Project

General

Profile

Bug #24936

Fix display of unlocked encrypted volume

Added by Niels . almost 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Important
Assignee:
William Grzybowski
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

I dont know the right category for this bug, could be 'Upgrade' 'middleware' 'gui' or 'zfs'

I have a FreeNas box with 16G RAM, System installed on SSD, and a pool of 2 mirrored 6TB geli encrypted disks.

After upgrade from 9.10 to 11 the ’storage’ gui indicated as usual that the ’BackupVolume’ was locked. Unlocking of geli encrypted disks with passphrase failed with a gui error.
It later turned out that the disks was actually unlocked, but the gui did not reflect that.

I had an offline copy of the geli key, so I detached the ’BackupVolume’ (via. gui) , rebooted, and mounted the ’BackupVolume’ with geli key file, and passphrase (via. gui). This fails with a slightly different gui error.
But the file system is mounted, but gui does not know :-)

Status now is that ‘Storage’ lists no volumes after boot.


Related issues

Related to FreeNAS - Bug #24601: Errormessage when unlocking encryptet disksClosed: User Config Issue2017-06-18
Is duplicate of FreeNAS - Bug #25739: Warning message after decrypting encrypted poolClosed: Duplicate2017-08-31

Associated revisions

Revision 3086abda (diff)
Added by William Grzybowski over 3 years ago

fix(notifier): check if pool imported after failed "zpool import" That may happen if a dataset mount fails (readonly parent dataset). Ticket: #24936

Revision ebcc7e66 (diff)
Added by William Grzybowski over 3 years ago

fix(notifier): check if pool imported after failed "zpool import" That may happen if a dataset mount fails (readonly parent dataset). Ticket: #24936 (cherry picked from commit 3086abda5e41ccbf859406d3da759947e99d1736)

Revision 1173c573 (diff)
Added by William Grzybowski over 3 years ago

fix(notifier): check if pool imported after failed "zpool import" That may happen if a dataset mount fails (readonly parent dataset). Ticket: #24936

History

#1 Updated by Niels . almost 4 years ago

  • File debug-backup-20170630223128.txz added

#2 Updated by Niels . almost 4 years ago

  • File Import_disks_after_upgrade.odt added

#3 Updated by Alexander Motin almost 4 years ago

  • Status changed from Unscreened to 15
  • Priority changed from No priority to Important
  • Seen in changed from Unspecified to 11.0

Error that prevents pool import is:

Jun 30 21:41:02 backup uwsgi: [middleware.notifier:2975] Importing BackupVolume [6684945311457578951] failed with: cannot mount '/mnt/BackupVolume/tango/FirstVolume': failed to create mountpoint

As I see BackupVolume/tango has readonly flag set, and I guess there is no directory on it to mount BackupVolume/tango/FirstVolume dataset. I am not sure how it worked before and what has changed, but it explains why it does not work now.

I see you used ZFS replication to move BackupVolume/tango/FirstVolume dataset to this pool. What was it?

#4 Updated by Niels . almost 4 years ago

This machine ’Backup’ serves two functions, reciving ZFS replication from a similar machine named ’Tango’, and acting as a secondary nameserver (ns2 Jail).

Looking at some some notes, I can see that I some years ago created the replication destination with:
zfs create BackupVolume/tango

Before import of encrypted pool BackupVolume the file system look like this
root@backup:~ # ls l /mnt/
total 4
-rw-r--r- 1 root wheel 5 Jun 29 18:05 md_size

After import of encrypted pool BackupVolume
root@backup:/ # ls l /mnt/
drwxr-xr-x 7 root wheel 7 Jun 29 18:00 BackupVolume
drwxr-xr-x 3 root wheel 64 Jun 30 21:41 FirstVolume
-rw-r--r- 1 root wheel 5 Jun 29 18:05 md_size

You are right, there is no folder to mount either BackupVolume or FirstVolume.
I have now created the two folders, but gui still report the same fault during import.

zfs get readonly BackupVolume/tango
NAME PROPERTY VALUE SOURCE
BackupVolume/tango readonly on local

zfs set readonly=off BackupVolume/tango
This solved the problem.
Thanks.

#5 Updated by Alexander Motin almost 4 years ago

The problem is not in creation of BackupVolume, but in creation of BackupVolume/tango/FirstVolume. Was it you who set readonly on BackupVolume/tango or it was FreeNAS replication script?

#6 Updated by Niels . almost 4 years ago

I’s some time ago, I have created this as RO myself..
The reason for this was that the replicated data should not be manipulated on the backup server.
I was not aware that this would create problems later on..

I would be good if FreeNAS gets better at propagating the real problem to the user.

#7 Updated by Dru Lavigne over 3 years ago

  • Status changed from 15 to 46

Sasha: is there anything to do here?

#8 Updated by Alexander Motin over 3 years ago

  • Status changed from 46 to Unscreened
  • Assignee changed from Alexander Motin to William Grzybowski

It seems clear why pool import reports error. Because it couldn't mount file system due to inability create mountpoint. The question here is whether we can somehow differentiate that error from more serious cases when pool is not imported and/or report error text in UI.

#9 Updated by Alexander Motin over 3 years ago

  • Related to Bug #24601: Errormessage when unlocking encryptet disks added

#10 Updated by William Grzybowski over 3 years ago

  • Status changed from Unscreened to Screened
  • Target version set to 11.0-U3

#11 Updated by William Grzybowski over 3 years ago

  • Status changed from Screened to Needs Developer Review
  • Assignee changed from William Grzybowski to Alexander Motin

#12 Updated by Alexander Motin over 3 years ago

  • Status changed from Needs Developer Review to Reviewed by Developer
  • Assignee changed from Alexander Motin to William Grzybowski

I am not very familiar with py-libzfs API, but this looks good to me.

#13 Updated by Dru Lavigne over 3 years ago

  • File deleted (debug-backup-20170630223128.txz)

#14 Updated by Dru Lavigne over 3 years ago

  • File deleted (Import_disks_after_upgrade.odt)

#15 Updated by Dru Lavigne over 3 years ago

  • Private changed from Yes to No

#16 Updated by Vaibhav Chauhan over 3 years ago

  • Status changed from Reviewed by Developer to 47

#17 Updated by Dru Lavigne over 3 years ago

  • Subject changed from Mount of encrypted volume after upgrade to FN11 to Fix display of unlocked encrypted volume

#18 Updated by Joe Maloney over 3 years ago

  • Assignee changed from William Grzybowski to Bonnie Follweiler

#19 Updated by Bonnie Follweiler over 3 years ago

  • Status changed from 47 to Ready For Release
  • Assignee changed from Bonnie Follweiler to Vaibhav Chauhan
  • Needs QA changed from Yes to No
  • QA Status Test Passes added
  • QA Status deleted (Not Tested)

I upgraded from 9.10.2-U5 to FreeNAS-11.0-INTERNAL2-U3 (164236f50)
One tank was encrypted and one tank wasn't. I upgraded and both tanks are there and the encrypted one unlocks with a passphrase or a recovery key (I tried both)

#20 Updated by Dru Lavigne over 3 years ago

  • Assignee changed from Vaibhav Chauhan to William Grzybowski

#21 Updated by William Grzybowski over 3 years ago

  • Is duplicate of Bug #25739: Warning message after decrypting encrypted pool added

#22 Updated by Vaibhav Chauhan over 3 years ago

  • Status changed from Ready For Release to Resolved

Also available in: Atom PDF