proven ZFS recipes

all the below worked for me in OpenZFS 2.3.5

Destroy/Create an array

remove shitty partitions from newly bought disk

sudo wipefs -a /dev/sda

create encrypted pool (std passphrase) for single-disk ZFS

sudo zpool create -o ashift=12 \
                 -O encryption=aes-256-gcm \
                 -O keyformat=passphrase \
                 -O keylocation=prompt \
                 backup-disk /dev/sda

Explicit use of some popular defaults ¹

create encrypted pool (key kept in file) for 6-wide array with 4 disks worth of useful capacity and 2 redundant drives

sudo zpool create hive draid2:4d:6c:0s \ 
-O encryption=aes-256-gcm \ 
-O keyformat=raw \ 
-O keylocation=file:///run/hive.key \   
	nvme-eui.0000000624021137caf25b031e000211 \  
	nvme-eui.0000000624011604caf25b031000008f \  
	nvme-eui.0000000623080454caf25b0350000420 \  
	nvme-eui.0000000624021137caf25b034e00002b \  
	nvme-eui.0000000625062076caf25b03700003f4 \  
	nvme-eui.0000000625062076caf25b037000040a

if any husbandry needed in future

Load the encryption key (will be prompted for the passphrase)

sudo zfs load-key backup-disk

Mount the pool

sudo zfs mount backup-disk

Check mount status

zfs mount | grep backup-disk or use df df -h | grep backup-disk

Check encryption status

zfs get encryption,keystatus,mounted backup-disk

Set a custom mountpoint

sudo zfs set mountpoint=/mnt/backup backup-disk

Then mount

sudo zfs mount backup-disk

Random key for encryption

sudo dd if=/dev/random of=/run/hive.key bs=32 count=1

copy with verbose progress

sudo rsync -aAXHv --info=progress2 /hive/ /backup-disk/

Other interesting options, not tested yet


# Change to use key file 
sudo zfs change-key -o keylocation=file:///root/backup-disk-key backup-disk

# Create a snapshot of the source 
sudo zfs snapshot -r hive@backup 

# Send to the new pool with progress 
sudo zfs send -Rv hive@backup | pv | sudo zfs receive -F backup-disk/hive

ashift=12 means ZFS uses 2^12 = 4096 byte (4K) sectors, which is probably good for performance, as almost all modern NVMe drives use 4K sectors. Interestingly, Oracle says that GCM has biggest impact on CPU, but other sources say otherwise. Anyways, if you expect using deduplication feature, you might prefer CCM type encryption. ↩

proven ZFS recipes

Destroy/Create an array

remove shitty partitions from newly bought disk

create encrypted pool (std passphrase) for single-disk ZFS

create encrypted pool (key kept in file) for 6-wide array with 4 disks worth of useful capacity and 2 redundant drives

if any husbandry needed in future

Load the encryption key (will be prompted for the passphrase)

Mount the pool

Check mount status

Check encryption status

Set a custom mountpoint

Then mount

Random key for encryption

copy with verbose progress

Other interesting options, not tested yet

Graph View

Table of Contents

proven ZFS recipes

Destroy/Create an array

remove shitty partitions from newly bought disk

create encrypted pool (std passphrase) for single-disk ZFS

create encrypted pool (key kept in file) for 6-wide array with 4 disks worth of useful capacity and 2 redundant drives

if any husbandry needed in future

Load the encryption key (will be prompted for the passphrase)

Mount the pool

Check mount status

Check encryption status

Set a custom mountpoint

Then mount

Random key for encryption

copy with verbose progress

Other interesting options, not tested yet

Footnotes

Graph View

Table of Contents