I just installed version 9 freshly on a new machine, with a 4 nvme pool in RaidZ for my VM's. I need the zfs pool offline and encrypted in case someone steals the workstation. So after a reboot they should never be online and I should need to enter the passphrase to get them online.
But, this doesn't happen. I am encountering 2 issues and I was hoping you know what a possible solution is.
1. When the pool is online and I enter it in the storage.cfg, I am unable to export it. Proxmox keeps it occupied, even though there are no VM's or anything running.
2. When it is not in the storage.cfg, so it's not popping up in the server view, I can export and import it, but since it is not to known to Proxmox I cannot add VM's.
This creates the problem that, when the machine is online and working but rebooted or turned off/on (let's say stolen), the pool comes back to online. No passphrase needed or anything. This (in my humble understanding) defeats the whole security layer of zfs encryption. Or am I missing something?
I tried setting the cachefile=none, disabling and masking the zfs-import-cache and scan service, nothing helps.
But, this doesn't happen. I am encountering 2 issues and I was hoping you know what a possible solution is.
1. When the pool is online and I enter it in the storage.cfg, I am unable to export it. Proxmox keeps it occupied, even though there are no VM's or anything running.
2. When it is not in the storage.cfg, so it's not popping up in the server view, I can export and import it, but since it is not to known to Proxmox I cannot add VM's.
This creates the problem that, when the machine is online and working but rebooted or turned off/on (let's say stolen), the pool comes back to online. No passphrase needed or anything. This (in my humble understanding) defeats the whole security layer of zfs encryption. Or am I missing something?
I tried setting the cachefile=none, disabling and masking the zfs-import-cache and scan service, nothing helps.
Last edited: