SOLVED Help recovering from a USB failure

[nogates]

Hello there!

I think I've failed miserably and lost my data, so yeah, any help changing this current state of affairs would be much appreciated.

I turned off my FreeNAS box running Corral 10.0.3 today for cleaning, and when I turn it on again, boom! USB was giving the checksum error I've seen in a few places [1]. I've tried to start it again many times but it always fails to bootup so I cannot get to a point where I can do nothing with it.

- I don't have a backup of my configuration (stupid me). Although I don't care about losing how it was configured, I just want to mount my encrypted pool.
- I have one main encrypted pool, and I haven't exported the encryption key (I thought that was not necessary, and only a way of mounting the pools without password. I of course know the password)

However, the USB is still readable, so I guess I could access what is in there somehow. I've made a copy with dd to an image, but I am having problems mounting it in linux (yeah, any help here would also be appreciated)

So yeah, that's it. As I've said, any help will be much appreaciated

Also, so far I've tried:

- to boot up with any of the entries I had in my Grub2. It either does not boot up or fails during the process, complaining about not being able to found the root
- Set up a new installation, but when I try to import the volume, using `unix::>volume migration_import name=main passphrase="password"; wait` it gives me the following error: `Freenas no such table: storage_encrypteddisk`, so I am not sure if this is related of not having my configuration / db / geli key


Thanks

[1] https://forums.freenas.org/index.php?threads/checksum-validation-failed.58155/

 

[Chris Moore]

I don't think that you can access the data without the keys. That's the way it is designed to work.
What is the reason for running coral?

Sent from my SAMSUNG-SGH-I537 using Tapatalk

 

[nogates]

Because I migrated it from 9.x and I was scared to go back without a proper backup. Turns out It should have done this a long time ago :(

I understand that, but, if I managed to recover the `db` file from my USB, Can I then recover the key from it?

Thanks a lot for the response!

 

[Jailer]

This resource is going to be your best bet but without that encryption key I don't know how you'll be able to recover your pool. This is exactly why you will see several forum members that do not recommend encrypted pools unless you are required to by either law or company policy.

 

[nogates]

Thanks for the information Jailer. Yeah, I saw that page, but as you said, it won't help me without the encryption key,

The thing is, I do have access to the USB (or at least, part of), because I could make a copy.... so my question is, if I copy some of the files from the USB file to a new installation, is it gonna work? what files do I need? the configuration database?

 

[Chris Moore]

Sorry, but have you never rebooted the system since you encrypted?
My experience with this was that the keys were required even on a normal reboot. The whole point of encryption is keeping someone without the keys from accessing the data.

Sent from my SAMSUNG-SGH-I537 using Tapatalk

 

[nogates]

I understand, but my point it. I do not upload a key every time I reboot my system right? so there is some configuration in there that is enough to boot my system as it was.
I've accessed the usb, and inside the `ROOT/Corral-10.0.3` partition of the sytem pool, there is a folder called data. So if I copy that folder to my new fresh install, wouldn't that be like restoring it?

Thanks!

(actually, inside the data folder, there is another folder called geli, and inside there is a key.... is that the encryption key, right? even if I didn't press to download the key, that's the key that I need to import, right?)

 

[Ericloewe]

Thanks for the information Jailer. Yeah, I saw that page, but as you said, it won't help me without the encryption key,

The thing is, I do have access to the USB (or at least, part of), because I could make a copy.... so my question is, if I copy some of the files from the USB file to a new installation, is it gonna work? what files do I need? the configuration database?

This may be of some help: https://redmine.ixsystems.com/issues/23444

 

[nogates]

Ok, I managed to make this work! :)

thank you a lot Ericloewe, Chris Moore and Jailer for your replies. I am gonna put here what I've done to make this work

As I mentioned before, my USB wasn't completely K.O. (phew!), so basically what I've done is copy the `data` folder from the USB to a new fresh install in another USB.

I've to say that I mostly work on Debian GNU / Linux, so some of the commands I will be using might not be available in FreeBSD

First, `dd` was returning errors and couldn't copy all the info, so I've used `safecopy`

Code:

sudo safecopy /dev/sda /home/recover/usb.img

Being `/dev/sda` the damaged usb. And /home/recover/usb.img the image created by safecopy, which is a raw image of the USB.

Now that you have a copy of you USB, you have to import the ZFS poll (I've followed this guide: https://wiki.orzfly.com/topics/zfs-on-linux-mount-raw-pool-image)

Code:

sudo losetup /dev/loop0 /home/recover/usb.img
sudo kpartx -av /dev/loop0
# then, import the pool
mkdir /mnt/recover
zpool import -R /mnt/recover -d /dev/mapper freenas
# you may need to use the ID of the zpool, just check it out with zpool status

After that, I mounted the partition that holds the Freenas installation

Code:

zfs mount freenas/ROOT/Corral-10.0.3

Then, I went to /mnt/recover and copy the whole `data` folder (which actually was including a `geli.key` but will talk about that later

The next step is to do a fresh install of the same version `Corral-10.0.3` in your FreeNas machine. Once that it is done, turn it off again, and use the same process to mount the ZFS member (although you don't need the losetup bit, since you will be importing the zpool from a device that it's under `dev`
In my case, it said that the mount endpoint for this FreeNas version was legacy, so instead of using `zfs mount`, I had to use the normal mount command, like this

Code:

mount -t zfs freenas-boot/ROOT/default /tmp/sdc/

I then moved the default `data` folder and copied my old `data` folder there. Restart the server, crossed the fingers, and almost cried when I saw I could decrypt the zpool as I normally used to do :)

However, my freenas is quiete unstable now (totally understandable, I am not complaining here! :) There are a few things that didn't work. I guess that I might need to copy other folders as well. For example, the button to download the key (becuase yeah, that was the first thing I did, to press that button), does not work :( the task does not seem to finish.

Anyway, that's not really important. but I do hovewer have another question here:

If I've understand the post you mentioned before Ericloewe the script to `get_`volume_keys.py Woody Johnson uploaded, will generate valid keys to import the volumes with FreeNas 9 / 11? is that it? It's funny, because the key that was under `data/geli`, has the same information as each of the keys that script generate (it returns the same md5sum like the files the script generated), so I am assuming that in theory, that file should be enough to decrypt the zpool if I decide to move to FreeNAS 11 (which I guess I will do, because most of the things don't work now, LOL)

Thanks anyway guys. I really appreciated the help here