Date: Wed, 29 Aug 2007 10:45:18 +0000 From: Christian Walther <cptsalek@gmail.com> To: current@freebsd.org Subject: Problems moving existing pool to encrypted devices Message-ID: <46D54E3E.2040803@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, after my previous questions concerning the use of zfs on encrypted devices, I thought I give it a try. Here is what I did: tarmin# zpool export pool01 tarmin# dd if=/dev/urandom of=/dev/ad2 bs=1024k tarmin# zpool import pool01 tarmin# zpool status pool: pool01 state: ONLINE status: One or more devices could not be used because the label is missing or invalid. Sufficient replicas exist for the pool to continue functioning in a degraded state. action: Replace the device using 'zpool replace'. see: http://www.sun.com/msg/ZFS-8000-4J scrub: resilver completed with 0 errors on Wed Aug 29 10:07:21 2007 config: NAME STATE READ WRITE CKSUM pool01 ONLINE 0 0 0 raidz1 ONLINE 0 0 0 ad4 ONLINE 0 0 0 ad6 ONLINE 0 0 0 387148737669265642 UNAVAIL 0 0 0 was /dev/ad2 errors: No known data errors tarmin# geli init -K /root/ad2.key -s 4096 /dev/ad2 Enter new passphrase: Reenter new passphrase: geli: Cannot store metadata on /dev/ad2: Operation not permitted. tarmin# zpool export pool01 tarmin# geli init -K /root/ad2.key -s 4096 /dev/ad2 Enter new passphrase: Reenter new passphrase: tarmin# geli attach -k /root/ad2.key /dev/ad2 Enter passphrase: tarmin# ls /dev/ad2* /dev/ad2 /dev/ad2.eli tarmin# zpool import pool01 cannot import 'pool01': invalid vdev configuration tarmin# zpool status no pools available Summary: I can't break a ZFS vdev and encrypt it, because every time the pool is imported while a newly created /dev/ad2.eli is active, ZFS complains about a wrong vdev configuration, rendering the pool useless. The other way round doesn't work, too: ZFS seems to lock the device, making geli initialization impossible. From here my only possible way seems to be to buy another 400GB disk, so that I can set it up correctly and can do a replace against the old /dev/ad2. Afterwards I should be able to use /dev/ad2.eli as a replacement for one of the other disks. So finally I can either bring one of the disks back, or I have a spare disk. Or am I probably missing something here, and there's another way I didn't see? Regards, Christian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46D54E3E.2040803>