1. Installing and Configuring an Oracle Solaris Cluster 4.4 Environment
  2. Creating a Cluster File System
  3. Creating Cluster File Systems
  4. Creating ZFS Cluster File Systems
  5. Configuring Encryption for a Globally Mounted ZFS File System
  6. How to Create an Encrypted ZFS Cluster File System on an Existing Unencrypted Zpool

How to Create an Encrypted ZFS Cluster File System on an Existing Unencrypted Zpool

Use this procedure when a device group already exists for the zpool for globally mounted ZFS file systems. Perform these steps from the node that is the primary for this device group or from the node where the zpool is imported. The zpool is imported to the node where the device group is primary.

  1. Create an encryption key.

    Use the cldevicegroup key-create command to create an encryption key and specify its name. 

    phys-schost# cldevicegroup key-create -k keyname
  2. Create an encrypted cluster file system.

    Run the zfs create command in the node on which the zpool for the globally mounted file system is imported to create an encrypted cluster file system by specifying the keysource value, setting the encryption property to on, and specifying the name of the zpool. 

    phys-schost# zfs create -o encryption=on -o keysource=hex,cluster:keyname
zpoolname/fsname

Example 5-3 Creating an Encrypted Cluster File System on an Existing Unencrypted Zpool

The following command creates a new encryption key called fs1-key: 

phys-schost# cldevicegroup key-create -k fs1-key

The following command, which must be run from the node where the zpool for the globally mounted ZFS file system is imported, uses the fs1-key encryption key to create an encrypted cluster file system called gpool/fs1. 

phys-schost# zfs create -o encryption=on -o keysource=hex,cluster:fs1-key gpool/fs1