I have a server I wish to be unattended (prolonged power failure -> auto reboot) perhaps even remote. When I built the server, I foolishly decided to use GELI encryption on the mirrored boot drives. Full Stop! That means it hangs at the encryption passphrase begging line...forever if it is unattended and the power fails beyond the UPS life.
So how to remove the GELI layer encryption on a working server? The March/April 2020 edition of the FreeBSD Journal, page 19 pointed the way.
The following does it easily on my GELI encrypted, zfs mirrored SSD drives (raid1). Tested on two different machines (FBSD v11.3), works perfectly. Enjoy.
root@Xeon_Left ~ # zpool status
root@Xeon_Left ~ # zpool offline zroot ada0p3.eli
root@Xeon_Left ~ # zpool status
root@Xeon_Left ~ # geli kill /dev/ada0p3.eli
root@Xeon_Left ~ # zpool replace zroot 9766920236825613726 /dev/ada0p3
*READ THE OUTPUT*
root@Xeon_Left ~ # gpart show
just in case...
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada1
reboot (the GELI password nagging should be gone)
So how to remove the GELI layer encryption on a working server? The March/April 2020 edition of the FreeBSD Journal, page 19 pointed the way.
The following does it easily on my GELI encrypted, zfs mirrored SSD drives (raid1). Tested on two different machines (FBSD v11.3), works perfectly. Enjoy.
root@Xeon_Left ~ # zpool status
Code:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
ada0p3.eli ONLINE 0 0 0
ada1p3.eli ONLINE 0 0 0
root@Xeon_Left ~ # zpool offline zroot ada0p3.eli
root@Xeon_Left ~ # zpool status
Code:
NAME STATE READ WRITE CKSUM
zroot DEGRADED 0 0 0
mirror-0 DEGRADED 0 0 0
9766920236825613726 OFFLINE 0 0 0 was /dev/ada0p3.eli
ada1p3.eli ONLINE 0 0 0
root@Xeon_Left ~ # geli kill /dev/ada0p3.eli
root@Xeon_Left ~ # zpool replace zroot 9766920236825613726 /dev/ada0p3
*READ THE OUTPUT*
root@Xeon_Left ~ # gpart show
Code:
=> 40 500118112 ada0 GPT (238G)
40 1024 1 freebsd-boot (512K)
1064 984 - free - (492K)
2048 2097152 2 freebsd-swap (1.0G)
2099200 498018304 3 freebsd-zfs (237G)
500117504 648 - free - (324K)
=> 40 500118112 ada1 GPT (238G)
40 1024 1 freebsd-boot (512K)
1064 984 - free - (492K)
2048 2097152 2 freebsd-swap (1.0G)
2099200 498018304 3 freebsd-zfs (237G)
500117504 648 - free - (324K)
just in case...
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada1
reboot (the GELI password nagging should be gone)