1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Data Encryption
  3. Creating an Encrypted Filesystem or LUN (CLI)

Creating an Encrypted Filesystem or LUN (CLI)

A filesystem or LUN that is created within a project inherits properties of the parent project. For a list of properties that can be inherited, see Inherited Properties.

A filesystem or LUN that is created within an encrypted project is automatically encrypted and inherits the encryption settings from the project. You can change the encryption key settings, whether the share is created in an unencrypted project or in an encrypted project.

An easy way to create a set of encrypted shares is to create them in an encrypted project.

Before You Begin

To use encryption, you must configure it first. See Data Encryption.

  1. Go to shares.
  2. Select the project.

    If the project that is selected is not the one you want, use the select project-name command to select a different project.

  3. Create the filesystem or LUN.

    Enter filesystem filesystem-name or lun lun-name.

    The name must be 1 to 64 characters in length. The name cannot begin with a period (.) and cannot include spaces. Allowable characters are alphanumeric characters and special characters _ - . :

    The following example creates a filesystem named fs-1 in the default project. 

    hostname:shares default> filesystem fs-1
hostname:shares default/fs-1 (uncommitted)>
  4. If you are creating a LUN, enter set volsize= and the volume size. 
    hostname:shares default/lun1 (uncommitted)> set volsize=2G
                       volsize = 2G (uncommitted)
  5. If the parent project for this filesystem or LUN is not encrypted, set an encryption type.

    If the parent project for this share is not encrypted, the value of the encryption property is off by default. To create an encrypted share, set the encryption property to a new value. See Understanding Encryption Key Values for descriptions of the values of the encryption property.

    If the parent project for this share is encrypted, the encryption value is inherited, and you cannot change it.

  6. Set a keystore and a key name.

    If the parent project of the share is not encrypted, set the keystore and keyname properties.

    If the parent project for this share is encrypted, the values of the keystore and keyname properties are inherited from the project by default. You can use the inherited values or you can change them as shown in the following example: 

    hostname:shares default/fs-1 (uncommitted)> set keyname=MyKey
                       keyname = MyKey (uncommitted)
  7. Use the get and set commands to set other properties as appropriate for this filesystem or LUN.

    Share properties are described in Filesystem Properties and LUN Properties.

  8. Enter commit. 
    hostname:shares default/fs-1 (uncommitted)> commit

Related Topics