Project

General

Profile

Bug #26641

Autoimport of encrypted zpools with empty password using GUI

Added by Matthias Metze almost 3 years ago. Updated almost 3 years ago.

Status:
Closed: Not To Be Fixed
Priority:
No priority
Assignee:
William Grzybowski
Category:
GUI (new)
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Hi!

I had 4 geli encrypted drives with a ZFS RaidZ2 Pool on it. The keyfile for the drives did not have a password set, to make them mount automaticly on boot.

Import via gui failed "The following disks failed to attach: %drives"
Unlocking them on cli with the password-less key worked fine. zpool import -R %poolname also worked fine, but did not make the pool available in the gui.

I created a new key, and then geli setkey -v -k /boot/old.key -K /boot/new.key /dev/%drives and entered a new password.
After that I could successfully reimport using the gui.

History

#1 Updated by Dru Lavigne almost 3 years ago

  • Assignee changed from Release Council to William Grzybowski

William: I know that this works as expected. The question is, do we want to support CLI imported pools in the new UI? If so, I'll assign to that team (unless an API piece is needed first).

#2 Updated by William Grzybowski almost 3 years ago

  • Status changed from Unscreened to Closed: Not To Be Fixed
  • Target version set to N/A

Definitely not. We can't manage pools not created by us.

#3 Updated by Matthias Metze almost 3 years ago

William Grzybowski wrote:

Definitely not. We can't manage pools not created by us.

Hi!

It is not about the CLI imported pool, thats fine.
The report is to not be able to import an encrypted pool without password set.
In my case the drives are in a secure place, if someone can steal the drives, we have a bigger problem, because he got access. The encryption is only for if I remove faulty drives and dispense them.
So in my world I would like to boot freenas and get everything up an running, without manual unlocking of the pool.

Kind regards
Matthias

#4 Updated by William Grzybowski almost 3 years ago

Did you create that pool using freenas?

#5 Updated by Matthias Metze almost 3 years ago

William Grzybowski wrote:

Did you create that pool using freenas?

Ah, allright. Now I undestand.
I migrated an unencrypted pool to a encrypted one, encrypting the disks one by one and then resilver them. I did this on the CLI.
I just tested it with a newly created pool, without password, works fine.

I guess I should have used -p when encrypting the disks.

My fault, not really a bug.

Sorry to bother.

Kind regards
Matthias

Also available in: Atom PDF