Strona domowa GDR!a Tor Hidden Service

V 3.8



ZFS on Linux 0.8 native encryption

(23. 10. 2019)

The option names changed since this nice howto has been posted, and it doesn't seem to be documented, so here's how to do it in 0.8:

zpool set feature@encryption=enabled tank
head -c 32 /dev/random >/root/key
zfs create -o encryption=aes-256-gcm -o keyformat=raw -o keylocation=file:///root/key tank/encrypted

Edit 2019-11-18: The above is not enough to have ZFS auto-mount the filesystem after reboot, at least not on CentOS 8. Here's the systemd unit file which makes it work (don't forget to systemctl enable zfs-load-key.service):

[root@db ~]# cat /etc/systemd/system/zfs-load-key.service
[Unit]
Description=Load ZFS keys
Documentation=man:zfs(8)
DefaultDependencies=no
After=systemd-udev-settle.service
After=zfs-import.target
After=systemd-remount-fs.service
Before=zfs-mount.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/zfs load-key -a

[Install]
WantedBy=zfs.target
(komentarzy: 0) Skomentuj
Wyswietlen: 3473, komentarzy: 0 Feed z komentarzami
Sblam! Antyspam
URL encoded in QR Code Statystyki:

Email
Comments