Can I encrypt a whole pool with ZFSoL 0.8.1?
I have compiled ZFS 0.8.1 for my server, and it is running fine. I am also able to create encrypted filesystems like mypool/myencfs.
However, mypool is also a filesystem, and it seems that I cannot enable encyption on it:
zfs set encryption=on mypool
cannot set property for 'mypool': 'encryption' is readonly
The pool is to be decrypted with a keyfile from another encrypted drive, so I would like to put the inheritable properties as high as possible, an also not risk unencypted data when I accidentally copy something to mypool/
While I didn't find anything on that matter directly on the net (everyone seems to create only encypted subfilesystems), I got the idea to find out how to set any properties during pool creation. It is the -O
(upper case) option.
This works
zpool create -o ashift=12 -o feature@encryption=enabled \
-O encryption=on -O keylocation=file:///root/keys/hdd256.key \
-O keyformat=raw \
mypool /dev/disk/by-id/mydisk
For completeness, since there still seems to be little on the matter on the net, here is also how I set up systemd to automount the drive:
/etc/systemd/system/[email protected]
[Unit]
Description=Import key for ZFS pool
Documentation=man:zfs(8)
DefaultDependencies=no
After=systemd-udev-settle.service
After=zfs-import.target
After=systemd-remount-fs.service
Before=zfs-mount.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/zfs load-key -r %i
[Install]
WantedBy=zfs.target
systemctl enable zfs-load-key@mypool