Zfs Raidz Luks Encrypt

1.查询磁盘

1
2
3
4
ls /dev/disk/by-id
ata-WD8SLDL988SLA998-8LWL1882_CCC000 -> ../../sdc
ata-WD8SLDL988SLA998-8LWL1882_AAA000 -> ../../sdb
ata-WD8SLDL988SLA998-8LWL1882_BBB000 -> ../../sdd

2.生成秘钥

1
2
3
dd if=/dev/urandom of=/root/CCC000.key bs=1024 count=64
dd if=/dev/urandom of=/root/AAA000.key bs=1024 count=64
dd if=/dev/urandom of=/root/BBB000.key bs=1024 count=64

3.用秘钥加密磁盘

1
2
3
cryptsetup luksFormat /dev/disk/by-id/ata-WD8SLDL988SLA998-8LWL1882_CCC000 /root/CCC000.key
cryptsetup luksFormat /dev/disk/by-id/ata-WD8SLDL988SLA998-8LWL1882_AAA000 /root/AAA000.key
cryptsetup luksFormat /dev/disk/by-id/ata-WD8SLDL988SLA998-8LWL1882_BBB000 /root/BBB000.key

4.查找luks加密后的uuid

1
2
3
4
root@jarvis:~# blkid | grep 'TYPE="crypto_LUKS"'
/dev/sdb: UUID="8sfaa99s8-060b-40ee-8ed3-177fd5f85c8e" TYPE="crypto_LUKS"
/dev/sdd: UUID="8sd8fax9-3fbb-454a-8ef2-45b38a35d9b6" TYPE="crypto_LUKS"
/dev/sdc: UUID="f562f785-114c-4d51-8cd0-8a913a39ad16" TYPE="crypto_LUKS"

5.打开加密磁盘

1
2
3
cryptsetup luksOpen UUID=8sfaa99s8-060b-40ee-8ed3-177fd5f85c8e --key-file /root/AAA000.key AAA000
cryptsetup luksOpen UUID=8sd8fax9-3fbb-454a-8ef2-45b38a35d9b6 --key-file /root/BBB000.key BBB000
cryptsetup luksOpen UUID=f562f785-114c-4d51-8cd0-8a913a39ad16 --key-file /root/CCC000.key CCC000

6.设置开机自动挂载

1
2
3
4
5
6
7
8
mkdir /path/somewhere/
cp /root/CCC000.key /path/somewhere/
cp /root/AAA000.key /path/somewhere/
cp /root/BBB000.key /path/somewhere/
vim /etc/crypttab
AAA000 UUID=8sfaa99s8-060b-40ee-8ed3-177fd5f85c8e /path/somewhere/AAA000.key luks
BBB000 UUID=8sd8fax9-3fbb-454a-8ef2-45b38a35d9b6 /path/somewhere/BBB000.key luks
CCC000 UUID=f562f785-114c-4d51-8cd0-8a913a39ad16 /path/somewhere/CCC000.key luks

7.找到加密分区

应该是以"dm-uuid-CRYPT" 开头

1
2
3
4
ls /dev/disk/by-id
dm-uuid-CRYPT-LUKS2-8sfaa99s8060b40ee8ed3177fd5f85c8e-AAA000
dm-uuid-CRYPT-LUKS2-8sd8fax93fbb454a8ef245b38a35d9b6-BBB000
dm-uuid-CRYPT-LUKS2-f562f785114c4d518cd08a913a39ad16-CCC000

8.创建zfs raidz

ashift=12 设置4k对齐

1
zpool create -o ashift=12 fridaypool raidz /dev/disk/by-id/dm-uuid-CRYPT-LUKS2-8sfaa99s8060b40ee8ed3177fd5f85c8e-AAA000 /dev/disk/by-id/dm-uuid-CRYPT-LUKS2-8sd8fax93fbb454a8ef245b38a35d9b6-BBB000 /dev/disk/by-id/dm-uuid-CRYPT-LUKS2-f562f785114c4d518cd08a913a39ad16-CCC000

9.修改挂载点

1
2
3
4
5
zfs get mountpoint
NAME      PROPERTY    VALUE       SOURCE
fridaypool  mountpoint  /fridaypool   default

zfs set mountpoint=/home/samba fridaypool

10.更换损坏的硬盘

查看zfs状态：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
$ zpool status
  pool: fridaypool
 state: DEGRADED
status: One or more devices could not be used because the label is missing or
	invalid.  Sufficient replicas exist for the pool to continue
	functioning in a degraded state.
action: Replace the device using 'zpool replace'.
   see: http://zfsonlinux.org/msg/ZFS-8000-4J
  scan: none requested
config:

	NAME                                                               STATE     READ WRITE CKSUM
	fridaypool                                                           DEGRADED     0     0     0
	  raidz1-0                                                         DEGRADED     0     0     0
	    dm-uuid-CRYPT-LUKS2-8sfaa99s8060b40ee8ed3177fd5f85c8e-AAA000  ONLINE       0     0     0
	    17440926855258209948                                           UNAVAIL      0     0     0  was /dev/disk/by-id/dm-uuid-CRYPT-LUKS2-8sd8fax93fbb454a8ef245b38a35d9b6-BBB000
	    dm-uuid-CRYPT-LUKS2-f562f785114c4d518cd08a913a39ad16-CCC000  ONLINE       0     0     0

新增自盘，加密并挂载，执行替换命令：

zpool replace fridaypool 17440926855258209948 dm-uuid-CRYPT-LUKS2-7156ddb895174f0899450b343d8sfslaf-BBB000

查询状态：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
$ zpool status -x
  pool: fridaypool
 state: DEGRADED
status: One or more devices is currently being resilvered.  The pool will
	continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
  scan: resilver in progress since Thu Jan 14 12:54:04 2021
	17.1G scanned at 700M/s, 4.03G issued at 165M/s, 17.1G total
	1.34G resilvered, 23.54% done, 0 days 00:01:21 to go
config:

	NAME                                                                 STATE     READ WRITE CKSUM
	fridaypool                                                             DEGRADED     0     0     0
	  raidz1-0                                                           DEGRADED     0     0     0
	    dm-uuid-CRYPT-LUKS2-8sfaa99s8060b40ee8ed3177fd5f85c8e-AAA000    ONLINE       0     0     0
	    replacing-1                                                      DEGRADED     0     0     0
	      17440926855258209948                                           UNAVAIL      0     0     0  was /dev/disk/by-id/dm-uuid-CRYPT-LUKS2-8sd8fax93fbb454a8ef245b38a35d9b6-BBB000
	      dm-uuid-CRYPT-LUKS2-7156ddb895174f0899450b343d8sfslaf-BBB000  ONLINE       0     0     0  (resilvering)
	    dm-uuid-CRYPT-LUKS2-f562f785114c4d518cd08a913a39ad16-CCC000    ONLINE       0     0     0

errors: No known data errors

此时正在合并数据到新的磁盘。

稍等片刻查询状态：

1
2
$ zpool status -x
all pools are healthy

Contents