Hi, I have two questions.
First, I have the usual ZFS-on-Root setup with two drives in mirrored mode, which is done for me by the installer.
But I also want to have a secondary mirrored array with two mechanical drives that I mount and unmount as needed. I don't want to roll all of them into the same zpool; I want to have these be free of the OS data and I want to move them between computers on occasion.
I'm worried I might be missing an important detail in their setup, or especially in the unmounting process. So I'm asking for help in reviewing my commands, please.
To create the drives, I am using the following:
Using AES-XTS 256, 4K sectors, with password and 4KiB key for encryption.
Since ZFS has its own data integrity checking, I've left off
To mount the drives, I am using the following script:
The goal here is to avoid having to enter the password multiple times, and to keep the password out of files or the shell history file.
To unmount the drives, I am using the following script:
What worries me here is that I've heard of
Lastly on this front, I'm worried about forgetting to unmount the secondary drives before shutting down. Since I will need to manually mount after booting, is there a good way to ensure the unmount script runs upon shutdown, no matter how the system is terminated? (eg through an Xorg GUI, or through
And for testing, to destroy everything and start over:
Also, as an aside... is it okay to leave off either the key portion or password portion with geli? Was thinking I might make some ZFS-USB sticks, and don't necessarily want to need to keep the key file around on any PC that'll use them.
...
Second question is about hostnames. I've had issues with IPv6 and the system hanging for about a minute on "Starting sendmail", and I read that it's a hostname issue. Supposedly, you don't want a bare hostname (e.g. "name"), but a qualified one (e.g. "name.domain"), and you also want that in your hosts file.
The problem is that I don't have a domain, and now we have gTLDs so pretty much anything could be a valid suffix now.
I don't really want the ".domain" part if possible, but if I have to have it, what's the best value to use for it? I've been using "name.home" for now.
...
Thanks in advance for any assistance
First, I have the usual ZFS-on-Root setup with two drives in mirrored mode, which is done for me by the installer.
But I also want to have a secondary mirrored array with two mechanical drives that I mount and unmount as needed. I don't want to roll all of them into the same zpool; I want to have these be free of the OS data and I want to move them between computers on occasion.
I'm worried I might be missing an important detail in their setup, or especially in the unmounting process. So I'm asking for help in reviewing my commands, please.
To create the drives, I am using the following:
Code:
dd if=/dev/random of=/root/crypto.key bs=4096 count=1
gpart create -s gpt ada2
gpart create -s gpt ada3
gpart add -t freebsd-zfs ada2
gpart add -t freebsd-zfs ada3
geli init -e AES-XTS -l 256 -s 4096 -K /root/crypto.key /dev/ada2p1
geli init -e AES-XTS -l 256 -s 4096 -K /root/crypto.key /dev/ada3p1
zpool create -m none zdata mirror /dev/ada2p1.eli /dev/ad3p1.eli
zfs create zdata/nas
zfs set mountpoint=/nas zdata/nasUsing AES-XTS 256, 4K sectors, with password and 4KiB key for encryption.
Since ZFS has its own data integrity checking, I've left off
-a HMAC/SHA256 on geli init. I also don't bother with -B because I don't really see the point.To mount the drives, I am using the following script:
Code:
#!/bin/sh
printf "Password: "
read password
echo "$password" | geli attach -k /root/crypto.key -j - /dev/ada2p1
echo "$password" | geli attach -k /root/crypto.key -j - /dev/ada3p1
zpool import zdataThe goal here is to avoid having to enter the password multiple times, and to keep the password out of files or the shell history file.
To unmount the drives, I am using the following script:
Code:
#!/bin/sh
zpool export zdata
geli detach /dev/ada2p1
geli detach /dev/ada3p1What worries me here is that I've heard of
zfs unmount and also zpool offline, and I'm not sure which command would be best.Lastly on this front, I'm worried about forgetting to unmount the secondary drives before shutting down. Since I will need to manually mount after booting, is there a good way to ensure the unmount script runs upon shutdown, no matter how the system is terminated? (eg through an Xorg GUI, or through
reboot or shutdown -p now)And for testing, to destroy everything and start over:
Code:
zfs destroy zdata/nas
zpool destroy zdata
gpart destroy -F ada2
gpart destroy -F ada3Also, as an aside... is it okay to leave off either the key portion or password portion with geli? Was thinking I might make some ZFS-USB sticks, and don't necessarily want to need to keep the key file around on any PC that'll use them.
...
Second question is about hostnames. I've had issues with IPv6 and the system hanging for about a minute on "Starting sendmail", and I read that it's a hostname issue. Supposedly, you don't want a bare hostname (e.g. "name"), but a qualified one (e.g. "name.domain"), and you also want that in your hosts file.
The problem is that I don't have a domain, and now we have gTLDs so pretty much anything could be a valid suffix now.
I don't really want the ".domain" part if possible, but if I have to have it, what's the best value to use for it? I've been using "name.home" for now.
...
Thanks in advance for any assistance