Ex-/Import encrypted (geli) and labeled (glabel) ZFS-Pool

[YtterbiumYAG]

Hi,

My current setup is as follows:
6 SATA ports with 5 HDDs. On 1 HDD FreeBSD 10 is installed and with 4 HDDs I created a ZFS RAIDZ1.
The 4 HDD devices were first labeled with glabel() and then encrypted with geli(). On top of that I created the ZFS RAIDZ1 pool. The OS HDD is not encrypted.

Everything is fine, but now I would like to change the configuration. I would like to free the SATA-Port with the FreeBSD 10 OS to create a second ZFS Pool with 2 more HDDs.

1. Is it possible to install and run FreeBSD on an USB Stick? How can I do that?
2. What steps do I have to do first, that I am able to reimport my 4 HDD encrypted drive again later, when I setup a fresh FreeBSD 10 install?
I guess I somehow have to backup/recreate the the labeled drives in /dev/label but I don´t know how to do that. Can somebody help me with that?

Thank you
YAG

 

[wblock@]

Re: Ex-/Import encrypted (geli) and labeled (glabel) ZFS-Poo

1. Yes. The USB stick is just seen as another drive. Some people have trouble with USB drives, though some do not.
2. It would depend on what you did. Labels are on the drives and do not need to be recreated. However, glabel() should not be needed with ZFS or geli(), and it depends on what you created. Normally, you should not have to do anything other than export the pool on one system and import it on the other.

 

[YtterbiumYAG]

Re: Ex-/Import encrypted (geli) and labeled (glabel) ZFS-Poo

That´s how I created the pool:

# glabel label disc1 /dev/ada1
# glabel label disc2 /dev/ada2
# glabel label disc3 /dev/ada3
# glabel label disc4 /dev/ada4

# geli init -b -l 256 -s 4096 /dev/label/disc1
# geli init -b -l 256 -s 4096 /dev/label/disc2
# geli init -b -l 256 -s 4096 /dev/label/disc3
# geli init -b -l 256 -s 4096 /dev/label/disc4

# zpool create tank raidz /dev/label/disc1 /dev/label/disc2 /dev/label/disc3 /dev/label/disc4

For mounting the pool I manually attach the HDDs on startup in the commandline or use this script.
geli() is on top of the labeled drives and I used the labeled names to create the zfs-pool, so I guess since geli() was set up on top of the label maybe the label itself is encrypted too and I cannot reimport the drives later without those labels stored in /dev/label, or does it really doesn´t matter?

Sorry, but I´m a little bit unsure what to do know, because I don´t want to accidently destroy my pool as there is much data on it.

greets
YAG

 

[wblock@]

Re: Ex-/Import encrypted (geli) and labeled (glabel) ZFS-Poo

Before doing anything, back up that data. ZFS is no guarantee, and geli() makes it easier to lose data. Not having a backup just says that all that data is just not worth backing up.

There is no point to using glabel() on a whole drive, but it will not hurt. The labels are on the bare drive, not encrypted. If you connect those drives to another FreeBSD system, the labels will be seen.