How to encrypt an existing raidz (or mirror)

nelem

Dabbler
Joined
Sep 28, 2017
Messages
10
This worked for me, too. FreeNAS 11.1-U2 with 4x6TB in RAIDZ2. Thanks.
 

heilerich

Cadet
Joined
Jun 18, 2018
Messages
2
Sorry for reviving this old thread. I just wanted to let people to know that I successfully did this on FreeNAS11.1-U4 with a RAIDZ1.
Also note that there is a new Resilver Priority (Storage) feature in the GUI that might help speeding up the process a little.

With re-keying, re-passphrasing and adding a new recovery key before rebooting I managed to retain all my jail, sharing, snapshot etc. configurations.

Thanks everyone!
 

chritopher_t

Cadet
Joined
Jul 16, 2018
Messages
1
I am trying this method on my mirror setup FreeNAS11.1-U5 with a RAIDZ2. Successfully went through steps 1-7, so all single disks are encrypted. If I understand the latest posts on this thread, some users managed to re-key, re-passphrase before reboot, avoiding the lose of Jails and other config.

I would be interested to know how the re-keying, re-passphrasing and adding new recovery key before reboot works. In the GUI, the buttons related to encryption are not present. On the CLI, not sure which command is the right one to re-key. Maybe:

geli setkey [-pPv] [-n keyno] [-i iterations] [-j passfile] [-J newpassfile] [-k keyfile] [-K newkeyfile] prov

Any help well appreciated.

Thanks!
 
Last edited:

heilerich

Cadet
Joined
Jun 18, 2018
Messages
2
You must go through the whole process up until step 13 for the encryption related buttons to appear in the GUI. Then you can re-key etc. in the GUI (for the GUI and management system to remember that your disks are now encrypted).
It is important that you re-key and re-passphrase before you reboot (but after finishing the rest of the steps) to save your jails and configuration.
 

amarburg

Cadet
Joined
Oct 3, 2019
Messages
5
Thanks for these instructions. I was able to perform steps 1-8 (encrypting and re-silvering all drives) under 11.2-U4. I then forgot to complete the steps before upgrading to 11.2-U6 and rebooting.

The good news is the array is still healthy. I can manually `geli attach ...` and `zpool import -a` the drives and access the data from the console.

The downside is I am unable to bring the array into FreeNAS. When I attempt to "Import Pool" / "Decrypt drives" the list of drives is empty. This is true under both the new and old GUIs.

Any hints where to start debugging this one? Is the absence of any disks in the "Import Pool" screen a bug?
 
Top