Hi all,
Running FreeBSD 12.3.
Got a question on the recommended way to setup a GELI-Encrypted ZFS pool.
Basic info about requirements:
Boot system.
System boots fine.
SSH in to attach/decrypt drives.
Restart zfs service
Pool available.
Also the vdev's in pool were tied to "glabels" which were just part of the serial number of the disk.
I quite liked this process as it enabled me to boot the system but still keep the storage secure.
Now while this process might seem vague, at the time I remember having to align the sectors on the disk etc and did quite a bit of performance tuning, i remember the glabel label went in a certain area of the drive and geli occupied either all of it, or most of it minus a sector .... or maybe it was full disk and labelled inside the .eli? No recollection.
My original pool was originally i want to say v7 or 8? then v15, then v23?? eventually I upgraded it to feature flags version 5000.
I copied all my data off elsewhere and dont have the original machine to reference.
I have got a fresh(ish) system and just need to build a platform that can be updated for the next 5-10 years.
So there is no existing pool, nothing that can't be done from scratch.
So just looking for the modern way to set this up.
I've searched all over and there are so many conflicting views, but all from a myriad of different years - so I guess i'm polling views here for the recommended method now.
Running FreeBSD 12.3.
Got a question on the recommended way to setup a GELI-Encrypted ZFS pool.
Basic info about requirements:
- These disks are just for a ZFS Storage Pool - they are not and will never need to be bootable.
- They will also never need to be compatible with another system - they will remain on FreeBSD (or a derivative).
- If the motherboard dies I need to be able to lift the disks to a new FreeBSD system and have them work.
- I don't particularly want to use the new dataset encryption on ZFS in 13.0 - although I understand some people will.
Boot system.
System boots fine.
SSH in to attach/decrypt drives.
Restart zfs service
Pool available.
Also the vdev's in pool were tied to "glabels" which were just part of the serial number of the disk.
I quite liked this process as it enabled me to boot the system but still keep the storage secure.
Now while this process might seem vague, at the time I remember having to align the sectors on the disk etc and did quite a bit of performance tuning, i remember the glabel label went in a certain area of the drive and geli occupied either all of it, or most of it minus a sector .... or maybe it was full disk and labelled inside the .eli? No recollection.
My original pool was originally i want to say v7 or 8? then v15, then v23?? eventually I upgraded it to feature flags version 5000.
I copied all my data off elsewhere and dont have the original machine to reference.
I have got a fresh(ish) system and just need to build a platform that can be updated for the next 5-10 years.
So there is no existing pool, nothing that can't be done from scratch.
So just looking for the modern way to set this up.
I've searched all over and there are so many conflicting views, but all from a myriad of different years - so I guess i'm polling views here for the recommended method now.