ShimadaRiku
Contributor
- Joined
- Aug 28, 2015
- Messages
- 104
Been testing around with different failure case scenarios before actually going live with my NAS.
FreeNAS 9.3 Stable
I have two SSD in a encrypted mirrored vDev. The proper way to replace a encrypted drive was to first flag the drive as offline so freenas knows it is going to be replaced. Then replace & rekey, but I didn't flag the drive as offline. I took it out and did a secure erase on another PC. The replacement & resliver process went okay and the pool was no longer degraded. But.... I wasn't able to rekey and got this error
After reading cyberjock's past issues I was able to solve the issue. Because I didn't flag the drive as OFFLINE before replacing, freenas tried to rekey using the old GPTID from the erased ssd. The solution was to manually remove the GPTID from freenas's freenas-v1.db by doing
To find the orphan gptid. Then remove doing
Where X is the # corrispondindg to the orphaned gptid
After doing so I was able to rekey.
On a side note the Freenas manual said a passphrase must be set before replacing the encrypted drive. Then the passphrase needs to be reset again along with the recovery key. I never used a passphrase and it still worked fine. (for those still confused with how GELI encryption is structed in freenas read this)
FreeNAS 9.3 Stable
I have two SSD in a encrypted mirrored vDev. The proper way to replace a encrypted drive was to first flag the drive as offline so freenas knows it is going to be replaced. Then replace & rekey, but I didn't flag the drive as offline. I took it out and did a secure erase on another PC. The replacement & resliver process went okay and the pool was no longer degraded. But.... I wasn't able to rekey and got this error
Code:
freenas-test manage.py: [middleware.exceptions:38] [MiddlewareError: Unable to set key: [MiddlewareError: Unable to set passphrase on gptid/158dbb74-76d4-11e5-aaac-0800272ce4fb: geli: Cannot open gptid/158dbb74-76d4-11e5-aaac-0800272ce4fb: No such file or directory.
After reading cyberjock's past issues I was able to solve the issue. Because I didn't flag the drive as OFFLINE before replacing, freenas tried to rekey using the old GPTID from the erased ssd. The solution was to manually remove the GPTID from freenas's freenas-v1.db by doing
Code:
sqlite3 /data/freenas-v1.db select * from storage_encrypteddisk;
To find the orphan gptid. Then remove doing
Code:
delete from storage_encrypteddisk where id=X;
Where X is the # corrispondindg to the orphaned gptid
After doing so I was able to rekey.
On a side note the Freenas manual said a passphrase must be set before replacing the encrypted drive. Then the passphrase needs to be reset again along with the recovery key. I never used a passphrase and it still worked fine. (for those still confused with how GELI encryption is structed in freenas read this)