Oracle Key Manager (OKM) - ZFS Encrypted Filesystem Will Not Mount Without Prompting For Passphrase After Being Imported on Second Node
Last updated on JULY 29, 2016
Applies to:Solaris Operating System - Version 11.1 and later
Oracle Key Manager - Version 2.4.1 and later
Information in this document applies to any platform.
In an Oracle Key Manager and encrypted ZFS filesystem configuration, a filesystem will not be automatically mounted after exporting and importing onto another node. Also, when attempting to manually mount the zfs filesystem on the second node, it will prompt for the passphrase.
Recreated the issue:
1. Created the zpool_test/encryption_test filesystem on Server A.
# sudo zfs create -o encryption=aes-256-ccm -o keysource="raw,pkcs11:token=KMS;object=zfscrypto_key_256" zpool_test/encryption_test
2. The filesystem was mounted automatically on Server A.
3. Failed over (zfs export / import) to Server B.
4. The file system would not mount automatically. It would prompt for the passphrase.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms