Oracle Key Manager (OKM) - ZFS Encrypted Filesystem Will Not Mount Without Prompting For Passphrase After Being Imported on Second Node (Doc ID 2032427.1)

Last updated on JULY 29, 2016

Applies to:

Solaris Operating System - Version 11.1 and later
Oracle Key Manager - Version 2.4.1 and later
Information in this document applies to any platform.

Goal

In an Oracle Key Manager and encrypted ZFS filesystem configuration, a filesystem will not be automatically mounted after exporting and importing onto another node. Also, when attempting to manually mount the zfs filesystem on the second node, it will prompt for the passphrase.

Recreated the issue:

1. Created the zpool_test/encryption_test filesystem on Server A.
# sudo zfs create -o encryption=aes-256-ccm -o keysource="raw,pkcs11:token=KMS;object=zfscrypto_key_256" zpool_test/encryption_test
2. The filesystem was mounted automatically on Server A.
3. Failed over (zfs export / import) to Server B.
4. The file system would not mount automatically. It would prompt for the passphrase.
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms