[Discuss] ZFS for an Encrypted External Disk: My Experience and Notes

markw at mohawksoft.com markw at mohawksoft.com
Tue Jul 26 08:55:49 EDT 2022 

I've been using ZFS for about 10 years personally and in my company's
product. I love the way ZFS presents storage. I have issues with ZFS's
internals. Its kind of ugly.

Be that as it may, its been my experience (anecdotal) that the Linux USB
storage stack has issues and tends to go offline under highly concurrent
heavy load. This faults the drive and fails ZFS, YMMV


> I recently had a disk I use for external backup lose its mind. And
> though XFS has been mostly good to me for many years, I decided it was
> time to try ZFS. The fact it will notice any data errors it encounters,
> and can check the entire disk for errors, is reassuring. And the fact it
> is designed for /really/ big disks makes me think it is a reasonable
> filesystem for dealing with a measly little 5TB USB-C disk.
>
> Note, it is not as easy to use as the XFS disks. For them the GUI I use
> knows how to ask for the passphrase and mount, and unmount, but for ZFS
> it does not. But it seems to work. My backup procedure already requires
> I type commands, what's a few more?
>
> I formatted a second disk (I need to ping-pong my offline backups), and
> here are my notes from the second time through, when I kinda knew what I
> was doing. I hope there aren't any errors.
>
> Plug in new disk. Then:
>
>    df
>
> Works? Note the device and change the "sda"s below as appropriate. Then
> unmount the disk, delete all partitions, using fdisk, GParted, etc. Then
> (I chose the name extern_backup_pool, choose what you like):
>
>    zpool create extern_backup_pool /dev/sda
>    zpool export extern_backup_pool
>    ls -alF /dev/disk/by-id
>
> Again note which is your disk, change the ID below as appropriate. Then
> (I chose the mount point this disk will use, choose what you would like;
> I also chose the name extern_backup_dataset, choose what you would like):
>
>    zpool import -d
> /dev/disk/by-id/usb-WD_My_Passport_260D_575843324442314A5558354B-0:0-part1
> extern_backup_pool -N
>    zpool status
>    zfs set compression=on extern_backup_pool
>    zfs set mountpoint=/zfs_mounts/extern_backup_pool extern_backup_pool
>    zfs create -o encryption=on -o keylocation=prompt -o
> keyformat=passphrase extern_backup_pool/extern_backup_dataset
>
> Enter passphrase. Then:
>
>    zfs get mountpoint
>    zpool status
>
> Look good? Unmount:
>
>    zfs unmount extern_backup_pool/extern_backup_dataset && zpool export
> extern_backup_pool
>
> To mount do:
>
>    zpool import -d /dev/disk/by-id extern_backup_pool && zfs mount -l
> extern_backup_pool/extern_backup_dataset
>
> I made two /usr/local/sbin scripts to make that easier in the future. If
> you forget the zpool export part of the unmount and still unplug, it
> seems a reboot is necessary to clean things up…which seems a bad thing.
> I hope I am wrong and it isn't the only option.
>
> To check whether the data all reads back correctly do a scrub (takes a
> long time, and note the scrub happens on the underlying pool not the
> dataset,
> the volume does not have to be mounted to do a scrub, though the pool
> needs to be imported):
>
>    zpool scrub extern_backup_pool
>
> Add a -w flag above and it will block until it finishes, running zpool
> status will give you progress information.
>
> Noticing errors along the way is a good thing, but backups are a
> write-mostly operation for changing data, so the ability to check the
> entire disk contents for failures is also appealing. I haven't decided
> how often to do this. My disk holds less than 1TB currently, and it took
> over three-hours to scrub, as it gets fuller it will take longer—plus
> the wear and tear of frequently reading everything seems a real
> concern—so I won't do it every time I do a backup. For the moment I
> think I will paste the output of the zpool status into a log file at the
> root of each disk to keep track of when I have scrubbed it.
>
>
> -kb, the Kent who is impressed at how fast current USB-C disks are.
>
> _______________________________________________
> Discuss mailing list
> Discuss at lists.blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list