If I encrypt a ZFS disk that is in mirrored or in RAID-Z (raidz, raidz1, raidz2, raidz3) configurations then what happens if a disk fails. Can I still access the data if I replace a HDD.
Add a comment
|
1 Answer
I can't answer this with specific regard to Linux, but assuming you're talking about either full-disk or full-partition encryption, my experience with ZFS on FreeBSD suggests that it won't matter.
As long as ZFS can import the pool, you'll be able to remove a failed drive, provision a new drive with or without full-(drive|partition) encryption, and resilver the existing functional devices (encrypted or not) onto the newly-provisioned device (encrypted or not).
All that matters is that the redundancy of the pool is sufficient that you can do a zpool import -N and successfully import the (degraded) pool so that you can remove and replace the failed device.
# zpool status tank
pool: tank
state: ONLINE
scan: scrub repaired 0B in 01:51:20 with 0 errors on Mon Jul 26 05:11:07 2021
config:
NAME STATE READ WRITE CKSUM
tank ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
ada1p3.eli ONLINE 0 0 0
ada0p3 ONLINE 0 0 0
errors: No known data errors
Here device /dev/ada0p3 is an unencrypted partition, while ada1p3 is an encrypted partition (and ada1p3.eli is the decrypted handle for it).
There's no real reason for this setup on my machine, it's just the end result of when I was futzing around playing with booting from a full-disk encrypted pool.
