lixe Posted April 9, 2020 Share Posted April 9, 2020 Hi, I want to encrypt my existing array and will follow the guide spaceinvaderone did some time ago (using unbalance to “clear” one drive after the other...). But I’m just curious about a few things: - As it seems I still need to use SSL for the WebGUI to use encryption, why exactly is this necessary? - Do I get any problems when my cert runs out, which will be the case in about two months and I have to renew my cert (I guess the SSL cert isn’t used for the encryption itself, so a new cert won’t change anything, the only thing which is actually necessary for decrypting is my passphrase) - Is there a way to keep the parity in sync in case something goes wrong? Of course I have a backup of my important files. My guess is that the parity drive won’t be of any help anymore after encrypting the first (empty) disk, since it isn’t completely identical to the status before (unencrpted) even if it will be “empty” before and after the encryption. So of course I could sync it again after encrypting the first disk which would give me some kind of protection for that moment being. I could then move all my files again, so the second disk is empty, but after encrypting that one my parity would be useless again until I synced it again. To cut a long story short, it seems parity won’t really help until the process of encryption is completely done, am I right? I would only have protection while moving the files from A to B? Quote Link to comment
JonathanM Posted April 9, 2020 Share Posted April 9, 2020 18 minutes ago, lixe said: Is there a way to keep the parity in sync in case something goes wrong? If you follow the methods as written, parity stays in sync the entire time. Parity doesn't have any concept of files or file systems, encrypted or not. It only recreates bit for bit a missing drive slot by completing an equation. 1 Quote Link to comment
lixe Posted April 9, 2020 Author Share Posted April 9, 2020 Thanks for the quick answer! So just that I get this right: - I empty my frist data drive using unbalance plugin - Stop the array - Set the first drive to unassigned so that I can format it using unassigned devices plugin - Format the first drive and assign it again - Start the array and have to format the first drive, now using encryption - Parity will still be in sync - And then I continue with the next drive So there wouldn’t be any need for New Config except I would like to skip parity for all the moving which is involved like spaceinvaderone did in his tutorial? Quote Link to comment
itimpi Posted April 9, 2020 Share Posted April 9, 2020 Not quite. You do not Unassign the drive or use the UD plugin. After stopping the array click on the drive to select the encryption you want. Now start the array and you are given the option to format the drive with encryption. 1 Quote Link to comment
lixe Posted April 9, 2020 Author Share Posted April 9, 2020 Thanks, ok, that’s even easier! Quote Link to comment
lixe Posted April 10, 2020 Author Share Posted April 10, 2020 So I’ve emptied disk2 of my array, stopped the array, selected xfs encrypted for disk2, started the array and formatted disk2. Before moving any data I did a parity check just to be sure. It’s finished now. I’ve got zero sync errors but disk2 has 152 (read) errors. I will check the cables and after that maybe do a parity check again or an extended smart check and see if the errors are gone then or if the disk is really damaged. Unraid still shows the disk as healthy... maybe it was just bad luck... what do you guys think? Quote Link to comment
jang430 Posted April 15, 2020 Share Posted April 15, 2020 When you do this, and format the drive with encryption, when drive goes dead, does it mean it cannot be read by any other machine? Quote Link to comment
lixe Posted April 17, 2020 Author Share Posted April 17, 2020 As long as the other machine doesn’t know the encryption passphrase, it shouldn’t be possible to read the disk in any machine... Quote Link to comment
jang430 Posted May 3, 2020 Share Posted May 3, 2020 Hi. After unassigning the disk, I went to delete existing xfs partition. Selected the disk under UD plugin, assigned a password. I then selected 'XFS encrypted.' Formatted, provided the same password I set in UD plugin. Assigned the drive to the array, started. Now I see 'Unmountable: Encrypted volume present.' Ticked on format once again at the bottom of the main page. After Format, I see the drive has 14GB used. File system says XFS. Is this considered encrypted disk? What if I want to add another encrypted disk, and assign to the same share? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.