1 |
Hi folks, |
2 |
|
3 |
I'm currently rethinking the filesystem structure of my file server. My |
4 |
current setup is as follows: |
5 |
|
6 |
DM Raid 10 (4x3TiB) -> Luks -> Ext4 |
7 |
|
8 |
At the moment the Raid 10 costs 50% of available memory, in future, I'd |
9 |
like to use Raid5 which would only costs 25% in my case. |
10 |
|
11 |
But more important: I'd also like to use ZFS on linux as I experienced |
12 |
it to be rock solid on Linux. (Had really good experience with ZFS |
13 |
together with Proxmox, damn, ZFS really rocks!). But the problem's in |
14 |
the details: Encryption... |
15 |
|
16 |
In my opinion, encryption is not optional, it is mandatory. Afaik, ZFS |
17 |
has its own encryption mechanisms which are currently not supported on |
18 |
Linux. So what would be the best way to go? |
19 |
|
20 |
First solution: DM-Raid -> Luks -> ZFS |
21 |
Pro: Known to work |
22 |
Con: ZFS actually comes with it's own (probably more efficient) Raid |
23 |
system called RaidZ which will not be used in this setup |
24 |
|
25 |
Second solution: 4xLuks -> ZFS |
26 |
Pro: Now it's possible to use RaidZ |
27 |
Con: 4x independent crypto which is a performance killer (especially as |
28 |
my box doesn't suport AES-NI...) |
29 |
|
30 |
Other solutions, like using EncFS is inconvenient as zfs features like |
31 |
file history would not work any longer. |
32 |
|
33 |
Any suggestions? Does anyone already have an encrypted ZFS setup on |
34 |
Linux and would like to share experience? |
35 |
|
36 |
If blocks on my physical disk fail or are corrupted, would these errors |
37 |
be propagated through block layers DM Raid and Luks upwards to ZFS so |
38 |
that resilvering will work? |
39 |
|
40 |
Cheers |
41 |
Ralf |