Solved Encrypted ZFS pool disappears after reboot

P

Phobios

I have added an encrypted raidz2 zfs pool for storage with 8 disks to my newly installed system. When I create it, it works fine and shows 50TB of free space. When I reboot my system, however, and reattach the encrypted drives and import the pool, any files I had on it are gone and df -h shows a little over 100G of space available in total.

zpool status also shows nothing out of the ordinary.


Code: 
  pool: library
state: ONLINE
  scan: none requested
config:

        NAME          STATE     READ WRITE CKSUM
        library       ONLINE       0     0     0
          raidz2-0    ONLINE       0     0     0
            da0.eli   ONLINE       0     0     0
            da1.eli   ONLINE       0     0     0
            da2.eli   ONLINE       0     0     0
            da3.eli   ONLINE       0     0     0
            ada0.eli  ONLINE       0     0     0
            ada1.eli  ONLINE       0     0     0
            ada2.eli  ONLINE       0     0     0
            ada3.eli  ONLINE       0     0     0

It feels like I am missing something really simple.
 
I don't use encrypted ZFS pools myself but do have some geli experience, and having said that I have a theory as to what happened here: you should encrypt the pool itself, not the vdevs which make it up. In fact, I am surprised that the pool continued to work at all.

My guess is that you may have added the .geli extensions to all the devices you wanted to use for the pool (as shown in the screenshot). However... That would only create a 'one-time only' encryption, which is basically only suitable for swap spaces because you won't be able to access the same data at a later time. See geli(8) for more information on that.

(edit) Of course this is speculation on my part, but it would explain the current behavior.

So: how did you set up this pool?
 
I followed the steps outlined in this post: https://www.daveeddy.com/2015/12/04/zfs-zpool-encryption-with-geli-on-freebsd/

Edit: Trying zpool list shows my pool having a total of 72.5T though... don't know why there is a discrepancy.

Edit2: Ok, seems like the pool isn't mounted to /library, which is why df -h shows the free space for the root pool.

Solution: Doing zfs mount library makes it work, and all files are there.

Still curious about ShelLuser's reasoning. Should I be concerned about using encryption the way I do it? Any risk of losing data down the line?
 
I suggest just following the installer. That article was written at a time when the installer wasn't capable of creating an encrypted ZFS system.
 
Oh, for the system I did follow the installer. No issues there with zfs+encryption. This is for my storage pool.
 
Oh, right. This is an additional pool being added to an existing system. The way you have set it up is correct. There's only one downside to this system and that's the encryption itself. You must run the attach script, then run zfs mount -a. There's no need to import/export the pool (unless you're moving the whole pool to a different machine).

After a reboot, up until you run the 'attach' the entire pool will be in a degraded and unavailable state, hence nothing from it is mounted (the system can't read it). Once GELI has been attached the pool will automatically return to online (still nothing is mounted). Running zfs mount -a simply mounts everything that should be mounted.
 
You must log in or register to reply here.
Back
Top