HAMMER, disk mirroring and secure NFS

Michael Neumann mneumann at ntecs.de
Sun Mar 26 03:14:30 PDT 2017

On 03/26/17 11:31, Andrea wrote:
> Hi everybody. I'm in the process of migrating my work and hobby
> activities to DragonFlyBSD. I'm very happy with it but I have four
> questions I can't find answers to. I hope someone with more experience
> can help me with some of them.


> 1) On my main PC I'm planning to install DragonFlyBSD on a small SSD and
> use two 6TB disks for my home directory: one disk for the master PFS,
> one as a copy with HAMMER's mirror feature.
> I have a 7200 rpm Seagate IronWolf and a 5400 rpm Western Digital Red.
> Can I use them together or HAMMER's mirror feature requires (or work
> best with) identical disks (or disks from different brands but same
> speed)? If I can use them do you suggest using the faster disk for the
> master or the mirror?

No problem here. You can even mirror over slow internet connections.
HAMMER is using logical mirroring, i.e. it creates two completely
separate file systems (with identical logical content), so neither the
physical block size, nor the speed of the disk matters. Of course you
have to give the second slower disk enough time to keep track.

> 2) If I understand correctly HAMMER doesn't provide auto-healing like
> ZFS but is able to identify data corruption, allowing to manually
> restore problematic file from the mirror, snapshots or backups. So it
> can provide same (or better) level of data safety of ZFS. Can you
> confirm my understanding is right?

Yes. No auto-healing. Not in HAMMER 1 :)

So, when the master file system becomes corrupt, you can do the following:

  - Insert a new disk.
  - mirror-copy to the new disk from an existing slave (mirror).
    You now have two valid mirrors, which are read only, and one
    corrupt master disk (which will then be read-only as well, or
    not accessible at all, depending on the severity of the error).
  - Remove the corrupt master disk.
  - Upgrade one of the mirrors with pfs-upgrade to become a master and
    as such read/writable.

> 3) I'd like to backup my home directory on an external USB disk. I would
> like to use HAMMER's mirror feature for this task too. Does it make
> sense or mirroring should be used only for continuous synchronization
> and something like rsync is better for daily backups on large external
> HDDs?

I would use HAMMER mirroring here too. Usually, this should be pretty
fast, unless you modify lots of data/files.

Ideally, you would have a network connected small PC which will mirror
stream continuously. But unluckily, DragonFly does not run on very cheap
platforms like ARM.

> 4) A second PC will need to access my home directory. This second PC
> will use FreeBSD at first but I'll switch it to DragonFlyBSD too once
> all of my work will have been ported from FreeBSD to DragonFlyBSD.
> I'd like to use NFS but I'm concerned about security: I'm in my home
> network but I don't trust everything on it (the tablet of a guest as an
> example). Have you got any advice on how to secure NFS on DragonFlyBSD?
> If I understand correctly exporting an HAMMER pool with NFS doesn't
> provide encryption or authentication "out of the box". I found many
> guides about using Kerberos, IPSec, or SSH tunnels. What should I try
> first? Or I'm simply paranoid and using plain NFS on a home network is
> the way to go?

Hm, can't answer this one. I'd probably try with a SSH tunnel first, but
it is probably not all that easy to make it really secure. You can use
Samba/CIFS as well.

> Thanks to everybody who took the time to read it! I really like
> DragonFlyBSD, I hope to be able to use it as my main OS as soon as
> possible!

I also have switched all my computers to DragonFly. Note that some
things won't work, for example Skype (I use Android for that), or
VirtualBox. But other than that, it's a real pleasure to run DragonFly.
I am using Lumina Desktop, which works pretty well out of the box.



More information about the Users mailing list