Geom mirror*after* install - just don't?

  • I dragged one of my coworkers through a remote pf install where we had a lot of bumps along the way due to poor infrastructure documentation and some switches where the configs were pretty badly thought out - had to recover password on one switch just to get visibility into it.

    Now, it's all smooth (couple of missing devices - but I'm pretty sure they are hiding behind a misconfigured vlan as well) except for one thing.

    I see the Smart output for two drives, but no Geom.

    Pretty sure he forgot that step.

    This is for one of our bigger sites, and he's not quite up to speed yet, so I really need the extra peace of mind.

    We have some locations where nearly every time I look in on the router, I'm seeing a degraded member - not because of hardware faults, but because local staff still they they are behind a crappy old linksys where a power cycle cures all.

    I don't consider GEOM optional.

    Is there a method of doing a retro Geom under the current build that makes sense to try?

    I'm pretty much resigned to just starting over, setting up the interfaces and applying the config backup.

    But I thought I'd ask first in case there was a method that is simple and works well.

    I just can't have my pf project going sideways over something as stupid as a drive failure, and the only writeups I've seen for doing this are in reference to old versions of pf.

  • Rebel Alliance Developer Netgate

    There is no way to slap on gmirror afterward that will actually function properly. While it can technically be done, if some safety checks are overriden, it overwrites a portion of the filesystem and can cause problems.

    You have to have the mirrors setup on the drives/slices/etc before formatting during the installation or it just won't work reliably.

    Now that you have a working config and the hardware is in place, reinstalling and restoring that config should only take a few minutes. And those few minutes are less time and effort than it would take to do it improperly.

  • I suspected that was the case.

    Generally speaking, I haven't had that many issues with reinstalling, though I've found it's best to just nuke and repave and slap in the config file.

    Even then, I wouldn't want to have to walk a non tech through a reinstall unless the backup was very current.

    An install from scratch otoh is easy enough I had considered at one point just sending each site a refurb quad port to stick in a safe place.

    Just add pc.

    I just picked some nice used supermicros from ebay - dual 5620's so they have the AES-NI extensions.

    In half depth chassis they just fit in my wall mount racks.

    By the time I have these deployed, I hope to find just a few more, so with completely mirrored hardware and interface assignments, a monkey can restore them.

    With a pair of 'new' refurb Intel ssd's, I only have about $250 into each unit, so keeping a shelf spare or two for overnight shipment is doable.

    We do only very light touch filtering, known malware sites, slapping down unencrypted bittorrent and so forth, and I'm finding I spend close to zero time babysitting the filtering as opposed to having to hover over Sophos constantly.

    My pci scans are due, and for the first time I can remember, I'm actually looking forward to it.

Log in to reply