I agree with your comments on BTRFS, it's exactly why I've never bothered
with it, as it wasn't getting me anything. I want to be rid of using
mdraid and luks for a native solution, but replacing layers for no or
negligible benefit.
Last I had rebuilt my laptop, arch supported encryption, but not at boot
time, but seems it might be possible now. I need to dig some more, but saw
this with some quick poking around today.
https://wiki.alpinelinux.org/wiki/Root_on_ZFS_with_native_encryption
Gives me some hope arch might, but might look beyond arch too. I've had a
lot of issues with arch in the past few years, particularly
updates/upgrades, so I'm back to contemplating my choice in religion, er
linux.
-mb
On Wed, Jun 23, 2021 at 9:55 PM Matthew Crews via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:
> On 6/23/21 5:18 PM, Michael Butash via PLUG-discuss wrote:
> > Saw this today, talking about encryption under zfs under linux. Anyone
> > using it here that can comment on experience using it yet for personal
> > or at scale?
> >
> >
> https://arstechnica.com/gadgets/2021/06/a-quick-start-guide-to-openzfs-native-encryption/
> > <
> https://arstechnica.com/gadgets/2021/06/a-quick-start-guide-to-openzfs-native-encryption/
> >
> >
> > I use a combination of mdraid+luks+lvm+ext4/jfs, and would really love
> > for this to be one thing, ala ZFS or BTRFS. Yes I could google my arse
> > off to look, but looking for some trusted opinion here.
>
> I've used ZFS and BTRFS under Linux, though I haven't tried native ZFS
> encryption yet. I have used both ZFS and BTRFS under LUKS encryption too.
>
> Both BTRFS and ZFS work so much nicer than mdraid when it comes to
> spanning across multiple disks (though beware that BTRFS still isn't
> production safe for RAID5/RAID6).
>
> If you want to use a multi-disk storage array, ZFS and BTRFS are both
> superior options to MDRAID.
>
> However ZFS is just straight better and easier to maintain than BTRFS,
> especially now that native encryption is a thing (something BTRFS sorely
> lacks).
>
>
>
> Here is my disk topology for my 4 disk RAID10 setup under BTRFS.
>
> Disk 1 - LUKS - Btrfs --\ /--Btrfs subvolume
> | |
> Disk 2 - LUKS - Btrfs --| |--Btrfs subvolume
> |--- Btrfs volume --|
> Disk 3 - LUKS - Btrfs --| |--Btrfs subvolume
> | |
> Disk 4 - LUKS - Btrfs --/ \--Btrfs subvolume
>
> To be honest, it is a pain in the arse to mount an encrypted BTRFS
> volume this way. You need to unencrypt all four drives first, and then
> you need to mount it. But at least once its mounted, the subvolumes are
> already set up.
>
> If I need to replace a drive (and I've had to replace drives) it is also
> a pain in the arse due to having to deal with both Luks and BTRFS.
>
> Encrypted ZFS would simplify this setup enormously.
>
> When I need to replace my drives, I will be switching from BTRFS to ZFS.
>
>
> -Matt
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)