Error creating encrypted pools in 13.0

NetSoerfer · May 13, 2022

After updating to TN13, I tried to create a new encrypted pool (native dataset encryption, not GELI) with the Pool Manager's default options, and received the below error. The new pool does in fact show up in Storage > Pools, though I wasn't offered to download the encryption key.

Code:

Error: Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 355, in run
    await self.future
  File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 391, in __run_body
    rv = await self.method(*([self] + args))
  File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 975, in nf
    return await f(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/pool.py", line 764, in do_create
    await self.finalize_zpool_create_or_import(job, pool)
  File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/pool.py", line 802, in finalize_zpool_create_or_import
    await self.middleware.call('disk.sync_zfs_guid', pool)
  File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1305, in call
    return await self._call(
  File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1262, in _call
    return await methodobj(*prepared_call.args)
  File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/disk_/zfs_guid.py", line 59, in sync_zfs_guid
    self.middleware.send_event("disk.query", "CHANGED", id=event, fields=disks[event])
KeyError: '{serial_lunid}WD-WCC1T0556048_50014ee208420932'

So far, I have been completely unable to create pools in TN13. Before upgrading to TN13, I had no issues creating pools in TN12-U8.

I haven't found anything unresolved in jira, looking for either "create pool" or "serial_lunid".

Anything I should try before opening a bug?

(updated to clarify encryption type)

Samuel Tai · May 13, 2022

Are you trying to create a GELI-encrypted pool or encrypting the root dataset with inheritance to daughter datasets? So far as I know, GELI is being deprecated, and you can't GELI-encrypt the pool used for the system dataset. Likewise, you can't ZFS-encrypt the root dataset of a pool used for the system dataset.

NetSoerfer · May 14, 2022

I did it from the UI, using native dataset encryption, not GELI. I'll update the OP :)

reaper1412 · May 15, 2022

Hi, this error also happened to me.
Upon careful inspection. I spot the ID of the disk that I replaced.
I don't know why it created this error but after I do a system reset, the error is gone.
My guess is the system compare the log it has stored but cant find the disk it is looking for.

winnielinnie · May 15, 2022

Samuel Tai said:
Likewise, you can't ZFS-encrypt the root dataset of a pool used for the system dataset.

You can, as long as it is keystring (which allows it to automatically unlock upon boot); but it cannot be passphrase protected.

For example:

Code:

truenas% zfs list -r -o name,encryption,keyformat support-pool

NAME                                                           ENCRYPTION   KEYFORMAT
support-pool                                                   aes-256-gcm  hex
support-pool/.system                                           aes-256-gcm  hex
support-pool/.system/configs-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  aes-256-gcm  hex
support-pool/.system/cores                                     aes-256-gcm  hex
support-pool/.system/rrd-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX      aes-256-gcm  hex
support-pool/.system/samba4                                    aes-256-gcm  hex
support-pool/.system/services                                  aes-256-gcm  hex
support-pool/.system/syslog-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   aes-256-gcm  hex
support-pool/.system/webui                                     aes-256-gcm  hex
support-pool/home                                              aes-256-gcm  hex
support-pool/iocage                                            aes-256-gcm  hex
support-pool/iocage/download                                   aes-256-gcm  hex
support-pool/iocage/download/12.3-RELEASE                      aes-256-gcm  hex
support-pool/iocage/images                                     aes-256-gcm  hex
support-pool/iocage/jails                                      aes-256-gcm  hex
support-pool/iocage/jails/armyknife                            aes-256-gcm  hex
support-pool/iocage/jails/armyknife/root                       aes-256-gcm  hex
support-pool/iocage/jails/plex                                 aes-256-gcm  hex
support-pool/iocage/jails/plex/root                            aes-256-gcm  hex
support-pool/iocage/jails/qbittorrent                          aes-256-gcm  hex
support-pool/iocage/jails/qbittorrent/root                     aes-256-gcm  hex
support-pool/iocage/log                                        aes-256-gcm  hex
support-pool/iocage/releases                                   aes-256-gcm  hex
support-pool/iocage/releases/12.2-RELEASE                      aes-256-gcm  hex
support-pool/iocage/releases/12.2-RELEASE/root                 aes-256-gcm  hex
support-pool/iocage/releases/12.3-RELEASE                      aes-256-gcm  hex
support-pool/iocage/releases/12.3-RELEASE/root                 aes-256-gcm  hex
support-pool/iocage/templates                                  aes-256-gcm  hex
support-pool/playground                                        aes-256-gcm  passphrase

Important Announcement for the TrueNAS Community.

Error creating encrypted pools in 13.0

NetSoerfer

Explorer

Samuel Tai

Never underestimate your own stupidity

NetSoerfer

Explorer

reaper1412

Cadet

winnielinnie

MVP

Similar threads