Hi all, searching this I keep getting answers for passphrase which is not my situation.
The key (which I have a backup of and load via the GUI) successfully unlocks the pool. However upon reboot, the I have to unlock it again. I think I saw in the logs that there is an encrypted key cache problem.
Either way, my question is, where in the system do I look to check (and then install) the correct key.
As background I had a major issue with pools falling due to controller issues, the pool was suspended and kicked out. After that I had to import it manually as though it was from another system. And now the key that used to auto load, no longer loads automatically.
Thanks.
You can use a post-init script to unlock the dataset until you find a fix.
Thanks, perhaps I need to log a ticket.
Weird. On the datasets screen, the box that says ZFS encryption, since you have the key, maybe try pasting it in again and see if it might overlay the previous bad key. Where is says edit next to ZFS Encryption box for the dataset or pool if inherited in question.
Excellent idea. So just checking, it’s the key inside the quotes, not the curly bracket or % sign on the outside. I’m never sure if it wants the quotes included or not, given that’s how truenas saves it in the file.
I have added it, however I have not yet rebooted. Might give that a go today.
Nope, it didn’t work sadly.
Sounds like a bug.
When you unlock a non-passphrase encrypted dataset, the key is inserted in to the config file on the boot device. From here, it is loaded when you reboot, which automatically unlocks the dataset(s).
Unless there’s something else going on with your pool / dataset names? Any white spaces? Any special characters?
You can print the relevant information with this command:
zfs list -r -t filesystem -o name,encryption,encroot,keyformat,keylocation
Thanks interesting the root pool is set to prompt. However, it is also set to that for my other pool which DOES still mount.
hdd2pool is the pool that no longer auto mounts, hdd1pool still does.
hdd1pool aes-256-gcm hdd1pool hex prompt
hdd2pool aes-256-gcm hdd2pool hex prompt
Everything appears correct. (It should be “prompt”.)
Which means it’s possible that there’s a bug (in the TrueNAS startup process?) that causes your hdd2pool
to not auto-unlock, even after you’ve already manually unlocked it at least once (without exporting the pool.)
Your best bet would be to file a bug ticket.
Just closing this one out. It was never solved. I have since deleted the pool as it had errors anyway thanks to painful LSI card issues. Unfortunately I did not find a solution. 