11278 Encrypted ZFS filesystems should be mounted at boot where possible

Review Request #2025 - Created June 27, 2019 and updated

Information
Andy Fiddaman
illumos-gate
master
11278
e2abca5...
Reviewers
general
11278 Encrypted ZFS filesystems should be mounted at boot where possible

bloody# zfs list -o name,encryption,keylocation | grep -v off
NAME                              ENCRYPTION  KEYLOCATION
rpool/enc                        aes-256-ccm  file:///e.key
rpool/encb                       aes-256-ccm  file:///f.key
rpool/encp                       aes-256-ccm  prompt

bloody# ls -l /e.key /f.key
/f.key: No such file or directory
-rw-r--r--   1 root     root          32 Jun 26 12:34 /e.key

bloody# df -h | grep enc
bloody# zfs unload-keys -a

bloody# tail -f `svcs -L filesystem/local` &
bloody# svcadm restart filesystem/local
bloody# [ Jun 27 10:47:19 Stopping because service restarting. ]
[ Jun 27 10:47:19 Executing stop method (null). ]
[ Jun 27 10:47:19 Executing start method ("/lib/svc/method/fs-local"). ]
Loading encryption keys: rpool/enc Key load error: Failed to open key material file

WARNING: Failed to load keys for rpool/encb
Mounting encrypted filesystems
[ Jun 27 10:47:20 Method "start" exited with status 0. ]

bloody# df -h | grep enc
rpool/enc              289G   320K       213G     1%    /rpool/enc

bloody# zfs mount -l rpool/encp
Enter passphrase for 'rpool/encp':

bloody# df -h | grep enc
rpool/enc              289G   320K       213G     1%    /rpool/enc
rpool/encp             289G   320K       213G     1%    /rpool/encp
Andy Fiddaman
Review request changed
Loading...