SOLVED Unable to import pool of encrypted drives in GUI [FreeNAS 11.2-U6]

[amarburg]

On a Mini XL with 8 x 12TB drives in a RAID-Z2. For a variety of reasons, I in-place encrypted the drives under 11.2-U4.1 using the instructions from here. It was "simple" if time-consuming. I have the geli key and passphrase. Unfortunately, I did not re-import the pool into FreeNAS before upgrading to 11.2-U6.

So now I'm in a pretty stable place. I can manually decrypt the drives (with "geli attach...") and manually import the pool (zpool import -a).

I _cannot_ import the drive into the GUI.

I can "Import Pool" and select "Decrypt". Then provide the GELI key and passphrase:

.... under the new UI, I get basically no response other than "undefined" in the system log.

... under the _old_ UI, I do get some output in /var/log/debug.log:

Code:

Oct  8 15:42:04 canine uwsgi: [middleware.notifier:179] Popen()ing: /usr/sbin/diskinfo ada0
Oct  8 15:42:04 canine uwsgi: [middleware.notifier:179] Popen()ing: /usr/sbin/diskinfo ada1
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: /usr/sbin/diskinfo ada3
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: /usr/sbin/diskinfo ada4
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: /usr/sbin/diskinfo ada5
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: /usr/sbin/diskinfo ada6
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: /usr/sbin/diskinfo ada7
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: /usr/sbin/diskinfo ada8
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: geli dump ada0
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: geli dump ada1
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: geli dump ada3
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: geli dump ada4
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: geli dump ada5
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: geli dump ada6
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: geli dump ada7
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:179] Popen()ing: geli dump ada8
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:663] ada0 already detached
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:663] ada1 already detached
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:663] ada3 already detached
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:663] ada4 already detached
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:663] ada5 already detached
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:663] ada6 already detached
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:663] ada7 already detached
Oct  8 15:42:05 canine uwsgi: [middleware.notifier:663] ada8 already detached

so it's attempting to query the drives. But it isn't actually finding them as encrypted drives or presenting them in the UI.

Thoughts on next steps? As I said, my data is stable and accessible, it's just a question of bringing the pool into the UI database.

 

[dlavigne]

Were you able to resolve this?

 

[amarburg]

No, I have not made any headway.

 

[amarburg]

Or rather, I don't have any idea what direction to take to diagnose.

 

[amarburg]

For the record, I _was_ able to resolve this issue. Short answer is that I missed a crucial step in the previous instructions. In the sample (the first post) the pool consists of a set of GPT partitions. By the instructions, you bring each offline, enable GELI encryption, then bring the encrypted partition back into the zpool to replace its unencrypted self.

When I did the process, my pool consisted of bare drives (the zpool contained ada0, ada1, etc). I don't know how this happened, but there it was. So I followed the same procedure: remove drive, encrypt drive, replace drive. Which brought me to the broken place as FreeNas was not looking for drives.

I was able to get back to working by repeating the full replacement of each drive, including manual creation a new GPT partition table and partition on each drive, so the steps for any drive are:

1. zpool offline zvol1 some_drive
2. gpart create -s gpt some_drive
3. gpart add -t freebsd-zfs some_drive
(geom part to get UUID of new partition)
4. geli init -s 4096 -K keyfile gptid/new_uuid_of_paritition
5. geli attach -k keyfile gptid/new_uuid_of_partition
6. zpool replace zvol1 some_drive gptid/new_uuid_of_partition.eli

where 2 and 3 are the steps I missed before. Repeat 8 times over 2 weeks and voila.