Migrate GELI encrypted Volume from nas4free to freenas

[thisismyname]

Hiho,

probably a very simple question, but I'm stuck here - even google can't help.

I want to migrate from nas4free to freenas. The old disks are AES encrypted.

Following dialogs have been used to encrypt and decrypt: http://wiki.nas4free.org/doku.php?id=documentation:setup_and_user_guide:disk_encryption_tools

To import the old volume I used this dialog: http://doc.freenas.org/index.php/Volumes#Auto_Importing_a_GELI-Encrypted_ZFS_Pool

Input required:

1. disks => ok, I marked all disks. It seems like every disk is correctly detected.
2. encryption key
3. passphrase

Problem:

• In nas4free I never configured a keyfile.
• There is no dialog to export/import/configure the keyfile.
• So - I can't find the keyfile that is required to input import the Volume.

What I tried:

• find / -iname "*key*"
• Looked into /etc/rc.d/geli, nothing there...
• Looked in backuped config file of nas4free.

So.. anyone having a guess how to solve this?

Thanks in advance!

greetz myname

 

[cyberjock]

NAS4Free's implementation of encryption isn't compatible with FreeNAS. If you want to migrate to FreeNAS you're going to have to boot up two machines side by side and copy from one pool to the other over the network.

You could *probably* do it with enough command-line-fu but as nobody here plays with NAS4Free we can't even give you hints on how to make it work. To be honest I didn't even know NAS4Free had any encryption support. You're the first one to even mention it here.

Good luck!

 

[DrKK]

I think the community would be interested to know what you figure out on this. Please follow up, OP.

 

[BuddyButterfly]

Hi,

of course this can be done. And of course the implementation is compatible as both systems are based on Geli. I have just done it with the latest versions of both systems. Please see thread http://forums.freenas.org/index.php...ol-pool-auto-20131006-010000s1-error-6.21675/ for any background.

Backround:

- Geli has different methods of locking/unlocking. One is just with a password, and one is with a key and a password.
- n4f uses the password method, Freenas the key + password.

Please see this Wiki for any deeper background. Of importance here is the chapter "Setting/Changing the keys":
https://wiki.archbsd.net/index.php/GELI

Solution:
Luckily, Geli is able to have 2 key slots, though, not as many as luks does (10), which would be much nicer.
So, the solution is, to have the password method for slot 0 and the key + password in slot 1. All you have todo is generate a key and add it with a password into slot 1 for the encrypted disks of n4f. After this, the pools can be unlocked by Freenas.

 

[BuddyButterfly]

I think, I have to describe what I did, a bit more detailed.

- When having added the key and password, you can use Freenas auto import and select all disks (you have put the key into all disks, do you?).
- It will take a long time then to import and it even can be the case that Freenas is hangig. So give it a precious time and, if it really does not come
back, then stop it. After having it stopped, jump into command line and you will see that the disks have been unlocked and the pool is there. So
it seems that Freenas does have some problems importing it fully into its own configuration, but the most important steps are done, which are
unlocking the disks and importing the pool.
- Then follow as described in my thread. Create a complete new system with Freenas on separate disks, import the old pool like described above
and migrate the data over....

This will work. I have done it (though, only once, puhhh ;-)

 

[BuddyButterfly]

NAS4Free's implementation of encryption isn't compatible with FreeNAS. If you want to migrate to FreeNAS you're going to have to boot up two machines side by side and copy from one pool to the other over the network.

You could *probably* do it with enough command-line-fu but as nobody here plays with NAS4Free we can't even give you hints on how to make it work. To be honest I didn't even know NAS4Free had any encryption support. You're the first one to even mention it here.

Good luck!

Hi cyberjock,

this is only partially true, as you probably have noticed that I had an encrypted system also ;-)

 

[cyberjock]

You can't use the WebGUI, so it's not officially "compatible". Sorry, we do NOT call things "compatible" and "supported" when you ahve to do CLI stuff. What you are doing may also cause problems for FreeNAS because the WebGUI expects to always be in total control and it clearly isn't if you are doing CLI stuff. If you look at the manual there's very little we tell people to do from the CLI because it can end badly for you.

So no, still not compatible or supported. Does it support FreeBSD? Of course. But FreeNAS, not really.

 

[thisismyname]

Sorry for the delayed reply, but THANKS a LOT!!

I will try this in the evenening!

 

[thisismyname]

Soo, sorry for the very late answer. I really tried it.... but no luck.
I even tried to boot the old nas4free System on the new machine. But even with the same software and the same hdds I was not able to get the volume online.

So I went for the suggested solution => Backup old Files, install new System => restore.

Thread can be close, unfortunately [unsolved]