How to Create an Encrypted ZFS Cluster File System on a New Zpool
Example 5-2 Creating an Encrypted Cluster File System on a New Zpool
This example shows how to create an encrypted cluster file system in a new zpool.
The first command creates a new encryption key called gpool-key
:
phys-schost# cldevicegroup key-create -k gpool-key
The following command creates an encrypted zpool called gpool
on the c1t0d1
device. The command also specifies gpool-key
as the keyname value of keysource
property:
phys-schost# zpool create -O encryption=on -O keysource=hex,cluster:gpool-key gpool c1t0d1
The following command creates a device group for the gpool
zpool that has the following characteristics:
-
Specifies that the zpool has global access
-
Imports the device group at boot time
-
Specifies that the
node1
andnode2
nodes, in that order, are available to take over as the primary node for the device group -
Identifies the device type as
zpool
phys-schost# cldevicegroup create -p poolaccess=global -p import-at-boot=true \
-n node1,node2 -t zpool gpool
The final command imports the zpool on the preferred node and then mounts the encrypted cluster file system on both the node1
and node2
nodes:
phys-schost# cldevicegroup online gpool