freenas unencrypted & encrypted drives

[Jord9857]

Hi,

I've got a unencrypted 1tb drive i want to encrypt, it's already in my NAS & been set up in a pool - It currently has my Plex jail and that set up on.

Is there anyway to encrypt it now? Without having to wipe it and then start again e.g. creating a new pool for it etc.

I do have another 1tb drive in there which is in an encrypted pool with nothing on. If i can't encrypt the original drive without wiping it, is there anyway i can copy all the stuff onto the encrypted drive? I have an HDD Caddy but thinking it might cause issues as it's an encrypted drive (i got the key file).

I was thinking about putting Plex on the USB i got which boots into FreeNAS, but was reading that apparently it's got to be on a different drive than FreeNAS... - should i put the Plex jail on a separate HDD rather than 1 with media on?

(I'm planning to get another 2 drives to mirror these 2 original drives as well when i sort this mess out)


Thanks in advance.

 

[Yorick]

You do not want jails on your boot pool, nor is that supported.

TrueNAS 12 Core offers per-dataset ZFS native encryption, which I think is your best bet for encryption.

You can absolutely put your Plex jail on the same pool as your media.

USB sticks have a way of dying, so if you want a more reliable boot pool, something like this will set you up:

- Any M.2 SATA 2242 for example https://www.amazon.com/Transcend-MTS400S-Solid-State-TS32GMTS400S/dp/B077H276GQ/
- Any M.2 SATA to USB for example https://www.amazon.com/Aluminium-Enclosure-NG-2242A-Extension-Converter/dp/B082CJ2V76/

It sounds as if you created two 1TB pools, both without resilience. Perfectly fine as long as you are chill with the fact that your data may disappear itself at any moment and have to be restored from backup.

 

[Jord9857]

You do not want jails on your boot pool, nor is that supported.

TrueNAS 12 Core offers per-dataset ZFS native encryption, which I think is your best bet for encryption.

You can absolutely put your Plex jail on the same pool as your media.

USB sticks have a way of dying, so if you want a more reliable boot pool, something like this will set you up:

- Any M.2 SATA 2242 for example https://www.amazon.com/Transcend-MTS400S-Solid-State-TS32GMTS400S/dp/B077H276GQ/
- Any M.2 SATA to USB for example https://www.amazon.com/Aluminium-Enclosure-NG-2242A-Extension-Converter/dp/B082CJ2V76/

It sounds as if you created two 1TB pools, both without resilience. Perfectly fine as long as you are chill with the fact that your data may disappear itself at any moment and have to be restored from backup.

I got 2 USB sticks, 1 mirroring off the other which boots just incase the first one dies the other will take over.

Well the first 1TB pool was just for testing so i didn't bother to encrypt it, considering it's now working how i wanted now & don't wanna restart it.

I will set them up with another 1TB drive in the 2 pool's to mirror the first 1TB drives.
Unless it's possible & makes more sense to have all 4 encrypted drives in 1 pool with still the mirroring in place? (if it's possible)

Is there anyway i can copy all of the data including the plex jail and file structure etc to the encrypted drive?


My FreeNAS is currently on 'Version: FreeNAS-11.3-U2.1' I'm guessing I should upgrade to the 11.3 version to get this encryption? - Does it offer the same encryption when creating a pool with the key file?

 

[Jord9857]

Is there anyway i can copy all of the data including the Plex jail and file structure etc to the encrypted drive?

So i can then wipe the original drive and set it up again but encrypted & maybe copy the stuff back onto there.


Or

What's the difference with this 'per-dataset ZFS native encryption' to the encryption you select when creating a pool? Is it easier if i do this if it's pretty much the same - giving me a key file with the encrypted key etc.

 

[Yorick]

Encryption will change entirely with TrueNAS Core. Right now it’s geli encryption of the drive, then the pool is on the unlocked drives. ZFS is entirely unaware of the crypto layer. This has led to difficulty in the past, for example there was a bug recently that could wipe out encrypted pools entirely.

Per dataset encryption is native to ZFS from TrueNAS Core on. If you can wait with encryption until TrueNAS Core is released, which will be in a few months, that’s my recommendation.

You can of course have multiple mirror vdevs in a pool. There is a ZFS primer in this forum as well as on r/ZFS, I highly recommend taking an hour to get familiar with how pools and vdevs and different types of vdevs hang together with ZFS.

 

[fyboqyovjy]

If I setup an encrypted pool right now, will there be a seamless upgrade to TrueNAS Core when it will be released?
Or do I have to start over then?

Or does it make more sense to setup the pool without encryption now, and enable encryption on TrueNAS later?