Originally posted by flower
View Post
Announcement
Collapse
No announcement yet.
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
Collapse
X
-
Last edited by deusexmachina; 16 April 2024, 04:54 PM.
-
It might (??) not be the "filesystem" maybe just something in a driver or the resume logic that doesn't deal gracefully with the wake up of that drive, maybe I/O is attempted before the drive is ready or before it is mounted / unlocked / whatever.
Of course the file system higher layers could be more resilient with retries or administerable settings to delay / verify / retry / recover or such.
Some systems have different power management modes you can set the disks to go in during various idle / sleep conditions so it's possible tuning something
there could help unless you mean cold-off hibernate kind of sleep at which point the ACPI/ASPM and driver re-init etc. has to work to get it ready before anything else happens.
Originally posted by pWe00Iri3e7Z9lHOX2Qx View Post
Fun real life recent experience here. I've been mostly fine with Btrfs for root on Tumbleweed / Leap / Fedora for years now. But I just had Btrfs absolutely shit itself for seemingly no good reason on my main desktop two weeks ago. It locked hard when resuming from sleep. I had to power cycle the machine but it came back up. The same thing happened on the next sleep cycle. After that, I couldn't even log into a TTY or ssh session due to i/o errors. It starting spewing this over and over again ...
Code:BTRFS error (device dm-1: state EA): bdev /dev/mapper/system-root errs: wr 113, rd XXXXXXXX, flush 0, corrupt 0, gen 0 BTRFS error (device dm-1: state EA): bdev /dev/mapper/system-root errs: wr 113, rd XXXXXXXX, flush 0, corrupt 0, gen 0 BTRFS error (device dm-1: state EA): bdev /dev/mapper/system-root errs: wr 113, rd XXXXXXXX, flush 0, corrupt 0, gen 0 BTRFS error (device dm-1: state EA): bdev /dev/mapper/system-root errs: wr 113, rd XXXXXXXX, flush 0, corrupt 0, gen 0
Comment
-
So does the ubuntu install / boot process support things like generating a LUKS-2 compatible image and work with things like FIDO tokens and such being able to be used to open / boot the luks encrypted zfs root and other drives / partitions?
It was moderately recently (last year?) IIRC that there were some improvements to / problems with some versions of GRUB to deal with luks 2, fido, etc.
IIRC some worked around the issue by using dracut instead of grub.
- Likes 1
Comment
-
Originally posted by deusexmachina View Post
zfsbootmenu devs use void and wrote its install guide for zfs on root. NixOS is a bikeshed that's mutated into a prefab mansion assembly line. Isn't it on zfs version 2.1 anyway? void & arch are on 2.2.3 and are both a more stable experience than NixOS.
Also, I'm quite sure you've never ever used NixOS in production. Why? Because it just works. All the time.
My backup servers are using NixOS with ZFS storage. They are using unattended upgrades, and reboot automatically when needed.
I absolutely never had a single issue in four years of 24/7 use.
That's quite stable I think.
- Likes 1
Comment
-
Originally posted by varikonniemi View PostThis is a real ace in the sleeve of ubuntu. I don't support zfs due to their licensing shit, but for those that insist on it i think it's nice to have a popular distro offer great support.
Admittedly, you are putting yourself kind of in a vendor lock-in in the sense that it's not plug&play anymore to migrate.
Comment
-
Originally posted by varikonniemi View Post
and that's why i applauded them for that part. Am i a zealot for expressing my concern, and preference for something else? You sure are bound to see zealots everywhere you go outside of your little zfs fanclub if you get that hostile whenever someone else voices a differing opinion.
Comment
-
Originally posted by skeevy420 View Post
Zsys never really took off outside of Ubuntu for that same reason because it was based on ZFS using GRUB with a split boot & root partition scheme that may or many not have been on top of LUKS. None of that utilizes ZFS's strengths. It's just how Ubuntu does things and Zsys acts as a way to place ZFS into the role of a traditional file system and framework the bootloader, encryption, and other features around that.
They're not exactly the same, but Zsys is to ZFS is as what Stratis is to XFS. They both framework features around a file system. The difference with Stratis is that RHEL and Fedora have made Stratis so easy for others to adopt that it's gone from AUR to now being part of the Arch repos while Zsys hasn't even made it to the AUR. It says a lot about a project without saying anything at all when something as high profile and well knows as Zsys doesn't make the AUR.## VGA ##
AMD: X1950XTX, HD3870, HD5870
Intel: GMA45, HD3000 (Core i5 2500K)
Comment
-
Originally posted by skeevy420 View PostUbuntu's setup is just ZFS over LUKS.
Originally posted by varikonniemi View PostThis is not ZFS on root, but ZFS wrapped up in LUKS.
Originally posted by royce View PostIs it? I've used this before, admittedly a couple of years back, and it was using native ZFS encryption. Has this changed with this release?
Originally posted by pong View PostSo does the ubuntu install / boot process support things like generating a LUKS2 compatible image and work with things like FIDO tokens and such being able to be used to open / boot the luks encrypted zfs root and other drives / partitions?
The way Ubuntu set up ZFS with encryption is the following:- 2 zpool: a small one for grub boot environment (not sure why do you need this...), a main one for everything else;
- the installer will use 1 disk, partitioning it in 3 (no partition is LUKS-encrypted): one tiny partition for bootloader(bios)/esp(uefi), one small partition as a boot zpool vdev, one big partition as a main/root zpool vdev;
- the boot zpool is not encrypted
- the main zpool contains a small zdev called keystore that is LUKS-encrypted and contains a small ext4-formatted file system with a single key file
- the root filesystem in the main zpool (and all its children created by the Ubuntu installer) are encrypted using native zfs encryption with the key saved in the keystore
- grub boots from the boot zpool, unlocking the encryption is done by scripts in the initramfs
- initramfs scripts import the main zpool
- initramfs scripts decrypt /dev/zd0 into /dev/mapper/keystore-POOLNAME
- initramfs scripts mount /dev/mapper/keystore-POOLNAME at /run/keystore/POOLNAME/ and load the key
- the root filesystem and all children are mounted
Last edited by Agno; 17 April 2024, 01:13 PM.
- Likes 2
Comment
Comment