# ZFS on secondary HDDs; hostname



## byuu (Oct 23, 2015)

Hi, I have two questions.

First, I have the usual ZFS-on-Root setup with two drives in mirrored mode, which is done for me by the installer.

But I also want to have a secondary mirrored array with two mechanical drives that I mount and unmount as needed. I don't want to roll all of them into the same zpool; I want to have these be free of the OS data and I want to move them between computers on occasion.

I'm worried I might be missing an important detail in their setup, or especially in the unmounting process. So I'm asking for help in reviewing my commands, please.

To create the drives, I am using the following:

```
dd if=/dev/random of=/root/crypto.key bs=4096 count=1

gpart create -s gpt ada2
gpart create -s gpt ada3

gpart add -t freebsd-zfs ada2
gpart add -t freebsd-zfs ada3

geli init -e AES-XTS -l 256 -s 4096 -K /root/crypto.key /dev/ada2p1
geli init -e AES-XTS -l 256 -s 4096 -K /root/crypto.key /dev/ada3p1

zpool create -m none zdata mirror /dev/ada2p1.eli /dev/ad3p1.eli
zfs create zdata/nas
zfs set mountpoint=/nas zdata/nas
```

Using AES-XTS 256, 4K sectors, with password and 4KiB key for encryption.
Since ZFS has its own data integrity checking, I've left off `-a HMAC/SHA256` on `geli init`. I also don't bother with `-B` because I don't really see the point.

To mount the drives, I am using the following script:

```
#!/bin/sh
printf "Password: "
read password
echo "$password" | geli attach -k /root/crypto.key -j - /dev/ada2p1
echo "$password" | geli attach -k /root/crypto.key -j - /dev/ada3p1
zpool import zdata
```

The goal here is to avoid having to enter the password multiple times, and to keep the password out of files or the shell history file.

To unmount the drives, I am using the following script:

```
#!/bin/sh
zpool export zdata
geli detach /dev/ada2p1
geli detach /dev/ada3p1
```

What worries me here is that I've heard of `zfs unmount` and also `zpool offline`, and I'm not sure which command would be best.

Lastly on this front, I'm worried about forgetting to unmount the secondary drives before shutting down. Since I will need to manually mount after booting, is there a good way to ensure the unmount script runs upon shutdown, no matter how the system is terminated? (eg through an Xorg GUI, or through `reboot` or `shutdown -p now`)

And for testing, to destroy everything and start over:

```
zfs destroy zdata/nas
zpool destroy zdata

gpart destroy -F ada2
gpart destroy -F ada3
```

Also, as an aside... is it okay to leave off _either_ the key portion _or_ password portion with geli? Was thinking I might make some ZFS-USB sticks, and don't necessarily want to need to keep the key file around on any PC that'll use them.

...

Second question is about hostnames. I've had issues with IPv6 and the system hanging for about a minute on "Starting sendmail", and I read that it's a hostname issue. Supposedly, you don't want a bare hostname (e.g. "name"), but a qualified one (e.g. "name.domain"), and you also want that in your hosts file.

The problem is that I don't have a domain, and now we have gTLDs so pretty much anything _could_ be a valid suffix now.

I don't really want the ".domain" part if possible, but if I have to have it, what's the best value to use for it? I've been using "name.home" for now.

...

Thanks in advance for any assistance


----------



## kpa (Oct 23, 2015)

You can avoid the hang by having the hostname you set in /etc/resolv.conf to resolv to an address in /etc/hosts. For example if you set hostname to name.homelan in /etc/rc.conf and you have address 192.168.1.1 bound to one of the network interfaces you would put this in /etc/hosts:


```
192.168.1.1  name.homelan name
```

You can also use 127.0.0.1 if the machine has just one interface with a public IP address and you don't want to set alias addresses on it.

It's perfectly fine to make up a fake domain name if you don't have a real one. Nothing outside your system really uses it, it's only for local resolution of short names that don't have a domain name in them.


----------



## byuu (Oct 23, 2015)

Thanks, kpa. Is it acceptable to just use name instead of name.homelan? Obviously name would be something more descriptive, but would not have a dot in it. I know it's a minor detail, but I'm picky


----------



## kpa (Oct 23, 2015)

byuu said:


> Thanks, kpa. Is it acceptable to just use name instead of name.homelan? Obviously name would be something more descriptive, but would not have a dot in it. I know it's a minor detail, but I'm picky



As long as it resolves to an address by DNS or /etc/hosts it's fine.


----------

