Type any one of the following commands:
# camcontrol devlist

OR
 # geom disk list

List current partitions

Run the following command:

# gpart show

List your existing zpool

Execute the following commands:

# zfs list
# zpool list
# zpool status

It is clear that /dev/vtbd0 and /dev/vtbd1 are used by zroot as mirror device. Thus /dev/vtbd2 left as unused device.

How to add encrypted ZFS pool on FreeBSD

Type the following gpart command to create a new partitioning scheme on a vtbd2. The -s gpt option determines the scheme to use:

gpart create -s gpt vtbd2 

vtbd2 created


Next, add a new partition to the partitioning scheme given by geom:

gpart add -t freebsd-zfs -l disk2-vol0 vtbd2 

vtbd2p1 added

Where,

  • -t freebsd-zfs : Set type of the partition to freebsd-zfs i.e. a FreeBSD partition that contains a ZFS volume.
  • -l disk2-vol0 : Set partition label name to disk2-vol0 i.e. /dev/gpt/disk2-vol0
  • vtbd2 : Device name

How to enable encryption with geli on FreeBSD for zfs

I am going to store critical data. So encrypting is essential for me. It is easy to setup with the aesni driver, geli and ZFS. geli is nothing but a block device-layer disk encryption system written for FreeBSD that uses the GEOM disk framework. The aesni driver used for the AES accelerator on Intel CPUs to speed up disk encryption. First add the following line to /boot/loader.conf:

# echo 'aesni_load="YES"' >> /boot/loader.conf

You need to use the above passphrase to attach the encrypted device at boot time or after rebooting the FreeBSD bare metal or cloud server. Where options for the geli command are as follows:

  • init : The geli utility is used to configure encryption on GEOM providers. Initialize the provider named /dev/gpt/disk2-vol0 which needs to be encrypted.
  • -l 256 : The default and recommended algorithm is AES-XTS and set data key length to 256 to use with the given cryptographic algorithm.
  • /dev/gpt/disk2-vol0: Device name

Finally attach the given provider i.e./dev/gpt/disk2-vol0. The encrypted Master Key will be loaded from the metadata and decrypted using the given passphrase and a new GEOM provider will be created using the given provider’s name with an “.eli” suffix i.e. /dev/gpt/disk2-vol0.eli.

# geli attach /dev/gpt/disk2-vol0
# ls -l /dev/gpt/disk2-vol0*

View status of GEOM devices

# geli status


Sample outputs:

             
 Name                 Status  Components
       
vtbd0p3.eli           ACTIVE  vtbd0p3       
vtbd1p3.eli           ACTIVE  vtbd1p3
mirror/swap.eli       ACTIVE  mirror/swap
gpt/disk2-vol0.eli    ACTIVE  gpt/disk2-vol0

I am going to use /dev/gpt/disk2-vol0.eli to create the zfs pool.

Create the zfs pool

Finally you need to set up the ZFS pool using zpool command:

# zpool create backup /dev/gpt/disk2-vol0.eli

Verify it:
# zpool list
# zpool status
# zfs list backup

How to mount device after system reboot

You need to type the following command:

# geli attach /dev/gpt/disk2-vol0
# zfs mount -a
# zfs get mounted backup
# zpool list
# zpool status
## use it again ##
# cd /backup
# ls -l

How to add two disks and configure an encrypted ZFS pool mirror block storage on FreeBSD

Let us say you have /dev/vtbd2 and /dev/vtbd3:

# gpart create -s gpt vtbd2
# gpart create -s gpt vtbd3
# gpart add -t freebsd-zfs -l disk2-vol0 vtbd2
# gpart add -t freebsd-zfs -l disk3-vol0 vtbd3
# geli init -l 256 /dev/gpt/disk2-vol0
# geli init -l 256 /dev/gpt/disk3-vol0
# geli attach /dev/gpt/disk2-vol0
# geli attach /dev/gpt/disk3-vol0
# geli status
# zpool create backupdisk mirror gpt/disk2-vol0.eli gpt/disk3-vol0.eli
# zpool list
# zpool status

DONE!!

Was this answer helpful? 0 Users Found This Useful (0 Votes)