bluonek
Dabbler
- Joined
- Oct 27, 2014
- Messages
- 34
After reading the docs and a few community posts I have a semi-clear idea of how to upgrade my encrypted mirror volume. Looking for validation before I take action.
Scenario:
Planned Steps (known questions in bold):
Thanks for the time and validation
-blu1k
Scenario:
- FreeNAS 11.1-U7
- One open drive port
- Drives (Currently): One vdev with two 4TB drives in mirror encrypted w/ GELI (4TB drives to be removed/discarded after upgrade)
- Drives (After Upgrade): One vdev with two 10TB drives in mirror encrypted w/ GELI
Planned Steps (known questions in bold):
- Shut down FreeNAS
- Install 1st 10TB drive into open drive port (keep the two 4TB drives in place)
- Boot FreeNAS
- Unlock volume (the two 4TB drives in mirror)
- "Replace" 1st 4TB drive with 1st 10TB drive
- Storage --> Volumes --> View Volumes --> Volume Status --> Replace button
- Choose 1st 10TB drive
- Enter encryption passphrase because "WARNING: The recovery key of your volume will be invalidated!"
- Is it OK to use a new passphrase here? Or is this asking for the current passphrase for security purposes?
- Notice I didn't "Offline" the drive - Is this needed when the drive being replaced is *not degraded? I'd rather not offline the drive in order to maintain redundancy during resilver - Does encryption complicate this desire for redundancy during resilver?
- Wait for resilver to complete
- Follow steps from user guide against the pool
- Encryption Re-key
- Create Passphrase (using new passphrase)
- Download Key
- Add Recovery Key
- Shut down FreeNAS
- Remove 1st 4TB drive and replace with 2nd 10TB drive
- Boot FreeNAS
- Unlock volume using new passphrase
- Repeat steps 5-7 to replace 2nd 4TB drive with 2nd 10TB drive
- Use same new passphrase from first pass of step 7
- Save new key and recovery key since the ones from the first pass will no longer be valid
- Shut down FreeNAS
- Remove 2nd 4TB drive
- Boot FreeNAS
- Unlock volume with new passphrase
- Anything else? Something to do with SMART settings? Not sure.
Thanks for the time and validation
-blu1k