Project

General

Profile

Bug #71971

Do not allow an encrypted pool to be locked if it is being used for system dataset

Added by Waqar Ahmed almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
No priority
Assignee:
Waqar Ahmed
Category:
Middleware
Target version:
Severity:
Medium
Reason for Closing:
Reason for Blocked:
Dependent on a related task to be completed
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

We should not allow an encrypted pool to be locked if it is being used for system dataset as this can result in various unintended consequences.

Risk
We risk breaking locking the pool

Acceptance Criteria
Following should be made sure:
1) A pool which has passphrase set cannot be set for containing system datasets
2) A pool which has a passphrase set and already might have system dataset hosted before this ticket addressed this issue, should allow only to remove the passphrase. Changing cannot be done in this case
3) For a pool meeting criteria described in point no 2, it should be ensured that the user is not able to lock it
4) If we have two pools in Storage - pool1 and pool2. Pool 2 can be encrypted and have a passphrase set. System datasets should be on pool 1 before we proceed with this condition. Once we have this in place, we should try detaching pool1 and then make sure that system dataset does not go to pool2 and instead moves to freenas-boot


Related issues

Related to FreeNAS - Feature #62145: General UI improvements for 11.3/MASTERClosed
Related to FreeNAS - Bug #83235: Do not allow a password to be set on an encrypted pool if it is set as the "System Dataset"Ready for Testing
Copied to FreeNAS - Bug #73801: Do not allow an encrypted pool to be locked if it is being used for system dataset Closed

Associated revisions

Revision f51361a6 (diff)
Added by Waqar Ahmed almost 3 years ago

Configure locking of Pool This commit makes sure that we don't lock a pool which is being used by system dataset service as otherwise this will result in unintended consequences with system dataset. Ticket: #71971

Revision 26339494 (diff)
Added by Waqar Ahmed almost 3 years ago

Configure locking/setting passphrase correctly This commit introduces changes which make sure that we don't lock a pool which is not being used by system dataset service or allow the end user to set a passphrase for a pool which is being used by system dataset service. For any users who already do this, we don't allow them to change their passphrase for the selected pool but only to remove it as long as that pool is being used by system dataset service. Ticket: #71971

Revision ef038a27 (diff)
Added by Waqar Ahmed almost 3 years ago

Configure System Dataset correctly This commit introduces changes to system dataset service where we don't allow end users to configure a pool for system datasets if they have a passphrase set or are locked. Also if no pool is provided we updated the next best possible pool ourselves. That behaviour has been changed slightly to only look for pools which do not have a passphrase set and then choose one from the remaining pools. Ticket: #71971

Revision fa65df02 (diff)
Added by Waqar Ahmed almost 3 years ago

Configure locking/setting passphrase correctly This commit introduces changes which make sure that we don't lock a pool which is not being used by system dataset service or allow the end user to set a passphrase for a pool which is being used by system dataset service. For any users who already do this, we don't allow them to change their passphrase for the selected pool but only to remove it as long as that pool is being used by system dataset service. Ticket: #71971

Revision 80dc73f0 (diff)
Added by Waqar Ahmed almost 3 years ago

Configure System Dataset correctly This commit introduces changes to system dataset service where we don't allow end users to configure a pool for system datasets if they have a passphrase set or are locked. Also if no pool is provided we updated the next best possible pool ourselves. That behaviour has been changed slightly to only look for pools which do not have a passphrase set and then choose one from the remaining pools. Ticket: #71971

History

#1 Updated by Waqar Ahmed almost 3 years ago

  • Description updated (diff)
  • Status changed from In Progress to Ready for Testing

#2 Updated by Dru Lavigne almost 3 years ago

  • Subject changed from Do not lock pool if pool is being used for systemdataset to Do not allow an encrypted pool to be locked if it is being used for system dataset
  • Needs Merging changed from Yes to No

#3 Updated by Anonymous almost 3 years ago

  • Copied to Bug #73801: Do not allow an encrypted pool to be locked if it is being used for system dataset added

#4 Updated by Bonnie Follweiler almost 3 years ago

  • Status changed from Ready for Testing to Blocked
  • Reason for Blocked set to Dependent on a related task to be completed

After an upgrade from 11.2-U2 with an encrypted pool saved as a system dataset: The pool is locked after the upgrade (at login). The system dataset is still set to the encrypted pool.

I can't further test this until https://redmine.ixsystems.com/issues/62145 is ready for testing

#6 Updated by Bonnie Follweiler almost 3 years ago

  • Related to Feature #62145: General UI improvements for 11.3/MASTER added

#7 Updated by Dru Lavigne over 2 years ago

  • Related to Bug #83235: Do not allow a password to be set on an encrypted pool if it is set as the "System Dataset" added

#8 Updated by Jaron Parsons over 2 years ago

  • Status changed from Blocked to Closed

Also available in: Atom PDF