Oracle Key Manager (OKM) - ZFS Encrypted Filesystem Will Not Mount Without Prompting For Passphrase After Being Imported on Second Node
(Doc ID 2032427.1)
Last updated on MARCH 03, 2021
Applies to:Solaris Operating System - Version 11.1 and later
Oracle Key Manager - Version 2.4.1 and later
Information in this document applies to any platform.
In an Oracle Key Manager and encrypted ZFS filesystem configuration, a filesystem will not be automatically mounted after exporting and importing onto another node. Also, when attempting to manually mount the zfs filesystem on the second node, it will prompt for the passphrase.
Recreated the issue:
1. Created the zpool_test/encryption_test filesystem on Server A.
# sudo zfs create -o encryption=aes-256-ccm -o keysource="raw,pkcs11:token=KMS;object=zfscrypto_key_256" zpool_test/encryption_test
2. The filesystem was mounted automatically on Server A.
3. Failed over (zfs export / import) to Server B.
4. The file system would not mount automatically. It would prompt for the passphrase.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document