Gen8 Runner
Contributor
- Joined
- Aug 5, 2015
- Messages
- 103
Hi everyone,
no emergency post, just a general question, because i had the last time on expanding my pool capacity by bigger drives, serious problems due to full disk encryption.
In the FreeNAS User Guide, 9.4.1.1. Replacing an Encrypted Disk, it says:
"First, make sure that a passphrase has been set using the instructions in Managing Encrypted Pools before attempting to replace the failed drive. Then, follow steps 1 and 2 as described above. During step 3, there will be a prompt to enter and confirm the passphrase for the pool. Enter this information, then click REPLACE DISK. Wait until resilvering is complete.
Next, restore the encryption keys to the pool. If this additional step is not performed before the next reboot, access to the pool might be permanently lost. "
But isn't this procedure really riskfull?
If your computer crashes during resilvering, due to electricity fail in your city, hardware-fault, power-supply fault etc. and you didn't restore the encryption key, what happens exactly?
I had this case last time. I replaced just some hard drives by bigger ones, as suddenly the electricity broke down and the server switched off. I had severe problems, fixing this and a really big portion of luck.
1. Is here any improvement planned, that in those cases almost nothing can happen? (I know, 100% safety can never exist)
2. How can you protect yourself best at the moment from this fault? Resilvering takes sometimes 20 Hours or more, even a big USV cannot keep the Server for such a long time alive, until resilvering is completed and you can restore the encryption keys safely.
3. Is it possible, to start the resilvering process and immediately restore the encryption keys or is it really only possible at the end of the resilvering process?
So, which guideline would you recommend?
Cheers
no emergency post, just a general question, because i had the last time on expanding my pool capacity by bigger drives, serious problems due to full disk encryption.
In the FreeNAS User Guide, 9.4.1.1. Replacing an Encrypted Disk, it says:
"First, make sure that a passphrase has been set using the instructions in Managing Encrypted Pools before attempting to replace the failed drive. Then, follow steps 1 and 2 as described above. During step 3, there will be a prompt to enter and confirm the passphrase for the pool. Enter this information, then click REPLACE DISK. Wait until resilvering is complete.
Next, restore the encryption keys to the pool. If this additional step is not performed before the next reboot, access to the pool might be permanently lost. "
But isn't this procedure really riskfull?
If your computer crashes during resilvering, due to electricity fail in your city, hardware-fault, power-supply fault etc. and you didn't restore the encryption key, what happens exactly?
I had this case last time. I replaced just some hard drives by bigger ones, as suddenly the electricity broke down and the server switched off. I had severe problems, fixing this and a really big portion of luck.
1. Is here any improvement planned, that in those cases almost nothing can happen? (I know, 100% safety can never exist)
2. How can you protect yourself best at the moment from this fault? Resilvering takes sometimes 20 Hours or more, even a big USV cannot keep the Server for such a long time alive, until resilvering is completed and you can restore the encryption keys safely.
3. Is it possible, to start the resilvering process and immediately restore the encryption keys or is it really only possible at the end of the resilvering process?
So, which guideline would you recommend?
Cheers