I have been running V11 for the last 6 months for personal use on my home netowrk - my first work with freenas. I upgraded to 11-1 last week and upon reboot I had to unlock the storage.
Did you not have to unlock them before.
I have 4 WD reds, encrypted with passphrase and key. After the upgrade, I had to unlock the storage.
If they always had a passphrase you would have to have unlocked them manually.
I am not often home, though I can VPN to the network to unlock the storage. Can the storage be automatically unlocked after a reboot if the storage is encrypted? I'd rather not remove the encryption as a work a round. Or, does anyone know a command line or script that can be run to unlock the storage?
The simplest is to have the volumes without passphrase. However everything else you want is possible, just depends on how much time you want to spend on it.
-You can ssh and unlock your volumes that way
-You can setup script to automatically unlock your volumes. But this depends on what you want. I used to do this 2013 via two remote USB disks that needed to be connected to decrypt. In other words you stole the PC but didn't know about the remote USB's then they have access nothing.
Simplified version: USB1 encrypted but no passphrase with decryption script for USB2 Post init loads USB1's script to decrypt USB2 > USB1's script would also runs the decrypting script for the pools. The passphrases (Security through obfuscation ) would be in file in some obscure directory as the first line amongst other text.
-You can also set it so that a specific pool/s will decrypt on an IP address becoming available.
Most important bits:
You need: /data/geli/ and /dev/gptid keys.
Will give the gptid key
#zpool status "your pool"
Will give you the geli key
#sqlite3 /data/freenas-v1.db "select * from storage_volume"
AK8 posted a script:
https://www.ixsystems.com/community...s-volume-via-shell-or-remotely-via-ssh.12018/
Example script below enter your corresponding info and # out the second drive, save as .sh file. To test lock your pool and run this script from the shell. This should give you a start then it's upto you how you want to do the nightmare.
****************************************************************************
#!/bin/sh
#2013 This file is to Auto Decrypt And Mount Encrypted ZFS Volumes.
#The passphrase file is not 'geli.key or the geli_recovery.key'.
#when adding a volume with multiple ZFS Drives the geli key is the same but the /dev/gptid's are different.
# Checks iF: /Passphrase file is available if not script cancels.
#if [ -e /mnt/Address to passphrase file ]; then
# echo "File Found..." >&2
#else
# echo "OOP's! Where is it??" >&2
# exit 1
#fi
##First VOLUME
#'Users' disk 3TB WD
geli attach -j "Address to passphrase file" -k /data/geli/your geli.key /dev/gptid/your gptid key
#Mounts the ZFS Volume pool
zpool import -R /mnt Users
#'Media' Volume 3TB WD disk
geli attach -j "Address to passphrase file" -k /data/geli/your geli.key /dev/gptid/your gptid key
#Mounts the ZFS Volume pool
zpool import -R /mnt Media
sleep 4
#Service restarts may not be needed by FN10+ Automatic upon decryption.
#Exits the script
exit 1
**********************************************************************************