Hi all,
I'm currently managing a dedicated server with two 3TB hard disks but ZFS seems like a stranger to me. I want something like RAID-1 for data redundancy. In the storage management part, by default, the auto ZFS-on-root wizard utilizes the two whole disks (not partitions) and set up a huge zroot pool. If encryption is enabled, I will have to enter password on every boot.
However, since the server is remote, if the whole root pool is encrypted, it is not efficient to type in the password every time (KVM-over-IP required). So I want to separate an encrypted dataset in zroot but it seems that encryption is only available on the block-device-level.
An ideal storage configuration for me would be:
- Mirrored redundancy.
- Unencrypted root, encrypted home and encrypted data.
I come up with two options:
1. Keep a single zroot pool, create zfs volumes within the pool and expose them as block devices. Then set up encryption using geli on them. Mount them by request.
2. Use separate pools, unencrypted zroot and encrypted zdata. Migrate /usr/home to zdata. In this option, I have to divide both disks to partitions identically. In each zpool, the components are now partitions not devices.
Which one is a better practice? Or are there any better solutions? I only have experiences with Linux LUKS and ZFS is more powerful than normal file systems like ext4, so this really confuses me.
Looking forward to your advices. Thanks in advance!
I'm currently managing a dedicated server with two 3TB hard disks but ZFS seems like a stranger to me. I want something like RAID-1 for data redundancy. In the storage management part, by default, the auto ZFS-on-root wizard utilizes the two whole disks (not partitions) and set up a huge zroot pool. If encryption is enabled, I will have to enter password on every boot.
However, since the server is remote, if the whole root pool is encrypted, it is not efficient to type in the password every time (KVM-over-IP required). So I want to separate an encrypted dataset in zroot but it seems that encryption is only available on the block-device-level.
An ideal storage configuration for me would be:
- Mirrored redundancy.
- Unencrypted root, encrypted home and encrypted data.
I come up with two options:
1. Keep a single zroot pool, create zfs volumes within the pool and expose them as block devices. Then set up encryption using geli on them. Mount them by request.
2. Use separate pools, unencrypted zroot and encrypted zdata. Migrate /usr/home to zdata. In this option, I have to divide both disks to partitions identically. In each zpool, the components are now partitions not devices.
Which one is a better practice? Or are there any better solutions? I only have experiences with Linux LUKS and ZFS is more powerful than normal file systems like ext4, so this really confuses me.
Looking forward to your advices. Thanks in advance!