Re: Any options on crypt+zfs ?
On 2012-04-16, at 13:32 , Nenhum_de_Nos wrote: > hail, > > I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small > capacity though, to > test and study if I can make my home server this box and this way. It will be > a simple server, > three users tops. > > I followed the handbook and made the geli step on the disks: > > Geom name: label/zfs1.eli > State: ACTIVE > EncryptionAlgorithm: AES-XTS > KeyLength: 128 > Crypto: software > UsedKey: 0 > Flags: NONE > KeysAllocated: 38 > KeysTotal: 38 > Providers: > 1. Name: label/zfs1.eli > Mediasize: 160041881600 (149G) > Sectorsize: 4096 > Mode: r1w1e1 > Consumers: > 1. Name: label/zfs1 > Mediasize: 160041885184 (149G) > Sectorsize: 512 > Mode: r1w1e1 > > > all disks are this way (just 4 disks are on geli zfs). > > would it be faster, if I had geli over zfs, and not the other way (as is now) > ? > > my performance is too low (I know the hardware is not that much, but I > compared it to a friend's > arm based AP-Router gadget and my setup is when much equal. I have 1.6 GHz > Atom and 2GB ram, he > has not half this ... I know can't compare arm and x86 clock for clock ...) > > I'll try to run geli on single disk, to see how much ZFS is impacting on > performance, but, is > there any other way around ? All I want is RAID5, and FreeBSD has not > developed RAID5 from GEOM > (AFAIK) since a long time. ZFS is the way people go in recent years. > > suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geom > mirror/stripe to a newer > approach that would be supported by FreeBSD. > > I have an external enclosure for 4 SATA disks (port multiplier included) > using 4 disks, another > port multiplier 5x1 using now 3 disks, and: > > ahci1@pci0:13:0:0:class=0x010601 card=0x10601b21 chip=0x06121b21 rev=0x01 > hdr=0x00 >vendor = 'ASMedia Technology Inc.' >class = mass storage >subclass = SATA > > with two eSATA to the Port Multipliers. > > thanks, > > matheus > > machine: > ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) > Copyright (c) 1992-2012 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD is a registered trademark of The FreeBSD Foundation. > FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 >root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 > ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) > CPU: Genuine Intel(R) CPU@ 1.60GHz (1600.04-MHz K8-class CPU) > Origin = "GenuineIntel" Id = 0x20661 Family = 6 Model = 26 Stepping = 1 > > Features=0xbfe9fbff > > Features2=0x40e3bd > AMD Features=0x20100800 > AMD Features2=0x1 > TSC: P-state invariant, performance statistics > real memory = 2147352576 (2047 MB) > avail memory = 2046488576 (1951 MB) > MPTable: > Event timer "LAPIC" quality 400 > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs > FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads > cpu0 (BSP): APIC ID: 0 > cpu1 (AP/HT): APIC ID: 1 > ioapic0: Assuming intbase of 0 > ioapic0 irqs 0-23 on motherboard > kbd0 at kbdmux0 > ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) > ACPI: Table initialisation failed: AE_NOT_FOUND > ACPI: Try disabling either ACPI or apic support. > cryptosoft0: on motherboard > > -- > We will call you Cygnus, > The God of balance you shall be > > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > http://en.wikipedia.org/wiki/Posting_style > ___ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" The ideal solution will be ZFS with crypto support, but unfortunately this is only available on Oracle Sun 5.11 for now. The GELI is very good, but it is mostly for single device/file image encryption. Each new GELI device in the ZFS mirror/RAIDZ configuration will add extra overhead. GELI on top of ZFS volume/file-backed will be even worse. You could consider PEFS from ports on top of any ZFS pool. PEFS is a kernel level stacked cryptographic filesystem for FreeBSD: http://www.freshports.org/sysutils/pefs-kmod/ http://wiki.freebsd.org/PEFS https://github.com/glk/pefs P.S. ZFS RAIDZ1/RAIDZ2 pool is more sophisticated solution than RAID5/RAID6. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Any options on crypt+zfs ?
On 2012-04-16, at 22:54, "Nenhum_de_Nos" wrote: > > On Mon, April 16, 2012 22:42, Andriy Bakay wrote: >> On 2012-04-16, at 13:32 , Nenhum_de_Nos wrote: >> >>> hail, >>> >>> I have a soekris running an atom and 2GB RAM and ZFS using 7 drives, small >>> capacity though, to >>> test and study if I can make my home server this box and this way. It will >>> be a simple server, >>> three users tops. >>> >>> I followed the handbook and made the geli step on the disks: >>> >>> Geom name: label/zfs1.eli >>> State: ACTIVE >>> EncryptionAlgorithm: AES-XTS >>> KeyLength: 128 >>> Crypto: software >>> UsedKey: 0 >>> Flags: NONE >>> KeysAllocated: 38 >>> KeysTotal: 38 >>> Providers: >>> 1. Name: label/zfs1.eli >>> Mediasize: 160041881600 (149G) >>> Sectorsize: 4096 >>> Mode: r1w1e1 >>> Consumers: >>> 1. Name: label/zfs1 >>> Mediasize: 160041885184 (149G) >>> Sectorsize: 512 >>> Mode: r1w1e1 >>> >>> >>> all disks are this way (just 4 disks are on geli zfs). >>> >>> would it be faster, if I had geli over zfs, and not the other way (as is >>> now) ? >>> >>> my performance is too low (I know the hardware is not that much, but I >>> compared it to a friend's >>> arm based AP-Router gadget and my setup is when much equal. I have 1.6 GHz >>> Atom and 2GB ram, he >>> has not half this ... I know can't compare arm and x86 clock for clock ...) >>> >>> I'll try to run geli on single disk, to see how much ZFS is impacting on >>> performance, but, is >>> there any other way around ? All I want is RAID5, and FreeBSD has not >>> developed RAID5 from GEOM >>> (AFAIK) since a long time. ZFS is the way people go in recent years. >>> >>> suggestions are welcome, just want to upgrade my old 8.0 BETA3 using geom >>> mirror/stripe to a >>> newer >>> approach that would be supported by FreeBSD. >>> >>> I have an external enclosure for 4 SATA disks (port multiplier included) >>> using 4 disks, another >>> port multiplier 5x1 using now 3 disks, and: >>> >>> ahci1@pci0:13:0:0:class=0x010601 card=0x10601b21 chip=0x06121b21 >>> rev=0x01 hdr=0x00 >>> vendor = 'ASMedia Technology Inc.' >>> class = mass storage >>> subclass = SATA >>> >>> with two eSATA to the Port Multipliers. >>> >>> thanks, >>> >>> matheus >>> >>> machine: >>> ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) >>> Copyright (c) 1992-2012 The FreeBSD Project. >>> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 >>> The Regents of the University of California. All rights reserved. >>> FreeBSD is a registered trademark of The FreeBSD Foundation. >>> FreeBSD 9.0-RELEASE #0: Wed Apr 11 13:04:15 BRT 2012 >>> root@macgyver:/usr/obj/usr/src/sys/net6501-amd64 amd64 >>> ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) >>> CPU: Genuine Intel(R) CPU@ 1.60GHz (1600.04-MHz K8-class CPU) >>> Origin = "GenuineIntel" Id = 0x20661 Family = 6 Model = 26 Stepping = 1 >>> Features=0xbfe9fbff >>> Features2=0x40e3bd >>> AMD Features=0x20100800 >>> AMD Features2=0x1 >>> TSC: P-state invariant, performance statistics >>> real memory = 2147352576 (2047 MB) >>> avail memory = 2046488576 (1951 MB) >>> MPTable: >>> Event timer "LAPIC" quality 400 >>> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs >>> FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads >>> cpu0 (BSP): APIC ID: 0 >>> cpu1 (AP/HT): APIC ID: 1 >>> ioapic0: Assuming intbase of 0 >>> ioapic0 irqs 0-23 on motherboard >>> kbd0 at kbdmux0 >>> ACPI Error: A valid RSDP was not found (20110527/tbxfroot-237) >>> ACPI: Table initialisation failed: AE_NOT_FOUND >>> ACPI: Try disabling either ACPI or apic support. >>> cryptosoft0: on motherboard >>> >>> -- >>> We will call you Cygnus, >>> The God of balance you shall be >>> >>> A: Because it messes up the order in which people normally read text. >>> Q: Why is top-posting such a bad thing? >>> >>> http://en.wikipedia.org/wiki/Posting_style >>> __
Serious zfs slowdown when mixed with another file system (ufs/msdosfs/etc.).
Hi All, Do we have any new information about this issue (fixes, work arounds etc.)? Any input will be highly useful. http://lists.freebsd.org/pipermail/freebsd-stable/2010-July/057682.html I am experiencing kind of same problem on FreeBSD 8.1-RELEASE-p1 i386 2G RAM. Thanks, Andriy ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Serious zfs slowdown when mixed with another file system (ufs/msdosfs/etc.).
I expressed myself incorrectly. Sorry. :-( Do you Andriy :-) or anybody else from list(s) have more info how to fix or work around this issue? On Thu, 07 Oct 2010 21:29:54 +0300, Andriy Gapon wrote: > on 07/10/2010 18:46 Andriy Bakay said the following: >> Hi All, >> >> Do we have any new information about this issue (fixes, work arounds etc.)? >> Any >> input will be highly useful. > > Yes, _we_ do. Where have you been? :-) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Serious zfs slowdown when mixed with another file system (ufs/msdosfs/etc.).
Understood, but is it possible to apply "local" ZFS+UFS related changes? Because STABLE will bring all deltas which was accumulated since RELEASE and I really concern about stability of this box (which is router/firewall/mail server). Other people depend on it. On Thu, 07 Oct 2010 22:20:18 +0300, Andriy Gapon wrote: > on 07/10/2010 21:47 Andriy Bakay said the following: >> I expressed myself incorrectly. Sorry. :-( >> >> Do you Andriy :-) or anybody else from list(s) have more info how to >> fix or work around this issue? > > First, I recommend to try to upgrade to the recent stable/8. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Serious zfs slowdown when mixed with another file system (ufs/msdosfs/etc.).
Ok. But how stable (production ready) the FreeBSD-8-STABLE is? What is your opinion? On 2010-10-07, at 18:12, Andriy Gapon wrote: > on 08/10/2010 00:04 Andriy Bakay said the following: >> Understood, but is it possible to apply "local" ZFS+UFS related >> changes? Because STABLE will bring all deltas which was accumulated >> since RELEASE and I really concern about stability of this box (which is >> router/firewall/mail server). Other people depend on it. > > Nothing is impossible. But it's up to you to separate the changes you want > from > the changes you don't want. > > -- > Andriy Gapon ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Serious zfs slowdown when mixed with another file system (ufs/msdosfs/etc.).
Do you know any more convenient way (except make buildword, etc.) to upgrade/update several boxes to STABLE on regular basis? Something like freebsd-update or maybe some process, tips, tricks, etc? Thanks. On 2010-10-08, at 6:11, Pete French wrote: >> Ok. But how stable (production ready) the FreeBSD-8-STABLE is? What is your >> opinion? > > I am running 8-STABLE from 27th September on all our ptoduction > machines (from webservers to database servers to the company mail > server) and it is fine. I am going to update again over the next > few days, as there are some ZFS fixes in which I want - and which > may benifit you too - so I will be able to report back next > week as to how a more recent version behaves. > > In general though, I have never had problems running STABLE on > prodyction systems over the years. Of course what I do is to test it > on a singlre machine before rolling it out (a leaf in a webfarm > so if it goes down it wont affect the business) but it is usually > fine. keep an eye on -STABLE mailing list though, as that is where > problems arise. I watch that, and also the dailing commits, either here > > http://www.freshbsd.org/?branch=RELENG_8&project=freebsd&committer=&module=&q= > > or here > > http://www.secnetix.de/olli/FreeBSD/svnews/?p=stable/8 > > Just to see whats going into the tree relative to whats being discussed. > It only takes a few minutes a dat to monitor the mailin lists and the > commits, and the result is that we've been running STABLE for a very > long time (close to a decade I suspect) with great success. > > -pete. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Serious zfs slowdown when mixed with another file system (ufs/msdosfs/etc.).
On 10-Oct-10, at 4:16 AM, Andriy Gapon wrote: More convenient? :-) Sorry, I always use "make buildword, etc", works 100% for me and I find it very convenient. -- Andriy Gapon I mean some thing like freebsd-update for FreeBSD-STABLE monthly snapshots. You are right, update from sources is working perfectly and I used it before freebsd-update came along. But I found freebsd-update way more convenient. Anyway thank you all for all your tips. -- Andriy ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
