proxmox
This commit is contained in:
parent
b0e4cc28d7
commit
dc6e6c9f08
@ -49,8 +49,8 @@ block device -> dm-integrity -> cryptsetup(mdadm/lvm2 (RAID1)) -> btrfs
|
||||
- [ ] complete header backup
|
||||
- [ ] block device sector size
|
||||
- [ ] block device support for SCT/ERC `smartctl -l scterc /dev/sdX`
|
||||
- [ ] Block device support for write-verify `smartctl -R1 /dev/sdX`
|
||||
- [ ] blcok device support ``hdparm --dco-identify /dev/sdX`
|
||||
- [ ] Block device support for write-verify `smartctl -r1 /dev/sdX`
|
||||
- [ ] block device support ``hdparm --dco-identify /dev/sdX`
|
||||
|
||||
Western Digital Time Limited Error Recovery (TLER)
|
||||
Seagate Error Recovery Control (ERC)
|
||||
@ -80,6 +80,22 @@ SCT capabilities: (0x003f) SCT Status supported.
|
||||
SCT Error Recovery Control supported.
|
||||
SCT Feature Control supported.
|
||||
SCT Data Table supported.
|
||||
hdparm --dco-identify /dev/sda
|
||||
|
||||
/dev/sda:
|
||||
DCO Checksum verified.
|
||||
DCO Revision: 0x0002
|
||||
The following features can be selectively disabled via DCO:
|
||||
Transfer modes:
|
||||
mdma0 mdma1 mdma2
|
||||
udma0 udma1 udma2 udma3 udma4 udma5 udma6
|
||||
Real max sectors: 18446744072344861488
|
||||
ATA command/feature sets:
|
||||
SMART self_test error_log security PUIS AAM HPA 48_bit
|
||||
selective_test
|
||||
WRITE_UNC_EXT
|
||||
SATA command/feature sets:
|
||||
NCQ interface_power_management SSP
|
||||
|
||||
```
|
||||
Lenovo S440 HDD
|
||||
@ -103,6 +119,225 @@ SMART support is: Enabled
|
||||
|
||||
sudo smartctl -a /dev/sda | grep SCT
|
||||
SCT capabilities: (0x1081) SCT Status supported.
|
||||
|
||||
hdparm --dco-identify /dev/sda
|
||||
|
||||
/dev/sda:
|
||||
DCO Checksum verified.
|
||||
DCO Revision: 0x0002
|
||||
The following features can be selectively disabled via DCO:
|
||||
Transfer modes:
|
||||
mdma0 mdma1 mdma2
|
||||
udma0 udma1 udma2 udma3 udma4 udma5 udma6
|
||||
Real max sectors: 976773168
|
||||
ATA command/feature sets:
|
||||
SMART self_test error_log security PUIS HPA
|
||||
selective_test conveyance_test
|
||||
WRITE_UNC_EXT
|
||||
SATA command/feature sets:
|
||||
interface_power_management SSP
|
||||
|
||||
hdparm -I /dev/sda
|
||||
|
||||
/dev/sda:
|
||||
|
||||
ATA device, with non-removable media
|
||||
Model Number: ST500LM000-SSHD-8GB
|
||||
Serial Number: W762L1TL
|
||||
Firmware Revision: LIV5
|
||||
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
|
||||
Standards:
|
||||
Used: unknown (minor revision code 0x001f)
|
||||
Supported: 8 7 6 5
|
||||
Likely used: 8
|
||||
Configuration:
|
||||
Logical max current
|
||||
cylinders 16383 16383
|
||||
heads 15 16
|
||||
sectors/track 63 63
|
||||
--
|
||||
CHS current addressable sectors: 16514064
|
||||
LBA user addressable sectors: 268435455
|
||||
LBA48 user addressable sectors: 976773168
|
||||
Logical Sector size: 512 bytes
|
||||
Physical Sector size: 4096 bytes
|
||||
Logical Sector-0 offset: 0 bytes
|
||||
device size with M = 1024*1024: 476940 MBytes
|
||||
device size with M = 1000*1000: 500107 MBytes (500 GB)
|
||||
cache/buffer size = unknown
|
||||
Form Factor: 2.5 inch
|
||||
Nominal Media Rotation Rate: 5400
|
||||
Capabilities:
|
||||
LBA, IORDY(can be disabled)
|
||||
Queue depth: 32
|
||||
Standby timer values: spec'd by Standard, no device specific minimum
|
||||
R/W multiple sector transfer: Max = 16 Current = 16
|
||||
Advanced power management level: disabled
|
||||
Recommended acoustic management value: 254, current value: 0
|
||||
DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6
|
||||
Cycle time: min=120ns recommended=120ns
|
||||
PIO: pio0 pio1 pio2 pio3 pio4
|
||||
Cycle time: no flow control=120ns IORDY flow control=120ns
|
||||
Commands/features:
|
||||
Enabled Supported:
|
||||
* SMART feature set
|
||||
Security Mode feature set
|
||||
* Power Management feature set
|
||||
* Write cache
|
||||
* Look-ahead
|
||||
* Host Protected Area feature set
|
||||
* WRITE_BUFFER command
|
||||
* READ_BUFFER command
|
||||
* DOWNLOAD_MICROCODE
|
||||
Advanced Power Management feature set
|
||||
Power-Up In Standby feature set
|
||||
* SET_FEATURES required to spinup after power up
|
||||
SET_MAX security extension
|
||||
* 48-bit Address feature set
|
||||
* Device Configuration Overlay feature set
|
||||
* Mandatory FLUSH_CACHE
|
||||
* FLUSH_CACHE_EXT
|
||||
* SMART error logging
|
||||
* SMART self-test
|
||||
* General Purpose Logging feature set
|
||||
* 64-bit World wide name
|
||||
* IDLE_IMMEDIATE with UNLOAD
|
||||
* Write-Read-Verify feature set
|
||||
* WRITE_UNCORRECTABLE_EXT command
|
||||
* {READ,WRITE}_DMA_EXT_GPL commands
|
||||
* Segmented DOWNLOAD_MICROCODE
|
||||
* Gen1 signaling speed (1.5Gb/s)
|
||||
* Gen2 signaling speed (3.0Gb/s)
|
||||
* Gen3 signaling speed (6.0Gb/s)
|
||||
* Native Command Queueing (NCQ)
|
||||
* Host-initiated interface power management
|
||||
* Phy event counters
|
||||
* Idle-Unload when NCQ is active
|
||||
* READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
|
||||
* DMA Setup Auto-Activate optimization
|
||||
* Device-initiated interface power management
|
||||
* Software settings preservation
|
||||
* SMART Command Transport (SCT) feature set
|
||||
unknown 206[7]
|
||||
unknown 206[12] (vendor specific)
|
||||
Security:
|
||||
Master password revision code = 65534
|
||||
supported
|
||||
not enabled
|
||||
not locked
|
||||
not frozen
|
||||
not expired: security count
|
||||
supported: enhanced erase
|
||||
98min for SECURITY ERASE UNIT. 98min for ENHANCED SECURITY ERASE UNIT.
|
||||
Logical Unit WWN Device Identifier: 5000c5007cb8f1cc
|
||||
NAA : 5
|
||||
IEEE OUI : 000c50
|
||||
Unique ID : 07cb8f1cc
|
||||
Checksum: correct
|
||||
```
|
||||
m.s SATA SSD
|
||||
```
|
||||
ATA device, with non-removable media
|
||||
Model Number: TS256GMTS430S
|
||||
Serial Number: F129080156
|
||||
Firmware Revision: S0423A
|
||||
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
|
||||
Standards:
|
||||
Supported: 9 8 7 6 5
|
||||
Likely used: 9
|
||||
Configuration:
|
||||
Logical max current
|
||||
cylinders 16383 16383
|
||||
heads 16 16
|
||||
sectors/track 63 63
|
||||
--
|
||||
CHS current addressable sectors: 16514064
|
||||
LBA user addressable sectors: 268435455
|
||||
LBA48 user addressable sectors: 500118192
|
||||
Logical Sector size: 512 bytes
|
||||
Physical Sector size: 512 bytes
|
||||
Logical Sector-0 offset: 0 bytes
|
||||
device size with M = 1024*1024: 244198 MBytes
|
||||
device size with M = 1000*1000: 256060 MBytes (256 GB)
|
||||
cache/buffer size = unknown
|
||||
Nominal Media Rotation Rate: Solid State Device
|
||||
Capabilities:
|
||||
LBA, IORDY(can be disabled)
|
||||
Queue depth: 32
|
||||
Standby timer values: spec'd by Standard, no device specific minimum
|
||||
R/W multiple sector transfer: Max = 2 Current = 1
|
||||
DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6
|
||||
Cycle time: min=120ns recommended=120ns
|
||||
PIO: pio0 pio1 pio2 pio3 pio4
|
||||
Cycle time: no flow control=120ns IORDY flow control=120ns
|
||||
Commands/features:
|
||||
Enabled Supported:
|
||||
* SMART feature set
|
||||
Security Mode feature set
|
||||
* Power Management feature set
|
||||
* Write cache
|
||||
* Look-ahead
|
||||
* Host Protected Area feature set
|
||||
* WRITE_BUFFER command
|
||||
* READ_BUFFER command
|
||||
* NOP cmd
|
||||
* DOWNLOAD_MICROCODE
|
||||
SET_MAX security extension
|
||||
* 48-bit Address feature set
|
||||
* Mandatory FLUSH_CACHE
|
||||
* FLUSH_CACHE_EXT
|
||||
* SMART error logging
|
||||
* SMART self-test
|
||||
* General Purpose Logging feature set
|
||||
* WRITE_{DMA|MULTIPLE}_FUA_EXT
|
||||
* 64-bit World wide name
|
||||
* WRITE_UNCORRECTABLE_EXT command
|
||||
* {READ,WRITE}_DMA_EXT_GPL commands
|
||||
* Segmented DOWNLOAD_MICROCODE
|
||||
* unknown 119[6]
|
||||
unknown 119[9]
|
||||
* Gen1 signaling speed (1.5Gb/s)
|
||||
* Gen2 signaling speed (3.0Gb/s)
|
||||
* Gen3 signaling speed (6.0Gb/s)
|
||||
* Native Command Queueing (NCQ)
|
||||
* READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
|
||||
* DMA Setup Auto-Activate optimization
|
||||
* Software settings preservation
|
||||
* SANITIZE feature set
|
||||
* BLOCK_ERASE_EXT command
|
||||
* DOWNLOAD MICROCODE DMA command
|
||||
* WRITE BUFFER DMA command
|
||||
* READ BUFFER DMA command
|
||||
* Data Set Management TRIM supported (limit 8 blocks)
|
||||
* Deterministic read ZEROs after TRIM
|
||||
Security:
|
||||
Master password revision code = 65534
|
||||
supported
|
||||
not enabled
|
||||
not locked
|
||||
not frozen
|
||||
not expired: security count
|
||||
supported: enhanced erase
|
||||
2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
|
||||
Logical Unit WWN Device Identifier: 57c354816d52575c
|
||||
NAA : 5
|
||||
IEEE OUI : 7c3548
|
||||
Unique ID : 16d52575c
|
||||
Checksum: correct
|
||||
|
||||
DCO Checksum verified.
|
||||
DCO Revision: 0x0002
|
||||
The following features can be selectively disabled via DCO:
|
||||
Transfer modes:
|
||||
mdma0 mdma1 mdma2
|
||||
udma0 udma1 udma2 udma3 udma4 udma5 udma6
|
||||
Real max sectors: 500118192
|
||||
ATA command/feature sets:
|
||||
SMART security HPA 48_bit
|
||||
FUA selective_test conveyance_test
|
||||
SATA command/feature sets:
|
||||
NCQ interface_power_management async_notification SSP
|
||||
|
||||
```
|
||||
```
|
||||
Model Family: Toshiba 2.5" HDD MQ01ABD...
|
||||
@ -127,6 +362,115 @@ Write cache is: Enabled
|
||||
DSN feature is: Unavailable
|
||||
ATA Security is: Disabled, NOT FROZEN [SEC1]
|
||||
Wt Cache Reorder: Unknown
|
||||
|
||||
hdparm --dco-identify /dev/sda
|
||||
|
||||
/dev/sda:
|
||||
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0a 04 51 40 01 21 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||
DCO Checksum verified.
|
||||
DCO Revision: 0x0000 -- unknown, treating as 0002
|
||||
The following features can be selectively disabled via DCO:
|
||||
Transfer modes:
|
||||
|
||||
Real max sectors: 1
|
||||
ATA command/feature sets:
|
||||
hdparm -I /dev/sda
|
||||
|
||||
/dev/sda:
|
||||
|
||||
ATA device, with non-removable media
|
||||
Model Number: TOSHIBA HDWJ110
|
||||
Serial Number: 81KZTN3TT
|
||||
Firmware Revision: AX1T1A
|
||||
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6
|
||||
Standards:
|
||||
Supported: 8 7 6 5
|
||||
Likely used: 8
|
||||
Configuration:
|
||||
Logical max current
|
||||
cylinders 16383 16383
|
||||
heads 16 16
|
||||
sectors/track 63 63
|
||||
--
|
||||
CHS current addressable sectors: 16514064
|
||||
LBA user addressable sectors: 268435455
|
||||
LBA48 user addressable sectors: 1953525168
|
||||
Logical Sector size: 512 bytes
|
||||
Physical Sector size: 4096 bytes
|
||||
Logical Sector-0 offset: 0 bytes
|
||||
device size with M = 1024*1024: 953869 MBytes
|
||||
device size with M = 1000*1000: 1000204 MBytes (1000 GB)
|
||||
cache/buffer size = 8192 KBytes
|
||||
Form Factor: 2.5 inch
|
||||
Nominal Media Rotation Rate: 5400
|
||||
Capabilities:
|
||||
LBA, IORDY(can be disabled)
|
||||
Queue depth: 32
|
||||
Standby timer values: spec'd by Standard, no device specific minimum
|
||||
R/W multiple sector transfer: Max = 16 Current = 16
|
||||
Advanced power management level: 254
|
||||
DMA: sdma0 sdma1 sdma2 mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 *udma5
|
||||
Cycle time: min=120ns recommended=120ns
|
||||
PIO: pio0 pio1 pio2 pio3 pio4
|
||||
Cycle time: no flow control=120ns IORDY flow control=120ns
|
||||
Commands/features:
|
||||
Enabled Supported:
|
||||
* SMART feature set
|
||||
Security Mode feature set
|
||||
* Power Management feature set
|
||||
* Write cache
|
||||
* Look-ahead
|
||||
* Host Protected Area feature set
|
||||
* WRITE_BUFFER command
|
||||
* READ_BUFFER command
|
||||
* NOP cmd
|
||||
* DOWNLOAD_MICROCODE
|
||||
* Advanced Power Management feature set
|
||||
Power-Up In Standby feature set
|
||||
* SET_FEATURES required to spinup after power up
|
||||
SET_MAX security extension
|
||||
* 48-bit Address feature set
|
||||
* Device Configuration Overlay feature set
|
||||
* Mandatory FLUSH_CACHE
|
||||
* FLUSH_CACHE_EXT
|
||||
* SMART error logging
|
||||
* SMART self-test
|
||||
* General Purpose Logging feature set
|
||||
* WRITE_{DMA|MULTIPLE}_FUA_EXT
|
||||
* 64-bit World wide name
|
||||
* IDLE_IMMEDIATE with UNLOAD
|
||||
* WRITE_UNCORRECTABLE_EXT command
|
||||
* {READ,WRITE}_DMA_EXT_GPL commands
|
||||
* Segmented DOWNLOAD_MICROCODE
|
||||
* Gen1 signaling speed (1.5Gb/s)
|
||||
* Gen2 signaling speed (3.0Gb/s)
|
||||
* Native Command Queueing (NCQ)
|
||||
* Host-initiated interface power management
|
||||
* Phy event counters
|
||||
* Idle-Unload when NCQ is active
|
||||
* DMA Setup Auto-Activate optimization
|
||||
* Device-initiated interface power management
|
||||
* Software settings preservation
|
||||
* SMART Command Transport (SCT) feature set
|
||||
* SCT Write Same (AC2)
|
||||
* SCT Error Recovery Control (AC3)
|
||||
* SCT Features Control (AC4)
|
||||
* SCT Data Tables (AC5)
|
||||
* DOWNLOAD MICROCODE DMA command
|
||||
Security:
|
||||
Master password revision code = 65534
|
||||
supported
|
||||
not enabled
|
||||
not locked
|
||||
frozen
|
||||
not expired: security count
|
||||
supported: enhanced erase
|
||||
218min for SECURITY ERASE UNIT. 218min for ENHANCED SECURITY ERASE UNIT.
|
||||
Logical Unit WWN Device Identifier: 5000039af21081db
|
||||
NAA : 5
|
||||
IEEE OUI : 000039
|
||||
Unique ID : af21081db
|
||||
Checksum: correct
|
||||
```
|
||||
|
||||
```
|
||||
|
78
proxmox.md
Normal file
78
proxmox.md
Normal file
@ -0,0 +1,78 @@
|
||||
## Proxmox
|
||||
|
||||
### packages
|
||||
tmux, powertop,htop, cryptsetup,vim
|
||||
|
||||
### 0-prepare
|
||||
```
|
||||
cryptsetup benchmark
|
||||
# Tests are approximate using memory only (no storage IO).
|
||||
PBKDF2-sha1 1693983 iterations per second for 256-bit key
|
||||
PBKDF2-sha256 3021832 iterations per second for 256-bit key
|
||||
PBKDF2-sha512 1325633 iterations per second for 256-bit key
|
||||
PBKDF2-ripemd160 754371 iterations per second for 256-bit key
|
||||
PBKDF2-whirlpool 595105 iterations per second for 256-bit key
|
||||
argon2i 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
|
||||
argon2id 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
|
||||
# Algorithm | Key | Encryption | Decryption
|
||||
aes-cbc 128b 1090.7 MiB/s 3409.7 MiB/s
|
||||
serpent-cbc 128b 103.7 MiB/s 379.6 MiB/s
|
||||
twofish-cbc 128b 215.8 MiB/s 389.4 MiB/s
|
||||
aes-cbc 256b 851.0 MiB/s 2905.0 MiB/s
|
||||
serpent-cbc 256b 106.6 MiB/s 378.1 MiB/s
|
||||
twofish-cbc 256b 221.1 MiB/s 385.7 MiB/s
|
||||
aes-xts 256b 2801.2 MiB/s 2827.7 MiB/s
|
||||
serpent-xts 256b 349.7 MiB/s 351.8 MiB/s
|
||||
twofish-xts 256b 352.7 MiB/s 359.3 MiB/s
|
||||
aes-xts 512b 2391.9 MiB/s 2392.0 MiB/s
|
||||
serpent-xts 512b 352.8 MiB/s 342.3 MiB/s
|
||||
twofish-xts 512b 358.6 MiB/s 359.6 MiB/s
|
||||
root@pve:~#
|
||||
```
|
||||
####
|
||||
1. create dm-integrity
|
||||
skipped: https://btrfs.readthedocs.io/en/latest/Tree-checker.html
|
||||
1. create GPT partition
|
||||
- first sector: 2048
|
||||
- last sector: end
|
||||
- uuid: 8300
|
||||
3. create btrfs raid-1
|
||||
```
|
||||
mkfs.btrfs --csum xxhash -d raid1 /dev/sda /dev/sdb
|
||||
|
||||
Label: (null)
|
||||
UUID: 8d65854a-6be3-45de-81dd-cadbd9f49892
|
||||
Node size: 16384
|
||||
Sector size: 4096
|
||||
Filesystem size: 1.82TiB
|
||||
Block group profiles:
|
||||
Data: RAID1 1.00GiB
|
||||
Metadata: RAID1 1.00GiB
|
||||
System: RAID1 8.00MiB
|
||||
SSD detected: no
|
||||
Zoned device: no
|
||||
Incompat features: extref, skinny-metadata, no-holes
|
||||
Runtime features: free-space-tree
|
||||
Checksum: xxhash64
|
||||
Number of devices: 2
|
||||
Devices:
|
||||
ID SIZE PATH
|
||||
1 931.51GiB /dev/sda1
|
||||
2 931.51GiB /dev/sdb1
|
||||
```
|
||||
5. create mounttarget folder and create fstab entry
|
||||
```
|
||||
lsblk -o uuid,name
|
||||
UUID NAME
|
||||
sda
|
||||
8d65854a-6be3-45de-81dd-cadbd9f49892 └─sda1
|
||||
sdb
|
||||
8d65854a-6be3-45de-81dd-cadbd9f49892 └─sdb1
|
||||
|
||||
UUID=8d65854a-6be3-45de-81dd-cadbd9f49892 /mnt/slowStorage btrfs defaults,rw 0 1
|
||||
```
|
||||
6. Create under Rechenzentrum->Storage->Hinzufügen->BTRFS
|
||||
7. update templates: `pveam update`
|
||||
|
||||
### ToDo
|
||||
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
|
Loading…
Reference in New Issue
Block a user