*New 11.3 series Release:
2019-10-19: XigmaNAS 11.3.0.4.7014 - released

*New 12.0 series Release:
2019-10-05: XigmaNAS 12.0.0.4.6928 - released!

*New 11.2 series Release:
2019-09-23: XigmaNAS 11.2.0.4.6881 - released!

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

[Suggestion] Add the geli init -b option in the disk encryption creation screen (webGUI)

Post/Debate your Suggestions & Requests of XigmaNAS here. This ONLY pertains to XigmaNAS.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
User avatar
Earendil
Moderator
Moderator
Posts: 44
Joined: 23 Jun 2012 15:57
Location: near Boston, MA, USA.
Status: Offline

[Suggestion] Add the geli init -b option in the disk encryption creation screen (webGUI)

#1

Post by Earendil » 07 Feb 2018 04:46

I've seen this asked ages ago and did not know what became of it.

When a HDD (or in my external enclosure case the equivalent) is encrypted it uses the FreeBSD command geli. In the webGUI there is no option to set the "geli init -b" command which sets the flag BOOT as seen in the "geli list" command (this can be done in the webGUI under tools). This enables access to the encrypted disk at the time of boot and the passphrase can be entered then (or key or however y'all set it up).

The entire operation only works via SSH, like through PuTTy.
  • To enable the -b switch a command must be manually typed it at the command line interface (like in PuTTy). For example:

    Code: Select all

    geli init -b /dev/da1
  • After that a passphrase is prompted for and it needs to be entered twice (Cannot be done at the webGUI's command line but can be done in the webGUI screen and obviously in PuTTy).
  • Then the new encrypted disk must be attached (this can be done anywhere - the webGUI, the webGUI's command line or in PuTTy):

    Code: Select all

    geli attached /dev/da1
  • Both init and attach are done in the webGUI when an encrypted disk is created EXCEPT the "init -b" option cannot be done.
  • Verify flags by running (this can be done anywhere - the webGUI, the webGUI's command line or in PuTTy):

    Code: Select all

    geli list
  • No matter how the encrypted disk is created, NAS4Free will recognize it once you "Import Disks" and list it correctly in the encrypted disk list.
  • For my Orico USB 3.0 5 bay external enclosure set at RAID 5, I had a hard time mounting the UFS volume. I had to mount a custom device and use the string "/dev/da1.elip1" as I found it in the dev directory. If I tried to mount it as a disk it was always looking for "/dev/da1.elis1" as a partition. I think I'll make this a separate request.
Earendil

XigmaNAS server:
-AMD A10-7860K APU
-Gigabyte F2A88XM-D3HP w/16GB RAM
-Green & Red HDDs
--4x 2TB
--6x 4TB
-Syba SI-PEX40064 PCI-e 1x
-External Orico USB 3.0 5 bay HDD external enclosure set at RAID 5
--5x 2TB
-650W power supply

User avatar
ms49434
Developer
Developer
Posts: 719
Joined: 03 Sep 2015 18:49
Location: Neuenkirchen-Vörden, Germany - GMT+1
Contact:
Status: Offline

Re: [Suggestion] Add the geli init -b option in the disk encryption creation screen (webGUI)

#2

Post by ms49434 » 07 Feb 2018 13:51

No need to ssh into the box, goto Tools -> Command and issue

Code: Select all

geli configure -b /dev/da1
to ask for passphrase during boot or

Code: Select all

geli configure -B /dev/da1
to revert the above.
1) XigmaNAS 12.0.0.4 amd64-embedded on a Dell T20 running in a VM on ESXi 6.7U2, 22GB out of 32GB ECC RAM, LSI 9300-8i IT mode in passthrough mode. Pool 1: 2x HGST 10TB, mirrored, SLOG: Samsung 850 Pro, L2ARC: Samsung 850 Pro, Pool 2: 1x Samsung 860 EVO 1TB , services: Samba AD, CIFS/SMB, ftp, ctld, rsync, syncthing, zfs snapshots.
2) XigmaNAS 12.0.0.4 amd64-embedded on a Dell T20 running in a VM on ESXi 6.7U2, 8GB out of 32GB ECC RAM, IBM M1215 crossflashed, IT mode, passthrough mode, 2x HGST 10TB , services: rsync.

User avatar
Earendil
Moderator
Moderator
Posts: 44
Joined: 23 Jun 2012 15:57
Location: near Boston, MA, USA.
Status: Offline

Re: [Suggestion] Add the geli init -b option in the disk encryption creation screen (webGUI)

#3

Post by Earendil » 07 Feb 2018 21:18

Argh! How could I miss this in the FreeBSD geli command page? Thanks, that's the way to set the BOOT flag without demanding a passphrase that's expected (but cannot be entered in the webGUI's command line) for the "geli init' command. Haste makes waste...
Earendil

XigmaNAS server:
-AMD A10-7860K APU
-Gigabyte F2A88XM-D3HP w/16GB RAM
-Green & Red HDDs
--4x 2TB
--6x 4TB
-Syba SI-PEX40064 PCI-e 1x
-External Orico USB 3.0 5 bay HDD external enclosure set at RAID 5
--5x 2TB
-650W power supply

Post Reply

Return to “Suggestions & Requests”