Tips for storage config and ZFS encryption

Phil Shaw

Member
Jul 23, 2019
3
0
21
57
Hi all

I'm looking to build a new Proxmox 6.0 installation.

I have 1 x 240GB SSD and 4 x 10TB HD's

Looking to boot via UEFI (secure boot?) and have all the storage using ZFS with native encryption.

1.Whats the most appropriate ZFS / pool / raid config? I'm happy with 1 disk redundancy?
2.Is it better to keep OS separate from data with 2 pools?
3.Can I do this install from the install wizard? I can't see any options for ZFS encryption or complex pool configs
4.How does the passphrase get pushed to the bootloader? Especially with 2+ pools
5.Whats the best way to carve up the pool for VM's etc. Any worked examples?

Thanks
Phil
 
The official hardware recommendations are here. Your ideal configuration depends heavily on your requirements. Situations with similar hardware have already been discussed heavily on the forum.

You can find valuable information on how zfs encryption works in our documentation.
 
Thanks for the replies:

1.I have flicked through the documentation but it doesn't answer my specific questions. Was hoping for someone with a little experience who could save me trying out a dozen ZFS configs

2.I've already bought the HD's. Not looking for super performance, just reliability

Any other hints out there?

cheers
 
1.I have flicked through the documentation but it doesn't answer my specific questions. Was hoping for someone with a little experience who could save me trying out a dozen ZFS configs

2.I've already bought the HD's. Not looking for super performance, just reliability

Any other hints out there?

Go with RAIDz1 over 4 disks if you do not want performance. If you do, go with a stripped mirror setup.

And to answer your unanswered questions:

2.Is it better to keep OS separate from data with 2 pools?

In such a small disk setup, I do not recommend it. If you already stated that you do not want performance, go with one pool.

3.Can I do this install from the install wizard? I can't see any options for ZFS encryption or complex pool configs

Encryption has to be activated after the install and does only work for non-OS data. You can install on RAIDz1 and stripped mirror from the installer.

4.How does the passphrase get pushed to the bootloader? Especially with 2+ pools

It does currently not. Encrypted ZFS is very new and this feature will probably come (hopefully eventually). If you want a fully encrypted setup, go with LUKS.

5.Whats the best way to carve up the pool for VM's etc. Any worked examples?

You have a pool, so "carving up" does not apply.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!