Skip to content

Additional Questions of "Using FreeBSD ZFS GPT Geli to Backup and Encrypt Your Critical Data"

Additional Questions of "Using FreeBSD ZFS GPT Geli to Backup and Encrypt Your Critical Data"

Read First: Using FreeBSD ZFS GPT Geli to Backup and Encrypt Your Critical Data

1. storage of mirror pool.

==========================

Your data will be distributed on each disk of the mirrored pool, you only need any one of them to get back your data. You should better make all your disk online and synchronize your data to all of them for your data safe. However if one or parts of your disk data get lost, don't worry, as other disks keep all of your data.

2. different mirrored disk size.

================================

You can create zpool with disks of different size, then you need to add -f option to the "zpool create" command:

 

    # zpool create -f tpool mirror device1 device2 ...

 

then the pool size will be the minimum disk size.

3. enlarge the pool size.

=========================

A. Hard USB Disk: Enlarge the pool size if remove the small USB disk.

[Use virtual disk to emulate such an operation.]

I. First, use the following script to create three virtual disk and the pool.

script: script.mksh

 

#!/usr/local/bin/mksh

indices="16 32 64"

for i in $indices; do
        disk="disk$i.freebsd_zfs"
        truncate -s ${i}g $disk
        mdconfig -a -t vnode -f $disk -u $i
        gpart create -s gpt md$i
        label="mem-disk$i-vol0"
        gpart add -t freebsd-zfs -l $label md$i
        geli init -l 256 /dev/gpt/$label
        geli attach gpt/$label
done

devices=""
for i in $indices; do
        devices="$devices gpt/mem-disk$i-vol0.eli"
done

zpool create -f tpool mirror $devices

 

Run the script to create:

 

    # chmod +x script.mksh
    # ./script.mksh
    [
    Your will get a prompt to set every (virtual) disk passphrase, be careful 
    when type the passphrase each time. And be patient when it is in encrypting.
    ]

 

 

    # zpool list
NAME    SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
tpool  15.9G    86K  15.9G         -     0%     0%  1.00x  ONLINE  -
    # zfs list tpool
        NAME    USED  AVAIL  REFER  MOUNTPOINT
        tpool    74K  15.4G    23K  /tpool
    # df -h tpool
        Filesystem    Size    Used   Avail Capacity  Mounted on
        tpool          15G     24K     15G     0%    /tpool
    [
    Your three disks size are: 16G, 32G, 64G, then you see that
    your pool tpool size is 16G
    ]

 

II. Now write something into your pool.

 

    # for i in 1 2 3 4 5 6; do touch /tpool/my-footprint-$i.text; done
    # ls /tpool/
        my-footprint-1.text my-footprint-3.text my-footprint-5.text
        my-footprint-2.text my-footprint-4.text my-footprint-6.text

 

III. Remove the smallest disk: disk0, and enlarge the pool size.

You can do this by detach disk0, offline disk1 and then online disk1 with option -e.

( disk0_size < disk1_size < disk2_size)

 

    # zpool detach tpool gpt/mem-disk16-vol0.eli
    # zpool offline tpool gpt/mem-disk32-vol0.eli
    # zpool online -e tpool gpt/mem-disk32-vol0.eli
    # zpool status tpool
    # zfs list tpool
        NAME    USED  AVAIL  REFER  MOUNTPOINT
        tpool  88.5K  30.9G    24K  /tpool
    # df -h tpool
        Filesystem    Size    Used   Avail Capacity  Mounted on
        tpool          31G     24K     31G     0%    /tpool
    [You see that your pool size has been changed from 16G to 32G.]

 

IV. Check if you loss your data.

 

    # ls /tpool
        my-footprint-1.text my-footprint-3.text my-footprint-5.text
        my-footprint-2.text my-footprint-4.text my-footprint-6.text
    [You see that your data is not lost]

 

 

    # zpool export tpool
    # ls /tpool
        ls: /tpool: No such file or directory
    # zpool import
        [Use this command to get the exported (unimported) pool name.]
    # zpool import tpool
    # ls /tpool/
        my-footprint-1.text my-footprint-3.text my-footprint-5.text
        my-footprint-2.text my-footprint-4.text my-footprint-6.text
    [You see that your data is not lost]

 

B. Virtual Disk: Enlarge the disk size and then enlarge the pool size.

You can use growfs or gpart command to resize your partition size. Or remove one virtual disk from the pool and add another disk.

4. Change Geli Passphrase

=========================

It is very easy to change the FreeBSD zpool geli passphrase:

 

  • zpool offline
  • geli detach
  • geli setkey
  • geli attach
  • zpool online

 

A. offline, detach:

 

    # zpool status tpool | grep gpt
        gpt/mem-disk16-vol0.eli  ONLINE       0     0     0
        gpt/mem-disk32-vol0.eli  ONLINE       0     0     0
        gpt/mem-disk64-vol0.eli  ONLINE       0     0     0
    # geli status | grep gpt
        gpt/mem-disk16-vol0.eli  ACTIVE  gpt/mem-disk16-vol0
        gpt/mem-disk32-vol0.eli  ACTIVE  gpt/mem-disk32-vol0
        gpt/mem-disk64-vol0.eli  ACTIVE  gpt/mem-disk64-vol0

 

 

    # zpool offline tpool gpt/mem-disk64-vol0.eli
    # geli detach gpt/mem-disk64-vol0.eli

 

 

    # zpool status tpool | grep gpt
        gpt/mem-disk16-vol0.eli  ONLINE       0     0     0
        gpt/mem-disk32-vol0.eli  ONLINE       0     0     0
        3987681616937811669      OFFLINE      0     0     0  was /dev/gpt/mem-disk64-vol0.eli
    # geli status | grep gpt
        gpt/mem-disk16-vol0.eli  ACTIVE  gpt/mem-disk16-vol0
        gpt/mem-disk32-vol0.eli  ACTIVE  gpt/mem-disk32-vol0

 

B. setkey

 

    # ls /dev/gpt
        mem-disk16-vol0     mem-disk32-vol0     mem-disk64-vol0
        mem-disk16-vol0.eli mem-disk32-vol0.eli
    # geli setkey gpt/mem-disk64-vol0
        Enter passphrase:               -------- Enter old password.
        Enter new passphrase:           -------- Enter new password.
        Reenter new passphrase:         -------- Enter new password again.
        Note, that the master key encrypted with old keys and/or passphrase may still exists in a metadata backup file.

 

C. attach, online

 

    # geli attach gpt/mem-disk64-vol0
        Enter passphrase:      ---- Enter old password you will get an error.
        geli: Wrong key for gpt/mem-disk64-vol0.
    # geli attach gpt/mem-disk64-vol0
        Enter passphrase:      ---- Enter the new password: OK.
    # geli status
    # zpool online tpool gpt/mem-disk64-vol0.eli
    # zpool status tpool

 

5. Geli Encrypt Algorithm

=========================

add "-e ealgo" option to "geli init".

Currently supported encryption algorithms are:
AES-XTS, AES-CBC, Blowfish-CBC, Camellia-CBC, 3DES-CBC, NULL.

The default and recommanded algorithm is AES-XTS.

NULL is unencrypted.

 

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Form options

Submitted comments will be subject to moderation before being displayed.