From owner-freebsd-questions@freebsd.org Wed Jul 4 08:11:19 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B18E103F88A for ; Wed, 4 Jul 2018 08:11:19 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.netfence.it (net-2-44-121-52.cust.vodafonedsl.it [2.44.121.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mailserver.netfence.it", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9B3DF8D3D2 for ; Wed, 4 Jul 2018 08:11:17 +0000 (UTC) (envelope-from ml@netfence.it) Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) (authenticated bits=0) by soth.netfence.it (8.15.2/8.15.2) with ESMTPSA id w6480ASE084522 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Wed, 4 Jul 2018 10:00:20 +0200 (CEST) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.netfence.it: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu To: freebsd-questions@freebsd.org From: Andrea Venturoli Subject: Disabling automatic zpool import Message-ID: <17f45113-f20f-d6b6-8c0a-159245b4ca2e@netfence.it> Date: Wed, 4 Jul 2018 10:00:10 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2018 08:11:19 -0000 Hello. I've got a box with a plain zroot pool and a second zpool (for data) which is based on two GELI providers. This allows me to let the machine boot and start basic services, so I can ssh into it and run a script which asks for a passphrase, enables encyption and gets my sensitive data back online. The script goes like: > ... > geli attach /dev/ada0p4 > geli attach /dev/ada1p4 > #zpool import zsecure > zfs mount -a As you can see, "zpool import" is commented, since it was never needed. This has always worked fine until I was on 11.1. After the upgrade to 11.2, however, the pool will somehow become active as soon as the first GELI provider comes up and will of course get into DEGRADED state. I later need to issue "zpool online zsecure /dev/ada1p4.eli" to get it back into shape. Is there any way I can forbid this? Any settings which gets the zroot pool automatically mounted on boot, but requires manual intervention to "import" other pools? bye & Thanks av.