Wondering if someone could offer some guidance on replacing a failed encrypted disk. My NAS is running FreeNAS version 9.10.2 with a four disk RAIDZ1 pool where one of the disks has failed and is showing as "Unavailable". After a reboot, I was unable to unlock the volume with the passphrase (although I'm certain it was the correct passphrase) and needed to use the recovery key.
The relevant entries in /var/log/messages when trying to unlock the volume using the passphrase are as follows
The relevant entries in /var/log/messages when trying to unlock the volume using the recovery key are as follows
I'm ready to replace the failed disk and looking at section 8.1.10.1 of the manual it says to make sure that a passphrase has been set before attempting to replace the failed disk.
Do I need to make sure the volume can be unlocked using the passphrase instead of using the recovery key first or is it safe to go ahead and follow the steps outlined in section 8.1.10.1?
The relevant entries in /var/log/messages when trying to unlock the volume using the passphrase are as follows
Code:
Jan 21 23:15:34 nas1 manage.py: [middleware.exceptions:37] [MiddlewareError: Unable to geli attach gptid/437c2d59-d05c-11e6-9fe5-94188237bde4: geli: Wrong key for gptid/437c2d59-d05c-11e6-9fe5-94188237bde4.] Jan 21 23:15:34 nas1 manage.py: [middleware.notifier:1333] [MiddlewareError: Unable to geli attach gptid/437c2d59-d05c-11e6-9fe5-94188237bde4: geli: Wrong key for gptid/437c2d59-d05c-11e6-9fe5-94188237bde4.] Jan 21 23:15:34 nas1 manage.py: [middleware.exceptions:37] [MiddlewareError: Unable to geli attach gptid/4442cef7-d05c-11e6-9fe5-94188237bde4: geli: Cannot open gptid/4442cef7-d05c-11e6-9fe5-94188237bde4: No such file or directory.] Jan 21 23:15:34 nas1 manage.py: [middleware.notifier:1333] [MiddlewareError: Unable to geli attach gptid/4442cef7-d05c-11e6-9fe5-94188237bde4: geli: Cannot open gptid/4442cef7-d05c-11e6-9fe5-94188237bde4: No such file or directory.] Jan 21 23:15:35 nas1 manage.py: [middleware.exceptions:37] [MiddlewareError: Unable to geli attach gptid/4507584e-d05c-11e6-9fe5-94188237bde4: geli: Wrong key for gptid/4507584e-d05c-11e6-9fe5-94188237bde4.] Jan 21 23:15:35 nas1 manage.py: [middleware.notifier:1333] [MiddlewareError: Unable to geli attach gptid/4507584e-d05c-11e6-9fe5-94188237bde4: geli: Wrong key for gptid/4507584e-d05c-11e6-9fe5-94188237bde4.] Jan 21 23:15:37 nas1 manage.py: [middleware.exceptions:37] [MiddlewareError: Unable to geli attach gptid/45d46510-d05c-11e6-9fe5-94188237bde4: geli: Wrong key for gptid/45d46510-d05c-11e6-9fe5-94188237bde4.] Jan 21 23:15:37 nas1 manage.py: [middleware.notifier:1333] [MiddlewareError: Unable to geli attach gptid/45d46510-d05c-11e6-9fe5-94188237bde4: geli: Wrong key for gptid/45d46510-d05c-11e6-9fe5-94188237bde4.] Jan 21 23:15:37 nas1 manage.py: [middleware.notifier:3547] Importing pool1 [10760730400820451254] failed with: cannot import '10760730400820451254': no such pool available Jan 21 23:15:37 nas1 manage.py: [middleware.exceptions:37] [MiddlewareError: Volume could not be imported: 4 devices failed to decrypt]
The relevant entries in /var/log/messages when trying to unlock the volume using the recovery key are as follows
Code:
Jan 21 23:34:07 nas1 manage.py: [middleware.exceptions:37] [MiddlewareError: Unable to geli attach gptid/4442cef7-d05c-11e6-9fe5-94188237bde4: geli: Cannot open gptid/4442cef7-d05c-11e6-9fe5-94188237bde4: No such file or directory.] Jan 21 23:34:07 nas1 manage.py: [middleware.notifier:1333] [MiddlewareError: Unable to geli attach gptid/4442cef7-d05c-11e6-9fe5-94188237bde4: geli: Cannot open gptid/4442cef7-d05c-11e6-9fe5-94188237bde4: No such file or directory.] Jan 21 23:34:07 nas1 GEOM_ELI: Device gptid/437c2d59-d05c-11e6-9fe5-94188237bde4.eli created. Jan 21 23:34:07 nas1 GEOM_ELI: Encryption: AES-XTS 128 Jan 21 23:34:07 nas1 GEOM_ELI: Crypto: hardware Jan 21 23:34:07 nas1 GEOM_ELI: Device gptid/4507584e-d05c-11e6-9fe5-94188237bde4.eli created. Jan 21 23:34:07 nas1 GEOM_ELI: Encryption: AES-XTS 128 Jan 21 23:34:07 nas1 GEOM_ELI: Crypto: hardware Jan 21 23:34:07 nas1 GEOM_ELI: Device gptid/45d46510-d05c-11e6-9fe5-94188237bde4.eli created. Jan 21 23:34:07 nas1 GEOM_ELI: Encryption: AES-XTS 128 Jan 21 23:34:07 nas1 GEOM_ELI: Crypto: hardware Jan 21 23:34:09 nas1 ZFS: vdev state changed, pool_guid=10760730400820451254 vdev_guid=15284981435399470886 Jan 21 23:34:09 nas1 ZFS: vdev state changed, pool_guid=10760730400820451254 vdev_guid=5336657918979603785 Jan 21 23:34:09 nas1 ZFS: vdev state changed, pool_guid=10760730400820451254 vdev_guid=11073823045779350297
I'm ready to replace the failed disk and looking at section 8.1.10.1 of the manual it says to make sure that a passphrase has been set before attempting to replace the failed disk.
Do I need to make sure the volume can be unlocked using the passphrase instead of using the recovery key first or is it safe to go ahead and follow the steps outlined in section 8.1.10.1?