Geli and ZFS

Y

yudi

There are few different ways to set-up geli with ZFS. I just want to get some opinions (benefits and disadvantages) about the below two options.

First option: (most commonly encountered set-up)
Have geli on the block device and ZFS on top of the geli provider.

Second option:
Create a ZFS Volume on a block device, then create geli provider on top of the ZFS volume, and finally, ZFS datasets on top.

Generally, it's recommended to let ZFS manage the whole disk if possible, so I was wondering if the second option is better. I will be using couple of 3TB HDDs mirrored for data and want to encrypt them. I am hoping someone with an in-depth understanding of ZFS will be able to offer some insight.

Thank You
Yudi
 
Erratus said:
Is this true also when using sysutils/beadm?
Click to expand...


sysutils/beadm does not add anything to the pool. It is just an external utility for creating and cloning the boot enviroments by using the standard ZFS commands and for changing the bootfs property of the pool to point to the default enviroment. It is not in any way aware of how the pool is put together from the lower level GEOM providers.
 
Erratus said:
The HOWTO of @vermaden does not recommand to install sysutils/beadm on top of geli.
http://forums.freebsd.org/showpost.php?p=175326&postcount=2
Therefore I ask if sysutils/beadm can be used on top of geli. I’m still not sure if that can be done.
Click to expand...

Well, I don't know why he don't recommend it, but probably because it's not possible to boot directly from zfs_on_geli setup. To boot you need ex. usb stick[1] with bootloader+kernel and had to put in loader.conf.
Code: 
vfs.mountfrom=zfs:tank/blabla
Im not familiar with sysutils/beadm but this setup will just force you to edit loader.conf by hand to change boot-environments.

1. You can use boot partition too, but who wants to split drive just for that ?
 
Last edited by a moderator:
Yes that will prevent sysutils/beadm working properly with a GELI setup that has a separate UFS boot partition because it assumes that the active boot environment can be set by just setting the bootfs property for the pool.
 
Currently, @vermaden's beadm utility only handles one zpool (all system files have to be on just one pool). Even his laptop setup does not encrypt the whole disk and all the system files are on an unencrypted pool. If you read through that thread you will find modified version of beadm that can handle splitting up of system files between different pools.

Any question about beadm, you are better off asking in @vermaden's thread.

Going back to my original question, looks like the first option is widely used (even FreeNAS uses that option).
 
Last edited by a moderator:
yudi said:
Second option:
Create a ZFS Volume on a block device, then create geli provider on top of the ZFS volume, and finally, ZFS datasets on top.
Click to expand...

I do not think this will work: currently creating a zpool on a ZVOL does not seem to be supported. Apparently it works fine in Solaris but currently doesn't work in FreeBSD. Having geli as an intermediate layer between the ZVOL and the zpool might let it work, but I'm doubtful.
 
bthomson said:
I do not think this will work: currently creating a zpool on a ZVOL does not seem to be supported. Apparently it works fine in Solaris but currently doesn't work in FreeBSD. Having geli as an intermediate layer between the ZVOL and the zpool might let it work, but I'm doubtful.
Click to expand...

That's very useful info, saved me a lot of time.
 
You must log in or register to reply here.
Back
Top