Migrate from FreeBSD: howto move geli-encrypted ZFS pool to proxmox

[man55]

Hello!
I have a task to migrate from FreeBSD to Porxmox (and then to several guest OSes, not at this topic)
Now I have 2 geli-encrypted WD Red HDD with zfs-mirror over this encrypted disks
Is there any way to move this zfs mirror into Proxmox without data loss?

~# geli status
    Name  Status  Components
ada0.eli  ACTIVE  ada0
ada1.eli  ACTIVE  ada1

~# geli list
Geom name: ada0.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: software
Version: 7
UsedKey: 0
Flags: NONE
KeysAllocated: 1864
KeysTotal: 1864
Providers:
1. Name: ada0.eli
   Mediasize: 1000204885504 (932G)
   Sectorsize: 512
   Mode: r1w1e3
Consumers:
1. Name: ada0
   Mediasize: 1000204886016 (932G)
   Sectorsize: 512
   Stripesize: 4096
   Stripeoffset: 0
   Mode: r1w1e1

Geom name: ada1.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: software
Version: 7
UsedKey: 0
Flags: NONE
KeysAllocated: 1864
KeysTotal: 1864
Providers:
1. Name: ada1.eli
   Mediasize: 1000204885504 (932G)
   Sectorsize: 512
   Mode: r1w1e3
Consumers:
1. Name: ada1
   Mediasize: 1000204886016 (932G)
   Sectorsize: 512
   Stripesize: 4096
   Stripeoffset: 0
   Mode: r1w1e1

~# zpool status
  pool: pool0
 state: ONLINE
  scan: resilvered 479G in 4h9m with 0 errors on Mon Dec  2 02:48:57 2019
config:

        NAME                     STATE     READ WRITE CKSUM
        pool0                    ONLINE       0     0     0
          mirror-0               ONLINE       0     0     0
            gpt/WD-WCC4J0EZ6PX5  ONLINE       0     0     0
            gpt/WD-WCC4J5FA5H5A  ONLINE       0     0     0

errors: No known data errors

 

[LnxBil]

Now I have 2 geli-encrypted WD Red HDD with zfs-mirror over this encrypted disks
Is there any way to move this zfs mirror into Proxmox without data loss?

Use send/receive for that and online replicate your datasets. You need to create a snapshot first, easiest is to stop all I/O on the source pool and do a recursive snapshot:

zfs snapshot -r tank@migration-to-proxmox

Then your replicate it to proxmox.

 

[man55]

Use send/receive for that and online replicate your datasets

Thank you.
Its clear how to copy data from one HDD to another (or from one server to another).
The question is how to mount existed geli-encrypted zfs disk to Proxmox.

 

[LnxBil]

Its clear how to copy data from one HDD to another (or from one server to another).

It's not copying data from one HDD to another, it's from one pool to another. That's the whole point. It cannot be done otherwise.

The question is how to mount existed geli-encrypted zfs disk to Proxmox.

You cannot (GELI is FreeBSD and Linux does not understand it), therefore you need to go the send/receive route. If you have only the disks your current pool is on, you need to send/receive the data to another, off-disk-pool (e.g. external drives - the s is important, use a mirrored pool or multiple pools), recreate the pool and send/receive your data back.

 

[man55]

Using the temporary disk(s) is absolutely clear and is not the topic, thank you.
If there is no way to decrypt geli disk in Porxmox, I'll go through temporary disks.

 

[LnxBil]

If there is no way to decrypt geli disk in Porxmox,

GELI is FreeBSD specific, so unfortunately no.

Are you migrating to native ZFS encryption or do you want to use LUKS (the Linux equivalent of GELI) in your new build?

 

[man55]

Are you migrating to native ZFS encryption or do you want to use LUKS ... ?

Its a subject to discussion. The main goal of FreeBSD->Linux-based migration is to have quick ability to restore the data from backups.
One of the disks is stored at physically different place from main server.
If main server will be physically destroyed (fire, water, COVID19 etc.) I need to have a way to get tha data at "usual PC" with "usual OS" even MS Windows.

 

[man55]

Sounds as mixed tasks (RAIDZ for local reliability, encryption for data leaks protection, physical backup for server destroying protection, etc) but all this points should been considered.

 

[LnxBil]

I need to have a way to get tha data at "usual PC" with "usual OS" even MS Windows.

You may need to wait a bit before ZFS is officially stable for Windows, but in the end ZFS will be the ultimate filesystem for every OS including encryption.

 

[man55]

Finally after a night of googling I think so:

1. I'll install Proxmox on 2*HDD with ZFS mirror
2. Host system and guest systems for NAS, DLNA etc. will be unsecure both on ZFS mirror and other non-mirrored HDDs in server
3. Secured data will be on native ZFS datasets on ZFS mirror with native ZFS encryption
4. Separate mobile HDDs for remote backup with either ZFS with encryption or TrueCrypt encrypted NTFS
5. The main topic: data migration will be done through copy-paste from old geli-encrypted HDDs to another ones. Sad but true, unfortunately (((