Phoenix Down Posted April 11, 2023 Share Posted April 11, 2023 Is this 5 year old guide from SpaceInvader One still the best method to encrypt an existing array? Quote Link to comment
JonathanM Posted April 11, 2023 Share Posted April 11, 2023 Most likely, since the underlying mechanism hasn't changed much. It's the same process as the disk format conversion, and there are multiple different ways to accomplish it, but they all involve getting one drive empty, formatting it, copying data from the next drive to be formatted, etc. BTW, if you are planning to run encryption, make sure your backup strategy is complete and as foolproof as you can get it, because if you have an issue, recovering data from encrypted volumes is orders of magnitude harder, so it's best to just restore from backup if you have an issue. Parity is NOT a backup, it's realtime, so if something corrupts your data, or a drive fails and one of the other drives has an issue while rebuilding the failed drive, you are sunk without backups. Quote Link to comment
Solution Phoenix Down Posted April 11, 2023 Author Solution Share Posted April 11, 2023 1 hour ago, JonathanM said: Most likely, since the underlying mechanism hasn't changed much. It's the same process as the disk format conversion, and there are multiple different ways to accomplish it, but they all involve getting one drive empty, formatting it, copying data from the next drive to be formatted, etc. BTW, if you are planning to run encryption, make sure your backup strategy is complete and as foolproof as you can get it, because if you have an issue, recovering data from encrypted volumes is orders of magnitude harder, so it's best to just restore from backup if you have an issue. Parity is NOT a backup, it's realtime, so if something corrupts your data, or a drive fails and one of the other drives has an issue while rebuilding the failed drive, you are sunk without backups. Understood, thanks for the reminder 🙂 Turns out it's a bit easier than the video. Once you've emptied a drive using Unbalance, you just have to stop the array, and then change the disk type of the disk you just emptied to "XFS Encrypted", then start the array back up. Lastly, format the disk and that disk is converted. Quote Link to comment
dboonthego Posted August 11, 2023 Share Posted August 11, 2023 At 2:30 he says "To be using encrypted disks we have to be using https." Does he mean you need https to use unBalance? Quote Link to comment
itimpi Posted August 11, 2023 Share Posted August 11, 2023 4 hours ago, dboonthego said: "To be using encrypted disks we have to be using https." This is not true - I use encrypted disks without using https (SSL) Quote Link to comment
Kilrah Posted August 11, 2023 Share Posted August 11, 2023 5 hours ago, dboonthego said: At 2:30 he says "To be using encrypted disks we have to be using https." Does he mean you need https to use unBalance? No it's just wrong info. Quote Link to comment
dboonthego Posted August 11, 2023 Share Posted August 11, 2023 Thanks. That threw me for a loop. Quote Link to comment
john_smith Posted December 1, 2023 Share Posted December 1, 2023 posting here since it seems to be the most recent post on the topic - i also tried following the space invader one video, and have tried a handful of other things as well since i'm having trouble (including referencing the simpler steps on https://docs.unraid.net/unraid-os/manual/security/data-encryption/ However, I'm still having trouble encrypting a new 20TB disk i'm trying to add. these are the steps i'm following: Go to the Main tab. Stop the array. Select the drive. In File system type change the file system to the encrypted type that you want. Select Apply to commit the change. Select Done to return to the Main tab. The drive now shows as unmountable and the option to format unmountable drives is present. I check the checkbox, and and select OK on the popup I select Format, the page reloads "Started, formatting..." shows up for a few seconds The page reloads again, the disk remains unmounted and unencrypted, showing: "Unmountable: Volume not encrypted" and remains with the XFS file system am i missing something? Quote Link to comment
john_smith Posted December 1, 2023 Share Posted December 1, 2023 i know this is a topic that may have been solved, so let me know if i should post as a new thread Quote Link to comment
Phoenix Down Posted December 1, 2023 Author Share Posted December 1, 2023 3 hours ago, john_smith said: posting here since it seems to be the most recent post on the topic - i also tried following the space invader one video, and have tried a handful of other things as well since i'm having trouble (including referencing the simpler steps on https://docs.unraid.net/unraid-os/manual/security/data-encryption/ However, I'm still having trouble encrypting a new 20TB disk i'm trying to add. these are the steps i'm following: Go to the Main tab. Stop the array. Select the drive. In File system type change the file system to the encrypted type that you want. Select Apply to commit the change. Select Done to return to the Main tab. The drive now shows as unmountable and the option to format unmountable drives is present. I check the checkbox, and and select OK on the popup I select Format, the page reloads "Started, formatting..." shows up for a few seconds The page reloads again, the disk remains unmounted and unencrypted, showing: "Unmountable: Volume not encrypted" and remains with the XFS file system am i missing something? See my reply above: Quote Once you've emptied a drive using Unbalance, you just have to stop the array, and then change the disk type of the disk you just emptied to "XFS Encrypted", then start the array back up. Lastly, format the disk and that disk is converted. Did you start the array back up after you changed the disk type to "XFS Encrypted"? Quote Link to comment
john_smith Posted December 1, 2023 Share Posted December 1, 2023 10 hours ago, Phoenix Down said: See my reply above: Did you start the array back up after you changed the disk type to "XFS Encrypted"? thanks for the quick reply. i did start it back up after changing the disk type, that's when i was presented with the format option near the bottom of the page. from there: I check the checkbox, and and select OK on the popup I select Format, the page reloads "Started, formatting..." shows up for a few seconds The page reloads again, The disk shows up as unmounted and unencrypted, with the test to the right showing: "Unmountable: Volume not encrypted", remaining with the XFS file system Quote Link to comment
Phoenix Down Posted December 1, 2023 Author Share Posted December 1, 2023 4 hours ago, john_smith said: thanks for the quick reply. i did start it back up after changing the disk type, that's when i was presented with the format option near the bottom of the page. from there: I check the checkbox, and and select OK on the popup I select Format, the page reloads "Started, formatting..." shows up for a few seconds The page reloads again, The disk shows up as unmounted and unencrypted, with the test to the right showing: "Unmountable: Volume not encrypted", remaining with the XFS file system Check the system logs (top right, left of the solid circle with a question mark). That sounds like the format was unsuccessful for some reason. Quote Link to comment
john_smith Posted December 2, 2023 Share Posted December 2, 2023 here are the logs: Spoiler Dec 1 17:33:19 HTPC kernel: mdcmd (52): nocheck pause Dec 1 17:33:21 HTPC emhttpd: creating volume: disk2 (xfs - encrypted) Dec 1 17:33:21 HTPC emhttpd: shcmd (137720): /sbin/wipefs -a /dev/sdb Dec 1 17:33:22 HTPC root: /dev/sdb: 8 bytes were erased at offset 0x00000200 (gpt): 45 46 49 20 50 41 52 54 Dec 1 17:33:22 HTPC root: /dev/sdb: 8 bytes were erased at offset 0x1230bffffe00 (gpt): 45 46 49 20 50 41 52 54 Dec 1 17:33:22 HTPC root: /dev/sdb: 2 bytes were erased at offset 0x000001fe (PMBR): 55 aa Dec 1 17:33:22 HTPC root: /dev/sdb: calling ioctl to re-read partition table: Success Dec 1 17:33:22 HTPC emhttpd: writing GPT on disk (sdb), with partition 1 byte offset 32KiB, erased: 0 Dec 1 17:33:22 HTPC emhttpd: shcmd (137721): sgdisk -Z /dev/sdb Dec 1 17:33:23 HTPC root: Creating new GPT entries in memory. Dec 1 17:33:23 HTPC root: GPT data structures destroyed! You may now partition the disk using fdisk or Dec 1 17:33:23 HTPC root: other utilities. Dec 1 17:33:23 HTPC emhttpd: shcmd (137722): sgdisk -o -a 8 -n 1:32K:0 /dev/sdb Dec 1 17:33:24 HTPC root: Creating new GPT entries in memory. Dec 1 17:33:24 HTPC root: The operation has completed successfully. Dec 1 17:33:24 HTPC kernel: sdb: sdb1 Dec 1 17:33:24 HTPC emhttpd: shcmd (137723): udevadm settle Dec 1 17:33:24 HTPC emhttpd: mounting /mnt/disk2 Dec 1 17:33:24 HTPC emhttpd: shcmd (137724): mkdir -p /mnt/disk2 Dec 1 17:33:24 HTPC emhttpd: /mnt/disk2 mount error: Volume not encrypted Dec 1 17:33:24 HTPC emhttpd: shcmd (137725): rmdir /mnt/disk2 Dec 1 17:33:24 HTPC emhttpd: Starting services... Dec 1 17:33:24 HTPC emhttpd: shcmd (137729): /etc/rc.d/rc.samba restart Dec 1 17:33:24 HTPC wsdd2[23016]: 'Terminated' signal received. Dec 1 17:33:24 HTPC winbindd[23019]: [2023/12/01 19:33:24.464016, 0] ../../source3/winbindd/winbindd_dual.c:1950(winbindd_sig_term_handler) Dec 1 17:33:24 HTPC winbindd[23019]: Got sig[15] terminate (is_parent=1) Dec 1 17:33:24 HTPC wsdd2[23016]: terminating. Dec 1 17:33:24 HTPC winbindd[23022]: [2023/12/01 19:33:24.464336, 0] ../../source3/winbindd/winbindd_dual.c:1950(winbindd_sig_term_handler) Dec 1 17:33:24 HTPC winbindd[23022]: Got sig[15] terminate (is_parent=0) Dec 1 17:33:24 HTPC winbindd[24197]: [2023/12/01 19:33:24.466769, 0] ../../source3/winbindd/winbindd_dual.c:1950(winbindd_sig_term_handler) Dec 1 17:33:24 HTPC winbindd[24197]: Got sig[15] terminate (is_parent=0) Dec 1 17:33:26 HTPC root: Starting Samba: /usr/sbin/smbd -D Dec 1 17:33:26 HTPC smbd[25806]: [2023/12/01 19:33:26.673575, 0] ../../source3/smbd/server.c:1741(main) Dec 1 17:33:26 HTPC smbd[25806]: smbd version 4.17.10 started. Dec 1 17:33:26 HTPC smbd[25806]: Copyright Andrew Tridgell and the Samba Team 1992-2022 Dec 1 17:33:26 HTPC root: /usr/sbin/wsdd2 -d -4 Dec 1 17:33:26 HTPC root: /usr/sbin/winbindd -D Dec 1 17:33:26 HTPC wsdd2[25823]: starting. Dec 1 17:33:26 HTPC winbindd[25824]: [2023/12/01 19:33:26.791907, 0] ../../source3/winbindd/winbindd.c:1440(main) Dec 1 17:33:26 HTPC winbindd[25824]: winbindd version 4.17.10 started. Dec 1 17:33:26 HTPC winbindd[25824]: Copyright Andrew Tridgell and the Samba Team 1992-2022 Dec 1 17:33:26 HTPC winbindd[25826]: [2023/12/01 19:33:26.796899, 0] ../../source3/winbindd/winbindd_cache.c:3117(initialize_winbindd_cache) Dec 1 17:33:26 HTPC winbindd[25826]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Dec 1 17:33:26 HTPC emhttpd: shcmd (137733): /etc/rc.d/rc.avahidaemon restart Dec 1 17:33:26 HTPC root: Stopping Avahi mDNS/DNS-SD Daemon: stopped Dec 1 17:33:26 HTPC avahi-daemon[23073]: Got SIGTERM, quitting. Dec 1 17:33:26 HTPC avahi-dnsconfd[23084]: read(): EOF Quote Link to comment
Phoenix Down Posted December 2, 2023 Author Share Posted December 2, 2023 6 hours ago, john_smith said: here are the logs: Reveal hidden contents Dec 1 17:33:19 HTPC kernel: mdcmd (52): nocheck pause Dec 1 17:33:21 HTPC emhttpd: creating volume: disk2 (xfs - encrypted) Dec 1 17:33:21 HTPC emhttpd: shcmd (137720): /sbin/wipefs -a /dev/sdb Dec 1 17:33:22 HTPC root: /dev/sdb: 8 bytes were erased at offset 0x00000200 (gpt): 45 46 49 20 50 41 52 54 Dec 1 17:33:22 HTPC root: /dev/sdb: 8 bytes were erased at offset 0x1230bffffe00 (gpt): 45 46 49 20 50 41 52 54 Dec 1 17:33:22 HTPC root: /dev/sdb: 2 bytes were erased at offset 0x000001fe (PMBR): 55 aa Dec 1 17:33:22 HTPC root: /dev/sdb: calling ioctl to re-read partition table: Success Dec 1 17:33:22 HTPC emhttpd: writing GPT on disk (sdb), with partition 1 byte offset 32KiB, erased: 0 Dec 1 17:33:22 HTPC emhttpd: shcmd (137721): sgdisk -Z /dev/sdb Dec 1 17:33:23 HTPC root: Creating new GPT entries in memory. Dec 1 17:33:23 HTPC root: GPT data structures destroyed! You may now partition the disk using fdisk or Dec 1 17:33:23 HTPC root: other utilities. Dec 1 17:33:23 HTPC emhttpd: shcmd (137722): sgdisk -o -a 8 -n 1:32K:0 /dev/sdb Dec 1 17:33:24 HTPC root: Creating new GPT entries in memory. Dec 1 17:33:24 HTPC root: The operation has completed successfully. Dec 1 17:33:24 HTPC kernel: sdb: sdb1 Dec 1 17:33:24 HTPC emhttpd: shcmd (137723): udevadm settle Dec 1 17:33:24 HTPC emhttpd: mounting /mnt/disk2 Dec 1 17:33:24 HTPC emhttpd: shcmd (137724): mkdir -p /mnt/disk2 Dec 1 17:33:24 HTPC emhttpd: /mnt/disk2 mount error: Volume not encrypted Dec 1 17:33:24 HTPC emhttpd: shcmd (137725): rmdir /mnt/disk2 Dec 1 17:33:24 HTPC emhttpd: Starting services... Dec 1 17:33:24 HTPC emhttpd: shcmd (137729): /etc/rc.d/rc.samba restart Dec 1 17:33:24 HTPC wsdd2[23016]: 'Terminated' signal received. Dec 1 17:33:24 HTPC winbindd[23019]: [2023/12/01 19:33:24.464016, 0] ../../source3/winbindd/winbindd_dual.c:1950(winbindd_sig_term_handler) Dec 1 17:33:24 HTPC winbindd[23019]: Got sig[15] terminate (is_parent=1) Dec 1 17:33:24 HTPC wsdd2[23016]: terminating. Dec 1 17:33:24 HTPC winbindd[23022]: [2023/12/01 19:33:24.464336, 0] ../../source3/winbindd/winbindd_dual.c:1950(winbindd_sig_term_handler) Dec 1 17:33:24 HTPC winbindd[23022]: Got sig[15] terminate (is_parent=0) Dec 1 17:33:24 HTPC winbindd[24197]: [2023/12/01 19:33:24.466769, 0] ../../source3/winbindd/winbindd_dual.c:1950(winbindd_sig_term_handler) Dec 1 17:33:24 HTPC winbindd[24197]: Got sig[15] terminate (is_parent=0) Dec 1 17:33:26 HTPC root: Starting Samba: /usr/sbin/smbd -D Dec 1 17:33:26 HTPC smbd[25806]: [2023/12/01 19:33:26.673575, 0] ../../source3/smbd/server.c:1741(main) Dec 1 17:33:26 HTPC smbd[25806]: smbd version 4.17.10 started. Dec 1 17:33:26 HTPC smbd[25806]: Copyright Andrew Tridgell and the Samba Team 1992-2022 Dec 1 17:33:26 HTPC root: /usr/sbin/wsdd2 -d -4 Dec 1 17:33:26 HTPC root: /usr/sbin/winbindd -D Dec 1 17:33:26 HTPC wsdd2[25823]: starting. Dec 1 17:33:26 HTPC winbindd[25824]: [2023/12/01 19:33:26.791907, 0] ../../source3/winbindd/winbindd.c:1440(main) Dec 1 17:33:26 HTPC winbindd[25824]: winbindd version 4.17.10 started. Dec 1 17:33:26 HTPC winbindd[25824]: Copyright Andrew Tridgell and the Samba Team 1992-2022 Dec 1 17:33:26 HTPC winbindd[25826]: [2023/12/01 19:33:26.796899, 0] ../../source3/winbindd/winbindd_cache.c:3117(initialize_winbindd_cache) Dec 1 17:33:26 HTPC winbindd[25826]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Dec 1 17:33:26 HTPC emhttpd: shcmd (137733): /etc/rc.d/rc.avahidaemon restart Dec 1 17:33:26 HTPC root: Stopping Avahi mDNS/DNS-SD Daemon: stopped Dec 1 17:33:26 HTPC avahi-daemon[23073]: Got SIGTERM, quitting. Dec 1 17:33:26 HTPC avahi-dnsconfd[23084]: read(): EOF Have you encrypted any other disks in your system? Were they successful? Quote Link to comment
Kilrah Posted December 2, 2023 Share Posted December 2, 2023 Did you reboot yet? Quote Link to comment
john_smith Posted December 2, 2023 Share Posted December 2, 2023 6 hours ago, Phoenix Down said: Have you encrypted any other disks in your system? Were they successful? I have not, this would be the first time 5 hours ago, Kilrah said: Did you reboot yet? I tried to reboot as well during one of my attempts yes Quote Link to comment
Phoenix Down Posted December 3, 2023 Author Share Posted December 3, 2023 11 hours ago, john_smith said: I have not, this would be the first time I tried to reboot as well during one of my attempts yes What happens if you tried a different disk first? Quote Link to comment
john_smith Posted December 3, 2023 Share Posted December 3, 2023 20 minutes ago, Phoenix Down said: What happens if you tried a different disk first? I could move everything to my new large drive and try that one first, then I would subsequently want to move the files back to the small old drive in order to try encrypting the large empty drive again. Is there something that would change from doing that with regards to encrypting the large new disk? Quote Link to comment
Phoenix Down Posted December 3, 2023 Author Share Posted December 3, 2023 18 hours ago, john_smith said: I could move everything to my new large drive and try that one first, then I would subsequently want to move the files back to the small old drive in order to try encrypting the large empty drive again. Is there something that would change from doing that with regards to encrypting the large new disk? Just trying to eliminate variables, see if it’s an issue with your large disk or something else. Quote Link to comment
john_smith Posted December 3, 2023 Share Posted December 3, 2023 1 hour ago, Phoenix Down said: Just trying to eliminate variables, see if it’s an issue with your large disk or something else. i'll try this and report back Quote Link to comment
john_smith Posted December 4, 2023 Share Posted December 4, 2023 20 hours ago, Phoenix Down said: Just trying to eliminate variables, see if it’s an issue with your large disk or something else. just finished moving everything over and tried to encrypt the smaller disk - also fails in identical fashioon Quote Link to comment
john_smith Posted December 4, 2023 Share Posted December 4, 2023 i'm reading the log now and seeing something in red I don't recall seeing before: Dec 4 12:20:04 HTPC emhttpd: /mnt/disk1 mount error: Volume not encrypted Quote Link to comment
Phoenix Down Posted December 4, 2023 Author Share Posted December 4, 2023 57 minutes ago, john_smith said: i'm reading the log now and seeing something in red I don't recall seeing before: Dec 4 12:20:04 HTPC emhttpd: /mnt/disk1 mount error: Volume not encrypted Not sure; I did not run into this issues for any of my 8 disks. Maybe there's a hint in this thread: Quote Link to comment
john_smith Posted December 4, 2023 Share Posted December 4, 2023 4 hours ago, Phoenix Down said: Not sure; I did not run into this issues for any of my 8 disks. Maybe there's a hint in this thread: Looks like they never figured it out on that thread either Quote Link to comment
JorgeB Posted December 5, 2023 Share Posted December 5, 2023 Please post the diagnostics. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.