How to configure a TRULY cross-platform ZFS

All your general support questions for OpenZFS on OS X.

How to configure a TRULY cross-platform ZFS

Postby ryjorny » Tue Nov 20, 2018 8:41 am

If you read my last post I'm sad to report I have thrown in the towel and zeroed the devices. I am now trying to setup a new ZFS volume which can be mounted on Linux and macOS. The alternative I wish to avoid is a headless BSD or Solaris network share. Last time I tried to configure a new ZFS volue on mac and linux and could never get the other OS to mount the volume. It gave errors about upsupported datto features etc. Here is what my plan is. Where am I going wrong?

Code: Select all
zpool create -o ashift=12 -o failmode=continue -O atime=off -O compression=lz4 -O casesensitivity=insensitive -O normalization=formD -O checksum=edonr -O mountpoint=/tmp/Pond -O canmount=noauto Pond mirror /private/var/run/disk/by-id/media-### /private/var/run/disk/by-id/media-####
zpool set feature@encryption=enabled
zfs create -o encryption=aes-256-gcm -o keyformat=passphrase -o keylocation=prompt -o pbkdf2iters=100000 Pond/Puddle
zfs set com.apple.ignoreowner=on Pond
zfs set mountpoint=/Volumes/Puddle Pond/Puddle


I've tried before without the obvious com.apple.ignoreowner=on and it didn't make a difference. To overcome the ownership problem I tried this https://allysonjulian.com/posts/creatin ... _with_zfs/ without any success. Any tips or tricks are appreciated. Linux version Manjaro (Arch derivative) with Kernel 4.19 and macOS 10.13.6 High Sierra.
ryjorny
 
Posts: 13
Joined: Thu Nov 15, 2018 4:54 pm

Re: How to configure a TRULY cross-platform ZFS

Postby lundman » Wed Nov 21, 2018 6:52 pm

You need to keep in mind of the pool feature flags basically. A "zpool upgrade -v" will display the features (and won't upgrade if you do not specify the pool name). There are features that only ZOL has and features only OSX has.

In the dark dank far future, all platforms will have the same features - but we are not quite there yet.

So when creating the pool, you can use the "-d" flag to disable all features, ie, "zpool create -d ...". Then you can go and turn on those you really want and are on both systems,

"zpool create -d -o feature@lz4_compress=enabled -o feature@async_destroy=enabled -o feature@empty_bpobj=enabled POOL devices..."

That pool can then be imported on both systems, as long as you never "zpool upgrade POOL" on either platforms (as that would enable all the new features).

If you also want to be able to import the pool on a Solaris system, you should create a pool with version=28. But that is a bit old skool now.


"zpool set feature@encryption" is not a valid zfs command. If you create a normal pool (without -d above) then the encryption feature is "enabled" by default, and changed automatically into "active" when you create your first encrypted filesystem. It goes back to "just" enabled when you delete the last encrypted filesystem. But you can only import pools with features "enabled" or "active" that the host system understands. Hence the problem you were encountering.

Your "zpool create" line means you need to enable some features, -O compression=lz4 means you need feature@lz4_compress etc, edonr and encryption also need their features.

So I guess something like
Code: Select all
zpool create -o ashift=12 -o failmode=continue -O atime=off -O compression=lz4 -O casesensitivity=insensitive -O normalization=formD -O checksum=edonr -O mountpoint=/tmp/Pond -O canmount=noauto -d -o feature@lz4_compress=enabled -o feature@async_destroy=enabled -o feature@empty_bpobj=enabled -o feature@edonr=enabled -o feature@encryption=enabled  Pond mirror /private/var/run/disk/by-id/media-### /private/var/run/disk/by-id/media-####
zfs create -o encryption=aes-256-gcm -o keyformat=passphrase -o keylocation=prompt -o pbkdf2iters=100000 -o com.apple.ignoreowner=on -o mountpoint=/Volumes/Puddle Pond/Puddle
User avatar
lundman
 
Posts: 620
Joined: Thu Mar 06, 2014 2:05 pm
Location: Tokyo, Japan

Re: How to configure a TRULY cross-platform ZFS

Postby ryjorny » Thu Nov 22, 2018 5:25 am

Ahh that makes sense, thank you for the explanation. All I really need is for an encrypted dataset to mount on both platforms. I like the simple one by one approach. You're saying using com.apple.ignoreowner=on won't prevent it from mounting on Linux?
ryjorny
 
Posts: 13
Joined: Thu Nov 15, 2018 4:54 pm

Re: How to configure a TRULY cross-platform ZFS

Postby lundman » Thu Nov 22, 2018 2:13 pm

com.apple.ignoreowner=on is fine, its a dataset property and is ignored by ZOL. You can also make sure your UIDs are the same value on OSX and Linux
User avatar
lundman
 
Posts: 620
Joined: Thu Mar 06, 2014 2:05 pm
Location: Tokyo, Japan

Re: How to configure a TRULY cross-platform ZFS

Postby ryjorny » Fri Nov 23, 2018 8:38 am

So this time I configured ZFS by doing /var/disk/run/by-serial because using diskutil I couldn't get UUID for my zeroed devices which had no volumes. I then exported the pool and then imported with -d /var/disk/run/by-id/. Last time I set this up I formatted each with a single fat32 partition (GPT) and when zpool create did its thing all of those volumes were renamed to the same as what the pool was. Could that have contributed to the problems I was having?
Last edited by ryjorny on Fri Nov 23, 2018 9:38 am, edited 1 time in total.
ryjorny
 
Posts: 13
Joined: Thu Nov 15, 2018 4:54 pm

Re: How to configure a TRULY cross-platform ZFS

Postby ryjorny » Fri Nov 23, 2018 9:36 am

I used the configuration suggestions you typed above but I'm still getting this error:

"This pool uses the following feature(s) not supported by this system:
com.datto:encryption (Support for dataset level encryption)
cannot import 'Pacifica': unsupported version or feature"

I have a pool named Pacifica and three encrypted datasets: Eureka, Portland and Vancouver

I type zpool upgrade -v and it clearly shows

"sha512
SHA-512/256 hash algorithm."

as being supported
ryjorny
 
Posts: 13
Joined: Thu Nov 15, 2018 4:54 pm

Re: How to configure a TRULY cross-platform ZFS

Postby ryjorny » Fri Nov 23, 2018 10:05 am

I uninstalled ZoL and reinstalled 7.12 (most recent version) along with the appropriate ZFS-utils and extensions for kernel 4.19. I'm going through feature by feature and enabling on ZoL then confirming O3X can still r/w

ZoL output: zpool get all
Code: Select all
Pacifica  feature@async_destroy          disabled                       local
Pacifica  feature@empty_bpobj            disabled                       local
Pacifica  feature@lz4_compress           disabled                       local
Pacifica  feature@multi_vdev_crash_dump  disabled                       local
Pacifica  feature@spacemap_histogram     disabled                       local
Pacifica  feature@enabled_txg            disabled                       local
Pacifica  feature@hole_birth             disabled                       local
Pacifica  feature@extensible_dataset     disabled                       local
Pacifica  feature@embedded_data          disabled                       local
Pacifica  feature@bookmarks              disabled                       local
Pacifica  feature@filesystem_limits      disabled                       local
Pacifica  feature@large_blocks           disabled                       local
Pacifica  feature@large_dnode            disabled                       local
Pacifica  feature@sha512                 disabled                       local
Pacifica  feature@skein                  disabled                       local
Pacifica  feature@edonr                  disabled                       local
Pacifica  feature@userobj_accounting     disabled                       local


O3X output: zpool get all
Code: Select all
Pacifica  feature@empty_bpobj            disabled                       local\
Pacifica  feature@lz4_compress           disabled                       local\
Pacifica  feature@multi_vdev_crash_dump  disabled                       local\
Pacifica  feature@spacemap_histogram     disabled                       local\
Pacifica  feature@enabled_txg            disabled                       local\
Pacifica  feature@hole_birth             disabled                       local\
Pacifica  feature@extensible_dataset     disabled                       local\
Pacifica  feature@embedded_data          disabled                       local\
Pacifica  feature@bookmarks              disabled                       local\
Pacifica  feature@filesystem_limits      disabled                       local\
Pacifica  feature@large_blocks           disabled                       local\
Pacifica  feature@sha512                 disabled                       local\
Pacifica  feature@skein                  disabled                       local\
Pacifica  feature@edonr                  disabled                       local\
Pacifica  feature@encryption             disabled                       local\
Pacifica  feature@device_removal         disabled                       local\
Pacifica  feature@obsolete_counts        disabled                       local\
Pacifica  feature@zpool_checkpoint       disabled                       local\
Pacifica  feature@spacemap_v2            disabled                       local\


While they both support SHA512 ZoL doesn't have a feature specifically called "encryption" while O3X does.

Edit: this reference to SHA-512 I found is for file checksums and is an inferior choice compared to skein which itself is an inferior option to the current gold standard: edonr.
Last edited by ryjorny on Fri Nov 23, 2018 11:44 am, edited 1 time in total.
ryjorny
 
Posts: 13
Joined: Thu Nov 15, 2018 4:54 pm

Re: How to configure a TRULY cross-platform ZFS

Postby ryjorny » Fri Nov 23, 2018 11:40 am

EUREKA! Tucked away deep in the bowels of ZoL github I found that the native encryption hasn’t been included in a released version of ZoL. Those clowns don't mention this on their homepage of course and therefore everything available to GUI package managers are based on the 0.7-release branch where the native encryption changes haven’t been merged. Only betas e.g. 0.8-rc2 (most recent release November 13th) have native encryption which explains why my 0.7.12 wasn't liking the encryption feature. I took for granted ZoL advancements but it seems Mr. Lundman is a coding machine leaving hackers de las penguinas in the dust. So for any macOS user trying to mount encrypted zfs datasets on linux just compile and install the most recent 0.8+ version of ZoL and voila.

*despite being a "release candidate" ZoL developers don't consider any 0.8 production ready yet.
ryjorny
 
Posts: 13
Joined: Thu Nov 15, 2018 4:54 pm

Re: How to configure a TRULY cross-platform ZFS

Postby Sharko » Sun Nov 25, 2018 9:43 pm

Yeah, I'm pretty sure it is not released in FreeNAS yet, either.
Sharko
 
Posts: 90
Joined: Thu May 12, 2016 12:19 pm

Re: How to configure a TRULY cross-platform ZFS

Postby paulCIA » Thu Oct 10, 2019 3:01 am

ryjorny wrote:EUREKA! Tucked away deep in the bowels of ZoL github I found that the native encryption hasn’t been included in a released version of ZoL. Those clowns don't mention this on their homepage of course and therefore everything available to GUI package managers are based on the 0.7-release branch where the native encryption changes haven’t been merged. Only betas e.g. 0.8-rc2 (most recent release November 13th) have native encryption which explains why my 0.7.12 wasn't liking the encryption feature. I took for granted ZoL advancements but it seems Mr. Lundman is a coding machine leaving hackers de las penguinas in the dust. So for any macOS user trying to mount encrypted zfs datasets on linux just compile and install the most recent 0.8+ version of ZoL and voila.

*despite being a "release candidate" ZoL developers don't consider any 0.8 production ready yet.

Wow, and ZoL has screwed me yet again with their useless feature flags that nobody else supports. Thats kind of the problem with ZFS in general, one mistake in the terminal and you're screwed, it's just, sorry copy off the data if you can and recreate the pool and try not to ever ever ever screw up again in your life, well that's kind of hard when the pool is already larger than any other disk you own, k guess I'll have to buy another! Which sure is not good backup practice, but this is not like mission critical data, more nice to have, not to mention it's backed up in the great distributed pool in the clouds, so I guess it shouldn't be in ZFS then! I could just destroy the whole pool and wash my hands of it and forget I ever had it in 5 minutes, so that may actually be the best thing and then I'll have a whole lot more free disk space. Just not sure I'm willing to commit to ZFS like this anymore. (no pun intended) NTFS is at least universally read/write supported at this point if slow but at no point in the future will your disk be upgraded to NTFS2(TM) just because you wanted to use its very poorly implemented encryption feature, rendering it unwritable with any operating system lacking the patented NTFS2(TM) driver, these ZoL guys are stealing pages right out of the MS/Oracle playbook, don't give them any more ideas....
paulCIA
 
Posts: 3
Joined: Thu Jan 24, 2019 9:19 am

Next

Return to General Help

Who is online

Users browsing this forum: No registered users and 1 guest

cron