From 20690c48e5ee8ff9878914ec4835068e39296e3e Mon Sep 17 00:00:00 2001 From: ducoterra Date: Fri, 25 Jul 2025 20:42:04 -0400 Subject: [PATCH] add section on decrypting and scrubbing pools --- active/os_truenas/truenas.md | 38 ++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/active/os_truenas/truenas.md b/active/os_truenas/truenas.md index 59022a8..0d971eb 100644 --- a/active/os_truenas/truenas.md +++ b/active/os_truenas/truenas.md @@ -17,6 +17,8 @@ - [Cleaning up old snapshots](#cleaning-up-old-snapshots) - [Creating and restoring snapshots](#creating-and-restoring-snapshots) - [Filesystem ACLs](#filesystem-acls) + - [Decrypting Pools](#decrypting-pools) + - [ZPool Scrubbing](#zpool-scrubbing) - [ISCSI](#iscsi) - [Create ZVOL](#create-zvol) - [Create ISCSI Target](#create-iscsi-target) @@ -247,6 +249,42 @@ Dataset -> Dataset details (edit) -> Advanced Options -> ACL Type (inherit) setfacl -b -R /mnt/enc0/smb/media ``` +### Decrypting Pools + +Unlocking through the UI. + +We'll need to recreate the key manifest json. This is a little tedious, but +your keys will be correct after this process. + +```bash +# List all datasets and format them for json keys +export LIST_DATASET=pool0/dcsi +echo "{" && \ +for DATASET_PATH in $(sudo zfs list -r $LIST_DATASET -H -o name); do echo " \"$DATASET_PATH\": \"key_here\","; done && \ +echo "}" + +# If the dataset's children have all the encryption keys +# Note this generates the cat EOF commands to create the json files needed to unlock. +export TL_DATASET=pool0 +for TL_DATASET_PATH in $(zfs list -r $TL_DATASET -H -o name -d 1); do \ +echo "cat < dataset_${TL_DATASET_PATH}_key.json" && \ +echo "{" && \ +for DATASET_PATH in $(zfs list -r $TL_DATASET_PATH -H -o name); do echo " \"$DATASET_PATH\": \"key_here\","; done && \ +echo "}" && \ +echo "EOF"; +done +``` + +### ZPool Scrubbing + +```bash +# Start a scrub +zpool scrub pool0 + +# Check status +zpool status pool0 +``` + ## ISCSI ### Create ZVOL