I have a mirrored ZFS on Linux pool and I am now regretting not having encrypted the underlying disks. Can I do this after the fact, i.e.: - break the mirror: zpool detach tank /dev/sdb - wipe disk - cryptsetup luksFormat /dev/sdb - rebuild the mirror: zpool attach tank /dev/sda /dev/mapper/c1 When I created the pool I gave ZFS the entire disks so it formatted them GPT: ----- Begin quote ----- Partition Table: gpt Number Start End Size File system Name Flags 1 1048576B 2000390528511B 2000389479936B zfs zfs 9 2000390528512B 2000398917119B 8388608B ----- End quote ----- The main question is whether the LUKS disk would have at least as many blocks as #1. Looking at the numbers is looks like there is 1MB available at the beginning, and 8MB at the end, and the LUKS header is 1MB+4096B or 2 MB, so it looks like it will fit on the raw device. The other route would be to use a detached header. Any recommendations between the two methods? Assuming this could work I suppose the safest way to do this would be to buy a 3rd disk, encrypt it, add it to the pool, then rotate the original 2 out one at a time. Oh, and backups, backups, and more backups. Thanks -- The world is coming to an end, SAVE YOUR BUFFERS!!!
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
