Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Fatal Trap 12, after getting "exited on signal 11" emails

Status
Not open for further replies.

EvanVanVan

Member
Joined
Feb 1, 2014
Messages
184
True, but in this day an age you should encrypt anything, encrypt everything. I went back and forth on the decision originally, decided it was so easy to encrypt why not... and then I found out why not.

I'm going to update FreeNAS, but my question was, I saw how to download and backup the encryption key. But did not see how to restore it. The other 4 options seemed to be removing it, replacing it, re-keying it, and adding a passphrase.
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
EvanVanVan,

So prior to 9.2.0 if you made a pool and didn't immediately save the keys but rebooted the server you lost access to the pool forever.

What people usually do when they use encryption and are still learning the ropes with FreeNAS they do lots of tests. The most common one is create a pool with encryption and then reboot "just to see what happens". Prior to 9.1.1 or 9.2.0 (I forget which) if you rebooted without saving your keys first you lost access to the pool... forever. Unfortunately if you are actually following the manual for pool creation you should have saved the keys. But a ton of people (and apparently yourself included) don't do that.

One of the developers decided to put the keys on the USB stick until you actually decide to download the keys yourself. This does two things...

1. If you don't follow the manual and backup the keys you still have access to the pool.
2. If you don't download the keys you may wrongly assume that "everything is ok". You'll reboot the server to test how the encryption works and you'll wrongly assume that everything is actually safe long-term.

The problem is #2 is a big fat lie. Your pool isn't safe. You're a failed boot device away from losing access to your pool forever. 99% of the time when your USB boot device fails it is totally trashed. You can't mount it or do anything with it. Which means that storing the keys on the USB stick is actually making things worse because its giving nothing but a false sense of security. You have literally put your keys in one key... err basket.

I'm still on 9.2.0, but I had been told that we had undone this behavior and this was no longer the case. I hadn't actually validated it *is* fixed as I don't use 9.2.1.x with encryption. You also "should" have been grandfathered in if you had created the pool with the old "store the first key created on your USB" behavior. But future setups would require you to download your key. The fact that it is means I need to find the ticket and get that fixed. This "bad" behavior in the WebGUI has cost more people their data than pretty much anything else related to encryption.

On a sidenote related to your comments about the April messages, this *should* have been fixed. I haven't tested it because I haven't had a chance to. The fact that the keys are still on the USB and not requiring download tells me this problem isn't fixed and we need to go back and look at the code again.

Lastly, while it is "easy to encrypt" the "why not" is actually rather long. There's lots of little gotchas that can (and has) boned a few people. To be honest its something that I only recommend:

1. People that wouldn't be upset in the slightest if they lost the data in the pool. (The problem with this is people will inevitable store some ultra important data on the pool because it was handy and this "reason" was just a lie to themselves.)
2. Have an entire backup of the pool elsewhere and pool maintenance is NEVER performed on both pools at the same time without fully testing one pool before working on the other.

Encryption puts all of your eggs in one basket. It's somewhat the anti-thesis of ZFS. ZFS is supposed to work under serious duress while encryption is quite fragile just by the fact that it's encryption. Since we all know the mantra "you are only as strong as your weakest link" it means that relative to an unencrypted pool an encrypted pool is quite fragile. I personally have twice been in a position where I wasn't even 50% sure that my encrypted pool would still be mountable by myself on boot.

Edit: Yes, I was originally named noobsauce because I felt the name was very apt considering I knew nothing about FreeNAS/FreeBSD when I started. Now I'm level 2 support at iXsystems and handle the "trouble" cases that level 1 can't. Don't be fooled by the fact I only have 30 months of experience under my belt though. When you are unemployed and have nothing better to do except work on a pet project with all of your free time it's like having 30 months to get an education in FreeBSD at your own pace and, in my case, I used the forums as a way to expand my knowledge because I read every post and learned from other's screwups what things you should and shouldn't do. I felt a name change was in order when I became the top poster and then a forum moderator.
 

EvanVanVan

Member
Joined
Feb 1, 2014
Messages
184
Thank you for the explanation... Until I do put more sensitive data on my server I probably will remove the encryption.
 
Status
Not open for further replies.
Top