Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Sep 2020 11:02:51 +0200
From:      xpetrl <xpetrl@beepc.ch>
To:        freebsd-questions@freebsd.org
Subject:   move zfs geli encrypt mirror to unencrypted
Message-ID:  <66e2f2da-af22-766a-cc7a-78c29735e39f@beepc.ch>
next in thread | raw e-mail | index | archive | help 
Hello,

We have a server with 4 disks, 2 zpool are zfs mirror:

- base system unencrypted, partitions (da*p2)
- data storage, geli encrypted, partitions (da*p4)


gpart show

=>         40  23437770672  da0  GPT  (11T)
            40         2008       - free -  (1.0M)
          2048         1024    1  freebsd-boot  (512K)
          3072         1024       - free -  (512K)
          4096    352321536    2  freebsd-zfs  (168G)
     352325632      4194304    3  freebsd-swap  (2.0G)
     356519936  23068672000    4  freebsd-zfs  (11T)
   23425191936     12578776       - free -  (6.0G)

=>         40  23437770672  da1  GPT  (11T)
            40         2008       - free -  (1.0M)
          2048         1024    1  freebsd-boot  (512K)
          3072         1024       - free -  (512K)
          4096    352321536    2  freebsd-zfs  (168G)
     352325632      4194304    3  freebsd-swap  (2.0G)
     356519936  23068672000    4  freebsd-zfs  (11T)
   23425191936     12578776       - free -  (6.0G)

(the same output is for the next 2 disks, da2 and da3)


zpool status

   pool: encrypt
  state: ONLINE
   scan: scrub repaired 0 in 0 days 04:02:26 with 0 errors on Fri Sep  4 
18:08:21 2020
config:

         NAME           STATE     READ WRITE CKSUM
         encrypt        ONLINE       0     0     0
           mirror-0     ONLINE       0     0     0
             da0p4.eli  ONLINE       0     0     0
             da1p4.eli  ONLINE       0     0     0
             da2p4.eli  ONLINE       0     0     0
             da3p4.eli  ONLINE       0     0     0

errors: No known data errors

   pool: zroot
  state: ONLINE
   scan: scrub repaired 0 in 0 days 00:06:21 with 0 errors on Fri Sep  4 
14:12:09 2020
config:

         NAME        STATE     READ WRITE CKSUM
         zroot       ONLINE       0     0     0
           mirror-0  ONLINE       0     0     0
             da0p2   ONLINE       0     0     0
             da1p2   ONLINE       0     0     0
             da2p2   ONLINE       0     0     0
             da3p2   ONLINE       0     0     0



We now want to "move" the data storage (encrypt) to unencrypted partition.

What I have in mind is:

- scrub the encrypted pool
- detach one "encrypt" pool
- (detach from geli?)
- zfs snapshot
- zfs send and restore on the new unencrypted partition
- create a new zfs mirror with the new "unencrypted" pool
--> from second to 4th partition:
     - detach a second "encrypt"
     - attach to "unencrypted" pool and resilver

I don't really know how to deal with the datasets.

Can you give me some directions?

Thanks.

xpetrl

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?66e2f2da-af22-766a-cc7a-78c29735e39f>