My hardware is ready...

  • The order of the plugin installation doesn't matter but the order of the configuration does. While there are different ways to set this up, I would create the encrypted device(s) with luks first and then zfs on top of that. I haven't tried that to see if it works though.

    I think it's not possible de encrypt the drives and use zfs at the same time. When I first encrypt the drives, they are not being seen in ZFS. And when I create the pool first, it's not being seen in the Encryption area...


    No one has tried this before?


    Do I understand that there is no way to encrypt the drive while using ZFS?

    • Offizieller Beitrag

    I guess you can't use both. You could wait for the zfs plugin to support encryption or use mdadm raid.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I guess you can't use both. You could wait for the zfs plugin to support encryption or use mdadm raid.

    Oh so the ZFS plugin will support encryption in the near future? Once it is supported, I will not have to move my data or anything like that?

  • zfs native encryption support is in progress
    https://github.com/zfsonlinux/zfs/pull/4329
    no one know when it is released, (my wild guess for release is within 6 month)


    and yes, you need to set encryption before creating dataset (according to above link)

    • Encryption must be specified at dataset creation time.

    so you need to move all data, and recreate dataset with encryption enabled


    I didn't test but I think you can use luks encryption currently with zfs volume
    create volume -> luks encryption -> format with ext4 -> mount and use

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details


  • Thanks luxflow for your input.


    Indeed it worked.


    When I did it I realised that I need some strategy first about how to manage my drives.


    So I have 3 hard drives of 4Tb actually 3,6 usable. After creating a RAID-Z1 pool. I'm left with 7.02 to use. For now it's more than enough.


    But how to I manage the volume creation? I mean, should I keep this master pool with 7.02Tb and share it entirely with smb / CIFS and create folders, or do I need to create one ZFS volume per need?


    For instance : a volume for /Documents, one for /Backup, an other for /Media?


    Thanks all for your patience. I'm really new to omv/NAS and everything. But I'm not in a hurry I can take time to set things properly :)


    edit : in the case I need to create volumes, if a hard drive fails, I still can change it in a "plug and play" way?

  • one per your need
    one guide line for dividing dataset(whether it is zfs filesystem or volume) is attribute for that dataset
    zfs provide several attribute such as compression,disk size quota ..
    also zfs provide snapshot
    it depends on your need whether divide or not
    for example documents need compression on, but media don't want to compression on since media is already compressed
    and for documents, you need snapshot scheduling per hour (that means your changes is kept per hour)
    but you don't need snapshot per hour for media, then divide it
    (additional note: automatic snapshot is not supported in gui, use cli, I have plan for supporting gui)


    and if one driver fail(because raid z1 only support 1 drive fail), you need `zfs replace` command in shell (no gui support yet)

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details


  • Ok thanks for this valuable input, it makes things clearer.


    However, I did'nt get much of this sentence : "one guide line for dividing dataset(whether it is zfs filesystem or volume) is attribute for that dataset"


    So to be clear if I do this, is it clever? :


    - BigPool 7.02Tb
    -vol01 documents 1Tb (snapshot)
    -vol02 Media 3Tb (volume)
    -vol03 dataset 1To (volume) (don't know what it is for exactly and how much space it needs)


    I will be left with 2Tb not used. So if In a few months I see that documents needs more space, I'll be able to expend it, right?


    Also, in order to see all my data from my windows PC, I guess that I'll need to create at least one shared folder per volume right?

  • - BigPool 7.02Tb
    -vol01 documents 1Tb (snapshot)
    -vol02 Media 3Tb (volume)
    -vol03 dataset 1To (volume) (don't know what it is for exactly and how much space it needs)

    snapshot can be applied to any volume, any zfs filesystem (don't be confused filesystem(such as ext4) and zfs filesystem, they are different)



    I will be left with 2Tb not used. So if In a few months I see that documents needs more space, I'll be able to expend it, right?

    yes, using cli
    http://alittlestupid.com/2010/…how-to-grow-a-zfs-volume/
    keep in mind thing is ..
    shirinking filesystem process usaully more complex than expand
    so assign volume size conservatively


    Also, in order to see all my data from my windows PC, I guess that I'll need to create at least one shared folder per volume right?

    right, at least one shared folder per volume,
    you can also make share for subdirectories in volume

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

  • You totally right, I'll reduce the size for the volumes for now.


    So, I'm getting better understanding on how to slice the MainPool.


    Here is what I did :-MainPool 7.02 Tb
    ---Documents 1Tb
    ---Media 2Tb


    And that's great because now I'll also be able to encrypt the Documents and Media volumes. What about that dataset volume? Is 1Tb ok? what is it for?


    One last thing : when I try to create a shared folder in the Access Rights Management, the only Device it suggests me in the roll-up menu is the MainPool, It doesn't show me neither the Documents nor the Media volumes that I've created. Is that normal ? What's the point of creating volumes if we cannot use them? But I'm sure I'm getting something wrong.


    Thank you so much and thank ryecoaaron for your valuable help!

  • hmm there is miscommunication about dataset


    zfs terminology
    Dataset is the generic term for a ZFS file system, volume, snapshot or clone.
    https://www.freebsd.org/doc/handbook/zfs-term.html
    you should understand term in above link


    so roughly,
    physical devices is used to build vdev(s)
    on vdev(s), pool is created
    pool can have several dataset (that means filesystem, volume, clone, snapshot) and have nested structure
    each dataset have different properties
    zfs filesystem behave like other filesystem
    zfs volume is block device, it means, it act as hard disk, so you can format with another filesystem on it(such as ext4, swap)
    use case for volume is providing disk for windows VM
    zfs snapshot is taken from filesystem or volume to save specific point


    generally,
    it is more wise to use zfs filesystem rather than creating another filesystem on volume in your case
    but you need encryption, so I suggest workaround.


    so my final suggestion is like..
    -tank (pool)
    --Document (volume)
    --Media (volume)


    go filesystem -> create -> choose device -> ext4 -> mount -> go share

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

    Einmal editiert, zuletzt von luxflow ()


  • go filesystem -> create -> choose device -> ext4 -> mount -> go share

    Hi luxflow,


    Thanks for your answer. I created a 2min video to explain what I did and to show that I'm not able to do what you suggested :


    Externer Inhalt youtu.be
    Inhalte von externen Seiten werden ohne Ihre Zustimmung nicht automatisch geladen und angezeigt.
    Durch die Aktivierung der externen Inhalte erklären Sie sich damit einverstanden, dass personenbezogene Daten an Drittplattformen übermittelt werden. Mehr Informationen dazu haben wir in unserer Datenschutzerklärung zur Verfügung gestellt.


    I hope that it will clarify what I want to achieve and the problem I have!


    Thanks again

  • I guess you can't use both. You could wait for the zfs plugin to support encryption or use mdadm raid.

    Thanks luxflow It worked!. (I had to remove the drives from the encrytpion area)


    But now encrypting those drive is not possible :


    Externer Inhalt youtu.be
    Inhalte von externen Seiten werden ohne Ihre Zustimmung nicht automatisch geladen und angezeigt.
    Durch die Aktivierung der externen Inhalte erklären Sie sich damit einverstanden, dass personenbezogene Daten an Drittplattformen übermittelt werden. Mehr Informationen dazu haben wir in unserer Datenschutzerklärung zur Verfügung gestellt.


    So I guess there is no way to encrypt the drive and use them at the same time? :-/

  • oh I finally understand what you got wrong!


    luks drive should be unlocked when you're using disk
    it doesn't mean hard drive is not encrypted


    when you unlocked, you will see decrypted device which -crypto is appended to
    decryption process is made on live
    if you access -crypto device it first copy data from original device which is encrypted
    and in memory, data is decrypted using passphrase you provide when you unlocked on live


    SUPPOSE, cops invade your home, you see cops and after that immediately shutdown your computer
    then your passphrase is removed since it was in memory. so cops have to input passphrase again
    or
    SUPPOSE, you leave your laptop in coffee shop, but before leave you unlocked,
    then your passphrase is removed right now, and thief grab your laptop, but he don't know passphrase
    so he cannot get your data


    so you have to create filesystem on -crypto device
    not original filesystem


    and also it was your misunderstanding
    I think zfs filesystem works well with luks
    abandon idea using volume instead
    try zfs filesystem with luks

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

    Einmal editiert, zuletzt von luxflow ()

  • Thank you very much luxflow for your patience!


    I finaly managed to go to the process succesfully. In fact it seems that there is a specific order to follow to do this succesfuly...



    But!...unfortunatly another thing went wrong...see here :


    Externer Inhalt www.youtube.com
    Inhalte von externen Seiten werden ohne Ihre Zustimmung nicht automatisch geladen und angezeigt.
    Durch die Aktivierung der externen Inhalte erklären Sie sich damit einverstanden, dass personenbezogene Daten an Drittplattformen übermittelt werden. Mehr Informationen dazu haben wir in unserer Datenschutzerklärung zur Verfügung gestellt.


    Again, thank you very much for your patience! The only thing that keeps me sticking with OMV is that you and ryecoaaron keeps helping me otherwise I would have left for something more "noobie friendly" with plenty of documentations and a big community... :/

  • it seems likely omv-luks bug
    since omv-luks plugin recently is ported, there might be bug (it doesn't mean luks is unstable, but plugin for luks is unstable)
    I will check and fix and let you know (it will takes time <~3days?)

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

    • Offizieller Beitrag

    I don't have any speakers available to listen if there is audio on the video. If you are trying to unlock the encrypted volume, you can't while it is in use (referenced). This didn't change from OMV 2.x.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • it seems likely omv-luks bug
    since omv-luks plugin recently is ported, there might be bug (it doesn't mean luks is unstable, but plugin for luks is unstable)
    I will check and fix and let you know (it will takes time <~3days?)

    Thanks you very much luxflow for you answer! I thought that I was doing something wrong!


    No problem I will wait.


    For now I shut the server down. I will not put any data on it till I'm sure that I'll will not face any software problem in the future while expanding or doing normal stuff with the drives.

    I don't have any speakers available to listen if there is audio on the video. If you are trying to unlock the encrypted volume, you can't while it is in use (referenced). This didn't change from OMV 2.x.

    Yes I figured that out later but it was not my main problem.
    In fact the problem occurs at 1:35 when nothing happens when I want to resize the volumes.
    (I don't have any data on the drives but in was a test to see if it works for when I'll need the feature in the future).

    • Offizieller Beitrag

    In fact the problem occurs at 1:35 when nothing happens when I want to resize the volumes.

    What problem? Resize has a very specific use case and is generally used for when a drive is added to a raid array. What are you trying to do? Maybe it is in the audio but I can't hear that.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!