Server/inber
inber
Das fürs Serverhousing bei In-Berlin geplante Gerät.
cache encryption
Nach dem was über den Installer eingestellt wurde, wurden auch ein ZIL und ein Cache dem Pool zugeordnet. Die Caches waren jedoch nicht verschlüsselt.
also der plan
implementierung
caches ausbinden
# zpool status zroot pool: zroot state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 da0p5.eli ONLINE 0 0 0 da1p5.eli ONLINE 0 0 0 da2p5.eli ONLINE 0 0 0 da3p5.eli ONLINE 0 0 0 logs mirror-1 ONLINE 0 0 0 gpt/log0 ONLINE 0 0 0 gpt/log1 ONLINE 0 0 0 cache gpt/cache0 ONLINE 0 0 0 gpt/cache1 ONLINE 0 0 0 errors: No known data errors
# zpool remove zroot gpt/cache0 # zpool remove zroot gpt/cache1
geli auf den partitionen einrichten
# geli init -b -s 4096 /dev/da4p2 Enter new passphrase: Reenter new passphrase: Metadata backup can be found in /var/backups/da4p2.eli and can be restored with the following command: # geli restore /var/backups/da4p2.eli /dev/da4p2 # geli init -b -s 4096 /dev/da5p2 [...]
crypted partitions wieder einbinden
# geli attach /dev/da4p2 Enter passphrase: # geli attach /dev/da5p2 Enter passphrase:
zpool status zroot pool: zroot state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 da0p5.eli ONLINE 0 0 0 da1p5.eli ONLINE 0 0 0 da2p5.eli ONLINE 0 0 0 da3p5.eli ONLINE 0 0 0 logs mirror-1 ONLINE 0 0 0 gpt/log0 ONLINE 0 0 0 gpt/log1 ONLINE 0 0 0 errors: No known data errors
# zpool add zroot cache /dev/da4p2.eli # zpool add zroot cache /dev/da5p2.eli
profit!
# zpool status zroot pool: zroot state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 da0p5.eli ONLINE 0 0 0 da1p5.eli ONLINE 0 0 0 da2p5.eli ONLINE 0 0 0 da3p5.eli ONLINE 0 0 0 logs mirror-1 ONLINE 0 0 0 gpt/log0 ONLINE 0 0 0 gpt/log1 ONLINE 0 0 0 cache da4p2.eli ONLINE 0 0 0 da5p2.eli ONLINE 0 0 0 errors: No known data errors