I have a Truenas server with a single pool that is encrypted. Is it OK to leave it this way until the next hardware upgrade and create a new pool then? That could be a while. The machine doesn’t have any extra drive slots for a second pool and while I do have a backup truenas server, I am a bit nervous to nuke my main pool on purpose just to re-create it.
This pool was migrated from when i used to run a debian file server where I manually created it with some unencrypted datasets. (those are now gone, btw.) It is currently running Electric Eel and I plan to upgrade to Fangtooth as soon as I can get the windows vm set up.
Thanks,
Matt
Not clear what your question is. I had a system running an encrypted pool under 24.10 and upgraded to 25.04 without any issues related to that. I haven’t done extensive performance testing, but I think with modern CPUs the performance impact from encryption should only be a percent or something. I assume from your history we’re talking about ZFS native encryption, not GELI.
Are there specific issues you are having, or have read about, with ZFS encryption in general or under TN?
1 Like
I was asking because of the recommendation against pool-level encryption in the documentation. It works, but the applications datasets and all the vms are not available immediately after boot. Occasionally I have to force the unlock and clean up the temporary directories that get created, but that hasn’t caused any issues.
It sounds like I should keep things the way they are until there is a good opportunity to bring up a new system without pool-level encryption. This is with zstd ZFS encryption and there are no issues there.