# camcontrol devlist
OR
# geom disk list
List current partitions
Run the following command:
# gpart show
List your existing zpool
Execute the following commands:
# zfs list
# zpool list
# zpool status
It is clear that /dev/vtbd0 and /dev/vtbd1 are used by zroot as mirror device. Thus /dev/vtbd2 left as unused device.
How to add encrypted ZFS pool on FreeBSD
Type the following gpart command to create a new partitioning scheme on a vtbd2. The -s gpt option determines the scheme to use:
# gpart create -s gpt vtbd2
vtbd2 created
Next, add a new partition to the partitioning scheme given by geom:
# gpart add -t freebsd-zfs -l disk2-vol0 vtbd2
vtbd2p1 added
Where,
- -t freebsd-zfs : Set type of the partition to freebsd-zfs i.e. a FreeBSD partition that contains a ZFS volume.
- -l disk2-vol0 : Set partition label name to disk2-vol0 i.e. /dev/gpt/disk2-vol0
- vtbd2 : Device name
How to enable encryption with geli on FreeBSD for zfs
I am going to store critical data. So encrypting is essential for me. It is easy to setup with the aesni driver, geli and ZFS. geli is nothing but a block device-layer disk encryption system written for FreeBSD that uses the GEOM disk framework. The aesni driver used for the AES accelerator on Intel CPUs to speed up disk encryption. First add the following line to /boot/loader.conf:
# echo 'aesni_load="YES"' >> /boot/loader.conf
You need to use the above passphrase to attach the encrypted device at boot time or after rebooting the FreeBSD bare metal or cloud server. Where options for the geli command are as follows:
- init : The geli utility is used to configure encryption on GEOM providers. Initialize the provider named /dev/gpt/disk2-vol0 which needs to be encrypted.
- -l 256 : The default and recommended algorithm is AES-XTS and set data key length to 256 to use with the given cryptographic algorithm.
- /dev/gpt/disk2-vol0: Device name
Finally attach the given provider i.e./dev/gpt/disk2-vol0. The encrypted Master Key will be loaded from the metadata and decrypted using the given passphrase and a new GEOM provider will be created using the given provider’s name with an “.eli” suffix i.e. /dev/gpt/disk2-vol0.eli.
# geli attach /dev/gpt/disk2-vol0
# ls -l /dev/gpt/disk2-vol0*
View status of GEOM devices
# geli status
Sample outputs:
Name Status Components vtbd0p3.eli ACTIVE vtbd0p3 vtbd1p3.eli ACTIVE vtbd1p3 mirror/swap.eli ACTIVE mirror/swap gpt/disk2-vol0.eli ACTIVE gpt/disk2-vol0
I am going to use /dev/gpt/disk2-vol0.eli to create the zfs pool.
Create the zfs pool
Finally you need to set up the ZFS pool using zpool command:
# zpool create backup /dev/gpt/disk2-vol0.eli
Verify it:
# zpool list
# zpool status
# zfs list backup
How to mount device after system reboot
You need to type the following command:
# geli attach /dev/gpt/disk2-vol0
# zfs mount -a
# zfs get mounted backup
# zpool list
# zpool status
## use it again ##
# cd /backup
# ls -l
How to add two disks and configure an encrypted ZFS pool mirror block storage on FreeBSD
Let us say you have /dev/vtbd2 and /dev/vtbd3:
# gpart create -s gpt vtbd2
# gpart create -s gpt vtbd3
# gpart add -t freebsd-zfs -l disk2-vol0 vtbd2
# gpart add -t freebsd-zfs -l disk3-vol0 vtbd3
# geli init -l 256 /dev/gpt/disk2-vol0
# geli init -l 256 /dev/gpt/disk3-vol0
# geli attach /dev/gpt/disk2-vol0
# geli attach /dev/gpt/disk3-vol0
# geli status
# zpool create backupdisk mirror gpt/disk2-vol0.eli gpt/disk3-vol0.eli
# zpool list
# zpool status
DONE!!