geli'd swap and core dumps
jhell
jhell at DataIX.net
Sun Sep 5 14:27:20 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/05/2010 03:56, Carl wrote:
> I would like to encrypt my swap partition like Pawel does on his
> company's production servers:
>
>
> http://blogs.freebsdish.org/pjd/2010/08/06/from-sysinstall-to-zfs-only-configuration/
>
>
> Does Pawel's method result in kernel panics having no functional dump
> device?
>
> What are best practices for achieving encrypted swap and functional core
> dump recovery? Or are these mutually exclusive goals?
>
Encrypt your swap let it do its job as a swap device and if you are
planning to gather core dumps you always have the choice of a dedicated
encrypted dumpdev that is not ``onetime'' encrypted.
Personally I use USB dedicated hardware for dumps thumb-drives or
whatever is available at the time and allows me to grab the core from it
after -> analyze it... if its interesting I can pull the dumpdev, label
it and keep it till a time that I deem it recyclable.
Dumps that are being done now are minidump's unless you have chosen to
explicitly do a full dump ``debug.minidump'' so the size of your dumpdev
should be approximate to the size of kmem at the time the dump occurs.
Most times a 1GB flash card or thumb-drive suits this purpose allowing
for a safe amount of room to grow.
Attached is a script that was obtained from one of the ZFS wiki's out
there that calculates and prints out some things about KMEM.
PS: There has also been some work around getting network dumps working
so you may just want to look into that. As for how far along ? I am
unsure. Would be nice to have a central crash dump repository though.
Regards,
- --
jhell,v
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJMg6jEAAoJEJBXh4mJ2FR+/ZoIAIBbdYIuPVv29fCpfykEXVjO
ghg4Il6w6FKCPCU0Mh78lWLE3r3vfLdRk8RgYl/CGC3QxkIcc/PBr7Ohi+3bjKz6
Rmb1cTg9vhamm4JqxlNQ/KAxnjdqRzCdhHNIHVKHDrTFhlUrZh9q9KzSwwndyPJl
NtqCsuz4Fpvyhrx6ErzzdBEtJCxhyDqlLxCwGgHRrGmFIcfZjMYgMqfyuc0oIbJn
N/XU0KH6ZPAVmT9zIgb62QZ+zMU4VerwLmSgcTA2k6FVlum4MED1ACGgzs8XuDQ/
m7B7Gl8iZPNXjf8DxZHKBmqBR49QABkOmRQzRS8s9wYUoRJBjYuA97f55i/6Pp4=
=EAdn
-----END PGP SIGNATURE-----
-------------- next part --------------
#!/bin/sh -
TEXT=`kldstat | awk 'BEGIN {print "16i 0";} NR>1 {print toupper($4) "+"} END {print "p"}' | dc`
DATA=`vmstat -m | sed -Ee '1s/.*/0/;s/.* ([0-9]+)K.*/\1+/;$s/$/1024*p/' | dc`
TOTAL=$((DATA + TEXT))
echo TEXT=$TEXT, `echo $TEXT | awk '{print $1/1048576 " MB"}'`
echo DATA=$DATA, `echo $DATA | awk '{print $1/1048576 " MB"}'`
echo TOTAL=$TOTAL, `echo $TOTAL | awk '{print $1/1048576 " MB"}'`
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kmem.sh.sig
Type: application/octet-stream
Size: 287 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20100905/eb4b438f/kmem.sh.obj
More information about the freebsd-fs
mailing list