How to install a compressed and encrypted Z file system [ZFS hack]
Hey Guys, yes we switched this blog in english because it has to !
So welcome in this article, we will see how to install Zfs with compression and encryption on an external HD. So you can go out with your HD totally secure !
All explanations below are given without any warranties of any kind as usual, and we won’t be responsible of anything if things go wrong. Take your responsabilities, make backups !
All explanations below are give for archlinux but concepts described here may apply for other distributions.
pacman -S linux(currrent kernel)-zfs systemctl enable zfs-import-cache systemctl enable zfs-import.target systemctl enable zfs-mount systemctl enable zfs.target
Creating a storage pool
No need to partition the drives before creating the ZFS filesystem guys. We will use here our entire disk, let’s suppose here it’s /dev/sdd.
We need first to identify the disks with this command :
# ls -lh /dev/disk/by-id/ lrwxrwxrwx 1 root root 10 7 déc. 21:11 ata-WDC_WDS250G2B0A-00SM50_181960809318-part8 -> ../../sdb8 lrwxrwxrwx 1 root root 10 7 déc. 21:11 ata-WDC_WDS250G2B0A-00SM50_181960809318-part9 -> ../../sdb9 lrwxrwxrwx 1 root root 9 7 déc. 21:11 usb-Seagate_Portable_NAA5HL28-0:0 -> ../../sdd
create a ZFS pool
To create a ZFS pool :
zpool create -f -m [raidz(2|3)|mirror] ids -f: Force creating the pool. This is to overcome the "EFI label error". See #Does not contain an EFI label. -m: The mount point of the pool. If this is not specified, then the pool will be mounted to /. pool: This is the name of the pool. raidz(2|3)|mirror: This is the type of virtual device that will be created from the pool of devices, raidz is a single disk of parity, raidz2 for 2 disks of parity and raidz3 for 3 disks of parity, similar to raid5 and raid6. Also available is mirror, which is similar to raid1 or raid10, but is not constrained to just 2 device. If not specified, each device will be added as a vdev which is similar to raid0. After creation, a device can be added to each single drive vdev to turn it into a mirror, which can be useful for migrating data. ids: The ID's of the drives or partitions that to include into the pool.
So here for what we need :
zpool create -f -m /mnt/zfs tetux1 usb-Seagate_Portable_NAA5HL28-0:0
And then we can verify :
# zpool status -v pool: remov1 state: ONLINE scan: none requested config:
NAME STATE READ WRITE CKSUM remov1 ONLINE 0 0 0 usb-Seagate_Portable_NAA5HL28-0:0 ONLINE 0 0 0errors: No known data errors
Importing a pool created by id
Eventually a pool may fail to auto mount and you need to import to bring your pool back. Take care to avoid the most obvious solution.
# zpool import -d /dev/disk/by-id tetux1
Creating a dataset
Users can optionally create a dataset under the zpool as opposed to manually creating directories under the zpool. Datasets allow for an increased level of control (quotas for example) in addition to snapshots. To be able to create and mount a dataset, a directory of the same name must not pre-exist in the zpool. To create a dataset, use:
# zfs create <nameofzpool>/<nameofdataset>
To see all options :
# zfs get all tetux1
To disable access time (atime), which is enabled by default:
# zfs set atime=off tetux1
To enable compression:
# zfs set compression=on tetux1
Whenever data is read and ZFS encounters an error, it is silently repaired when possible, rewritten back to disk and logged so you can obtain an overview of errors on your pools. There is no fsck or equivalent tool for ZFS. Instead, ZFS supports a feature known as scrubbing. This traverses through all the data in a pool and verifies that all blocks can be read.
To scrub a pool:
# zpool scrub tetux1
Destroy a pool
# zpool destroy remov1
# zfs create -o encryption=on -o keyformat=passphrase tetux1
# zfs create -o compression=on tetux1
Then to have both encryption AND compression :
# zfs create -o encryption=on -o keyformat=passphrase -o compression=on tetux1
On next reboot how to mount your partition
Just do that :
sudo zfs mount sudo zfs unmount /mnt/zfs/ sudo zfs mount -l -a
You will be asked for the passphrase and that’s it !
How to remove safely your external HD with ZFS ?
Well it’s not that complicated you just type in :
sudo zfs unmount /mnt/zfs (this is just optionnal !) sudo zpool export tetux1
And then when you want to plug it back :
sudo zpool import -d /dev/disk/by-id tetux1 sudo zfs unmount /mnt/zfs/ sudo zfs mount -l -a