-
Important Announcement for The TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
SOLVED Unlock datasets through CLI
- Thread starter kirbyhi5
- Start date
After some searching I believe I found a thread covering this.
www.truenas.com
I would delete my thread but I don't see an option for it.
How Do I Decrypt my ZFS drive via SSH?
Hello, I'd like to know how to decrypt my ZFS drive via SSH in the case that the power goes out for a long time (And the NAS powers off/on once the UPS dies) while I'm away. I would port forward the webGUI but I use a Surface RT when I'm away and it seems IE11 on here cannot process the okay...
www.truenas.com
I would delete my thread but I don't see an option for it.
- Joined
- Nov 12, 2015
- Messages
- 1,471
That thread is very old and for the v1.0 API system. You'll need to do similar with v2.0:
Take a look at this API call:
You should be able to call it from the CLI using 'midclt call pool.dataset.unlock <properties>'
Take a look at this API call:
You should be able to call it from the CLI using 'midclt call pool.dataset.unlock <properties>'
ornias
Wizard
- Joined
- Mar 6, 2020
- Messages
- 1,458
Thank you. I've tried using curl but I'm not getting any response messages. What exactly am I doing wrong?That thread is very old and for the v1.0 API system. You'll need to do similar with v2.0:
Take a look at this API call:
View attachment 44845
You should be able to call it from the CLI using 'midclt call pool.dataset.unlock <properties>'
Code:
curl "https://xxxx/api/v2.0/pool/id/xxxx/unlock" -k -X POST -H "accept: */*" -H "Content-Type: application/json" -H "Authorization: Bearer 1-xxxx" -d '{"passphrase": "xxxx","recoverykey": false,"services_restart": [null]}'
- Joined
- May 27, 2011
- Messages
- 1,754
I have a question first. Why are you using a passphrase if you dont want the datasets to be locked on reboot? Why not simple use the keys without passphrase?
As far as the API goes, it must be doing something, use curl -v and paste output
Also try adding a ending slash to the url (...unlock/)
As far as the API goes, it must be doing something, use curl -v and paste output
Also try adding a ending slash to the url (...unlock/)
I plan on running the script manually myself anytime I want to unlock my datasets, so this won't be an automatic thing that happens at reboot if that's what you mean. I don't access them that often so it's fine this way.
I tested the curl command with other queries and it works fine, so it must be related to the json being submitted. Here is the verbose output:
Code:
* Trying xxx.xxx.x.xx:443... * Connected to xxx.xxx.x.xx (xxx.xxx.x.xx) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /usr/local/share/certs/ca-root-nss.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=Napo Ltd; C=US; ST=Georgia; L=Atlanta; O=Napo Ltd; emailAddress=x@gmail.com * start date: Oct 12 17:02:24 2020 GMT * expire date: Feb 28 17:02:24 2048 GMT * issuer: CN=Napo Ltd; C=US; ST=Georgia; L=Atlanta; O=Napo Ltd; emailAddress=x@gmail.com * SSL certificate verify result: self signed certificate (18), continuing anyway. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x801451c00) > POST /api/v2.0/pool/id/Arai%2access/unlock HTTP/2 > Host: xxx.xxx.x.xx > user-agent: curl/7.72.0 > accept: */* > content-type: application/json > authorization: Bearer 1-xxxx > content-length: 126 > * We are completely uploaded and fine * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! < HTTP/2 200 < server: nginx < date: Thu, 04 Feb 2021 16:53:57 GMT < content-type: text/plain; charset=utf-8 < content-length: 2 < strict-transport-security: max-age=31536000 < x-content-type-options: nosniff < x-xss-protection: 1 < * Connection #0 to host xxx.xxx.x.xx left intact 52
Just wanted to update this with the fixed curl.
Code:
curl "https://$host/api/v2.0/pool/dataset/unlock" -k -X POST -H "accept: */*" -H "Content-Type: application/json" -H "Authorization: Bearer 1-$API_TOKEN" -d '{"id": "$pool","unlock_options": {"key_file": false,"recursive": false,"toggle_attachments": true,"datasets": [{"name" : "$pool" , "passphrase" : "$pass"}]}}'
NickolasFennema
Cadet
- Joined
- Jan 29, 2023
- Messages
- 1
i also got that "dataset is not locked problem and can't fix that for now
maybe someone can help with that?
joseborera
Cadet
- Joined
- Jan 31, 2023
- Messages
- 2
Thanks!
Thanks all. I had same issue. The API was very unhelpful in it's responses. Eventually got a script working that can unlock zfs datasets remotely on-demand or when truenas reboots.
For anyone interested: https://github.com/ThorpeJosh/truenas-zfs-unlock
For anyone interested: https://github.com/ThorpeJosh/truenas-zfs-unlock
Similar threads
