I have a server running TrueNAS 12-U8.1 that I’d like to update to something a bit more recent. I tried a clean install of SCALE 25.04.2.3, but ran into a few issues related to my unusual dataset configuration and I’m looking for some advice on the best way to clean things up.
My root dataset is encrypted and contains a child dataset that has a different encryption key than the parent. That dataset also has an unencrypted child dataset.
Here are the problems I’d like to resolve:
- SCALE can’t unlock these pools automatically – I get an error: ‘directory is not empty (please provide “force” flag to override this error and file/directory will be renamed once the dataset is unlocked)’. I can manually unlock them in the shell using
zfs load-keyandzfs mount, but that’s obviously not a long-term solution. - After manually unlocking the datasets, I get a warning: ‘The following datasets are not encrypted but are within an encrypted dataset: ‘tank/set1/set1a’ which is not supported behaviour and may lead to various issues.’
- I understand that an encrypted root dataset isn’t recommended / best practice.
The problem with the unencrypted dataset seems like it’d be easy to solve by replicating that dataset to a new encrypted dataset and deleting the old unencrypted one. I’m guessing that’ll resolve the unlock/mount issue as well.
But is there a way to migrate from an encrypted root dataset to an unencrypted one on this system, given that the pool is already about 50% full? Or is my only option to add new disks, create a new pool, and replicate the datasets one-by-one? Either way, is there any reason to do this back in TrueNAS 12 instead of SCALE?
Hardware:
- Supermicro X9SCM-F
- Xeon E3-1270
- 32 GB DDR3-1600 ECC (4 x 8 GB)
- 2x WD 14 TB drives (mirrored)