Setting up Zpools on a single external USB drive, no problem.
Setting up 2 miirored USB drives no problem. (one odd thing, I get only 1 Icon on the desktop,
which represents the Zpool, sort of ? I first tried encrypting that icon with a right button click,
and then "Encrypt" and entered passwords, but it ignores the encryption after boot up.
Then I tried to set up encrypted mirrored drives as follows, doing it before setting up the Zpool:
I tried formatting two different 320 Gig USB drives as "osx journaled, encrypted, in Disk Utility.
Then rebooted, unmounted the two USB disks and tried this:
sudo zpool create -f -o ashift=12 -O casesensitivity=insensitive -O normalization=formD Eagle1 mirror disk1s2 disk2s2
No matter how I dod it, error messages keep coming back
Resources busy
Whatever the problem is, my first question is, am I approaching this the right way
OR should I be using something like encryption=yes right in the zpool create command ??
Thanks
Encrypted Mirror Cannot Get It Working !
4 posts
• Page 1 of 1
Encrypted Mirror Cannot Get It Working !
by Jimserac » Mon Aug 29, 2016 11:55 am
- Jimserac
- Posts: 12
- Joined: Mon Aug 29, 2016 11:40 am
Re: Encrypted Mirror Cannot Get It Working !
by Brendon » Mon Aug 29, 2016 12:52 pm
ZFS will likely soon have its own native encryption. We have a branch with the ZOL encryption scheme implemented and working nicely. This will be releasable once the encryption code is also incorporated upstream into Illumos, thereby making it standard across all implementations.
Until then there is some discussion on this in our wiki https://openzfsonosx.org/wiki/Encryption
- Brendon
Until then there is some discussion on this in our wiki https://openzfsonosx.org/wiki/Encryption
- Brendon
- Brendon
- Posts: 286
- Joined: Thu Mar 06, 2014 12:51 pm
Re: Encrypted Mirror Cannot Get It Working !
by lundman » Mon Aug 29, 2016 6:27 pm
I am guessing you are using core storage? I think that creates new disk nodes for the fake encrypted disks? Ie, if you encrypt disk1 and disk2, it will make disk3 and disk4 be the encrypted devices you are supposed to use.
At least, something did that, somewhere
At least, something did that, somewhere
-
lundman - Posts: 1337
- Joined: Thu Mar 06, 2014 2:05 pm
- Location: Tokyo, Japan
Re: Encrypted Mirror Cannot Get It Working !
by Jimserac » Tue Aug 30, 2016 3:10 pm
Thanks Brendan, I will be following that with interest.
Lundman, you are CORRECT, that was exactly the problem and I have it working now.
Am quite pleased with the performance. An outline of how I did do it follows.
Rather than create the zpool using the physical partitions (forexample disk1s2 and disk1s2,
the correct operands in the zpool create after the word mirror seems to have been the VIRTUAL encrypted
devices as shown from "diskutil list", which in this case was /dev/disk3 and /dev/disk4
Let's start at the beginning and reiterate the steps taken ...
/dev/disk0 is of course my system disk which I do not touch.
(Of course I have it backed up with Clonezilla, just in case).
Plug in and Encrypt the two USB external drives using disk utility in the usual manner, selecting OSX extended journaled encrypted.
After that is done change ownership to ensure that they belong to you (username).
I do that by the command
sudo chown $(whoami):admin /Volumes/MyUSBDiskName1/ && sudo chown -R $(whoami):admin /Volumes/USBDiskName1
Repeat the command for the 2d Usb disk, using USBDiskName2, the Volume name of the 2d USB external disk.
Now that the two USB disks are encrypted, I reboot just to make sure that the Password entry works
After reboot and entering the password for the two USB disks, and the two icons for the USB disk Volumes appear, I do diskutil list
in order to double check the /dev/ number assignments.
In this case the USB Disk1 happened to be /dev/disk1 with an external virtual (unlocked, encrypted) drive /dev/disk3
Likewise, the 2d USB Disk, Disk2 was on /dev/disk2 with an external virtual (unlocked, encrypted) drive showing as /dev/disk4
These numbers may well be different on your system. The names of the disks will be under the physical reference.
This is important because when we enter the zpool create, we will use disk3 and disk4, the virtual, unlocked, encrypted /dev/disk#
Now we unmount both USB drives
diskutil unmount /Volumes/USBDIskName1
diskutil unmount /Volumes/USBDiskName2
Of course both icons for the USB disks disappear once these commands are issued.
NOW we are ready for the Zpool create command to create these two as zpool mirrored
sudo zpool create -f -o ashift=12 -O casesensitivity=insensitive -O normalization=formD MyZpoolName mirror /dev/disk3 /dev/disk4
it will of course ask for your administrator password, and then...
It takes a moment and then the Zpool icon with the name "MyZpoolName" appears on the desktop.
I make myself owner of it with the following:
sudo chown $(whoami):admin /Volumes/MyZpoolName/ && sudo chown -R $(whoami):admin /Volumes/MyZpoolName
Now I copy files into the "MyZpoolName" icon, using drag and drop, rsync...whatever.
When done copying in, I do a safe shutdown of the Zpool by:
sudo zpool export MyZpoolName
Then I reboot to see how it worked.
Sure enough, on reboot, the "Enter password" for the two encrypted USB disk Volumes appear and I enter the
two passwords, one at a time and the Two USB Disk Volume Icons appear.
Then I import the Zpool with
sudo zpool import MyZpoolName
and the two USB Disk Icons disappear and a Zpool Icon with the name "MyZpoolName" appears on the desktop in their
place,just as it should and we're ready to go.
Well done everyone. This is very powerful and now I can move on to higher RAIDS at some point.
Thanks !
Lundman, you are CORRECT, that was exactly the problem and I have it working now.
Am quite pleased with the performance. An outline of how I did do it follows.
Rather than create the zpool using the physical partitions (forexample disk1s2 and disk1s2,
the correct operands in the zpool create after the word mirror seems to have been the VIRTUAL encrypted
devices as shown from "diskutil list", which in this case was /dev/disk3 and /dev/disk4
Let's start at the beginning and reiterate the steps taken ...
/dev/disk0 is of course my system disk which I do not touch.
(Of course I have it backed up with Clonezilla, just in case).
Plug in and Encrypt the two USB external drives using disk utility in the usual manner, selecting OSX extended journaled encrypted.
After that is done change ownership to ensure that they belong to you (username).
I do that by the command
sudo chown $(whoami):admin /Volumes/MyUSBDiskName1/ && sudo chown -R $(whoami):admin /Volumes/USBDiskName1
Repeat the command for the 2d Usb disk, using USBDiskName2, the Volume name of the 2d USB external disk.
Now that the two USB disks are encrypted, I reboot just to make sure that the Password entry works
After reboot and entering the password for the two USB disks, and the two icons for the USB disk Volumes appear, I do diskutil list
in order to double check the /dev/ number assignments.
In this case the USB Disk1 happened to be /dev/disk1 with an external virtual (unlocked, encrypted) drive /dev/disk3
Likewise, the 2d USB Disk, Disk2 was on /dev/disk2 with an external virtual (unlocked, encrypted) drive showing as /dev/disk4
These numbers may well be different on your system. The names of the disks will be under the physical reference.
This is important because when we enter the zpool create, we will use disk3 and disk4, the virtual, unlocked, encrypted /dev/disk#
Now we unmount both USB drives
diskutil unmount /Volumes/USBDIskName1
diskutil unmount /Volumes/USBDiskName2
Of course both icons for the USB disks disappear once these commands are issued.
NOW we are ready for the Zpool create command to create these two as zpool mirrored
sudo zpool create -f -o ashift=12 -O casesensitivity=insensitive -O normalization=formD MyZpoolName mirror /dev/disk3 /dev/disk4
it will of course ask for your administrator password, and then...
It takes a moment and then the Zpool icon with the name "MyZpoolName" appears on the desktop.
I make myself owner of it with the following:
sudo chown $(whoami):admin /Volumes/MyZpoolName/ && sudo chown -R $(whoami):admin /Volumes/MyZpoolName
Now I copy files into the "MyZpoolName" icon, using drag and drop, rsync...whatever.
When done copying in, I do a safe shutdown of the Zpool by:
sudo zpool export MyZpoolName
Then I reboot to see how it worked.
Sure enough, on reboot, the "Enter password" for the two encrypted USB disk Volumes appear and I enter the
two passwords, one at a time and the Two USB Disk Volume Icons appear.
Then I import the Zpool with
sudo zpool import MyZpoolName
and the two USB Disk Icons disappear and a Zpool Icon with the name "MyZpoolName" appears on the desktop in their
place,just as it should and we're ready to go.
Well done everyone. This is very powerful and now I can move on to higher RAIDS at some point.
Thanks !
- Jimserac
- Posts: 12
- Joined: Mon Aug 29, 2016 11:40 am
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 58 guests