native encryption of zfs

quanquan

Member


Messages: 21

I run make in "/usr/ports/sysutils/zol-kmod", then get ERROR :
" needs FreeBSD 12/13 with AES-CCM support. "
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,932
Messages: 33,330

You need a recent 12-STABLE or 13-CURRENT. It will not work on 12.0-RELEASE as it is missing required kernel features.
 
OP
Q

quanquan

Member


Messages: 21

You need a recent 12-STABLE or 13-CURRENT. It will not work on 12.0-RELEASE as it is missing required kernel features.
# freebsd-update -r 13.0-CURRENT upgrade
Looking up update.tw.freebsd.org mirrors... none found.
😄
 
OP
Q

quanquan

Member


Messages: 21

You need a recent 12-STABLE or 13-CURRENT. It will not work on 12.0-RELEASE as it is missing required kernel features.
root@daemon:~ # freebsd-update -r 13.0-CURRENT upgrade
Looking up update.tw.freebsd.org mirrors... none found.
Fetching metadata signature for 12.0-RELEASE from update.tw.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic kernel/generic-dbg src/src world/base world/base-dbg
world/doc world/lib32 world/lib32-dbg

The following components of FreeBSD do not seem to be installed:

Does this look reasonable (y/n)? n


haha, i will have a try with a vmware guest, not on my laptop
 
H

hukadan

Guest


If you have to chose between -CURRENT and -STABLE, chose -STABLE. With -STABLE, you can still use the official repository and it is a supported version on this forum.
 
OP
Q

quanquan

Member


Messages: 21

If you have to chose between -CURRENT and -STABLE, chose -STABLE. With -STABLE, you can still use the official repository and it is a supported version on this forum.
freebsd-update do not support "stable" and "current", i have to download the ISO image? right?
 

aht0

Active Member

Reaction score: 58
Messages: 177

You can download STABLE sources, rebuild world/kernel on your current system. Documentation describes the process in full.
Or download most recent STABLE image and hope it's recent enough to contain the functionality you seek.
 
OP
Q

quanquan

Member


Messages: 21

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,932
Messages: 33,330

Code:
root@molly:/usr/ports # grep zol-kmod MOVED
sysutils/zol-kmod|sysutils/openzfs-kmod|2019-06-11|Renamed to match upstream changes
It's the same port as sysutils/zol-kmod, it's been renamed to sysutils/openzfs-kmod.
 

rootbert

Active Member

Reaction score: 72
Messages: 233

I can highly recommend using a setup with encrypted geli + FreeBSDs native ZFS ... the performance is by far better than encrypted-openzfs. I mean, really by far!
 

rootbert

Active Member

Reaction score: 72
Messages: 233

I am currently doing loads of benchmarks, the tests are by far not finished and I will publish the results as soon as I have managed to go through all the data and prepare a nice article. However, to grab a random result from my completed tests: FreeBSD geli (blocksize 4096, aes-xts with keysize 128) + native ZFS with ashift=12: READ: 72.2MiB/s, WRITE: 18.1MiB/s from a random-read-write test with 80% read requests, on a 4core AMD machine with 8GB RAM + SSD. Same machine, same test, but with openzfs-kmod, encrypted with aes-128-ccm, ashift=12, gets only 6324KiB/s READ and 1585KiB/s WRITE.
 

inf3rno

Member

Reaction score: 2
Messages: 51

I am currently doing loads of benchmarks, the tests are by far not finished and I will publish the results as soon as I have managed to go through all the data and prepare a nice article. However, to grab a random result from my completed tests: FreeBSD geli (blocksize 4096, aes-xts with keysize 128) + native ZFS with ashift=12: READ: 72.2MiB/s, WRITE: 18.1MiB/s from a random-read-write test with 80% read requests, on a 4core AMD machine with 8GB RAM + SSD. Same machine, same test, but with openzfs-kmod, encrypted with aes-128-ccm, ashift=12, gets only 6324KiB/s READ and 1585KiB/s WRITE.
Are you sure that it is only the encryption that slows it down? I'll give it a try too, but I am working on something else now. It has to wait a few days.
 

rootbert

Active Member

Reaction score: 72
Messages: 233

I don't think it is the crypto stuff only ... I think openzfs-kmod has some performance issues - it is much slower than the one shipped with the base system.
 

inf3rno

Member

Reaction score: 2
Messages: 51

I don't think it is the crypto stuff only ... I think openzfs-kmod has some performance issues - it is much slower than the one shipped with the base system.
Maybe it would be better to send a bug report too when you are done.
 
Top