Mounting of encrypted zpool, decrypting, log files

[kurtkurtosis]

I am new to FreeNAS but have played around with Solaris 11 for home use about 3 years ago (and still have my notes/cheatsheet that now helps me with FreeNAS) but never did much with Solaris in the end. I am doing the same thing right now with FreeNAS before I want to setup my home FreeNAS server during the Xmas Holidays.

I have several questions about pools, encryption and am running version 9.3.

1) Is there a way to have FreeNAS mount an encrypted zpool automatically upon reboot? Right now I have to go into the GUI and type in the password every time I reboot FreeNAS.

2) How do I decrypt my zpool if needed? Reading some threats it appears to me that one has to first export the pool and then import the pool using the recovery key and the password? Is this correct as in Solaris there is a decrypt command that does that but then FreeNAS encrypts the entire disk/pool while Soloaris encrypts a given dataset instead.

3) How do I destroy a pool? I used the Shell using the "destroy" command like with Solaris. That seems to work but then the GUI seemed to get really confused upon reboot, if I remember correctly. This is probably not the current way of doing it.

4) How do I get to the system log files? Also, I setup email notification in the GUI but I am never seem to be getting any emails upon rebooting?

Thanks.

 

[SweetAndLow]

1. You don't want to auto decrypt the drive. That defeats the purpose of encryption in the first place. IMO you shouldn't be using encryption and you are just going to have trouble with it.

2. To decrypt you use the GUI like the manual says.

3. To destroy a pool the option is in the gui usage the storage tab. You click on the pool and select destroy. Or you can wipe individual drives.

 

[corwin]

1. You don't want to auto decrypt the drive. That defeats the purpose of encryption in the first place. IMO you shouldn't be using encryption and you are just going to have trouble with it.

Actually SweetAndLow, I tend to agree in most cases, but there is at-least one use case where this model makes sense. If your server is secure, but you are shipping drives (say from a replicate) off-site as a backup, you may want those drives encrypted when they are out of the secure space (say in-transit). When they are back with the server, it would be fine to decrypt them.