Skip to content

Using FreeBSD ZFS GPT Geli to Backup and Encrypt Your Critical Data

step-01: Check Disk.

====================

check, insert USB disk and check again:

 

    # camcontrol devlist
    # camcontrol devlist -b        # bus
    # camcontrol devlist -v        # verbose

    # geom disk list
    # gpart show da0

 

step-02: Create memory disk, gpt partition, using geli cryptographic.

=====================================================================

<This example uses virtual disk to emulate the USB flash disk.>

1. gpt zfs scheme:

 

    # truncate -s 32g disk0.freebsd_zfs
    # mdconfig -a -t vnode -f disk0.freebsd_zfs -u 0
    # gpart create -s gpt md0
    # gpart add -t freebsd-zfs -l mem-disk0-vol0 md0
    # gpart show md0

 

2. geli encryption:

 

    # geli init -l 256 /dev/gpt/mem-disk0-vol0
        <you will be prompted to type the password twice to set it>
    
    attach the provider:
    # geli attach /dev/gpt/mem-disk0-vol0
        <you will be prompted to type the above password>

    # ls /dev/gpt
    mem-disk0-vol0     mem-disk0-vol0.eli
    # geli status
    Name  Status  Components
       label/swap0.eli  ACTIVE  label/swap0
gpt/mem-disk0-vol0.eli  ACTIVE  gpt/mem-disk0-vol0
        <then gpt/mem-disk0-vol0.eli will be the zpool device>
    
    <
    using the same command to create another memory disk and device:
    disk1.freebsd_zfs, md1, gpt/mem-disk1-vol0.eli
    >

 

step-03: create zpool mirror

============================

 

    # zpool create secpool mirror gpt/mem-disk0-vol0.eli gpt/mem-disk1-vol0.eli
    <now secpool was mounted on /secpool>

    # zpool list
    # zpool status secpool

    # zfs get mounted secpool
    # zfs list secpool

    # zfs set mountpoint=/sec secpool
    # zfs set mountpoint=/secpool secpool
    # zfs umount /secpool
    # rmdir /sec /secpool
    # zfs mount secpool     or     # zfs mount -a

    # df -h secpool

 

step-04: Reboot computer and re-mount the geli-encrypted zpool

==============================================================

 

    # shutdown -r now
    # mdconfig -a -t vnode -f disk0.freebsd_zfs -u 0
    # mdconfig -a -t vnode -f disk1.freebsd_zfs -u 1
    # geli attach /dev/gpt/mem-disk0-vol0
    # geli attach /dev/gpt/mem-disk1-vol0
    # zfs mount secpool

 

step-05: attach/detach new device.

==================================

<attach/detach will destroy the new disk device data>

 

1. Create a new disk with the same partition scheme:

 

    # truncate -s 32g disk2.freebsd_zfs
    # mdconfig -a -t  vnode -f disk2.freebsd_zfs -u 2
    # gpart create -s gpt md2
    # gpart add -t freebsd-zfs -l mem-disk2-vol0 md2
    # geli init -l 256 /dev/gpt/mem-disk2-vol0
    # geli attach /dev/gpt/mem-disk2-vol0
    <new device will be gpt/mem-disk2-vol0.eli>

 

2. attach the new device into the secpool.

 

    # geli list
    # zpool status secpool
    # zpool attach secpool gpt/mem-disk0-vol0.eli gpt/mem-disk2-vol0.eli
    # zpool status secpool

 

3. detach disk0:

The original zpool consists of disk0 and disk1, then disk2 was attached to the zpool following disk0, now detach disk0, the secpool will be correct.

 

    # zpool status secpool
    # zpool detach secpool gpt/mem-disk0-vol0.eli
    # zpool status secpool
        <you can't detach all disks, at least one disk must be kept>

 

4. attach disk0 again:

 

    # zpool status secpool
    # geli status
    # zpool attach secpool gpt/mem-disk2-vol0.eli gpt/mem-disk0-vol0.eli
    # geli status

 

step-06: online/offline

=======================

<online/offline will keep the data>

1. offline:

 

    # zpool offline secpool gpt/mem-disk1-vol0.eli
    # zpool offline secpool gpt/mem-disk2-vol0.eli
    <
    # zpool offline secpool gpt/mem-disk0-vol0.eli
    cannot offline gpt/mem-disk0-vol0.eli: no valid replicas
        <you can't offline all disk, at least one disk is needed>
    >
    # zpool status secpool

 

2. Remove disk1 and disk2 (emulate remove hard USB disk).

 

    # geli status
    # geli detach gpt/mem-disk1-vol0.eli
    # geli detach gpt/mem-disk2-vol0.eli
    # mdconfig -d -u 1
    # mdconfig -d -u 2

 

3. online again:

 

    # zpool status secpool
    # mdconfig -a -t vnode -f disk1.freebsd_zfs -u 1
    # mdconfig -a -t vnode -f disk2.freebsd_zfs -u 2
    # geli attach /dev/gpt/mem-disk1-vol0
    # geli attach /dev/gpt/mem-disk2-vol0
    # geli status
    # zpool online secpool gpt/mem-disk1-vol0.eli
    # zpool online secpool gpt/mem-disk2-vol0.eli
    # zpool status secpool

 

step-07: import/export

======================

1. import

 

A. Insert Disk and attach geli

 

    # mdconfig -a -t vnode -f disk0.freebsd_zfs -u 0
    # mdconfig -a -t vnode -f disk1.freebsd_zfs -u 1
    # mdconfig -a -t vnode -f disk2.freebsd_zfs -u 2
    # ls /dev/gpt/
        mem-disk0-vol0 mem-disk1-vol0 mem-disk2-vol0
    # geli attach /dev/gpt/mem-disk0-vol0
    # geli attach /dev/gpt/mem-disk1-vol0
    # geli attach /dev/gpt/mem-disk2-vol0
    # geli list | grep Name
    # geli status

 

B. import zfs pool.

Use "zpool import" to get your <unimported> pool device list.

 

    # zpool import
   pool: secpool
     id: 11672023077734550621
  state: ONLINE
 action: The pool can be <unimported> imported using its name or numeric identifier.
 config:

        secpool                     ONLINE
          mirror-0                  ONLINE
            gpt/mem-disk2-vol0.eli  ONLINE
            gpt/mem-disk1-vol0.eli  ONLINE
            gpt/mem-disk0-vol0.eli  ONLINE

 

 

    <So, the unimported pool name is secpool, its devices are:
        gpt/mem-disk2-vol0.eli
        gpt/mem-disk1-vol0.eli
        gpt/mem-disk0-vol0.eli
    >

 

Import the pool now:

 

    # zpool import secpool
    # zpool status secpool
    # zfs list secpool
        NAME      USED  AVAIL  REFER  MOUNTPOINT
        secpool   124K  30.8G    23K  /secpool
    

 

You will see your data are not lost.

 

    # ls /secpool/

 

2. export

 

    # zpool export secpool
    # zpool status secpool
        cannot open 'secpool': no such pool
    
    # geli detach gpt/mem-disk0-vol0.eli
    # geli detach gpt/mem-disk1-vol0.eli
    # geli detach gpt/mem-disk2-vol0.eli

    # mdconfig -d -u 0
    # mdconfig -d -u 1
    # mdconfig -d -u 2

 

After export, the pool will not be present any more, you can remove the disk safely and import again.

Next: Additional Questions

 

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Form options

Submitted comments will be subject to moderation before being displayed.