78 lines
2.9 KiB
Markdown
78 lines
2.9 KiB
Markdown
|
## Proxmox
|
||
|
|
||
|
### packages
|
||
|
tmux, powertop,htop, cryptsetup,vim
|
||
|
|
||
|
### 0-prepare
|
||
|
```
|
||
|
cryptsetup benchmark
|
||
|
# Tests are approximate using memory only (no storage IO).
|
||
|
PBKDF2-sha1 1693983 iterations per second for 256-bit key
|
||
|
PBKDF2-sha256 3021832 iterations per second for 256-bit key
|
||
|
PBKDF2-sha512 1325633 iterations per second for 256-bit key
|
||
|
PBKDF2-ripemd160 754371 iterations per second for 256-bit key
|
||
|
PBKDF2-whirlpool 595105 iterations per second for 256-bit key
|
||
|
argon2i 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
|
||
|
argon2id 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
|
||
|
# Algorithm | Key | Encryption | Decryption
|
||
|
aes-cbc 128b 1090.7 MiB/s 3409.7 MiB/s
|
||
|
serpent-cbc 128b 103.7 MiB/s 379.6 MiB/s
|
||
|
twofish-cbc 128b 215.8 MiB/s 389.4 MiB/s
|
||
|
aes-cbc 256b 851.0 MiB/s 2905.0 MiB/s
|
||
|
serpent-cbc 256b 106.6 MiB/s 378.1 MiB/s
|
||
|
twofish-cbc 256b 221.1 MiB/s 385.7 MiB/s
|
||
|
aes-xts 256b 2801.2 MiB/s 2827.7 MiB/s
|
||
|
serpent-xts 256b 349.7 MiB/s 351.8 MiB/s
|
||
|
twofish-xts 256b 352.7 MiB/s 359.3 MiB/s
|
||
|
aes-xts 512b 2391.9 MiB/s 2392.0 MiB/s
|
||
|
serpent-xts 512b 352.8 MiB/s 342.3 MiB/s
|
||
|
twofish-xts 512b 358.6 MiB/s 359.6 MiB/s
|
||
|
root@pve:~#
|
||
|
```
|
||
|
####
|
||
|
1. create dm-integrity
|
||
|
skipped: https://btrfs.readthedocs.io/en/latest/Tree-checker.html
|
||
|
1. create GPT partition
|
||
|
- first sector: 2048
|
||
|
- last sector: end
|
||
|
- uuid: 8300
|
||
|
3. create btrfs raid-1
|
||
|
```
|
||
|
mkfs.btrfs --csum xxhash -d raid1 /dev/sda /dev/sdb
|
||
|
|
||
|
Label: (null)
|
||
|
UUID: 8d65854a-6be3-45de-81dd-cadbd9f49892
|
||
|
Node size: 16384
|
||
|
Sector size: 4096
|
||
|
Filesystem size: 1.82TiB
|
||
|
Block group profiles:
|
||
|
Data: RAID1 1.00GiB
|
||
|
Metadata: RAID1 1.00GiB
|
||
|
System: RAID1 8.00MiB
|
||
|
SSD detected: no
|
||
|
Zoned device: no
|
||
|
Incompat features: extref, skinny-metadata, no-holes
|
||
|
Runtime features: free-space-tree
|
||
|
Checksum: xxhash64
|
||
|
Number of devices: 2
|
||
|
Devices:
|
||
|
ID SIZE PATH
|
||
|
1 931.51GiB /dev/sda1
|
||
|
2 931.51GiB /dev/sdb1
|
||
|
```
|
||
|
5. create mounttarget folder and create fstab entry
|
||
|
```
|
||
|
lsblk -o uuid,name
|
||
|
UUID NAME
|
||
|
sda
|
||
|
8d65854a-6be3-45de-81dd-cadbd9f49892 └─sda1
|
||
|
sdb
|
||
|
8d65854a-6be3-45de-81dd-cadbd9f49892 └─sdb1
|
||
|
|
||
|
UUID=8d65854a-6be3-45de-81dd-cadbd9f49892 /mnt/slowStorage btrfs defaults,rw 0 1
|
||
|
```
|
||
|
6. Create under Rechenzentrum->Storage->Hinzufügen->BTRFS
|
||
|
7. update templates: `pveam update`
|
||
|
|
||
|
### ToDo
|
||
|
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
|