On Jan 16, 2008, at 23:27 , Ulrich Spoerlein wrote:
On Wed, 16.01.2008 at 00:26:34 +0100, Johan Ström wrote:
I create regular tarball (gziped maybee) with some files i want to
backup,
Then i encrypt this file with ie gpg. Then i send of this file
using some
unspecified network protocol to the storage server.
Encrypted all the way, from my end to the remote disk..
The downside is that it is a static file.. not a "dynamic
filesystem",
nothing I can mount and have easy access to individual files from.
*Thats*
what I'm looking for.
Export the disk on the backup server with ggated. Bind it on the
client
with ggatec. Slap a GELI or GBDE encryption on top of it and then
put a
ZFS on top of it.
You can mount/import this "remote" ZFS at will and do your zfs
send/receive on your local box. Nothing ever leaves your box
unencrypted.
Now that is a cool solution! That actually sounds like something doable.
I tried it out some at home between a 6.2 box (client) and 7.0 box
(server), hosting the system in a ZFS "sparse volume" with a
predefined size, exported that via ggated and connected ggatec on the
client box. I then did some experimentation with just newfs, and it
worked great!
The only downside with this would be that the size is fixed. So I
played around a bit with setting the volsize property in ZFS and it
seemd to work just fine. zfs list reported the new, bigger, size.
Restarted ggatec and did a growfs, and then remounted.. Yay bigger
disk :)
Then I went on do do some geli test, geli'ed /dev/ggate0 and
newfs'ed, mounted and played around a bit. All fine.. Now came the
problem, i unmounetd it, expanded the zfs volume a bit more,
restarted ggatec and tried to attach it using geli again (note, I
have no idea if this is supposed to work at all, I'm just testing.
Havent read such things anywhere). Now I got Invalid argument.
Im not realy sure about how GEOM works, but if I recall correct it
uses the last sectors of the disk? If I moved X bytes of data from
old end of disk to new end of disk, would that make GELI work? If I
can get that to work, then this would be a kickass solution (all
encryption stuff works great, I don't have to allocate all space
immediatly, I can expand it later without destroying data and
starting from scratch etc).
Some other questions, more related to ggated/c. Is this stable? Good
working? how does it handle failure situations? Anyone using it for
production systems? Yes this is for backup only so minor glitches
might be acceptable for me, but I'd rather know about those beforehand.
I did some dd from urandom to the disk, with and without GELI.. I did
notice some slightly lower speeds, i was able to write around 11MB/s
without GELI, with GELI it did around 9.5MB/s. The client machine is
no super box but its not that bad (A64 3200, 1G mem with not much load).
Input and ideas?
Thank you very much :)
--
Johan
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
