unix - Mounting GEOM_ELI Encrypted ZFS Pool as root -


i have 3 disk raidz1 pool, encrypted aes128 in geom_eli, have been using in freenas since version 8. there have been many zpool upgrades, , on happy zfs.

lately have been growing frustrated freenas. largely many bugs haven't been fixed on years. overall insisting on me using flash drive os, though of read only. it's still single point of failure , has extended boot times several minutes. bottom line, want use vanilla freebsd pool. looking more flexibility , wish educate myself awesome operating system.

doing more extended research have found many tutorials on installing freebsd naively zfs volume , mounting / wasn't till did more research , found article on mounting zfs encrypted volume root. later found freebsd 10 during installation, awesome least.

tutorial used

i made vm vmware workstation, 3 2tb drives, passed through physical disks, , followed every step t , worked out well. had better grasp on commands doing , why doing them, wanted existing pool, has lot of data on it.

by default, freenas creates 2gb swap partition @ front of every data disk. removed swap space , made 1.5gb partition on each drive 512mb remaining swap. followed through every step, changing things needed. (i have 3 disks, tutorial speaks of 4, pool name foxhole, tutorial zroot.) successful in decrypting volume geom_eli , mounted successfully.

i did not skip steps provided. copied every command given , altered them in text file suit case.

here problem now. after restarting test everything, kernel begins starting, spat @ mountroot terminal. seems geom_eli didn't make attempt decrypt root volume. have suspicion why. correct me if wrong. @ start of tutorial, given commands create new geoms encrypted volume:

geli init -b -b /boot/zfs/bootdir/da0p4.eli -e aes-xts -k /boot/zfs/bootdir/encryption.key -l 256 -s 4096 /dev/da0p4 geli init -b -b /boot/zfs/bootdir/da1p4.eli -e aes-xts -k /boot/zfs/bootdir/encryption.key -l 256 -s 4096 /dev/da1p4 geli init -b -b /boot/zfs/bootdir/da2p4.eli -e aes-xts -k /boot/zfs/bootdir/encryption.key -l 256 -s 4096 /dev/da2p4

since volume exists, cant perform commands have created "/boot/zfs/bootdir/daxp4.eli" files.

i guessing @ being cause. noticed when attempted perform:

mv bootdir/*.eli bootdir/boot/

gave me "no match."

i assumed have been created when pool decrypted.

i apologize post. trying give info can without giving much. have been working on last 18 hours. love clear head take peek @ this.

if missed useful information, let me know.

turns out correct. daxp4.eli files necessary it's metadata of each disk. reference point if will.

by performing:

geli backup /dev/daxp4 /boot/daxp4.eli

it create meta files required geom attempt decryption @ boot time.

i hope helps else interested in stuff. have nas 23 disks. 3 zfs volumes, encrypted geom_eli


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more