FreeNAS-11.3-U5 Replacing drive from encrypted pool

daquirm3

Cadet
Joined
Aug 17, 2020
Messages
7
Hi,

I have degraded pool because of one failing drive, in a ZFS mirrored pool, which is encrypted. I run Freenas 11.3-U5. I was following the documentation, where it states you should reset encryption keys and set a passphrase before replacing a drive in an encrypted pool. This operation fails though, because I have system dataset on the pool, so no passphrase is allowed. How should I replace the drive than?
I’ve found this post: https://www.truenas.com/community/t...to-replace-a-disk-of-an-encrypted-pool.85369/
is it still valid for 11.3-U5, may I ignore the passphrase?
Than another question is: I have an encrypted mirror of 2 disks, one is failing, but still partially works, it gives unrecoverable errors though. Would it be possible to attach 3rd drive to that pool, to mirror that healthy drive to a new one while still keep the failing one. When the resilver is done I would than RMA the failed disk and when I get a new one instead I would than replace it. This way I could get double parity, by having 3data copies. Is it supported? I haven’t found that option in GUI, but on another BSD system I did something like this by
Code:
zpool attach "poolname" "old disk" "new disk"
The pool was not encrypted though, so I don’t know if any additional steps are needed...

Thanks for helping me...
 

daquirm3

Cadet
Joined
Aug 17, 2020
Messages
7
Ok, I just replaced the drive while generating new keys before resilver finished. Now I’m really afraid to reboot :) how can I verify everything is ok before rebooting?
 

daquirm3

Cadet
Joined
Aug 17, 2020
Messages
7
Ok, so I was little bit paranoid, so I rekeyed the pool before replacing the drive, than when I replaced the drive and than again when the resilver was finished. Than I restarted the NAS to make sure the the keyes persisted over reboot. Sofar everything woks fine and I can confirm, that the documentation is wrong and you don’t need a passphrase set up, the system doesn’t ask for it to unlock the pool, it is unlocked after the boot up. What makes me slightly sad, that nobody was able to reply to my questions within 4 days and that you can‘t really rely on documentation. I get it is an open source project and I don’t pay any sw support plan, but such simple and crucial task as replacing drives should be described in documentation correctly. Anyways I still love the project a lot :)

Can still anyone confirm, what is the procedure to attach third drive to an existing ZFS mirror with encrypted pool?
 

jasn

Dabbler
Joined
Dec 19, 2014
Messages
32
Thanks for posting this to the forum.

I was in the same situation as yourself, trying to replace a drive in an encrypted pool without a passphrase. I basically followed the steps you documented, and I was able to get the old drive removed and the new drive replaced in the pool, and resilvered, without using a passphrase.

However, once the resilver process completed, I couldn't reset the encryption key for the pool using the GUI tool, until I removed the cache and log drives from the pool. Once I had done that, I was able to reset the encryption key for the pool, and I downloaded both the new pool encryption and recovery keys. I then rebooted my server, and the storage pool was unlocked automatically.

I'm just hoping that the maintainers of the official documentation can fully document this procedure.

FYI, I posted a thread completely documenting this, on the forums here.

Thanks again..
 
Last edited:
Top