I have my apps on encrypted pool (only pool which is in the system). Upgrade fails because of this.
What are my options to get system upgraded?
As Release Notes say:
TrueNAS shows a warning and explains that applications do not migrate to 24.10 when the ix-applications dataset is configured on a pool with an encrypted dataset (see NAS-131561). Relocate installed applications to an unencrypted pool on 24.04 before attempting to upgrade to 24.10. TrueNAS does attempt to migrate predefined encrypted host mount paths.
As I wrote, encrypted pool is the only pool in system and there is no room for more pools.
You can start a new thread with this specific question… I don’t think you can unecrypt the whole pool, but perhaps specific datasets. Its worthwhile spelling out how much data is involved and how old the system is.
In a commercial setting, we would use “swing gear” to temporarily move the data and then rebuild the pool.
In a personal setting, I think Ebay would be the alternative… perhaps buy your next system early.
The other choice is backing up the data to storj and the restoring with a new pool.
This makes me nervous. 
What about Incus, “Linux jails”, and ix-virt for 25.04+?
1 Like
it can be done, examples here are from memory and the example pool’s name is tank.
you will need to create an unencrypted dataset via cli.
ie zfs create tank/unencrypt -o encryption=off
then you will need to set up a replication task to receive the existing ix-applications dataset into the unencrypted root. iirc you will need to disable “full file system replication” and “include dataset properties” but you must enable “recursive”. (this is the part I might be hazy on… it may need the encryption property overridden or it may need set to inherit, play with it if the task fails) (you could do this on cli but it would be painful as every dataset must be done separately)
then you will do zfs rename tank/ix-applications tank/ix-applications-encrypt and zfs rename tank/unencrypt/ix-applications tank/ix-applications to move it into the place the migration expects.
then you must create the snapshot name it is looking for (ie ix-applications-backup-system-update--2025-03-22_01:55:27)
and finally, if all goes well, the migration should run via midclt call -job k8s_to_docker.migrate tank
(this works, I had to do it, twice)
PS: ix can we please have real encryption support for apps (and maybe incus if it has the same issue)?
3 Likes
Thanks, looks promising. I created a snapshot with name “ix-applications-backup-system-update–2025-03-23_17:25:16” and then tried to do migratation, but it failed:
[EFAULT] Failed to list backups for '/mnt/Storage1': Unable to locate '/mnt/Storage1/ix-applications' dataset
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 509, in run
await self.future
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 556, in __run_body
rv = await self.middleware.run_in_thread(self.method, *args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1367, in run_in_thread
return await self.run_in_executor(io_thread_pool_executor, method, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1364, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/schema/processor.py", line 183, in nf
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/schema/processor.py", line 55, in nf
res = f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/plugins/kubernetes_to_docker/migrate.py", line 59, in migrate
raise CallError(f'Failed to list backups for {kubernetes_pool!r}: {backups["error"]}')
middlewared.service_exception.CallError: [EFAULT] Failed to list backups for '/mnt/Storage1': Unable to locate '/mnt/Storage1/ix-applications' dataset
What did I do wrong?
did you rename the dataset back into place? do you see ix-applications at the root of the pool unencrypted in the datasets webui page?
the size difference between ix-applications and ix-applications-encrypt suggests perhaps you may not have received it recursively?
can you do a zfs list -r Storage1/ix-applications and compare it to zfs list -r Storage1/ix-applications-encrypt?
are all the datasets present? (the ui normally hides the nested structure of ix-applications)
I didn’t notice that everything hasn’t been replicated! I had recursion on. I don’t know why it failed, but I’ll try again
I tried to do replication again and result is the same! What’s wrong in my replication task?
It’s probably skipping intermediary snapshots that are not covered by the naming schema or task.
How do I know the snapshot name it is looking for? Now this seems to be issue why I can’t run the migration…
progress!
look for it on the ix-applications-encrypt dataset
copy and paste the name exactly (watch out for spaces, etc) from this onto the unencrypted ix-applications, recursively! (I bet the lack of recursive snapshots is the problem now)
1 Like