How to mirror a geli partition?
Pawel Jakub Dawidek
pjd at FreeBSD.org
Fri Jan 12 04:37:45 UTC 2007
On Fri, Jan 12, 2007 at 01:41:19AM +0100, Ivan Voras wrote:
> Christian Baer wrote:
>
> > This is actually the biggest problem I am facing. In what order do I do
> > this? I was thinking along this way:
> > 1 - Create partions and try to get them the same size. :-)
> > 2 - Fill one (or both?) with random data.
> > 3 - Make a geli provider out of one of them, newfs it.
> > 4 - Do something like 'gmirror label -v -b load secret 1.eli'
> > and 'gmirror insert 2.eli'
> > I am not sure if I should reverse the order of 3 and 4. Or have I gotten
> > the whole idea wrong?
> >
> > Can someone point me in the right direction?
>
> First mirror the partitions and then create geli drive on top of it. If
> you do it the other way (encrypt each of the partition separately), you
> will be asked for password twice and each drive will (AFAIK) get its own
> internal key even if you use the same password (I'm not sure about that
> one, though).
Yes, you're correct. Doing mirror on top of two geli-encrypted providers
would also consume twice as much CPU for crypto operations.
I definiately recommend encrypting a mirror.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20070112/bf62257f/attachment.pgp
More information about the freebsd-geom
mailing list