From owner-freebsd-current@FreeBSD.ORG  Wed Aug 29 09:12:00 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7FFA116A41A
	for <current@freebsd.org>; Wed, 29 Aug 2007 09:12:00 +0000 (UTC)
	(envelope-from cptsalek@gmail.com)
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187])
	by mx1.freebsd.org (Postfix) with ESMTP id 0607813C481
	for <current@freebsd.org>; Wed, 29 Aug 2007 09:11:59 +0000 (UTC)
	(envelope-from cptsalek@gmail.com)
Received: by nf-out-0910.google.com with SMTP id b2so99277nfb
	for <current@freebsd.org>; Wed, 29 Aug 2007 02:11:58 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
	h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
	b=PERG94hBevByBqe0IiZ7nNwm0AVun5zw2bCxNKvnwIY2H7DdIrqIRGcbdMIersdw9FMPGr/yGTcflm42PIS/alqNDLZKHkqaEkjnN6OKI8tQuyLPLk7rQ4tib6rLlmVQFHY/Vv4ptyqeY7yI3X8ySDwgclbSDyyUhHdXpsvHKNo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
	h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
	b=VWoqcYULVgVAhoSwOUBaFc5JC7olCwW3DdnGQial9a+4DzHi+9SfjBNq/M3vFm5xiyoocIcY+cLu/oRfMnKhaRKQl7m/9kcJQhZ+1B7sQYwN6YW/k065isj+3mrh8KQqVi4yV4cky6b0ka+9MUHKnLWZe1hemzZZik8Zq0LdRvw=
Received: by 10.78.138.6 with SMTP id l6mr210097hud.1188377110110;
	Wed, 29 Aug 2007 01:45:10 -0700 (PDT)
Received: from fairy.alashan.de ( [79.196.60.248])
	by mx.google.com with ESMTPS id 38sm5601366hua.2007.08.29.01.45.09
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Wed, 29 Aug 2007 01:45:09 -0700 (PDT)
Message-ID: <46D54E3E.2040803@gmail.com>
Date: Wed, 29 Aug 2007 10:45:18 +0000
From: Christian Walther <cptsalek@gmail.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20070826)
MIME-Version: 1.0
To: current@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Problems moving existing pool to encrypted devices
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Aug 2007 09:12:00 -0000

Hi,

after my previous questions concerning the use of zfs on encrypted 
devices, I thought I give it a try.

Here is what I did:

tarmin# zpool export pool01
tarmin# dd if=/dev/urandom of=/dev/ad2 bs=1024k
tarmin# zpool import pool01
tarmin# zpool status
  pool: pool01
 state: ONLINE
status: One or more devices could not be used because the label is 
missing or
        invalid.  Sufficient replicas exist for the pool to continue
        functioning in a degraded state.
action: Replace the device using 'zpool replace'.
   see: http://www.sun.com/msg/ZFS-8000-4J
 scrub: resilver completed with 0 errors on Wed Aug 29 10:07:21 2007
config:

        NAME                    STATE     READ WRITE CKSUM
        pool01                  ONLINE       0     0     0
          raidz1                ONLINE       0     0     0
            ad4                 ONLINE       0     0     0
            ad6                 ONLINE       0     0     0
            387148737669265642  UNAVAIL      0     0     0  was /dev/ad2

errors: No known data errors
tarmin# geli init -K /root/ad2.key -s 4096 /dev/ad2
Enter new passphrase:
Reenter new passphrase:
geli: Cannot store metadata on /dev/ad2: Operation not permitted.
tarmin# zpool export pool01
tarmin# geli init -K /root/ad2.key -s 4096 /dev/ad2
Enter new passphrase:
Reenter new passphrase:
tarmin# geli attach -k /root/ad2.key /dev/ad2
Enter passphrase:
tarmin# ls /dev/ad2*
/dev/ad2        /dev/ad2.eli
tarmin# zpool import pool01
cannot import 'pool01': invalid vdev configuration
tarmin# zpool status
no pools available

Summary: I can't break a ZFS vdev and encrypt it, because every time the 
pool is imported while a newly created /dev/ad2.eli is active, ZFS 
complains about a wrong vdev configuration, rendering the pool useless. 
The other way round doesn't work, too: ZFS seems to lock the device, 
making geli initialization impossible.

 From here my only possible way seems to be to buy another 400GB disk, 
so that I can set it up correctly and can do a replace against the old 
/dev/ad2. Afterwards I should be able to use /dev/ad2.eli as a 
replacement for one of the other disks. So finally I can either bring 
one of the disks back, or I have a spare disk.

Or am I probably missing something here, and there's another way I 
didn't see?

Regards,
Christian