How to Create an Encrypted ZFS Cluster File System on an Existing Unencrypted Zpool
Use this procedure when a device group already exists for the zpool for globally mounted ZFS file systems. Perform these steps from the node that is the primary for this device group or from the node where the zpool is imported. The zpool is imported to the node where the device group is primary.
Example 5-3 Creating an Encrypted Cluster File System on an Existing Unencrypted Zpool
The following command creates a new encryption key called fs1-key
:
phys-schost# cldevicegroup key-create -k fs1-key
The following command, which must be run from the node where the zpool for the globally mounted ZFS file system is imported, uses the fs1-key
encryption key to create an encrypted cluster file system called gpool/fs1
.
phys-schost# zfs create -o encryption=on -o keysource=hex,cluster:fs1-key gpool/fs1