Safest way to migrate GELI encrypted truenas core to scale?

cicero · July 4, 2025, 6:13pm

Hi folks, I’m trying to take the plunge and migrate my existing truenas 13.0 install to the Linux based truenas. I started reading the migration documentation, and I realized that both of my pools are GELI encrypted.

What’s the safest way to do this migration without losing my data? Do I need to buy a huge hard drive, attach it, and make a backup?

If so, what’s the best way to validate the backup?

Thanks!

cicero · July 4, 2025, 6:15pm

Another question - is the only way to remove the GELI encryption before migration to:

1/ replicate to a backup pool (new hard drive)
2/ destroy the old pool
3/ create a new pool without GELI encryption
4/ replicate from the backup to the new pool?

SmallBarky · July 4, 2025, 11:37pm

It might help to know your entire setup details as to hardware, vdev and pool setups.
I take it the only copy of all your data is on your NAS pools?

cicero · July 4, 2025, 11:42pm

Thanks for the reply!

I have 2 pools that are GELI encrypted.
pool 1: one nVME for fast access
pool 2: 6 disks in raidz2

The freenas-boot is on a small SSD.

I have a local 18 TB disk attached over eSATA that I’m currently running a recursive zfs send/recv from the two pools. This will server as my backup.

dan · July 4, 2025, 11:54pm

Consider this (h/t @pmh):

SmallBarky · July 4, 2025, 11:56pm

Just saw post by Dan, that may be better.

Is the eSATA drive a separate single stripe pool VDEV without GELI encryption? I guess that would have to do. You really aren’t doing so much of an upgrade but more of an new install, create the two pools on Scale and then put the data back in the pools. I don’t see much point in recreating pools, without GELI, on Core and then upgrading to Scale.

You just end up risking all the data on the single, 18TB drive while in the process of setting up everything again under Scale.

cicero · July 5, 2025, 12:03am

Yes, the eSATA drive is a single drive. It also has no encryption.

I don’t see much point in recreating pools, without GELI, on Core and then upgrading to Scale.

You just end up risking all the data on the single, 18TB drive while in the process of setting up everything again under Scale.

Sorry, I thought this was the only approach to upgrading. What would you suggest as the golden path for “upgrading” if my pools are GELI encrypted still?

dan · July 5, 2025, 12:15am

Back up to that external spinner
Follow the process I linked above
Presuming success with that process, go ahead and upgrade

SmallBarky · July 5, 2025, 12:27am

Two options, follow what Dan posted as a way to get Core off of Geli and then do the upgrade process.

Second was just do a fresh install whatever version of Scale you are going to in the end and you recreate your pools fresh and put the data back from the 18TB drive.

cicero · July 5, 2025, 5:30pm

I kicked off the process. Looks like this will take a week total for all disks