Failed to create encrypted dataset

R

revengineer

Contributor
Joined
Oct 27, 2019
Messages
193
I am playing with encrypted datasets in TrueNAS 12. I can create these just fine in an encrypted pool. However trying to create in an unencrypted pool a dataset based on Encryption Type "Key" or "Passphrase" yields an error CallError [EFAULT] Failed to create dataset: Encryption feature not enabled." Is this by design? Am I not understanding the concept of encrypted datasets? I thought this feature would allow encryption of individual datasets WITHOUT encrypting the entire pool. Enlightenment appreciated.
 
winnielinnie

winnielinnie

MVP
Joined
Oct 22, 2019
Messages
3,641
revengineer said:
Am I not understanding the concept of encrypted datasets? I thought this feature would allow encryption of individual datasets WITHOUT encrypting the entire pool. Enlightenment appreciated.
Click to expand...

Is this version 12.0 or a later version, such as 12.0-U3?

revengineer said:
Am I not understanding the concept of encrypted datasets? I thought this feature would allow encryption of individual datasets WITHOUT encrypting the entire pool. Enlightenment appreciated.
Click to expand...
You're correct, that is the design of using per-dataset native ZFS encryption. You can even nest a non-encrypted dataset underneath an encrypted dataset with OpenZFS 2.0+. Or the other way around too.
 
Last edited:
R

revengineer

Contributor
Joined
Oct 27, 2019
Messages
193
I am working with 12.0-U3. The blog stated it is ready for prime time so I thought it is time to start some testing for transition from 11.3-U5...

I figured out my issue. I was working in a VM that was upgrade from 11.3-U5 (I wanted to practiced the upgrade process and find any quirks associated with it). My problem was that I did not upgrade the pool prior to creating the encrypted dataset, and that yielded the above error message. After upgrading the pool, I can create an encrypted dataset within a non-encrypted pool, which is the feature I was interested in.

The GUI does not seem to allow the opposite scenario you mentioned, i.e., create an unencrypted dataset within an encrypted pool. I do not see much use in this because if one is willing to deal with encryption keys, then one might as well encrypt the data. But I thought I mention it.
 
winnielinnie

winnielinnie

MVP
Joined
Oct 22, 2019
Messages
3,641
revengineer said:
The GUI does not seem to allow the opposite scenario you mentioned, i.e., create an unencrypted dataset within an encrypted pool.
Click to expand...
I just tried this on my 12.0-U3 system, and it worked fine. I know the parent dataset has to be unlocked in order to do this.

revengineer said:
After upgrading the pool, I can create an encrypted dataset within a non-encrypted pool, which is the feature I was interested in.
Click to expand...
Just remember that you can't go backwards and import your upgraded pool into 11.3. :smile:
 
R

revengineer

Contributor
Joined
Oct 27, 2019
Messages
193
winnielinnie said:
I just tried this on my 12.0-U3 system, and it worked fine. I know the parent dataset has to be unlocked in order to do this.
Click to expand...
Hm, maybe the "how to" is not self explanatory. I have an unlocked pool. When I create a new dataset, the Encryption Option is listed as "Inherit (encrypted)". When I uncheck that, I can change the "Encryption Type" to Key or Passphrase but not to anything that looks like "No Encryption." A pointer on how to do that would be great.

winnielinnie said:
Just remember that you can't go backwards and import your upgraded pool into 11.3. :smile:
Click to expand...
YES, I am well aware of this. This is the reason why I am testing this only in a VM for now. I am in no hurry to complete the transition to TrueNAS 12. Even after upgrading my production server, I will test for a month or two before upgrading the pools.
 
R

revengineer

Contributor
Joined
Oct 27, 2019
Messages
193
revengineer said:
Hm, maybe the "how to" is not self explanatory. I have an unlocked pool. When I create a new dataset, the Encryption Option is listed as "Inherit (encrypted)". When I uncheck that, I can change the "Encryption Type" to Key or Passphrase but not to anything that looks like "No Encryption." A pointer on how to do that would be great.
Click to expand...
OK, just figured it out, it's under "Advanced Options." This is somewhat inconsistent with the option to create an encrypted dataset in a non-encrypted pool. I can live with that.
 
winnielinnie

winnielinnie

MVP
Joined
Oct 22, 2019
Messages
3,641
revengineer said:
OK, just figured it out, it's under "Advanced Options."
Click to expand...
I have Advanced Options always visible. I prefer to see everything laid out. You can configure TrueNAS's UI to behave this way by going to:

System > Advanced > and enable Show Advanced Fields by Default
 
R

revengineer

Contributor
Joined
Oct 27, 2019
Messages
193
Thanks, another problem solved. :smile:
 
You must log in or register to reply here.

Similar threads

D
TrueNAS encryption and replication
Replies
5
Views
5K
winnielinnie
winnielinnie
A
SOLVED Replicate encrypted dataset
Replies
1
Views
2K
alecz
A
q/pa
Switched to encrypted datasets, resume incremental replication to existing backup?
Replies
6
Views
1K
q/pa
q/pa
C
TrueNAS 12.0 GELI to Full Drive Encryption Migration
2
Replies
29
Views
8K
winnielinnie
winnielinnie
panz
Local replication to encrypted pool not working
Replies
4
Views
3K
Q00
Q00
Top