I installed a vanilla FreeBSD 11.0 (amd64) and chose the installation option "ZFS on / (encrypted)" (or however it is really called). Now I have a nice ZFS pool:
root@storage:~ # zpool list
NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT
zroot 5.44T 943M 5.44T - 0% 0% 1.00x ONLINE -
root@storage:~ # df -ah
Filesystem Size Used Avail Capacity Mounted on
zroot/ROOT/default 5.3T 299M 5.3T 0% /
devfs 1.0K 1.0K 0B 100% /dev
zroot/tmp 5.3T 96K 5.3T 0% /tmp
zroot/usr/home 5.3T 136K 5.3T 0% /usr/home
zroot/usr/ports 5.3T 641M 5.3T 0% /usr/ports
zroot/usr/src 5.3T 96K 5.3T 0% /usr/src
zroot/var/audit 5.3T 96K 5.3T 0% /var/audit
zroot/var/crash 5.3T 96K 5.3T 0% /var/crash
zroot/var/log 5.3T 160K 5.3T 0% /var/log
zroot/var/mail 5.3T 96K 5.3T 0% /var/mail
zroot/var/tmp 5.3T 96K 5.3T 0% /var/tmp
zroot 5.3T 96K 5.3T 0% /zroot
I currently have only one hardware RAID5 on my controller configured (aacd0). In the future I might add another RAID5 with the currently free slots of my server to extend the available storage (striped).
root@storage:/zroot # zpool status
pool: zroot
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
aacd0p3.eli ONLINE 0 0 0
How would I add a second "disk" to my zpool than? Let's call that aacd1. I see that aacd0 is GELI encrypted, which is good - the key is prompted for on boot, I would like to be aacd1 encrypted with the same then.
I am missing the link here: how would I setup the second disk to be encrypted with the same key (only have to input and memorize one key for both disks) and add that to the "zroot" pool?
Would it be wiser to install the OS on a non-zfs disk / stick and setup an encrypted ZFS striped pool from there? I can find a lot of documentation for this use case...
