So, when I do:
# zfs create -o encryption=on -o checksum=off -o keyformat=passphrase -V 4G
I get this panic:
debugging crash dump ./vmcore.9 (64-bit) from 00-0c-29-5d-4c-f7
operating system: 5.11 joyent_20170807T220431Z (i86pc)
image uuid: (not set)
panic message: assertion failed: spa_do_crypt_abd(B_TRUE, spa,
zio->io_bookmark.zb_objset, bp, zio->io_txg, psize, zio->io_abd, eabd, iv, mac,
salt, &no_crypt) == 0 (0x5 == 0x0), file: ../../common/fs/zfs/zio.c, line: 3558
dump content: kernel pages only
Happy to provide the dump for further debugging, or look more into it if you
want. I'm guessing that this is probably not going to work, and should be
blocked off as a combination of properties (i.e. refuse to set encryption=on
with checksum=off). I guess this also means that having a dump zvol be inside
an encrypted pool is not going to work.
So.. anyone have any ideas about what do about dump zvols on an encrypted pool?
I'm trying to think through how we can use this at Joyent, where we only have
one pool on the system and our dump and swap need to go on it -- since we can't
make encrypted clones of an unencrypted dataset, and can't have some things
unencrypted under an encrypted sub-tree, it would make the most sense I think
to add encryption at the top of the pool (so all our existing code bits that do
clones of datasets underneath that continue to work). But then we have the
problem of what to do about the dump zvol. Would it be possible to allow
unencrypted children of an encrypted dataset at some point in the future? I
must admit I haven't understood the design well enough yet to tell that for
I've also noticed some odd rendering issues looking at the new man pages. Might
be a mis-merge on my part, I'll follow up on them later.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Powered by Topicbox: https://topicbox.com