Re: gmirror THEN geli, correct?
Wojciech Puchar wrote: > > Modulok wrote: > > > I'm looking for a confirmation on the order: When setting up a (root > > > partiton) gmirror+geli, what is the propper order? e.g: gmirror the > > > disks and THEN initialize geli on the /dev/mirror partitions? Is this > > yes it is right order. No, there is no "right" or "wrong" order. It depends on what features of gmirror and geli you want to exploit. See my more detailed explanation in this thread. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Unix gives you just enough rope to hang yourself -- and then a couple of more feet, just to be sure." -- Eric Allman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: gmirror THEN geli, correct?
Modulok wrote: > I'm looking for a confirmation on the order: When setting up a (root > partiton) gmirror+geli, what is the propper order? e.g: gmirror the > disks and THEN initialize geli on the /dev/mirror partitions? Is this yes it is right order. with geli then gmirror - you will end with double CPU load on writes (as data would be encrypted twice) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: gmirror THEN geli, correct?
Modulok wrote: > I'm looking for a confirmation on the order: When setting up a (root > partiton) gmirror+geli, what is the propper order? e.g: gmirror the > disks and THEN initialize geli on the /dev/mirror partitions? Is this > correct? You can also do it the other way round. Both ways are possible and have different advantages and disadvantages. I think most people install gmirror first and put geli on top of it. The advantage of this is that it's more efficient, because data passes through geli only once for encryption when writing to the mirror. If you install geli first on both disks and then put gmirror on top of both geli instances, all data has to be encrypted twice when writing to the disk (for reading it doesn't make a difference), so it is less efficient. However, this setup has the advantage that gmirror will correctly detach one drive when its geli instance detects data corruption (if integrity verification is enabled). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "If you aim the gun at your foot and pull the trigger, it's UNIX's job to ensure reliable delivery of the bullet to where you aimed the gun (in this case, Mr. Foot)." -- Terry Lambert, FreeBSD-hackers mailing list. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: gmirror THEN geli, correct?
On Sun, Apr 05, 2009 at 12:58:46PM -0600, Modulok wrote: > List, > > I'm looking for a confirmation on the order: When setting up a (root > partiton) gmirror+geli, what is the propper order? e.g: gmirror the > disks and THEN initialize geli on the /dev/mirror partitions? Is this > correct? That works. I tried it. But it felt slow. So I dropped the mirroring, and used rsync running from a cron job at night to keep the primary and secondary disks (with encrypted partitions) in sync. This has a downside that my backup can be up to 24 hours out of date, but as a plus it provides me with an up to 24 hour window to recover accidentally deleted files. from the second disk. :-) It's a good tradeoff, IMO. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpwx1Yz5Vosr.pgp Description: PGP signature