fricker_greg
Explorer
- Joined
- Jun 4, 2016
- Messages
- 71
OK, so I know this is another Is my data lost question, and I am sorry to be posting it. I have two questions and appreciate any help you can give.
First, let me describe my situation. I have two machines, one local, one remote. I also recently migrated from one pool to another in both systems as I wanted to change my vdev layouts. I fear in doing this I have introduced some irrecoverable error.
Local TrueNAS Scale 22.12.2
-FrickNASty (still available but would like to delete to add vdevs to pool2) (pool)
----Encrypted Dataset (passphrase)
--------PhotoVideo (inherits encryption)
--------Dataset2 (inherits encryption)
-Roshar(new pool, different vdev layout, in process of transferring over)
----Encrypted Dataset (passphrase, newly created but same passphrase)
--------PhotoVideo (copied over from FrickNASty/Encrypted/PhotoVideo using
--------Dataset2 (originally individually locked (as in not inherited), but after I load the keys and unlock it, I set it to unlock with parent and to inherit parent encryption)
Remote TrueNAS Core 13.0U5
-BrownNASbackup (no longer available, old config, but potentially relevant) (pool)
----RemoteBackups (passphrase encrypted dataset)
--------PhotoVideo (ZFS replication task target from FrickNASty/Encrypted/PhotoVideo)
-Yolen (new pool with new vdev configuration) (pool)
----RemoteBackups (passphrase encrypted dataset, same passphrase as everything else)
--------PhotoVideo (Copied over dataset and all snapshots using "zfs send -Rw BrownNASbackups/RemoteBackups/PhotoVideo | zfs recv -Fuv Yolen/RemoteBackups/PhotoVideo", then unlocked successfully using passphrase, then via GUI said to unlock with parent and inherit parent encryption)
--------Dataset2 (ZFS replication task target)
1) For the Yolen/RemoteBackups/PhotoVideo that was originally created from zfs replication target and copied over from BrownNASbackup to Yolen, have I lost the ability to access this data since I changed it to inherit parent encryption and I presume from my options that the IVs were not sent?
I copied over dataset and all snapshots using the following:
then unlocked successfully using passphrase, then via GUI said to unlock with parent and inherit parent encryption
if I do
So I
And then if I
I verify that with
then I do
OK, so
Ok, so lets load it, keyload error, must be loaded for encryption root. Boo.
I used the same passphrase throughout for all encrypted datasets. I think my error was changing the dataset to use inherit encryption after sending with the -R flag. Is there anyway to change this. It was created from the local FrickNASty/PhotoVideo which I still have access to.
I am bringing up this whole mounting error because ZFS replication from FrickNASty to Yolen fails only on this dataset and not any others. It actually causes a kernel panic and my machine resets. I can also trigger the same kernel panic and reset by trying to unlink the zfs encryption from the parent and use the same passphrase again on the PhotoVideo dataset, so I think this is where the issue is.
there are older snapshots on Yolen/RemoteBackups/PhotoVideo that I would like to keep, which is why I am not just starting over with the replication task. I want to resume the replication from the last in sync auto snapshot, which both pools have many in common still. I rolled Yolen/RemoteBackups/PhotoVideo back to this last snapshot but the replication task fails, I believe because of these encryption differences.
Is there anything I can do to fix this and save Yolen/RemoteBackups/PhotoVideo?
2). In moving over from FrickNASty to Roshar, have I introduced the same issue?
I copied over from FrickNASty/Encrypted/PhotoVideo using "zfs send -Rw | zfs recv -Fuv" into Roshar/Encrypted/PhotoVideo. After the zfs send recv, it was locked as expected, so I unlocked it, and then set it to unlock with the parent (inherit parental encryption) which was a newly created dataset with the same passphrase as FrickNASty/Encrypted.
I can access Roshar/Encrypted/PhotoVideo however, and it acts as expected when unencrypting the parent, but is this just because I haven't unmounted and deleted FrickNASty/Encrypted and it is still loading the IVs from there? I could always unmount FrickNASty pool all together, then reboot and see if I can access the datasets as expected or not.
How can I fix this?
@morganL , this is the root issue of the zfs send recv thread I had started earlier that you had commented on.]
First, let me describe my situation. I have two machines, one local, one remote. I also recently migrated from one pool to another in both systems as I wanted to change my vdev layouts. I fear in doing this I have introduced some irrecoverable error.
Local TrueNAS Scale 22.12.2
-FrickNASty (still available but would like to delete to add vdevs to pool2) (pool)
----Encrypted Dataset (passphrase)
--------PhotoVideo (inherits encryption)
--------Dataset2 (inherits encryption)
-Roshar(new pool, different vdev layout, in process of transferring over)
----Encrypted Dataset (passphrase, newly created but same passphrase)
--------PhotoVideo (copied over from FrickNASty/Encrypted/PhotoVideo using
zfs send -Rw | zfs recv -Fuv
originally individually locked (as in not inherited), but after I load the keys and unlock it, I set it to unlock with parent and to inherit parent encryption)--------Dataset2 (originally individually locked (as in not inherited), but after I load the keys and unlock it, I set it to unlock with parent and to inherit parent encryption)
Remote TrueNAS Core 13.0U5
-BrownNASbackup (no longer available, old config, but potentially relevant) (pool)
----RemoteBackups (passphrase encrypted dataset)
--------PhotoVideo (ZFS replication task target from FrickNASty/Encrypted/PhotoVideo)
-Yolen (new pool with new vdev configuration) (pool)
----RemoteBackups (passphrase encrypted dataset, same passphrase as everything else)
--------PhotoVideo (Copied over dataset and all snapshots using "zfs send -Rw BrownNASbackups/RemoteBackups/PhotoVideo | zfs recv -Fuv Yolen/RemoteBackups/PhotoVideo", then unlocked successfully using passphrase, then via GUI said to unlock with parent and inherit parent encryption)
--------Dataset2 (ZFS replication task target)
1) For the Yolen/RemoteBackups/PhotoVideo that was originally created from zfs replication target and copied over from BrownNASbackup to Yolen, have I lost the ability to access this data since I changed it to inherit parent encryption and I presume from my options that the IVs were not sent?
I copied over dataset and all snapshots using the following:
zfs send -Rw BrownNASbackups/RemoteBackups/PhotoVideo | zfs recv -Fuv Yolen/RemoteBackups/PhotoVideo
then unlocked successfully using passphrase, then via GUI said to unlock with parent and inherit parent encryption
if I do
zfs get encryptionroot Yolen/RemoteBackups/PhotoVideo
it says the root is Yolen/RemoteBackupsSo I
zfs load-key Yolen/RemoteBackups
and enter passphrase and it seems like it loads the keyAnd then if I
zfs load-key Yolen/RemoteBackups/PhotoVideo
it says error: keys must be loaded for encryption root.I verify that with
zfs mount Yolen/RemoteBackups
that I can mount it, greatthen I do
zfs mount Yolen/RemoteBackups/PhotoVideo
and I get a Permission denied errorOK, so
zfs get keystatus Yolen/RemoteBackups/PhotoVideo
shows "keystatus: available"Ok, so lets load it, keyload error, must be loaded for encryption root. Boo.
zfs get keystatus Yolen/RemoteBackups
shows key is available and then "load-key" shows that key is already loaded.I used the same passphrase throughout for all encrypted datasets. I think my error was changing the dataset to use inherit encryption after sending with the -R flag. Is there anyway to change this. It was created from the local FrickNASty/PhotoVideo which I still have access to.
I am bringing up this whole mounting error because ZFS replication from FrickNASty to Yolen fails only on this dataset and not any others. It actually causes a kernel panic and my machine resets. I can also trigger the same kernel panic and reset by trying to unlink the zfs encryption from the parent and use the same passphrase again on the PhotoVideo dataset, so I think this is where the issue is.
there are older snapshots on Yolen/RemoteBackups/PhotoVideo that I would like to keep, which is why I am not just starting over with the replication task. I want to resume the replication from the last in sync auto snapshot, which both pools have many in common still. I rolled Yolen/RemoteBackups/PhotoVideo back to this last snapshot but the replication task fails, I believe because of these encryption differences.
Is there anything I can do to fix this and save Yolen/RemoteBackups/PhotoVideo?
2). In moving over from FrickNASty to Roshar, have I introduced the same issue?
I copied over from FrickNASty/Encrypted/PhotoVideo using "zfs send -Rw | zfs recv -Fuv" into Roshar/Encrypted/PhotoVideo. After the zfs send recv, it was locked as expected, so I unlocked it, and then set it to unlock with the parent (inherit parental encryption) which was a newly created dataset with the same passphrase as FrickNASty/Encrypted.
I can access Roshar/Encrypted/PhotoVideo however, and it acts as expected when unencrypting the parent, but is this just because I haven't unmounted and deleted FrickNASty/Encrypted and it is still loading the IVs from there? I could always unmount FrickNASty pool all together, then reboot and see if I can access the datasets as expected or not.
How can I fix this?
@morganL , this is the root issue of the zfs send recv thread I had started earlier that you had commented on.]
Last edited: