From owner-freebsd-questions@freebsd.org Wed Sep 16 09:03:03 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0C5293DE7C1 for ; Wed, 16 Sep 2020 09:03:03 +0000 (UTC) (envelope-from xpetrl@beepc.ch) Received: from srv.fastssdserver.com (srv.fastssdserver.com [162.223.31.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BrvJN2szQz4Tbj for ; Wed, 16 Sep 2020 09:03:00 +0000 (UTC) (envelope-from xpetrl@beepc.ch) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=beepc.ch; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date: Message-ID:Subject:From:To:Sender:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=GBEfmUAnlEF5OhoUZSN1yY0PpCp9DPrRZpJKmDLh94k=; b=LsR8hjXo0QNYGc+EnYQLXkP0TL kp9L9T4i4sndaNczK7Qjxnjp7rzmywwh4N6ozqRHQhPE9SNP/KaSnME/qMdWFrmcXcQtpuzzEyAAH cQ4okg9eVBQJ6dbvVlEOFHFoeEWQRt1XdX0xxOJ+uBOp0oVOt1V7HGO4/tdqYRI+JVANlHkjA3Qjf st70Fzysn0GfVniaVaXA7Xh/eyH2DstaGnlrswL4zRUVAlMVbEPCUWb9rOG6oaCboDFaXBkUcrKh9 spP5nHlD5lXJcF1jVJVaosOSpb2unPFlS1omLCJbnwDFqNJRnb5wHr7OHqDDHrkb7y6Vc2NESv158 pNPqCc6g==; Received: from [185.43.245.37] (port=47028 helo=[192.168.1.75]) by srv.fastssdserver.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1kITL3-0007Yo-4G for freebsd-questions@freebsd.org; Wed, 16 Sep 2020 14:02:53 +0500 To: freebsd-questions@freebsd.org From: xpetrl Subject: move zfs geli encrypt mirror to unencrypted Message-ID: <66e2f2da-af22-766a-cc7a-78c29735e39f@beepc.ch> Date: Wed, 16 Sep 2020 11:02:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - srv.fastssdserver.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - beepc.ch X-Get-Message-Sender-Via: srv.fastssdserver.com: authenticated_id: xpetrl@beepc.ch X-Authenticated-Sender: srv.fastssdserver.com: xpetrl@beepc.ch X-Source: X-Source-Args: X-Source-Dir: X-Rspamd-Queue-Id: 4BrvJN2szQz4Tbj X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=beepc.ch header.s=default header.b=LsR8hjXo; dmarc=none; spf=pass (mx1.freebsd.org: domain of xpetrl@beepc.ch designates 162.223.31.2 as permitted sender) smtp.mailfrom=xpetrl@beepc.ch X-Spamd-Result: default: False [-2.39 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[beepc.ch:s=default]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_X_SOURCE(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.72)[-0.718]; DMARC_NA(0.00)[beepc.ch]; R_SPF_ALLOW(-0.20)[+a]; DKIM_TRACE(0.00)[beepc.ch:+]; NEURAL_HAM_SHORT(-0.19)[-0.195]; HAS_X_GMSV(0.00)[xpetrl@beepc.ch]; NEURAL_HAM_MEDIUM(-0.98)[-0.979]; HAS_X_ANTIABUSE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:46261, ipnet:162.223.28.0/22, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions]; HAS_X_AS(0.00)[xpetrl@beepc.ch] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Sep 2020 09:03:03 -0000 Hello, We have a server with 4 disks, 2 zpool are zfs mirror: - base system unencrypted, partitions (da*p2) - data storage, geli encrypted, partitions (da*p4) gpart show => 40 23437770672 da0 GPT (11T) 40 2008 - free - (1.0M) 2048 1024 1 freebsd-boot (512K) 3072 1024 - free - (512K) 4096 352321536 2 freebsd-zfs (168G) 352325632 4194304 3 freebsd-swap (2.0G) 356519936 23068672000 4 freebsd-zfs (11T) 23425191936 12578776 - free - (6.0G) => 40 23437770672 da1 GPT (11T) 40 2008 - free - (1.0M) 2048 1024 1 freebsd-boot (512K) 3072 1024 - free - (512K) 4096 352321536 2 freebsd-zfs (168G) 352325632 4194304 3 freebsd-swap (2.0G) 356519936 23068672000 4 freebsd-zfs (11T) 23425191936 12578776 - free - (6.0G) (the same output is for the next 2 disks, da2 and da3) zpool status pool: encrypt state: ONLINE scan: scrub repaired 0 in 0 days 04:02:26 with 0 errors on Fri Sep 4 18:08:21 2020 config: NAME STATE READ WRITE CKSUM encrypt ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 da0p4.eli ONLINE 0 0 0 da1p4.eli ONLINE 0 0 0 da2p4.eli ONLINE 0 0 0 da3p4.eli ONLINE 0 0 0 errors: No known data errors pool: zroot state: ONLINE scan: scrub repaired 0 in 0 days 00:06:21 with 0 errors on Fri Sep 4 14:12:09 2020 config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 da0p2 ONLINE 0 0 0 da1p2 ONLINE 0 0 0 da2p2 ONLINE 0 0 0 da3p2 ONLINE 0 0 0 We now want to "move" the data storage (encrypt) to unencrypted partition. What I have in mind is: - scrub the encrypted pool - detach one "encrypt" pool - (detach from geli?) - zfs snapshot - zfs send and restore on the new unencrypted partition - create a new zfs mirror with the new "unencrypted" pool --> from second to 4th partition: - detach a second "encrypt" - attach to "unencrypted" pool and resilver I don't really know how to deal with the datasets. Can you give me some directions? Thanks. xpetrl