Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cbsd geli with device end with an error #106

Closed
palica opened this issue Nov 4, 2016 · 4 comments
Assignees

Comments

@palica
Copy link
Contributor

@palica palica commented Nov 4, 2016

When trying to initialize geli encryption on a device (zvol) it ends with an error.

 cbsd geli mode=init device=/dev/zvol/storage/usr/jails/enc-www
Enter passphrase for /dev/zvol/storage/usr/jails/enc-www:
New Password:
Retype New Password:
Metadata backup can be found in /var/backups/zvol_storage_usr_jails_enc-www.eli and
can be restored with the following command:

# geli restore /var/backups/zvol_storage_usr_jails_enc-www.eli /dev/zvol/storage/usr/jails/enc-www

mdconfig: option requires an argument -- f
usage: mdconfig -a -t type [-n] [-o [no]option] ... [-f file]
                [-s size] [-S sectorsize] [-u unit]
                [-x sectors/track] [-y heads/cylinder]
       mdconfig -d -u unit [-o [no]force]
       mdconfig -r -u unit -s size [-o [no]force]
       mdconfig -l [-v] [-n] [-f file] [-u unit]
       mdconfig file
                type = {malloc, vnode, swap}
                option = {cluster, compress, reserve}
                size = %d (512 byte blocks), %db (B),
                       %dk (kB), %dm (MB), %dg (GB),
                       %dt (TB), or %dp (PB)
error: geli: Invalid number of arguments.
@olevole olevole self-assigned this Nov 4, 2016
@olevole

This comment has been minimized.

Copy link
Collaborator

@olevole olevole commented Nov 4, 2016

At the moment, CBSD not tested/works with ZVOL, only with mdconfig/vnode-based backend: https://www.bsdstore.ru/en/cbsd_geli.html

Let this report will stay as todo/request features.

@palica

This comment has been minimized.

Copy link
Contributor Author

@palica palica commented Nov 4, 2016

I can help you test it and debug it. I am able to mount the device manualy and use it.

@olevole

This comment has been minimized.

Copy link
Collaborator

@olevole olevole commented Nov 17, 2016

note to self:

Looks like native encryption coming soon to upstream:

http://open-zfs.org/wiki/ZFS-Native_Encryption
https://drive.google.com/file/d/0B5hUzsxe4cdmU3ZTRXNxa2JIaDQ/view

So, CBSD must have option/must be able to choosing encryption method: GELI and ZFS-based.

Also, GELI-based (and ZFS) encryption good not only for bhyve. Here is XEN and jail also can use it for separated secured place

olevole added a commit that referenced this issue Nov 23, 2016
…do: may be best way to store FW-related rule in SQLite3, cause grep/cat-method for editing ascii file is not good idea
olevole added a commit that referenced this issue Dec 20, 2017
@olevole

This comment has been minimized.

Copy link
Collaborator

@olevole olevole commented Dec 20, 2017

fixed, thanks!

@olevole olevole closed this Dec 20, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.