error when trying to replace a disk of an encrypted pool

treefrob

treefrob

Cadet
Joined
Sep 25, 2018
Messages
9
Hello,
I'm running FreeNAS-11.3-U3.2 (1e9dd3b3e2). I have an encrypted RAIDZ2 pool (no passphrase) with 6 disks, with a dataset shared via NFS.

To test:
  1. on an NFS client,I started writing data to the dataset
  2. I physically removed one (ada2) of the drives
  3. the pool status changed DEGRADED after a few seconds
  4. the status of the drive had changed to REMOVED
  5. I next went to pool -> status, clicked on the REMOVED disk's 3-dot button and selected "Replace", but the list of available disks was empty
  6. I then set the drive to OFFLINE, and tried to "Replace" again, but still the list of available disks was empty
  7. the User Guide seems to assert that a passphrase MUST be set before a disk can be replaced in an encrypted pool
  8. I clicked on the lock-icon for the pool, but only had the choices "Recovery Key" and "Reset Keys" (no "Set Passphrase")
  9. I chose "Reset Keys", got a dialog to set a passphrase and download the new key
  10. I entered the admin password, a passphrase, clicked on RESET ENCRYPTION, and got a python backtrace. (see attached screen-shot and text with backtrace).
    • this seems like a bug.
  11. next, it occurred to me that there might be an order dependency, so I physically removed disk again and re-inserted it
  12. I went to pool -> status -> ada2 -> Replace, and this time the list of available disks had one entry: "ada2"
  13. I selected "ada2" and continued, and replacement was successful
I'm a bit confused. The User Guide seems to insist that a passphrase must be set before a disk can be replaced in an encrypted pool, but it seems this was not necessary. This part of the User Guide is at best confusing, if not wrong

...or have I misunderstood?

-Rob
 

Attachments

  • freenas-error-resetting-encryption-for-pool.png
    freenas-error-resetting-encryption-for-pool.png
    111.3 KB · Views: 194
  • pool-reset-encryption-python-traceback.txt
    1.8 KB · Views: 209
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
The order is as you've discovered:
  1. First, set the RAIDZx member to OFFLINE. Acknowledge that the OFFLINE member can't be changed to ONLINE for encrypted pools.
  2. Pull that member.
  3. Insert replacement. Verify replacement appears under Storage->Disks as Unassigned.
  4. Go back to the pool status, and initiate Replace for the OFFLINE member. Pull down to the new unassigned disk.
  5. Resilvering will start, and will show the old disk in REPLACING status, and the new disk in ONLINE status. Let the resilver complete.
  6. Reset keys for the pool, and set a passphrase. (Setting a passphrase will be ignored if the pool hosts the system dataset.)
  7. Set a new recovery key for the pool.
 
treefrob

treefrob

Cadet
Joined
Sep 25, 2018
Messages
9
no comments about the backtrace or about documentation which seems to be wrong?
 
You must log in or register to reply here.

Similar threads

virtualdxs
Why do you need a passphrase set to replace an encrypted disk?
Replies
10
Views
1K
i716
I
S
  • Locked
Correct way to replace/update storage on an encrypted pool/vdev?
Replies
11
Views
5K
stemplar
S
D
FreeNAS-11.3-U5 Replacing drive from encrypted pool
Replies
3
Views
1K
jasn
J
J
  • Locked
rekey passphrase-less encrypted pool when expanding?
Replies
2
Views
1K
jp83
J
C
Freenas 11.2-U5 Replacing encrypted disk in Pool
Replies
3
Views
2K
kingc
K
Top