What does geli attach -a do?
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sat Jan 13 20:21:03 UTC 2007
On Sat, Jan 13, 2007 at 09:01:05PM +0100, Christian Baer wrote:
> Good evening, folks!
>
> Ok, I know what that does. I can read manpages. :-)
>
> Is the effekt of this somehow documented by numbers though? Basicly
> meaning: Does this function 'only' tell me if the data on the provider
> is currupt? Or does it help to isolate it or can even restore broken
> data (to a point).
It'll tell you exact offset and size where corrupted data were detected.
It won't help you bring you data back, it's a security feature, not a
reliability feature, but can be used also to detect silent data
corruptions.
> If one of the latter ist the case, what are the numbers on this? How
> much data (in per cent) may be broken, before no more isolation and/or
> restoration is possible?
>
> Does it make sense to use this in combination with a mirror?
If you're afraid of silent data corruptions, then yes. When one half of
the mirror will be corrupted and geli will detect it, gmirror will read
the data from the other half.
Unfortunately authentication-only mode is not supported in geli at the
moment, so you have encryption/decription overhead.
If you don't care about this overhead, and don't care about security,
this is how you can create such configuration:
# geli init -a HMAC/MD5 -s 4096 -P -K /dev/null /dev/da0
# geli init -a HMAC/MD5 -s 4096 -P -K /dev/null /dev/da1
# geli attach -p -k /dev/null /dev/da0
# geli attach -p -k /dev/null /dev/da1
# gmirror label foo /dev/da?
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20070113/5a5e0d47/attachment.pgp
More information about the freebsd-geom
mailing list