I want it to be reliable and secure so it will have two HDDs in RAID 1 (AKA mirroring) and their content will be encrypted.

But what if in the future I will want to upgrade the drives with larger ones? A common scenario with RAID 1 is to replace one of the disks with the bigger one, rebuild the mirror then replace the other one and rebuild it again. In theory it sounds like an easy process that will keep all your data intact.

In practice however it’s not, Mike explains how to do it under FreeNAS in his blog. Growing mirrored and encrypted drives is a bit more complicated.

Here is how, in case you might need it:

  1. After replacing the HDD, boot your box and log into the FreeNAS web interface
  2. Go to Disks/Management, edit the disk you have replaced and click “Save”. This will read the new disk’s size.
  3. Go to Disks/RAID, the status will be DEGRADED which is normal. In Tools select the new disk, “forget” and then “insert” it. Wait until the rebuild process is finished.
  4. Go to Disks/Encryption, attach the disk and make sure your data is fine.
  5. Go to Disks/Mount Point and delete the mount.
  6. Get to the NAS console, either directly or via SSH. Things will get more interesting now:

    # geli backup /dev/mirror/raid1 bak
    # geli detach /dev/mirror/raid1
    # geli clear /dev/mirror/raid1
    

    geli is the command line tool to manage encrypted storage in FreeNAS. raid1 is the volume name I used, yours might be different. The first line saves the encrypted volume’s metadata to a file called “bak”, we will need it later.

  7. Go to Disks/RAID again, delete and re-add the RAID. Use the same volume name and tick the “Create and initialize RAID” check box.
  8. Now back to the terminal:

    # geli restore bak /dev/mirror/raid1<br /># geli attach /dev/mirror/raid1<br />

    This will restore the metadata from our backup and re-attach the encrypted volume

  9. Fix the partition table, re-create and grow the partition to fill the entire disk:

    # gpt recover /dev/mirror/raid1.eli<br /># gpt remove -i 1 /dev/mirror/raid1.eli<br /># gpt add -i 1 -t ufs /dev/mirror/raid1.eli<br /># gpt label -i 1 -l data /dev/mirror/raid1.elifreenas howto<br /># growfs /dev/mirror/raid1.elip1<br />

    Note that the device name ends with “.eli” – it’s our encrypted disk.

  10. Finally go to Disks/Mount Point and mount the partition.

That’s it, your encrypted partition should be functional now!

NOTE: always do your backups, I can make no guarantees that it will work for you.

from here

thanks to

Alexander Kojevnikov

under cc license

Advertisements