Projekte

User Tools

Site Tools

Trace:
nas:truenas:encrypted_boot-pool_with_zbm

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
nas:truenas:encrypted_boot-pool_with_zbm [2024/10/28 00:14] – created adminnas:truenas:encrypted_boot-pool_with_zbm [2025/06/06 20:51] (current) admin
Line 2: Line 2:
  
 This is adapted from the [Debian bookworm instructions for ZBM](https://docs.zfsbootmenu.org/en/v2.3.x/guides/debian/bookworm-uefi.html) This is adapted from the [Debian bookworm instructions for ZBM](https://docs.zfsbootmenu.org/en/v2.3.x/guides/debian/bookworm-uefi.html)
 +
 +## Preparation
 +
 +Add an ssh key to the __root__ acount. Log in using ssh to the `root` account.
 +`sudo` does not allow chroot anymore.
  
 ## Update a TrueNAS System that uses ZBM ## Update a TrueNAS System that uses ZBM
Line 11: Line 16:
  
 ```bash ```bash
-sudo -s+zfs list 
 +# find the latest TrueNAS version
 export ID=<new release version> export ID=<new release version>
 +```
 +
 +```bash
 mkdir -p /mnt/update mkdir -p /mnt/update
 mount -t zfs boot-pool/ROOT/${ID} /mnt/update mount -t zfs boot-pool/ROOT/${ID} /mnt/update
Line 72: Line 81:
 ### Create an encrypted boot-pool on one of the mirrored boot disks and copy the TrueNAS system ### Create an encrypted boot-pool on one of the mirrored boot disks and copy the TrueNAS system
  
-Start an SSH session with the admin account:+Start an SSH session with the `root` account:
 ```bash ```bash
-sudo -s 
-# Enter admin's password 
 export ID=$(cat /etc/version) export ID=$(cat /etc/version)
 # for sdx drives # for sdx drives
Line 85: Line 92:
 export POOL_DEVICE="${POOL_DISK}${POOL_PART}" export POOL_DEVICE="${POOL_DISK}${POOL_PART}"
 # for NVMes # for NVMes
-export BOOT_DISK="/dev/nvme0n1+export BOOT_DISK="/dev/nvmeOn1
-export BOOT_PART="1"+export BOOT_PART="2"
 export BOOT_DEVICE="${BOOT_DISK}p${BOOT_PART}" export BOOT_DEVICE="${BOOT_DISK}p${BOOT_PART}"
-export POOL_DISK="/dev/nvme0n1+export POOL_DISK="/dev/nvmeOn1
-export POOL_PART="2"+export POOL_PART="3"
 export POOL_DEVICE="${POOL_DISK}p${POOL_PART}" export POOL_DEVICE="${POOL_DISK}p${POOL_PART}"
  
Line 197: Line 204:
 Unlock and start TrueNAS.   Unlock and start TrueNAS.  
 If it works as expected convert the second mirror boot device to a mirror device for the now encrypted boot-pool. If it works as expected convert the second mirror boot device to a mirror device for the now encrypted boot-pool.
-Again open an SSH connection as the admin user:+Again open an SSH connection as the `root`user:
  
 ```bash ```bash
-sudo -s 
 export ID=$(cat /etc/version) export ID=$(cat /etc/version)
-export BOOT_DISK="/dev/sde"+# for sdx drives 
 +export BOOT_DISK="/dev/sdy"
 export BOOT_PART="2" export BOOT_PART="2"
 export BOOT_DEVICE="${BOOT_DISK}${BOOT_PART}" export BOOT_DEVICE="${BOOT_DISK}${BOOT_PART}"
-export POOL_DISK="/dev/sde"+export POOL_DISK="/dev/sdy"
 export POOL_PART="3" export POOL_PART="3"
 export POOL_DEVICE="${POOL_DISK}${POOL_PART}" export POOL_DEVICE="${POOL_DISK}${POOL_PART}"
-export CURRENT_POOL_DISK="/dev/sde"+export CURRENT_POOL_DISK="/dev/sdx" 
 +export CURRENT_POOL_PART="3" 
 +export CURRENT_POOL_DEVICE="${CURRENT_POOL_DISK}${CURRENT_POOL_PART}" 
 +# for NVMes 
 +export BOOT_DISK="/dev/nvmePn1" 
 +export BOOT_PART="2" 
 +export BOOT_DEVICE="${BOOT_DISK}p${BOOT_PART}" 
 +export POOL_DISK="/dev/nvmePn1" 
 +export POOL_PART="3" 
 +export POOL_DEVICE="${POOL_DISK}p${POOL_PART}" 
 +export CURRENT_POOL_DISK="/dev/nvmeOn1"
 export CURRENT_POOL_PART="3" export CURRENT_POOL_PART="3"
-export CURRENT_POOL_DEVICE="${POOL_DISK}${POOL_PART}"+export CURRENT_POOL_DEVICE="${CURRENT_POOL_DISK}p${CURRENT_POOL_PART}"
  
 zpool labelclear -f "$POOL_DEVICE" zpool labelclear -f "$POOL_DEVICE"
nas/truenas/encrypted_boot-pool_with_zbm.1730070848.txt.gz · Last modified: by admin