X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;ds=sidebyside;f=local-zfs.adoc;h=b4fb7dbf1e8ffdb1a83ca595107130c001ba0e5a;hb=f11fb629b7ecdcff4a3f7ec8287241bc290afa5b;hp=e3c65de7c51faa3751ef6f300db5b92376560896;hpb=cca0540e3c901f681c534578d60f97cf1f4fff0d;p=pve-docs.git diff --git a/local-zfs.adoc b/local-zfs.adoc index e3c65de..b4fb7db 100644 --- a/local-zfs.adoc +++ b/local-zfs.adoc @@ -236,7 +236,7 @@ As `` it is possible to use more devices, like it's shown in .Add cache and log to an existing pool -If you have an pool without cache and log. First partition the SSD in +If you have a pool without cache and log. First partition the SSD in 2 partition with `parted` or `gdisk` IMPORTANT: Always use GPT partition tables. @@ -269,7 +269,7 @@ Activate E-Mail Notification ZFS comes with an event daemon, which monitors events generated by the ZFS kernel module. The daemon can also send emails on ZFS events like -pool errors. Newer ZFS packages ships the daemon in a separate package, +pool errors. Newer ZFS packages ship the daemon in a separate package, and you can install it using `apt-get`: ---- @@ -314,7 +314,8 @@ time this value changes: [[zfs_swap]] -.SWAP on ZFS +SWAP on ZFS +~~~~~~~~~~~ Swap-space created on a zvol may generate some troubles, like blocking the server or generating a high IO load, often seen when starting a Backup @@ -351,11 +352,12 @@ improve performance when sufficient memory exists in a system. |=========================================================== [[zfs_encryption]] -.Encrypted ZFS Datasets +Encrypted ZFS Datasets +~~~~~~~~~~~~~~~~~~~~~~ ZFS on Linux version 0.8.0 introduced support for native encryption of datasets. After an upgrade from previous ZFS on Linux versions, the encryption -feature needs to be enabled per pool: +feature can be enabled per pool: ---- # zpool get feature@encryption tank @@ -379,7 +381,7 @@ booting, or to write a custom unit to pass the key material needed for unlocking on boot to `zfs load-key`. WARNING: Establish and test a backup procedure before enabling encryption of -production data.If the associated key material/passphrase/keyfile has been +production data. If the associated key material/passphrase/keyfile has been lost, accessing the encrypted data is no longer possible. Encryption needs to be setup when creating datasets/zvols, and is inherited by @@ -408,7 +410,7 @@ Enter passphrase for 'tank/encrypted_data': It is also possible to use a (random) keyfile instead of prompting for a passphrase by setting the `keylocation` and `keyformat` properties, either at -creation time or with `zfs change-key`: +creation time or with `zfs change-key` on existing datasets: ---- # dd if=/dev/urandom of=/path/to/keyfile bs=32 count=1