Markus Heberling Coding == Relaxing


Ubuntu 13.10 LUKS Encypted ZFS Root on HP N54L

This guide installs a ZFS mirror on LUKs encrypted containers. This leads to a performance hit, since writing requires each block of data to be encrypted twice. Addituionally the HP N54L has no AES CPU instruction. All IO is very CPU bound after this. I get a write throughput of about 8M/s. I am using the system to receive ZFS backups via zfs send/receive over a DSL connection. This is working fine since the connection speed is much slower than the writing speed. This setup is not for you if you need faster write speeds.

I used the Ubuntu 13.10 64bit Desktop Live CD and copied it to an USB stick with dd. Creating the USB stick with tools like unetbootin will not work, since the HP N54L will think it is a floppy and halt at the syslinux stage.

Install the ZFS native repository for Ubuntu:

I have 2 WD Red 4 TB disks in the system. We need a small partition for grub and a small RAID for the unencrypted /boot partition. I create an additional very small raid, with a LUKS container inside, so that all keys can be derived from that. The rest of the space is for the LUKS container with a ZFS pool and the root filesystem inside.

Next we create the raid

And then create the LUKS containers

Create the zpool

install the base system

The HP N54L needs the uhci-hcd module in the initramfs. The release version of initramfs-tools is broken. There is an update in the proposed section, that fixes this. Without you won't be able to enter your password on boot.

Change into the new system

You are inside the new system now.

You are back in the host system now

 Rescue Mode

Boot the lived again and then:

To leave the system again:


Optionally unlock your server via SSH

Add the file /etc/initramfs-tools/hooks/unlock with the following contents:


You can now log into your initramfs during boot via shh with the root user and unlock the disks by calling:

Final remarks

You should probably backup your LUKs headers and store them in a safe place:

If you have sugustions on how to improve this setup, feel free to post them in the comments.



ZFS im Hetzner Rescue System

Ich betreibe einen Rootserver bei Hetzner, der mittels ZFS on Linux komplett unter ZFS läuft. Wenn man da was kaputt macht kommt man mit dem Hetzner Rescue System nicht weit, weil das kein ZFS unterstützt. Es ist aber sehr einfach das nachzuinstallieren:

Jetzt ist ZFS installiert und man kann seinen pool importieren:

Danach ist man im gechrooteten Original System und kann seine kaputte Konfiguration reparieren. /dev, /proc, /sys sind gemounted, so dass auch zum Beispiel der Bootloader neu geschrieben kann, wenn man sich den mal zerschossen hat, was mit ZFS on root durchaus mal vorkommen kann.

Bevor ich das System neu starte teste ich das ganze dann gerne nochmal schell in einer virtuellen maschine, um sicher zu sein, dass auch alles wieder startet. Dazu muss vorher die chroot-Umgebung verlassen und unmounted werden:

Danach kann man sein System in kvm starten und schauen ob es wieder bootet:

Tagged as: , , No Comments