Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
advanced:target [2018/10/02 21:06] – created admin | advanced:target [2018/10/03 01:15] – dan | ||
---|---|---|---|
Line 3: | Line 3: | ||
Unfortunately, | Unfortunately, | ||
+ | |||
+ | ===== Rebuild the kernel ===== | ||
+ | To ensure you have the headers for the running kernel installed, run the following commands (taken from the [[https:// | ||
+ | < | ||
+ | sudo apt update && sudo apt upgrade | ||
+ | sudo apt install git gcc g++ build-essential | ||
+ | git clone --depth 1 https:// | ||
+ | cd linux | ||
+ | make odroidxu4_defconfig | ||
+ | make -j8 | ||
+ | sudo make modules_install | ||
+ | sudo cp -f arch/ | ||
+ | sudo cp -f arch/ | ||
+ | sudo cp -f arch/ | ||
+ | sudo cp -f arch/ | ||
+ | sudo cp .config / | ||
+ | sudo update-initramfs -c -k `make kernelrelease` | ||
+ | sudo mkimage -A arm -O linux -T ramdisk -C none -a 0 -e 0 -n uInitrd -d / | ||
+ | sudo cp / | ||
+ | sync | ||
+ | </ | ||
+ | Then reboot your system to start using the new kernel. | ||
+ | |||
+ | ===== Build ZFS on Linux ===== | ||
+ | These instructions are taken from the [[https:// | ||
+ | < | ||
+ | sudo apt install build-essential autoconf libtool gawk alien fakeroot zlib1g-dev uuid-dev libattr1-dev libblkid-dev libselinux-dev libudev-dev parted lsscsi ksh libssl-dev libelf-dev | ||
+ | </ | ||
+ | Then download, build, and install the ZFS code: | ||
+ | < | ||
+ | git clone https:// | ||
+ | cd zfs | ||
+ | git checkout master | ||
+ | sh autogen.sh | ||
+ | ./configure | ||
+ | make -s -j$(nproc) | ||
+ | sudo make install | ||
+ | </ | ||
+ | Then load the ZFS modules: | ||
+ | < | ||
+ | sudo modprobe zfs | ||
+ | </ | ||
+ | |||
+ | ===== Create the pool ===== | ||
+ | Create your pool. Make sure to set '' | ||
+ | < | ||
+ | zpool create -o ashift=12 dozer / | ||
+ | </ | ||
+ | |||
+ | ===== Enable encryption, and create an encrypted dataset ===== | ||
+ | The idea of this system is to be a standalone storage " | ||
+ | < | ||
+ | zpool set feature@encryption=enabled dozer | ||
+ | </ | ||
+ | Then, create the encrypted dataset: | ||
+ | < | ||
+ | zfs create -o encryption=on -o keylocation=prompt -o keyformat=passphrase dozer/ | ||
+ | </ | ||
+ | The system will prompt you for a passphrase, which you'll need whenever you mount that dataset. | ||
+ | |||
+ | ===== Create a replication user ===== | ||
+ | For the sake of security, it would be best if replication to this device ran as a user other than root. Start by creating the user: | ||
+ | < | ||
+ | adduser zfsuser | ||
+ | </ | ||
+ | Disable login for that user: | ||
+ | < | ||
+ | chsh -s /bin/false zfsuser | ||
+ | </ | ||
+ | Generate a SSH keypair for that user: | ||
+ | < | ||
+ | sudo -u zfsuser ssh-keygen | ||
+ | </ | ||
+ | Now allow that user to make changes on the encrypted dataset: | ||
+ | < | ||
+ | zfs allow -u zfsuser create, | ||
+ | </ | ||