diff --git a/msg/ZFS-8000-ER/index.html b/msg/ZFS-8000-ER/index.html index 9edd7c648..283ee204c 100644 --- a/msg/ZFS-8000-ER/index.html +++ b/msg/ZFS-8000-ER/index.html @@ -135,8 +135,8 @@
 # zpool get freeing
-NAME   PROPERTY  VALUE    SOURCE
-rpool  freeing   0        default
+NAME  PROPERTY  VALUE    SOURCE
+test  freeing   0        default
 
The ZFS packages may be now be updated and the pool imported. The on-disk @@ -144,4 +144,89 @@ Errata #1. +

+
+

+ + + + +
+ZFS Errata #3 +

+

+

Type +

Compatibility +

Severity +

Moderate +

Description +

An encrypted dataset contains an on-disk format incompatability. +

Automated Response +

No automated response will be taken. +

Impact +

+Encrypted datasets created before the ZFS packages were updated cannot be +mounted or opened for write. The errata impacts the ability of ZFS to correctly +perform raw sends, so this functionality has been disabled for these datasets. +
+

Suggested Action for System Administrator +

+System administrators with affected pools will need to recreate any encrypted +datasets created before the new version of ZFS was used. This can be +accomplished by using zfs send and zfs receive. Note, however, +that backups can NOT be done with a raw zfs send -w, since this would +preserve the on-disk incompatibility. Since the -p and -R options +imply -w for encrypted datasets, these flags can not be used either. +Alternatively, system administrators can use conventional tools to back up data +to new encrypted datasets. The new version of ZFS will prevent new data from +being written to the impacted datasets, but they can still be mounted read-only. +
+# zpool status
+  pool: test
+    id: 1165955789558693437
+ state: ONLINE
+status: Errata #3 detected.
+action: To correct the issue backup existing encrypted datasets to new
+	encrypted datasets and destroy the old ones.
+   see: http://zfsonlinux.org/msg/ZFS-8000-ER
+config:
+
+	test           ONLINE
+	  raidz1-0     ONLINE
+	    vdev0      ONLINE
+	    vdev1      ONLINE
+	    vdev2      ONLINE
+	    vdev3      ONLINE
+
+ +Import the pool and backup any existing encrypted datasets to new datasets. +To ensure the new datasets are re-encrypted, be sure to receive them below an +encryption root, then destroy the source dataset. +
+# zfs create -o encryption=on -o keyformat=passphrase test/new_root
+Enter passphrase:
+Re-enter passphrase
+# zfs send test/crypt1 | zfs receive test/new_root/crypt1
+# zfs send test/crypt2 | zfs receive test/new_root/crypt2
+# zfs destroy test/crypt1
+# zfs destroy test/crypt2
+
+ +New datasets can be mounted read-write and used normally. The errata will be +cleared upon reimporting the pool and the alert will only be shown again if +another dataset is found with the errata. To ensure that all datasets are +on the new version reimport the pool, load all keys, mount all encrypted +datasets, and check zpool status. + +
+# zpool export test
+# zpool import test
+# zfs load-key -a
+Enter passphrase for 'test/new_root': 
+1 / 1 key(s) successfully loaded
+# zfs mount -a
+# zpool status -x
+all pools are healthy
+
+