Server/inber: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Eri! (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „= inber = Das fürs Serverhousing bei [https://in-berlin.de/ In-Berlin] geplante Gerät. == cache encryption == Nach dem was über den Installer eingestellt…“) |
Eri! (Diskussion | Beiträge) K (peinlich /o\) |
||
Zeile 14: | Zeile 14: | ||
* profit! | * profit! | ||
< | <pre> | ||
# zpool status | # zpool status | ||
pool: bootpool | pool: bootpool | ||
Zeile 52: | Zeile 52: | ||
errors: No known data errors | errors: No known data errors | ||
</ | </pre> | ||
< | <pre> | ||
# zpool remove zroot gpt/cache0 | # zpool remove zroot gpt/cache0 | ||
# zpool remove zroot gpt/cache1 | # zpool remove zroot gpt/cache1 | ||
</ | </pre> | ||
< | <pre> | ||
# geli init -b -s 4096 /dev/da4p2 | # geli init -b -s 4096 /dev/da4p2 | ||
Enter new passphrase: | Enter new passphrase: | ||
Zeile 73: | Zeile 73: | ||
# geli init -b -s 4096 /dev/da5p2 | # geli init -b -s 4096 /dev/da5p2 | ||
[...] | [...] | ||
</ | </pre> | ||
< | <pre> | ||
# geli attach /dev/da4p2 | # geli attach /dev/da4p2 | ||
Enter passphrase: | Enter passphrase: | ||
# geli attach /dev/da5p2 | # geli attach /dev/da5p2 | ||
Enter passphrase: | Enter passphrase: | ||
</ | </pre> | ||
< | <pre> | ||
zpool status zroot | zpool status zroot | ||
pool: zroot | pool: zroot | ||
Zeile 102: | Zeile 102: | ||
errors: No known data errors | errors: No known data errors | ||
</ | </pre> | ||
< | <pre> | ||
# zpool add zroot cache /dev/da4p2.eli | # zpool add zroot cache /dev/da4p2.eli | ||
# zpool add zroot cache /dev/da5p2.eli | # zpool add zroot cache /dev/da5p2.eli | ||
</ | </pre> | ||
< | <pre> | ||
# zpool status zroot | # zpool status zroot | ||
pool: zroot | pool: zroot | ||
Zeile 132: | Zeile 132: | ||
errors: No known data errors | errors: No known data errors | ||
</ | </pre> |
Version vom 17. Februar 2017, 23:02 Uhr
inber
Das fürs Serverhousing bei In-Berlin geplante Gerät.
cache encryption
Nach dem was über den Installer eingestellt wurde, wurden auch ein ZIL und ein Cache dem Pool zugeordnet. Die Caches waren jedoch nicht verschlüsselt.
also der plan
- caches ausbinden
- geli auf den partitionen einrichten
- crypted partitions wieder einbinden
- profit!
# zpool status pool: bootpool state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM bootpool ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 da0p3 ONLINE 0 0 0 da1p3 ONLINE 0 0 0 da2p3 ONLINE 0 0 0 da3p3 ONLINE 0 0 0 errors: No known data errors pool: zroot state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 da0p5.eli ONLINE 0 0 0 da1p5.eli ONLINE 0 0 0 da2p5.eli ONLINE 0 0 0 da3p5.eli ONLINE 0 0 0 logs mirror-1 ONLINE 0 0 0 gpt/log0 ONLINE 0 0 0 gpt/log1 ONLINE 0 0 0 cache gpt/cache0 ONLINE 0 0 0 gpt/cache1 ONLINE 0 0 0 errors: No known data errors
# zpool remove zroot gpt/cache0 # zpool remove zroot gpt/cache1
# geli init -b -s 4096 /dev/da4p2 Enter new passphrase: Reenter new passphrase: Metadata backup can be found in /var/backups/da4p2.eli and can be restored with the following command: # geli restore /var/backups/da4p2.eli /dev/da4p2 # geli init -b -s 4096 /dev/da5p2 [...]
# geli attach /dev/da4p2 Enter passphrase: # geli attach /dev/da5p2 Enter passphrase:
zpool status zroot pool: zroot state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 da0p5.eli ONLINE 0 0 0 da1p5.eli ONLINE 0 0 0 da2p5.eli ONLINE 0 0 0 da3p5.eli ONLINE 0 0 0 logs mirror-1 ONLINE 0 0 0 gpt/log0 ONLINE 0 0 0 gpt/log1 ONLINE 0 0 0 errors: No known data errors
# zpool add zroot cache /dev/da4p2.eli # zpool add zroot cache /dev/da5p2.eli
# zpool status zroot pool: zroot state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 da0p5.eli ONLINE 0 0 0 da1p5.eli ONLINE 0 0 0 da2p5.eli ONLINE 0 0 0 da3p5.eli ONLINE 0 0 0 logs mirror-1 ONLINE 0 0 0 gpt/log0 ONLINE 0 0 0 gpt/log1 ONLINE 0 0 0 cache da4p2.eli ONLINE 0 0 0 da5p2.eli ONLINE 0 0 0 errors: No known data errors