ZFS is a modern file system with a lot of cool features, like encryption, handling very big volumes, providing data integrity (bit rot prevention) and high performance. Originally ZFS was developed by Sun Microsystems for Solaris and a Linux version of ZFS is available since 2013.
On systems with ECC RAM memory ZFS shows its advantages in terms of data integrity.
Another benefit is that ZFS combines several features like disk redundancy and encryption among other features in one single technology. As well it is possible to send encrypted volumes through a network for backup purposes.
The problem is that auto mounting the ZFS volume could fail if the system is badly configured.
We will generate a key file which should be stored on a LUKS encrypted volume. If the server starts up, the ZFS volume should be mounted automatically. Let me show you how I did it:
First of all we need to install ZFS with apt-get:
apt-get install zfsutils
As next step we need to create a key file for the encryption. Keep this file in a secure place like a LUKS volume on the server and have a copy on another secure storage:
dd if=/dev/random of=/root/zfs-encryption.key bs=1 count=32
Next we create a Zpool. We create a Raidz also known as Raid5.
zpool create -f tank1 -o - ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=file:///root/zfs-encryption.key -O keyformat=raw raidz /dev/disk/by-id/wwndisk1 /dev/disk/by-id/wwndisk2 /dev/disk/by-id/wwndisk3 /dev/disk/by-id/wwndisk4
After creating the RAID which contains the disks we need to create a ZFS file system:
zfs create -o mountpoint=/tank1/zfs tank1/zfs
Next we need to create a Systemd startup script for ZFS by opening the file /etc/systemd/system/zfs-load-key.service. Add this code to the file:
[Unit] Description=Load encryption keys DefaultDependencies=no Before=zfs-mount.service After=zfs-import.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/bash -c '/usr/bin/zfs load-key -a' [Install] WantedBy=zfs-mount.service
Now we need to enable the service to start during the system startup:
systemctl enable zfs-load-key.service
Now reboot the system and ZFS should be mounted automatically.
ZFS is a feature rich modern file system. Auto mount a ZFS volume could be a small challenge. I showed you how to automatically mount a ZFS volume on Debian 11. Keep the decryption key file always safe and keep a backup of it.
Feel free to write a comment and have fun!