ZFS: Difference between revisions
imported>Sjau mNo edit summary |
imported>Sjau No edit summary |
||
Line 270: | Line 270: | ||
== Encrypted Dataset Format Change == | == Encrypted Dataset Format Change == | ||
The introduction of native encryption on ZFS was highly anticipated. However since it was introduced, there have been various issues discovered. Due to this, a rather large patch containing many fixes was merged into master, see https://github.com/zfsonlinux/zfs/pull/6864 for more information. | |||
However this leads to a format change of the encrypted datasets. As a result of this format change, encrypted datasets that were created by older zfs versions can only be mounted as read-only. Encrypted datasets created with the new format cannot be opened at all on older versions. Unencrypted datasets were not altered and work as before. | |||
If you've followed this wiki entry and didn't create an encrypt top-level dataset but a child-dataset, e.g. zroot/root/nixos where zroot is the name of the pool and the top-level dataset and root is the encrypted child-dataset, then you can easily use zfs send/recv to migrate it to the new format. | |||
# Create a snapshot:<br/><code>zfs snapshot zpool/root/nixos@now</code> | |||
# Create a custom NixOS iso with crypto stability patch enabled | |||
# Boot into that live environment | |||
# Import the pool and load the key | |||
# Create a new encrypted dataset, e.g.<br/><code>zfs create -o encryption=aes-256-gcm -o keyformat=passphrase -o mountpoint=none zroot/rootNEW</code> | |||
# Use zfs send and receive to copy the data to new format:<br/><code>zfs send zpool/root/nixos@now | zfs receive zpool/rootNew/nixos</code> | |||
# Set correct mountpoint for the newly created dataset:<br/><code>zfs set moutpoint=legacy zpool/root/New/nixos</code> | |||
# Rename the old and new datasets:<br/><code>zfs rename zpool/root zpool/rootOLD</code><br/><code>zfs rename zpool/rootNEW zpool/root</code> | |||
# That should allow to boot Nixos already with new format. If you other encrypted mounts, you will probably need to convert them to new format as well first. | |||
It's also recommended to have two usb sticks available. One custom iso with the old zfs format and one with the new one. So you can easily switch between them. | |||
If you did encrypt the top-level dataset of a pool then there is no other way than to destroy that pool completely and recreate it. | |||
== Need more info? == | == Need more info? == |