MacOS – How to move the /Users to an encrypted ZFS drive

automountkeychainmacoszfs

When setting up a ZFS pool on an encrypted CoreStorage volume, a manual typing of the password is required each time for mounting the volume (due to the problem of OS X thinking that the password is incorrect despite the volume mounting successfully, and hence refusing to save the password in the keychain).

If I want to move my entire /Users to the encrypted ZFS volume, is there any way to get that volume to mount properly early enough in the boot process so as to allow regular login?

I'm on 10.8.3, Zevo 1.1.1

Best Answer

With reference to the linked question (the comment there from the opening poster here) …

In brief:

Unlocking the Core Storage LV, importing the ZFS pool and mounting the ZFS file system

I know of no way to force Mountain Lion to use the Core Storage volume encryption key (VEK) in a way that will allow the ZFS pool and file system (based on the Core Storage logical volume (LV)) to import and mount – automatically – in a way that is comparable to the FileVault 2 experience.

In other words:

the current operating system seems to require manual intervention by a different user whose home does not use the combination of Core Storage and ZFS

… part of that bullet point might provoke, from someone else, a more thoughtful approach to intervention; a better answer to part of the question!

ZFS for /Users

With or without encryption:

if you plan to use ZFS for /Users you should first have an administrative user whose home is not in that area.

Consider at least:

safe boot of the operating system, which might be required when least expected/desired; and the related limitations of current implementations of ZFS for OS X (example: safe boot and ZEVO Community Edition 1.1.1).

ZFS for home directories with Mountain Lion, or words to that effect, could be a good separate question.

Related Solutions

Parallels creates /Users/Shared/Parallels on boot, blocks ZFS /Users from mounting

Two commands to discover more about the two loaded items:

sudo launchctl list com.parallels.vm.prl_naptd

sudo launchctl list com.parallels.desktop.launchdaemon

I can't guess the meaning of prl_naptd but http://duckduckgo.com/?q=%22com.parallels.vm.prl_naptd%22+%22addPaths%22 suggests some relationship between com.parallels.vm.prl_naptd and addPaths so maybe focus attention on this launch agent.

An early guess: a workaround might involve wait4path

wait4path(1) OS X Manual Page

MacOS – How to format external drive into ZFS

The getting started page you posted a link to explains how to create a simple one disk pool.

This is the only thing you need to do. Creating a pool will automatically create a file system with the same name as the pool, which is what you call formatting a drive.

In your case, you can run from the command line:

diskutil partitiondisk /dev/disk5 GPTFormat ZFS %noformat% 100%
zpool create extdrive /dev/disk5s2

and you'll have a new volume named extdrive available.

If you happen to run software with inconsistent file naming, like Adobe products and possibly Nikon capture, you might want to create a dedicated file system with case insensitivity set using something like:

zfs create -o casesensitivity=insensitive -o normalization=formD  extdrive/data