+[[chapter_zfs]]
ZFS on Linux
------------
-include::attributes.txt[]
+ifdef::wiki[]
+:pve-toplevel:
+endif::wiki[]
ZFS is a combined file system and logical volume manager designed by
Sun Microsystems. Starting with {pve} 3.4, the native Linux
kernel port of the ZFS file system is introduced as optional
-file-system and also as an additional selection for the root
-file-system. There is no need for manually compile ZFS modules - all
+file system and also as an additional selection for the root
+file system. There is no need for manually compile ZFS modules - all
packages are included.
-By using ZFS, its possible to achieve maximal enterprise features with
+By using ZFS, its possible to achieve maximum enterprise features with
low budget hardware, but also high performance systems by leveraging
SSD caching or even SSD only setups. ZFS can replace cost intense
hardware raid cards by moderate CPU and memory load combined with easy
* Protection against data corruption
-* Data compression on file-system level
+* Data compression on file system level
* Snapshots
practice, use as much you can get for your hardware/budget. To prevent
data corruption, we recommend the use of high quality ECC RAM.
-If you use a dedicated cache and/or log disk, you should use a
+If you use a dedicated cache and/or log disk, you should use an
enterprise class SSD (e.g. Intel SSD DC S3700 Series). This can
increase the overall performance significantly.
-IMPORTANT: Do not use ZFS on top of hardware controller which has it's
+IMPORTANT: Do not use ZFS on top of hardware controller which has its
own cache management. ZFS needs to directly communicate with disks. An
HBA adapter is the way to go, or something like LSI controller flashed
-in 'IT' mode.
+in ``IT'' mode.
If you are experimenting with an installation of {pve} inside a VM
-(Nested Virtualization), don't use 'virtio' for disks of that VM,
+(Nested Virtualization), don't use `virtio` for disks of that VM,
since they are not supported by ZFS. Use IDE or SCSI instead (works
-also with 'virtio' SCSI controller type).
+also with `virtio` SCSI controller type).
-Installation as root file system
+Installation as Root File System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you install using the {pve} installer, you can choose ZFS for the
time:
[horizontal]
-RAID0:: Also called 'striping'. The capacity of such volume is the sum
-of the capacity of all disks. But RAID0 does not add any redundancy,
+RAID0:: Also called ``striping''. The capacity of such volume is the sum
+of the capacities of all disks. But RAID0 does not add any redundancy,
so the failure of a single drive makes the volume unusable.
-RAID1:: Also called mirroring. Data is written identically to all
+RAID1:: Also called ``mirroring''. Data is written identically to all
disks. This mode requires at least 2 disks with the same size. The
resulting capacity is that of a single disk.
RAIDZ-3:: A variation on RAID-5, triple parity. Requires at least 5 disks.
The installer automatically partitions the disks, creates a ZFS pool
-called 'rpool', and installs the root file system on the ZFS subvolume
-'rpool/ROOT/pve-1'.
+called `rpool`, and installs the root file system on the ZFS subvolume
+`rpool/ROOT/pve-1`.
-Another subvolume called 'rpool/data' is created to store VM
+Another subvolume called `rpool/data` is created to store VM
images. In order to use that with the {pve} tools, the installer
-creates the following configuration entry in '/etc/pve/storage.cfg':
+creates the following configuration entry in `/etc/pve/storage.cfg`:
----
zfspool: local-zfs
----
After installation, you can view your ZFS pool status using the
-'zpool' command:
+`zpool` command:
----
# zpool status
errors: No known data errors
----
-The 'zfs' command is used configure and manage your ZFS file
+The `zfs` command is used configure and manage your ZFS file
systems. The following command lists all file systems after
installation:
Bootloader
~~~~~~~~~~
-The default ZFS disk partitioning scheme does not use the first 2048
-sectors. This gives enough room to install a GRUB boot partition. The
-{pve} installer automatically allocates that space, and installs the
-GRUB boot loader there. If you use a redundant RAID setup, it installs
-the boot loader on all disk required for booting. So you can boot
-even if some disks fail.
-
-NOTE: It is not possible to use ZFS as root partition with UEFI
-boot.
+Depending on whether the system is booted in EFI or legacy BIOS mode the
+{pve} installer sets up either `grub` or `systemd-boot` as main bootloader.
+See the chapter on xref:sysboot[{pve} host bootladers] for details.
ZFS Administration
This section gives you some usage examples for common tasks. ZFS
itself is really powerful and provides many options. The main commands
-to manage ZFS are 'zfs' and 'zpool'. Both commands comes with great
-manual pages, worth to read:
+to manage ZFS are `zfs` and `zpool`. Both commands come with great
+manual pages, which can be read with:
----
# man zpool
# man zfs
-----
-.Create a new ZPool
+.Create a new zpool
-To create a new pool, at least one disk is needed. The 'ashift' should
-have the same sector-size (2 power of 'ashift') or larger as the
+To create a new pool, at least one disk is needed. The `ashift` should
+have the same sector-size (2 power of `ashift`) or larger as the
underlying disk.
zpool create -f -o ashift=12 <pool> <device>
-To activate the compression
+To activate compression
zfs set compression=lz4 <pool>
zpool create -f -o ashift=12 <pool> raidz2 <device1> <device2> <device3> <device4>
-.Create a new pool with Cache (L2ARC)
+.Create a new pool with cache (L2ARC)
It is possible to use a dedicated cache drive partition to increase
the performance (use SSD).
-As '<device>' it is possible to use more devices, like it's shown in
+As `<device>` it is possible to use more devices, like it's shown in
"Create a new pool with RAID*".
zpool create -f -o ashift=12 <pool> <device> cache <cache_device>
-.Create a new pool with Log (ZIL)
+.Create a new pool with log (ZIL)
It is possible to use a dedicated cache drive partition to increase
the performance(SSD).
-As '<device>' it is possible to use more devices, like it's shown in
+As `<device>` it is possible to use more devices, like it's shown in
"Create a new pool with RAID*".
zpool create -f -o ashift=12 <pool> <device> log <log_device>
-.Add Cache and Log to an existing pool
+.Add cache and log to an existing pool
If you have an pool without cache and log. First partition the SSD in
-2 partition with parted or gdisk
+2 partition with `parted` or `gdisk`
-IMPORTANT: Always use GPT partition tables (gdisk or parted).
+IMPORTANT: Always use GPT partition tables.
The maximum size of a log device should be about half the size of
physical memory, so this is usually quite small. The rest of the SSD
-can be used to the cache.
+can be used as cache.
zpool add -f <pool> log <device-part1> cache <device-part2>
-.Changing a failed Device
+.Changing a failed device
+
+ zpool replace -f <pool> <old device> <new device>
+
+.Changing a failed bootable device when using systemd-boot
- zpool replace -f <pool> <old device> <new-device>
+ sgdisk <healthy bootable device> -R <new device>
+ sgdisk -G <new device>
+ zpool replace -f <pool> <old zfs partition> <new zfs partition>
+ pve-efiboot-tool format <new disk's ESP>
+ pve-efiboot-tool init <new disk's ESP>
+
+NOTE: `ESP` stands for EFI System Partition, which is setup as partition #2 on
+bootable disks setup by the {pve} installer since version 5.4. For details, see
+xref:sysboot_systemd_boot_setup[Setting up a new partition for use as synced ESP].
Activate E-Mail Notification
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ZFS comes with an event daemon, which monitors events generated by the
-ZFS kernel module. The daemon can also send E-Mails on ZFS event like
-pool errors.
+ZFS kernel module. The daemon can also send emails on ZFS events like
+pool errors. Newer ZFS packages ships the daemon in a separate package,
+and you can install it using `apt-get`:
-To activate the daemon it is necessary to edit /etc/zfs/zed.d/zed.rc with your favored editor, and uncomment the 'ZED_EMAIL_ADDR' setting:
+----
+# apt-get install zfs-zed
+----
+
+To activate the daemon it is necessary to edit `/etc/zfs/zed.d/zed.rc` with your
+favourite editor, and uncomment the `ZED_EMAIL_ADDR` setting:
+--------
ZED_EMAIL_ADDR="root"
+--------
-Please note {pve} forwards mails to 'root' to the email address
+Please note {pve} forwards mails to `root` to the email address
configured for the root user.
-IMPORTANT: the only settings that is required is ZED_EMAIL_ADDR. All
+IMPORTANT: The only setting that is required is `ZED_EMAIL_ADDR`. All
other settings are optional.
-Limit ZFS memory usage
+Limit ZFS Memory Usage
~~~~~~~~~~~~~~~~~~~~~~
-It is good to use max 50 percent of the system memory for ZFS arc to
-prevent performance shortage of the host. Use your preferred editor to
-change the configuration in /etc/modprobe.d/zfs.conf and insert:
+It is good to use at most 50 percent (which is the default) of the
+system memory for ZFS ARC to prevent performance shortage of the
+host. Use your preferred editor to change the configuration in
+`/etc/modprobe.d/zfs.conf` and insert:
- options zfs zfs_arc_max=8589934592
+--------
+options zfs zfs_arc_max=8589934592
+--------
This example setting limits the usage to 8GB.
[IMPORTANT]
====
-If your root fs is ZFS you must update your initramfs every
-time this value changes.
+If your root file system is ZFS you must update your initramfs every
+time this value changes:
update-initramfs -u
====
+[[zfs_swap]]
.SWAP on ZFS
-SWAP on ZFS on Linux may generate some troubles, like blocking the
+Swap-space created on a zvol may generate some troubles, like blocking the
server or generating a high IO load, often seen when starting a Backup
to an external Storage.
We strongly recommend to use enough memory, so that you normally do not
-run into low memory situations. Additionally, you can lower the
-'swappiness' value. A good value for servers is 10:
+run into low memory situations. Should you need or want to add swap, it is
+preferred to create a partition on a physical disk and use it as swapdevice.
+You can leave some space free for this purpose in the advanced options of the
+installer. Additionally, you can lower the
+``swappiness'' value. A good value for servers is 10:
sysctl -w vm.swappiness=10
-To make the swappiness persistence, open '/etc/sysctl.conf' with
+To make the swappiness persistent, open `/etc/sysctl.conf` with
an editor of your choice and add the following line:
- vm.swappiness = 10
+--------
+vm.swappiness = 10
+--------
-.Linux Kernel 'swappiness' parameter values
+.Linux kernel `swappiness` parameter values
[width="100%",cols="<m,2d",options="header"]
|===========================================================
| Value | Strategy
| vm.swappiness = 60 | The default value.
| vm.swappiness = 100 | The kernel will swap aggressively.
|===========================================================
+
+[[zfs_encryption]]
+.Encrypted ZFS Datasets
+
+ZFS on Linux version 0.8.0 introduced support for native encryption of
+datasets. After an upgrade from previous ZFS on Linux versions, the encryption
+feature needs to be enabled per pool:
+
+----
+# zpool get feature@encryption tank
+NAME PROPERTY VALUE SOURCE
+tank feature@encryption disabled local
+
+# zpool set feature@encryption=enabled
+
+# zpool get feature@encryption tank
+NAME PROPERTY VALUE SOURCE
+tank feature@encryption enabled local
+----
+
+WARNING: There is currently no support for booting from pools with encrypted
+datasets using Grub, and only limited support for automatically unlocking
+encrypted datasets on boot. Older versions of ZFS without encryption support
+will not be able to decrypt stored data.
+
+NOTE: It is recommended to either unlock storage datasets manually after
+booting, or to write a custom unit to pass the key material needed for
+unlocking on boot to `zfs load-key`.
+
+WARNING: Establish and test a backup procedure before enabling encryption of
+production data.If the associated key material/passphrase/keyfile has been
+lost, accessing the encrypted data is no longer possible.
+
+Encryption needs to be setup when creating datasets/zvols, and is inherited by
+default to child datasets. For example, to create an encrypted dataset
+`tank/encrypted_data` and configure it as storage in {pve}, run the following
+commands:
+
+----
+# zfs create -o encryption=on -o keyformat=passphrase tank/encrypted_data
+Enter passphrase:
+Re-enter passphrase:
+
+# pvesm add zfspool encrypted_zfs -pool tank/encrypted_data
+----
+
+All guest volumes/disks create on this storage will be encrypted with the
+shared key material of the parent dataset.
+
+To actually use the storage, the associated key material needs to be loaded
+with `zfs load-key`:
+
+----
+# zfs load-key tank/encrypted_data
+Enter passphrase for 'tank/encrypted_data':
+----
+
+It is also possible to use a (random) keyfile instead of prompting for a
+passphrase by setting the `keylocation` and `keyformat` properties, either at
+creation time or with `zfs change-key`:
+
+----
+# dd if=/dev/urandom of=/path/to/keyfile bs=32 count=1
+
+# zfs change-key -o keyformat=raw -o keylocation=file:///path/to/keyfile tank/encrypted_data
+----
+
+WARNING: When using a keyfile, special care needs to be taken to secure the
+keyfile against unauthorized access or accidental loss. Without the keyfile, it
+is not possible to access the plaintext data!
+
+A guest volume created underneath an encrypted dataset will have its
+`encryptionroot` property set accordingly. The key material only needs to be
+loaded once per encryptionroot to be available to all encrypted datasets
+underneath it.
+
+See the `encryptionroot`, `encryption`, `keylocation`, `keyformat` and
+`keystatus` properties, the `zfs load-key`, `zfs unload-key` and `zfs
+change-key` commands and the `Encryption` section from `man zfs` for more
+details and advanced usage.
projects / pve-docs.git / blobdiff