Backup solution suggestions [ggated]

Wed Jan 16 16:32:13 PST 2008

On Jan 16, 2008, at 23:27 , Ulrich Spoerlein wrote:

> On Wed, 16.01.2008 at 00:26:34 +0100, Johan Ström wrote:
>> I create regular tarball (gziped maybee) with some files i want to  
>> backup,
>> Then i encrypt this file with ie gpg. Then i send of this file  
>> using some
>> unspecified network protocol to the storage server.
>> Encrypted all the way, from my end to the remote disk..
>> The downside is that it is a static file.. not a "dynamic  
>> filesystem",
>> nothing I can mount and have easy access to individual files from.  
>> *Thats*
>> what I'm looking for.
>
> Export the disk on the backup server with ggated. Bind it on the  
> client
> with ggatec. Slap a GELI or GBDE encryption on top of it and then  
> put a
> ZFS on top of it.
>
> You can mount/import this "remote" ZFS at will and do your zfs
> send/receive on your local box. Nothing ever leaves your box
> unencrypted.

Now that is a cool solution! That actually sounds like something doable.
I tried it out some at home between a 6.2 box (client) and 7.0 box  
(server), hosting the system in a ZFS "sparse volume" with a  
predefined size, exported that via ggated and connected ggatec on the  
client box. I then did some experimentation with just newfs, and it  
worked great!
The only downside with this would be that the size is fixed. So I  
played around a bit with setting the volsize property in ZFS and it  
seemd to work just fine. zfs list reported the new, bigger, size.  
Restarted ggatec and did a growfs, and then remounted.. Yay bigger  
disk :)
Then I went on do do some geli test, geli'ed /dev/ggate0 and  
newfs'ed, mounted and played around a bit. All fine.. Now came the  
problem, i unmounetd it, expanded the zfs volume a bit more,  
restarted ggatec and tried to attach it using geli again (note, I  
have no idea if this is supposed to work at all, I'm just testing.  
Havent read such things anywhere). Now I got Invalid argument.
Im not realy sure about how GEOM works, but if I recall correct it  
uses the last sectors of the disk? If I moved X bytes of data from  
old end of disk to new end of disk, would that make GELI work? If I  
can get that to work, then this would be a kickass solution (all  
encryption stuff works great, I don't have to allocate all space  
immediatly, I can expand it later without destroying data and  
starting from scratch etc).

Some other questions, more related to ggated/c. Is this stable? Good  
working? how does it handle failure situations? Anyone using it for  
production systems? Yes this is for backup only so minor glitches  
might be acceptable for me, but I'd rather know about those beforehand.
I did some dd from urandom to the disk, with and without GELI.. I did  
notice some slightly lower speeds, i was able to write around 11MB/s  
without GELI, with GELI it did around 9.5MB/s. The client machine is  
no super box but its not that bad (A64 3200, 1G mem with not much load).

Input and ideas?

Thank you very much :)

--
Johan