-
Important Announcement for The TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
PhiloEpisteme
Guru
- Joined
- Oct 18, 2018
- Messages
- 969
So, my guess (hope?) is that what happened was the system wasn't ready to be rebooted and now just isn't sure how to decrypt your disks. It is interesting that you're getting databank01 listed in storage_volume but no disks in storage_encrypteddisk.
If possible, I suggest you look in /data/geli and make temporary backups of any files in there. They may not prove useful; but they might and it will be nice to have them on hand just in case.
So, you can try a few things from here. You can try to import the pool via the GUI, providing the recovery key that you have to unlock the disks. If that works immediately click on the pool and select "Rekey Pool" and download that key, then add a passphrase if you want one, and then click "Add Recovery Key" and download that key as well. These will be the new keys to your pool.
Alternatively; you can attempt to unlock the disks manually; import them via the GUI; then rekey, passphrase, and recovery key exactly as described above.
If you cannot rekey the pool you can try to copy your recovery key to /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8 .key. Remember from above that you should keep backups of any files in that directory before you attempt this. Once you do this; restart your machine and then if the pool is unlocked upon restart rekey the pool, reset the passphrase, and re-add the recovery key exactly as above. Again, these new two keys you'll download will be the new keys for your pool; don't lose them. If this works move back any files to /data/geli except e7da5c5c-624b-4d0e-86bb-2afec29220c8 .key.
Do note that if you choose to try one of the above steps it will be important that you keep copies of your new keys. And if you run into trouble it would be helpful if you record exactly what you did, exact errors, etc and try to report back without taking further unreported steps. If you're unsure of any of the steps report back; it is important you get it right else you may inadvertently make the situation worse.
If possible, I suggest you look in /data/geli and make temporary backups of any files in there. They may not prove useful; but they might and it will be nice to have them on hand just in case.
So, you can try a few things from here. You can try to import the pool via the GUI, providing the recovery key that you have to unlock the disks. If that works immediately click on the pool and select "Rekey Pool" and download that key, then add a passphrase if you want one, and then click "Add Recovery Key" and download that key as well. These will be the new keys to your pool.
Alternatively; you can attempt to unlock the disks manually; import them via the GUI; then rekey, passphrase, and recovery key exactly as described above.
If you cannot rekey the pool you can try to copy your recovery key to /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8 .key. Remember from above that you should keep backups of any files in that directory before you attempt this. Once you do this; restart your machine and then if the pool is unlocked upon restart rekey the pool, reset the passphrase, and re-add the recovery key exactly as above. Again, these new two keys you'll download will be the new keys for your pool; don't lose them. If this works move back any files to /data/geli except e7da5c5c-624b-4d0e-86bb-2afec29220c8 .key.
Do note that if you choose to try one of the above steps it will be important that you keep copies of your new keys. And if you run into trouble it would be helpful if you record exactly what you did, exact errors, etc and try to report back without taking further unreported steps. If you're unsure of any of the steps report back; it is important you get it right else you may inadvertently make the situation worse.
I'm gonna wait till my pool shows up again - I was listed until I clicked on the lock icon. I will try to run that second command then.
What would happen if I would choose to remove all encryption? Once I'm able to unlock the pool obviously.. and get my data somewhere safe.
What would happen if I would choose to remove all encryption? Once I'm able to unlock the pool obviously.. and get my data somewhere safe.
PhiloEpisteme
Guru
- Joined
- Oct 18, 2018
- Messages
- 969
Why would it show up again?
Was this right after manually importing the pool but before doing anything else
Why would it show up again? Cause maybe it's having a hard time recognizing the drives?
I didn't manually import anything yet. The little lock symbol off to the right, I clicked it and it brought me to a password window, and when it got back to the pool page, the yellow circle was spinning.
I didn't manually import anything yet. The little lock symbol off to the right, I clicked it and it brought me to a password window, and when it got back to the pool page, the yellow circle was spinning.
PhiloEpisteme
Guru
- Joined
- Oct 18, 2018
- Messages
- 969
I would be very concerned about a system which has a hard time recognizing drives. What would cause this? And why would it resolve itself? And isnt that a nad state to be in?
So you are attempting to unlock the pool and it wont unlock then?
So you are attempting to unlock the pool and it wont unlock then?
PhiloEpisteme
Guru
- Joined
- Oct 18, 2018
- Messages
- 969
Sorry for the delay, I've been in and out of internet a lot lately. Did you attempt any of the steps I outlined above to try to manually unlock your disks? My hope is that your system is simply unable to unlock your disks, if you have the correct keys this can be fixed.
You said you had the recovery keys from before all of this mess, right?
Also, what do you get when you enter the following commands.
If both of those commands return something then what about the following command?
If this command fails what about when you copy your recovery key to the freenas server via something like
Both of the unlock commands I've given assume that you don't have a passphrase on your pool. If you do, omit the
You said you had the recovery keys from before all of this mess, right?
Also, what do you get when you enter the following commands.
Code:
$ ls /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8* $ ls /dev/gptid/92916e9a-acbf-11e8-bb20-d0509987dc86*
If both of those commands return something then what about the following command?
Code:
$ geli attach -p -k /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8.key /dev/gptid/92916e9a-acbf-11e8-bb20-d0509987dc86
If this command fails what about when you copy your recovery key to the freenas server via something like
scp recovery.key <user>@<freenas_server>:~ and then trying to unlock using that key?Code:
$ geli attach -p -k ~/recovery.key /dev/gptid/92916e9a-acbf-11e8-bb20-d0509987dc86
Both of the unlock commands I've given assume that you don't have a passphrase on your pool. If you do, omit the
-p flag and attempt to unlock using the passphrase.
PhiloEpisteme
Guru
- Joined
- Oct 18, 2018
- Messages
- 969
Sorry, you're going to have to be more specific. Which command was not found?
PhiloEpisteme
Guru
- Joined
- Oct 18, 2018
- Messages
- 969
Would you mind copy-pasting the exact command and error?
Code:
FreeBSD 11.2-STABLE (FreeNAS.amd64) #0 r325575+5920981193f(HEAD): Mon Sep 16 23:00:13 UTC 2019
FreeNAS (c) 2009-2019, The FreeNAS Development Team
All rights reserved.
FreeNAS is released under the modified BSD license.
For more information, documentation, help or support, go here:
http://freenas.org
Welcome to FreeNAS
freenas# $ ls /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8*
-bash: $: command not found
freenas#I got that for each command you asked me to try.
PhiloEpisteme
Guru
- Joined
- Oct 18, 2018
- Messages
- 969
Yes, omit the
$ preceding the command; that is just a common way to indicate the command prompt.Am I safe to post a screenshot of my results here, or is that privy to my server?
The first two commands gave me feedback, the third had nothing to say, and the fourth was "geli" ratting itself out saying it couldn't find a directory or file by that name.
The first two commands gave me feedback, the third had nothing to say, and the fourth was "geli" ratting itself out saying it couldn't find a directory or file by that name.
PhiloEpisteme
Guru
- Joined
- Oct 18, 2018
- Messages
- 969
I believe so, just don't provide your passphrase or a copy of your key file.
I'm happy to continue helping but it would be really helpful to me if you provided more information in your replies. Exact copy-pastes of what you typed and the output are super helpful so I know the exact command and order of anything you attempted. Perhaps here it was just out of worry that you shouldn't copy-paste potentially sensitive data; but in general it will help me keep the context in my head.
PhiloEpisteme
Guru
- Joined
- Oct 18, 2018
- Messages
- 969
Thanks. In the future, if able, copy-paste is preferred so I can copy-paste your output to reply and help clarify. :)
It looks like this command worked.
Because the first command was successful, this one was unnecessary. Take careful not of my comments in this post where I said to attempt to use
recovery.key only if data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8.key failed. It further mentioned that if you did try recovery.key that you would need to copy it to your server using scp or similar. The fact that you got an error geli: Cannot open keyfile /root/recovery.key: No such file or directory. suggests that you didn't perform the scp step first.I know it may seems like I'm being a bit nitpicky here; but I promise it is for a reason. :) Primarily it is because encryption can be tricky and it is important to enter every command in the correct sequence and to provide the full information so that I don't accidentally give you bad advice or you don't accidentally trash your pool by entering commands incorrectly or out of order.
Anyway, the good news it, it looks like the key you have in your system is the correct key, at least for one of your drives. What we are going to try next is to manually unlock each drive in your pool using the key that worked above,
/data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8.key. Go ahead and try the following commands. If they all work, navigate to pools and show me what it shows. If any of the commands fail then show me the exact command and error as well the output of ls /dev/gptid.Code:
geli attach -p -k /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8.key /dev/gptid/979acf23-acbf-11e8-bb20-d0509987dc86 geli attach -p -k /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8.key /dev/gptid/9d9dbfc2-acbf-11e8-bb20-d0509987dc86 geli attach -p -k /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8.key /dev/gptid/a2b34942-acbf-11e8-bb20-d0509987dc86
Results:
I don't have a file called "recovery.key" that I'm aware of.
I understand the need to do things in the right order. You don't come across as nitpicky to me. That said, the only thing I can't do from my GUI is see the pool listing in this pane (see img). I'm not sure if it actually decrypted the drives as it went through that stage pretty smoothly. Kinda scary..
Code:
freenas# geli attach -p -k ~/recovery.key /dev/gptid/92916e9a-acbf-11e8-bb20-d0509987dc86 geli: Cannot open keyfile /root/recovery.key: No such file or directory. freenas# geli attach -p -k /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8.key /dev/gptid/979acf23-acbf-11e8-bb20-d0509987dc86 geli: Cannot access gptid/979acf23-acbf-11e8-bb20-d0509987dc86 (error=1). freenas# geli attach -p -k /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8.key /dev/gptid/9d9dbfc2-acbf-11e8-bb20-d0509987dc86 geli: Cannot access gptid/9d9dbfc2-acbf-11e8-bb20-d0509987dc86 (error=1). freenas# geli attach -p -k /data/geli/e7da5c5c-624b-4d0e-86bb-2afec29220c8.key /dev/gptid/a2b34942-acbf-11e8-bb20-d0509987dc86 geli: Cannot access gptid/a2b34942-acbf-11e8-bb20-d0509987dc86 (error=1). freenas# ls /dev/gptid 92916e9a-acbf-11e8-bb20-d0509987dc86 92916e9a-acbf-11e8-bb20-d0509987dc86.eli 979acf23-acbf-11e8-bb20-d0509987dc86 979acf23-acbf-11e8-bb20-d0509987dc86.eli 9d9dbfc2-acbf-11e8-bb20-d0509987dc86 9d9dbfc2-acbf-11e8-bb20-d0509987dc86.eli a2b34942-acbf-11e8-bb20-d0509987dc86 a2b34942-acbf-11e8-bb20-d0509987dc86.eli fcb3e9cd-acb6-11e8-9358-d0509987dc86 fd086d4d-acb6-11e8-9358-d0509987dc86
I don't have a file called "recovery.key" that I'm aware of.
I understand the need to do things in the right order. You don't come across as nitpicky to me. That said, the only thing I can't do from my GUI is see the pool listing in this pane (see img). I'm not sure if it actually decrypted the drives as it went through that stage pretty smoothly. Kinda scary..
Attachments
Similar threads
