Hi, I am new to zfs, I recently purchased a thinkpad e14 gen2 which has 2 x m.2 slots, which I have put 2 x 1gb drives into.
How would I install zfs in a mirror with encryption with ubuntu 24.04 LTS on top?
I have heard on libera chat that zfs encryption causes data corruption, what are peoples experience on this? what are the alternatives to using zfs native encryption ?
Thereās a very good guide to installing Ubuntu on ZFS here. Itās written for 22.04, but it should work fine for 24.04.
I do use native ZFS encryption on several systems and I havenāt seen any issues. Small sample size, but anecdotal evidence is something. Iāve heard of issues with certain edge cases in raw ZFS send/recv. Iāve had a couple instances where zpool status claims a corrupt file with a weird hex file name that doesnāt map to any real file.
I use zfs encryption on all my devices (laptop, desktop, and sever) and have never experienced the data corruption bugs mentioned when doing send/recv. After I first read about it, I make sure to check my bkup zfs store every once in awhile, but everything is good so far.
That being said, if I was doing a clean install of everything today with the knowledge I have, I donāt know what I would do. There has been enough talk about it to concern me, and yet I feel like Iām a moderate user and have never seen it personally. However, if I do see it, I imagine Iāll see it when itās the least convenient and then Iāll have to use my cloud backups instead. āā (ā ā āµā ā )ā ā
Others have covered the install options. Iāll only add that you can install to a single drive and when everything looks good, you can partition the second drive to match and then add the partitions to create mirrors. Thereās probably some fiddling to get full duplication (EFI partition, grub/syslinux and stuff like that.)
Iāve been using native encryption on my laptop (single drive) and get āpermanent errorsā reported if I run full pool backups hourly using syncoid. These have all been in snapshots and if I stop the backups, they eventually go away as the corresponding snapshot is deleted. So far this has not been a problem, but as always YMMV.
I have heard on libera chat that zfs encryption causes data corruption, what are peoples experience on this? what are the alternatives to using zfs native encryption ?
Outsides of power loss scenarios, I believe that most of the reported issues were around using ZFS send/receive to send snapshots to another system (please correct me if Iām wrong), not just using ZFS encryption on a system.
I run ZFS encryption on my home servers, laptop, and NAS these days, and use replication as part of my backup strategy for select datasets on my laptop and server. I have not encountered any data loss bugs, yet.
If this is a concern for you, and you want to use ZFS with encryption, then you have a few options:
Adopt a second strategy for backups - use rsync or some other thing (Borg, etc.) that isnāt ZFS replication to mitigate the risk. (This is my strategy, personally. My external backup drives are encrypted via LUKS.)
Use a different encryption (e.g. LUKS) to encrypt the device, then create your pools on top of the decrypted logical devices that LUKS provides. Iāve used this extensively in a production capacity for 5+ years before native encryption was a thing for a distributed analytics cluster used by support and sustaining engineering teams for a tech company and it performed decently until the cluster was decommissioned after the company was acquired.
Would I use ZFS on LUKS again? No, I wouldnāt. It was only deployed because we had to use encryption and native encryption wasnāt yet an option. Itās harder to configure and thereās always a chance that an upgrade could break things. Iād go native encryption and mitigate data loss risks with a well tested backup strategy.