[RFC] geli - Allow attaching multiple providers

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[RFC] geli - Allow attaching multiple providers

Ben Woods
Hi everyone,

I would like to propose a patch to geli to allow multiple providers to be
attached in a single command if they use the same passphrase/keyfiles.

This is helpful when the providers being attached are not used for boot,
and therefore the existing code to first try the cached password when
tasting the providers during boot does not apply.

Multiple providers with the same passphrase and keyfiles can be attached at
the same time during system start-up by adding the following to
/etc/rc.conf:

geli_groups="storage backup"
geli_storage_flags="-k /etc/geli/storage.keys"
geli_storage_devices="ada0 ada1"
geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys"
geli_backup_devices="ada2 ada3"

The patch is up for review on phabricator here:
https://reviews.freebsd.org/D9396

Regards,
Ben

--
From: Benjamin Woods
[hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-geom
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: [RFC] geli - Allow attaching multiple providers

Ben Woods
On 28 May 2017 at 13:38, Ben Woods <[hidden email]> wrote:

> Hi everyone,
>
> I would like to propose a patch to geli to allow multiple providers to be
> attached in a single command if they use the same passphrase/keyfiles.
>
> This is helpful when the providers being attached are not used for boot,
> and therefore the existing code to first try the cached password when
> tasting the providers during boot does not apply.
>
> Multiple providers with the same passphrase and keyfiles can be attached
> at the same time during system start-up by adding the following to
> /etc/rc.conf:
>
> geli_groups="storage backup"
> geli_storage_flags="-k /etc/geli/storage.keys"
> geli_storage_devices="ada0 ada1"
> geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys"
> geli_backup_devices="ada2 ada3"
>
> The patch is up for review on phabricator here:
> https://reviews.freebsd.org/D9396
>
> Regards,
> Ben
>
> --
> From: Benjamin Woods
> [hidden email]
>

Hi everyone,

I have created a new phabricator review for this work to allow multiple
providers to be attached in a single geli command if they use the same
passphrase/keyfiles.

Unlike D9396, this implementation does not modify the kernel. This is
achieved by creating a new child geom request for each provider being
attached, and passing each request to the kernel one by one.

The new patch can be found here:
https://reviews.freebsd.org/D12644

I am hoping people can review and comment on this patch, and that I can get
assistance committing this once it is approved (as I am only a ports
committer).

Regards,
Ben

--
From: Benjamin Woods
[hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-geom
To unsubscribe, send any mail to "[hidden email]"