UPDATE 2009-11-19: this post explains how to do the same in Debian.
I'm building a small NAS for the household. It will run FreeNAS
and will be used as a file, rsync, BitTorrent and printer server. I want it to
be reliable and secure so it will have two HDDs in RAID 1 (AKA mirroring)
and their content will be encrypted.
But what if in the future I will want to upgrade the drives with larger ones? A
common scenario with RAID 1 is to replace one of the disks with the bigger one,
rebuild the mirror then replace the other one and rebuild it again. In theory it
sounds like an easy process that will keep all your data intact.
In practice however it's not, Mike explains how to do it under FreeNAS
in his blog. Growing mirrored and encrypted drives is a bit more
complicated.
Here is how, in case you might need it:
-
After replacing the HDD, boot your box and log into the FreeNAS web interface
-
Go to Disks/Management, edit the disk you have replaced and click
"Save". This will read the new disk's size.
-
Go to Disks/RAID, the status will be DEGRADED which is normal. In Tools
select the new disk, "forget" and then "insert" it. Wait until the rebuild
process is finished.
-
Go to Disks/Encryption, attach the disk and make sure your data is fine.
-
Go to Disks/Mount Point and delete the mount.
-
Get to the NAS console, either directly or via SSH. Things will get more
interesting now:
# geli backup /dev/mirror/raid1 bak
# geli detach /dev/mirror/raid1
# geli clear /dev/mirror/raid1
-
geli is the command line tool to manage encrypted storage in
FreeNAS. raid1 is the volume name I used, yours might be
different. The first line saves the encrypted volume's metadata to a
file called "bak", we will need it later.
-
Go to Disks/RAID again, delete and re-add the RAID. Use the same volume name
and tick the "Create and initialize RAID" check box.
-
Now back to the terminal. This will restore the metadata from our backup and
re-attach the encrypted volume
# geli restore bak /dev/mirror/raid1
# geli attach /dev/mirror/raid1
- Fix the partition table, re-create and grow the partition to fill the
entire disk (note that the device name ends with ".eli" – it's our encrypted
disk):
# gpt recover /dev/mirror/raid1.eli
# gpt remove -i 1 /dev/mirror/raid1.eli
# gpt add -i 1 -t ufs /dev/mirror/raid1.eli
# gpt label -i 1 -l data /dev/mirror/raid1.eli
# growfs /dev/mirror/raid1.elip1
- Finally go to Disks/Mount Point and mount the partition.
That's it, your encrypted partition should be functional now!
NOTE: always do your backups, I can make no guarantees this guide will work for
you.