[Discuss] ZFS for an Encrypted External Disk: My Experience and Notes

markw at mohawksoft.com markw at mohawksoft.com
Tue Jul 26 22:43:22 EDT 2022 

How many members are fairly knowledgeable about ZFS?
How many are curious but have little exposure?
How many have no idea what ZFS is or why?

I have mixed feeling about ZFS. Its amazing, everything it does and the
way it manages storage. The model is almost perfect. IMHO, of course.

I have had to write patches for it. I've had to maintain my companies
private patches. I'm not fond of the design.

For what its worth, after about 10 years, I still use ZFS, and I still
don't like it all that much.

Now, the exciting part!!! ZFS does a lot of awesome things.

Does anyone use VMs? (KVM QEMU) forget their VM file strategy. QCOW? What
a joke. Use ZFS ZVOLS, you get snapshots, clones, replication with zfs
send. You won't go back.

Using ZFS send and snapshots, you can have incremental backups that always
end up as a full backup.

Disks are cheap, add redundancy, create a zpool with raidz and allocate
"/home" out of it. RAID is easy with ZFS.

Add "compression," there's no reason with "ghz" processors and an excess
of CPUs not to. It will reduce, on average, I/O.

Create a SAN server. use ZFS ZVOLS as devices, and use Linux iscsi to
export them as LUNs.

I used to love LVM for doing cool things, when I learned about ZFS, I was
blown away. I just wish I liked the code base. :-)


> I recently had a disk I use for external backup lose its mind. And
> though XFS has been mostly good to me for many years, I decided it was
> time to try ZFS. The fact it will notice any data errors it encounters,
> and can check the entire disk for errors, is reassuring. And the fact it
> is designed for /really/ big disks makes me think it is a reasonable
> filesystem for dealing with a measly little 5TB USB-C disk.
>
> Note, it is not as easy to use as the XFS disks. For them the GUI I use
> knows how to ask for the passphrase and mount, and unmount, but for ZFS
> it does not. But it seems to work. My backup procedure already requires
> I type commands, what's a few more?
>
> I formatted a second disk (I need to ping-pong my offline backups), and
> here are my notes from the second time through, when I kinda knew what I
> was doing. I hope there aren't any errors.
>
> Plug in new disk. Then:
>
>    df
>
> Works? Note the device and change the "sda"s below as appropriate. Then
> unmount the disk, delete all partitions, using fdisk, GParted, etc. Then
> (I chose the name extern_backup_pool, choose what you like):
>
>    zpool create extern_backup_pool /dev/sda
>    zpool export extern_backup_pool
>    ls -alF /dev/disk/by-id
>
> Again note which is your disk, change the ID below as appropriate. Then
> (I chose the mount point this disk will use, choose what you would like;
> I also chose the name extern_backup_dataset, choose what you would like):
>
>    zpool import -d
> /dev/disk/by-id/usb-WD_My_Passport_260D_575843324442314A5558354B-0:0-part1
> extern_backup_pool -N
>    zpool status
>    zfs set compression=on extern_backup_pool
>    zfs set mountpoint=/zfs_mounts/extern_backup_pool extern_backup_pool
>    zfs create -o encryption=on -o keylocation=prompt -o
> keyformat=passphrase extern_backup_pool/extern_backup_dataset
>
> Enter passphrase. Then:
>
>    zfs get mountpoint
>    zpool status
>
> Look good? Unmount:
>
>    zfs unmount extern_backup_pool/extern_backup_dataset && zpool export
> extern_backup_pool
>
> To mount do:
>
>    zpool import -d /dev/disk/by-id extern_backup_pool && zfs mount -l
> extern_backup_pool/extern_backup_dataset
>
> I made two /usr/local/sbin scripts to make that easier in the future. If
> you forget the zpool export part of the unmount and still unplug, it
> seems a reboot is necessary to clean things up…which seems a bad thing.
> I hope I am wrong and it isn't the only option.
>
> To check whether the data all reads back correctly do a scrub (takes a
> long time, and note the scrub happens on the underlying pool not the
> dataset,
> the volume does not have to be mounted to do a scrub, though the pool
> needs to be imported):
>
>    zpool scrub extern_backup_pool
>
> Add a -w flag above and it will block until it finishes, running zpool
> status will give you progress information.
>
> Noticing errors along the way is a good thing, but backups are a
> write-mostly operation for changing data, so the ability to check the
> entire disk contents for failures is also appealing. I haven't decided
> how often to do this. My disk holds less than 1TB currently, and it took
> over three-hours to scrub, as it gets fuller it will take longer—plus
> the wear and tear of frequently reading everything seems a real
> concern—so I won't do it every time I do a backup. For the moment I
> think I will paste the output of the zpool status into a log file at the
> root of each disk to keep track of when I have scrubbed it.
>
>
> -kb, the Kent who is impressed at how fast current USB-C disks are.
>
> _______________________________________________
> Discuss mailing list
> Discuss at lists.blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list