Solved ZFS, GELI, and SSD: TRIM Support?

ANOKNUSA

ANOKNUSA

Howdy-ha, all. First off, let me just admit to my own ignorance and say that the title may not have strict bearing on my situation, as my present goal---two GELI-encrypted SSD partitions---may or may not be necessary, nevermind possible. I'm setting up my home server with a totally new storage scheme involving two HDDs, an SSD, and ZFS, and was wondering how well ZFS and GELI play together (the "server" is a laptop, hence the encryption). I understand that ZFS automatically handles TRIM-capable devices, but I haven't been able to find out if GELI might interfere with it in some way (as it apparently does interfere with UFS + Gjournal). Here's the present game plan:

  1. Two HDDs with a striped zpool:
    1. One 2Tb HDD with one ZFS partition, encrypted
    2. One 750 Gb HDD with one ZFS partition, encrypted
  2. One 40Gb MSATA SSD with the following partition scheme:
    1. One 2Gb partition for the base system, encrypted
    2. One ~20Gb partition for the ZFS L2ARC cache, encrypted
    3. One ~20Gb partition for the ZFS ZIL, encrypted
  3. One USB thumb drive containing /boot and the GELI keys
At the moment, only the HDDs have been set up in the ZFS pool, while the SSD still contains / and /usr partitions formatted to UFS with TRIM enabled.

It seems to me that the L2ARC cache partition and ZIL partition could hold potentially sensitive data, and so should be encrypted. If encryption with GELI isn't a possibility than I may have to rethink things. The laptop does feature per-disk passwords in the BIOS menu, so if the data on those two SSD partitions is worthless outside a running system then that password should itself be suitable protection, but I can't see that being the case. Finally, I should probably point out that full system encryption isn't exactly vital---I'm mostly interested in the learning process and giving any potential burglars the finger. Thanks in advance.
 
I have used laptops as servers before and still do for various applications. They are a lot of fun.

My guess is that you are using a Thinkpad with a 9.5mm drive in an expansion bay (the 2tb drive) and a 7mm drive in the regular HDD bay 9 (the 750gb). The msata disk is located in a slot underneath the laptop?

Concerning the encrypted L2ARC and ZIL partitions, this might be helpful - https://forums.freebsd.org/threads/playing-with-zil-l2arc.32313/

Not to divert from your original question but some items might be worth considering too when using a laptop in this configuration.

If you are using standard laptop drives, their reliability will suffer if they are on all the time. You might consider (if you haven't already) going with drives designed to be on all the time such as the WD RED drives for NAS applications.

Excess heat might be an issue. If that laptop fan fails while this thing is in a room somewhere, your server won't last very long and its internal components might be damaged as well. Blow out the dust regularly.

RAM, if data integrity is important for you ECC RAM is kind of reccommended. Most laptops do not support ECC RAM. I'd be hesitant to keep mission critical data on this unless you have a full file system backup somewhere else.
 
Thanks for the links, gofer_touch; I glanced through them and it looks like this is workable, I'll just have to do some more reading tomorrow when I've got more time. As for the other things: yes, it's a Thinkpad, though the 2Tb drive is in the main bay, the 750Gb in the secondary bay. I already keep up with regular cleaning and maintenance (regular dusting, replacing thermal paste every few months, etc.) and keep the machine elevated a couple inches off the surface it's on. I know the drives aren't terribly reliable under long-term use and my disk configuration has no redundancy, but the data is backed up daily to a two-disk RAID-1 box with WD Red drives in it, so that's covered. I have several spare drives, though by the time one of them fails I should be able to replace it with a proper NAS drive.
 
Alright, so after some further reading of the Handbook and the ZFS Best Practices and the links gofer_touch gave me it seems the built-in ZFS TRIM support and GELI work together just fine, so I've set up the SSD. This bit from the FreeBSD Handbook resulted in a change of plans:

FreeBSD Handbook said:
Only synchronous workloads like databases will benefit from a ZIL. Regular asynchronous writes such as copying files will not use the ZIL at all.
Click to expand...

Since my system sees exponentially more data being read than written, I've figured it was unlikely a ZIL would add anything. I've instead installed the OS to a 2gb partition and left the remaining space to the encrypted L2ARC cache. All that really remains is configuring the hard disks to spin down after a long idle period until I can get some proper NAS drives (I'm aware that there's a fine balance between keeping a disk running for long periods of time and spinning it up to frequently, as both will wear the disk considerably). That's probably a subject for another thread, so I'll mark this as "solved." Thanks again, gofer_touch.
 
Bingo. Great, do let us all know how this works out for you after some time. Its always nice to have insight into how others are using their systems.
 
You must log in or register to reply here.
Back
Top