Hi !
I got at least somethings running after my first Post…
Now im at the point … my pool is unencrypted and the datasets are… (with passphrase). Now i want to unlock them via remote (i made this on my Ts253 to unlock the volume via SSH)
Are there other options to unlock them remotely in a script ?
Ciao Gerd
It’s so easy you don’t need a script :
# load-keys & mount
ssh user@truenas 'zfs mount -l tank/dataset'
If network shares are on that dataset, you can restart services via ssh too:
ssh user@truenas 'midclt call service.restart "nfs"'
ssh user@truenas 'midclt call service.restart "cifs"'
This would be 3 commands. So at this point you might put it into a script yourself. 
Thanks for this info, but can you show me the correct way to relock the dataset from SSH?
When I used “zfs unmount tank/dataset” the command was execute without errors, but the WebGUI gave me an error, so I had to remount immediately and then lock the dataset from the WebGUI.
Thanks so much
Before you do anything, you need to run a memtest ASAP! 
@truenas-fan would agree with this.
The -u flag needs to be passed if you want it to also unload the keys (“lock”) after a successful unmount. This will only work if the dataset is an encryptionroot.
Just know that it’s possible for the middleware or GUI to get confused if you bypass it with zfs and zpool commands in the terminal.
Before you do anything, you need to run a memtest ASAP!
Thanks for your reply, but why do I have to test the RAM? And how can I do it?
Just know that it’s possible for the middleware or GUI to get confused if you bypass it with
zfsandzpoolcommands in the terminal.
So what is the correct way to do it without using the zfs command?
However, consider that when I used the above commands, the encrypted data set was completely empty.
Thanks again
I was joking. This is me, apparently.
Do you mean the path was empty? This is expected when you unmount any filesystem.
You can use the midclt command. Haven’t tried it myself, but it’s probably something like:
midclt call pool.dataset.lock mypool/mydataset
EDIT: You wouldn’t first unmount the dataset and then run that command. The above middleware command unmounts the filesystem and locks the dataset, as long as it is an “encryptionroot”. It’s the same thing as locking the dataset with the GUI.
I can only speak for TrueNAS Core, but I would think it’s the same for SCALE.
Just remember that if someone is currently using the SMB share, you won’t be able to unmount or lock the dataset.
Thanks so much!! I solved my problem with this your input and this web page:
No. First I created a test dataset encrypted with a password but without any file/directory inside. Then I did all my tests to lock/unlock the dataset. In this way, if I did anything wrong, I didn’t risk to loose any data.
Anyway, thanks again.
Cheers.