Replacing a failed drive

Status
Not open for further replies.
M

maniek

Cadet
Joined
Apr 27, 2015
Messages
5
The fine manual says this about replacing an encrypted drive
Wait until the resilvering is complete. Next, restore the encryption keys to the pool.​

This is seriously scary. Resilvering is a process which lasts multiple hours on a nontrivial install. It is possibly the most work the NAS has ever done, so possibility of crash is real (if only because of thermal issues).

Can you restore the encryption keys just after resilvering has started? Is it dangerous? What will actually happen if the NAS crashes during resilvering?
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
Well, yes it's scary to the casual observer, but it's not really scary at all.

When you replace a failed disk, the disk being resilvered is not useful until the resilvering is complete (pretty much the same for hardware RAID). So issues from crashes and such are no more risky than unencrypted pools, with the exception that you have to remember to rekey.

All that being said, if your server wasn't already tested and verified to be able to handle a high workload, you haven't adequately prepared your server to handle the potential workload anyway. You should NOT be having problems with thermals or any other problem. You should also be doing regular scrubs, which are almost the same kind of workload as a resilver. So you are almost implying that you are regularly having thermal problems if that is a problem.

So I don't think there's anything to worry about.
 
M

maniek

Cadet
Joined
Apr 27, 2015
Messages
5
I am doing regular scrubs, have an UPS, the NAS has never crashed, and I just installed an extra fan. I should be OK :) Resilvering is currently in progress...

I find it strange that replacing a disk invalidates the encryption keys. Why is that so?
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
maniek said:
I am doing regular scrubs, have an UPS, the NAS has never crashed, and I just installed an extra fan. I should be OK :) Resilvering is currently in progress...

I find it strange that replacing a disk invalidates the encryption keys. Why is that so?
Click to expand...

They keys aren't put on the hard drive until you rekey (this may or may not be correct in the latest version, there's some confusion among some). I know back in 8.3.1 you had to rekey (which would invalidate the current keys, so you *had* to rekey the hard drive, then redo the recovery key and regular key for everything to be fully functional again. This may not be true in 9.3. I haven't tried to test this yet, so I can't tell you for certainty if the steps are redundant or not.
 
Status
Not open for further replies.

Similar threads

G
Replace encrypted drive
2
Replies
39
Views
10K
PhiloEpisteme
PhiloEpisteme
3nm1
SOLVED Replaced drive in encrypted pool, howto verify keys before reboot?
Replies
11
Views
2K
hungarianhc
hungarianhc
M
  • Locked
Replacing an Encrypted drive procedure
Replies
3
Views
2K
dlavigne
D
M
  • Locked
Replacing a failed drive in an encrypted pool
Replies
5
Views
2K
fabiob
fabiob
C
Freenas 11.2-U5 Replacing encrypted disk in Pool
Replies
3
Views
2K
kingc
K
Top