Hi,
I'm discovering ZFS at the moment and was missing encryption, so combining it with geli sounded pretty flexible, however I ran into a subtle problem. My hard drive has one slice that I encrypted with geli, and the resulting .eli device is then set[]up as a ZFS storage pool. To be precise:
I decided to have /var, /usr and /tmp under /encrypted and symlink to those folders. This by itself works great and booting asks me correctly for the passphrase, mounts the ZFS, etc.. However, when I then reboot, it drops me into single user mode with a bunch of GELI errors that it can't authenticate some data correctly. Running
Looking into this a bit more and wrapping my head around the ZIL, it kinda of sounded like as if the reboot (shutdown+cold start) happens without waiting for the last few transactions to be written. According to the ZFS docs the sync happens apparently every 5 seconds (?), so I was wondering if geli detaches without waiting for ZFS to flush it' pending writes? Unfortunately, I wasn't able to find a lot of info about this, however, setting
, thus sacrificing performance, fixed it for good (as I assumed it will):
Anybody any idea what's causing this? I don't want to keep the sync set to "always". I consider setting it to "always" before shutdown and standard on startup, as a workaround, however, I'm not sure what the problem is at first hand.
I'm on 9.1 with ZFS 5 and zpool 28.
Thanks!
I'm discovering ZFS at the moment and was missing encryption, so combining it with geli sounded pretty flexible, however I ran into a subtle problem. My hard drive has one slice that I encrypted with geli, and the resulting .eli device is then set[]up as a ZFS storage pool. To be precise:
Code:
geli init -b -B /mnt/ada0s3d.eli -e Blowfish-CBC -s 4096 -a HMAC/SHA256 /dev/ada0s3d
zpool create -m /encrypted tank /dev/ada0s3d.eliI decided to have /var, /usr and /tmp under /encrypted and symlink to those folders. This by itself works great and booting asks me correctly for the passphrase, mounts the ZFS, etc.. However, when I then reboot, it drops me into single user mode with a bunch of GELI errors that it can't authenticate some data correctly. Running
zpool status -v tank shows a FAULTED state and:
Code:
status: An intent log record could not be read. zpool clear takes care of it and I can restart and everything is fine. However, the same happens on the next reboot.Looking into this a bit more and wrapping my head around the ZIL, it kind
Code:
sync=always
Code:
zfs set sync=always tankAnybody any idea what's causing this? I don't want to keep the sync set to "always". I consider setting it to "always" before shutdown and standard on startup, as a workaround, however, I'm not sure what the problem is at first hand.
I'm on 9.1 with ZFS 5 and zpool 28.
Thanks!
