Can't mount Legacy-Encrypted pools in TrueNAS 12

eljojo · Oct 20, 2020

tl;dr can't mount GELI-encrypted drives after upgrading, maybe glitch in web ui?

Hello everyone,

I recently upgraded my FreeNAS 11.3 install to TrueNAS 12. Upon restart I noticed that there was no option to unlock my encrypted drives. I've searched everywhere but can't seem to find the option. Am I missing something out?

I've read that migration into the new native ZFS encryption can be complex, but that's not what I'm attempting here. Right now I can't seem to access the contents of my pools at all. Would it be possible to mount them using the command line?

I noticed that in the "add pool" option there seems to be a way to import legacy pools, but I can't seem to pick the appropriate drives? am I supposed to "export" my pools first?

I exported a full backup of my config and keys before upgrading.

Attached is screenshots of the Web UI. The only visible option is "Export/Disconnect".

Any help would be gladly appreciated! Congrats on the new release!

specs:

CPU: Intel(R) Atom(TM) CPU C3758 @ 2.20GHz
RAM: 32GB ECC
Motherboard: Supermicro MBD-A2SDI-H-TF-O

hdd-pool: 5x 4TB HDD, RAIDZ-1
sdd-pool: 2x 1TB SSD, RAID 1 (mirror)

sretalla · Oct 21, 2020

eljojo said:
I noticed that in the "add pool" option there seems to be a way to import legacy pools, but I can't seem to pick the appropriate drives? am I supposed to "export" my pools first?

In order to import a pool in the GUI, it must first be exported, so, yes.

Dohmar · Oct 21, 2020

I had a problem when I upgraded to RC1. The geli.key wasn't exported in my config and the last 4 backups didn't have it, but February DID have the geli.key.
I then had to use CLI to decrypt each drive in the pool, individually - once each drive had been decrypted, then I was able to import the pool....
I just hope you have your geli.key because if I wasn't so pedantic and keep almost all of my config backups, I would've been in big doo-doo

eljojo · Oct 21, 2020

thanks for your help @sretalla and @Dohmar, exporting and re-importing did the job beautifully. Good tip on the GELI key too, I didn't need it this time but I already had it backed up too. Being pedantic definitely pays off!

Do you happen to know the background to why this is needed? I haven't done this in the past

Mastakilla · Oct 23, 2020

After reading this, I wonder what would be the proper way to prepare for the upgrade?

Should I export my encrypted pool before upgrading from FreeNAS 11 to TrueNAS12?
Or upgrade first, then export and import the encrypted pool?
Or doesn't it matter at all?

Any other important preparation steps I should remember to do?
Backup of my config incl password secret seed and pool encryption keys I suppose is the minimum...

sretalla · Oct 23, 2020

Mastakilla said:
After reading this, I wonder what would be the proper way to prepare for the upgrade?

Should I export my encrypted pool before upgrading from FreeNAS 11 to TrueNAS12?
Or upgrade first, then export and import the encrypted pool?
Or doesn't it matter at all?

I'm not sure that we confirmed the reason why the pool didn't just mount from the config as normal after the upgrade, so I wouldn't recommend doing anything with it until you find that it doesn't import.

It's not usually a great concern for a pool to be unmounted (especially an encrypted one where this can happen for various reasons, intentional or not) for a period of time.

Mastakilla said:
Backup of my config incl password secret seed and pool encryption keys I suppose is the minimum...

Indeed you should do that.

Important Announcement for the TrueNAS Community.

Can't mount Legacy-Encrypted pools in TrueNAS 12

eljojo

Cadet

sretalla

Powered by Neutrality

Dohmar

Dabbler

eljojo

Cadet

Mastakilla

Patron

sretalla

Powered by Neutrality

Similar threads