2 Replies Latest reply: Sep 16, 2013 8:51 AM by Lycan RSS

    Solaris 11.1 (probably 11.0 as well) - Encrypted ZPools with keys stored in rpool, not able to auto-start due to rpool not fully online...

    Lycan

      Install your basic system

      Create a zpool on a 2nd drive - direct attached or usb, doesn't matter.

      Make sure you create it with zfs encryption enabled, set your key storage to a key file you created (I store mine in /etc/keys on FDE drives in the rpool)....

       

      Create a few datasets just to make things interesting (not necessary for the test)...

       

      init 6

       

      When the box starts up, it tries to online the secondary zpool before the rpool is fully online and therefor cannot read the key stored in the /etc/keys.

       

      This causes the box to stop before full multi-user mode, with failed service svc:/system/filesystem/local:default

       

      Workaround, setup a script to export the zpool during shutdown, and import during startup to multi-user mode.

       

      Would be better if rpool was fully operational before attempting to process other zpools.

       

      ie - make rpool online a condition/requisite to bringing other zpools online, at least automatically....