them as pool components from there. I'm very much not a zfs guy, have only played around with it via loopback files as tests, but it seems that if it's able to treat each physical disk as a distinct block device it would still get all of its benefits, just unknown to ZFS all of those blocks would be written encrypted. |
|
| Back to top |
|
 |
bpaddock
Apprentice
Joined: 04 Nov 2005
Posts: 151
|
| Posted: Sat Jul 21, 2012 2:55 pm Post subject: Re: Gentoo on ZFS |
|
|
| ryao wrote: |
Does anyone have any questions? |
About a year ago I was playing with ZFS on my box, according to the time stamp on /etc/zfs/zfs.cache it was June 4th 2011.
Today I emerged the latest SPL and ZFS and I can not mount the ZFS pool 'data' from last year.
There was no earth shattering data in that pool, and I have good backups, however I thought it would be interesting to see if this is recoverable, as I'd like to understand what the below error message really means.
The pool is comprised of four 250GB drives, with the full disk allocated to the pool.
Any insights into what is going on, and how to recover the pool?
Is the old /etc/zfs/zfs.cache of any use?
What could have corrupted the disk(s) label; rather it is the tools don't understand these labels?
| Code: |
zpool status -x
pool: data
state: UNAVAIL
status: One or more devices could not be used because the label is missing
or invalid. There are insufficient replicas for the pool to continue
functioning.
action: Destroy and re-create the pool from
a backup source.
see: http://zfsonlinux.org/msg/ZFS-8000-5E
scan: none requested
config:
NAME STATE READ WRITE CKSUM
data UNAVAIL 0 0 0 insufficient replicas
raidz1-0 UNAVAIL 0 0 0 insufficient replicas
sdc UNAVAIL 0 0 0
sdd UNAVAIL 0 0 0
sde UNAVAIL 0 0 0
sdf UNAVAIL 0 0 0
|
| Code: |
# dmesg|grep -i sdc
[ 1.254038] sd 2:0:0:0: [sdc] 488397168 512-byte logical blocks: (250 GB/232 GiB)
[ 1.254070] sd 2:0:0:0: [sdc] Write Protect is off
[ 1.254073] sd 2:0:0:0: [sdc] Mode Sense: 00 3a 00 00
[ 1.254087] sd 2:0:0:0: [sdc] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 1.277275] sdc: unknown partition table
[ 1.277561] sd 2:0:0:0: [sdc] Attached SCSI disk
# dmesg|grep -i sdd
[ 1.717723] sd 3:0:0:0: [sdd] 488397168 512-byte logical blocks: (250 GB/232 GiB)
[ 1.718732] sd 3:0:0:0: [sdd] Write Protect is off
[ 1.718829] sd 3:0:0:0: [sdd] Mode Sense: 00 3a 00 00
[ 1.718859] sd 3:0:0:0: [sdd] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 1.733672] sdd: unknown partition table
[ 1.733957] sd 3:0:0:0: [sdd] Attached SCSI disk
# dmesg|grep -i sde
[ 1.718028] sd 4:0:0:0: [sde] 488397168 512-byte logical blocks: (250 GB/232 GiB)
[ 1.718056] sd 4:0:0:0: [sde] Write Protect is off
[ 1.718058] sd 4:0:0:0: [sde] Mode Sense: 00 3a 00 00
[ 1.718071] sd 4:0:0:0: [sde] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 1.729221] sde: unknown partition table
[ 1.729509] sd 4:0:0:0: [sde] Attached SCSI disk
# dmesg|grep -i sdf
[ 2.181717] sd 5:0:0:0: [sdf] 488397168 512-byte logical blocks: (250 GB/232 GiB)
[ 2.182059] sd 5:0:0:0: [sdf] Write Protect is off
[ 2.182167] sd 5:0:0:0: [sdf] Mode Sense: 00 3a 00 00
[ 2.182186] sd 5:0:0:0: [sdf] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 2.205833] sdf: unknown partition table
[ 2.206143] sd 5:0:0:0: [sdf] Attached SCSI disk
|
| Code: |
# fdisk /dev/sdc
WARNING: GPT (GUID Partition Table) detected on '/dev/sdc'! The util fdisk doesn't support GPT. Use GNU Parted.
|
| Code: |
(parted) print
Error: /dev/sdc: unrecognised disk label
Model: ATA ST3250410AS (scsi)
Disk /dev/sdc: 250GB
Sector size (logical/physical): 512B/512B
Partition Table: unknown
Disk Flags:
|
|
|
| Back to top |
|
|
disi
Veteran
Joined: 28 Nov 2003
Posts: 1351
Location: Out There ...
|
| Posted: Thu Jul 26, 2012 6:33 pm Post subject: |
|
|
since sys-kernel/genkernel-3.4.39, it doesn't work with zfs any more... wouldn't load the module.
_________________
Gentoo on Uptime Project - Larry is a cow |
|
| Back to top |
|
|
ryao
Developer
Joined: 27 Feb 2012
Posts: 96
|
| Posted: Sun Jul 29, 2012 11:05 pm Post subject: |
|
|
| Twist wrote: | ryao,
First, thanks for your contributions in getting ZFS on gentoo, much appreciated.
I understand ZFS native encryption is only available in zpool 30+ implementations, and if I read it right Oracle hasn't released the necessary code for anybody else to implement it.
I'd like to have the data integrity of ZFS, but I'd also like to have full encryption while I'm at it. Do you see any potential issues in using for instance Truecrypt in raw block device mode underneath a ZFS pool? So say I have X physical disks, I encrypt each as raw with truecrypt, mount them as X block devices, then add them as pool components from there. I'm very much not a zfs guy, have only played around with it via loopback files as tests, but it seems that if it's able to treat each physical disk as a distinct block device it would still get all of its benefits, just unknown to ZFS all of those blocks would be written encrypted. |
I apologize for the late response. Anyway, the answer is that it depends. If truecrypt has barrier support, then it should be fine. If it does not have barrier support, then ZFS's data integrity will be compromised. I am told that LUKS has barrier support, but I do not know about Truecrypt.
With that said, some early ZFS encryption code is open source, but it needs significant work before it can be integrated:
| Code: | | hg clone ssh://anon@hg.opensolaris.org//hg/zfs-crypto/gate |
http://hub.opensolaris.org/bin/download/Project+zfs-crypto/files/zfs-crypto-design.pdf
| kernelOfTruth wrote: | | not sure how much encryption and non-direct writing to the disk plays in creating this issue |
Unfortunately, I am at a loss to explain this. It works fine for me. The way that you are encrypting it might be causing problems. You might want to make certain that ashift is set appropriately for your disk and that LUKS will read and write in sector-sized blocks.
| disi wrote: | | since sys-kernel/genkernel-3.4.39, it doesn't work with zfs any more... wouldn't load the module. |
That is a regression. It should be fixed in sys-kernel/genkernel-3.4.40. |
|
| Back to top |
|
|
acidmonkey
n00b
Joined: 27 Feb 2010
Posts: 34
|
| Posted: Fri Oct 12, 2012 9:46 am Post subject: |
|
|
What are my options for booting? Is it feasible to have 3 drives, 2 volumes one with raid1, with double redundancy and one with raidz1, with single redundancy? The former bootable for the system and important data the latter for less important data.
Is there some way to boot a linux kernel on a zfs volume? |
|
| Back to top |
|
|
0n0w1c
Apprentice
Joined: 02 Mar 2004
Posts: 273
|
| Posted: Mon Nov 26, 2012 3:37 pm Post subject: Gentoo roofs on ZFS |
|
|
@ryao
Can the current ZFS on Linux 0.6.0-rc12 be used for the rootfs for Gentoo?
I see the information here and question if it would be successful. Of particular concern is this bug. I would love to give it a try and can even live with some bugs. I would be trying this on my laptop inside a Virtualbox or Parallels VM on OS/X, so obviously this would not be mission critical. |
|
| Back to top |
|
|
Gentoo64
n00b
Joined: 21 Oct 2011
Posts: 39
Location: ::
|
| Posted: Tue Nov 27, 2012 8:00 am Post subject: |
|
|
| I use it for rootfs works perfectly |
|
| Back to top |
|
|
0n0w1c
Apprentice
Joined: 02 Mar 2004
Posts: 273
|
| Posted: Sun Dec 09, 2012 3:02 pm Post subject: |
|
|
| After a little trial and error... I have a ZFS rootfs on a LUKS/dm-crypt partition working. I am using an ext2 /boot partition but I am fine with that. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
