My Oracle Support Banner

Transferring an encrypted ZFS dataset with Zoneadm Install Fails : Cannot Rename ... Keysource Doesn't Allow For Rename, Make Keysource Local. (Doc ID 2355755.1)

Last updated on FEBRUARY 05, 2019

Applies to:

Solaris Operating System - Version 11.3 and later
Information in this document applies to any platform.


Trying to move an encrypted zfs dataset to a new zone fails.

Steps to reproduce the issue :

1) create an encrypted ZFS dataset : zfs create -o encryption=on -o keysource=passphrase,file:///root/zfs/zfs-enc-key-prd rpool/zones/ABCD-prd-as2
2) create and install a new zone : zonecfg -z ABCD-prd-as2 -f ncbs-prd-as2.cfg ; zoneadm -z ncbs-prd-as2 install
3) create a zfs snap : zfs snap -r rpool/zones/ABCD-prd-as2
4) make a copy of the snap : zfs send -r rpool/zones/ABCD-prd-as2 | gzip > ABCD-prd-as2.zfs.gz
5) uninstall the just installed zone : zoneadm -z ABCD-prd-as2 uninstall
6) try to install the zone again from the ZFS stream : zoneadm -z ABCD-prd-as2 install -a ncbs-prd-as2.zfs.gz -p

Last step will fail with the following error :

[Sun Dec 10 11:12:54 GMT 2017] ==== Starting: /usr/lib/brand/solaris/attach ncbs-prd-as2 /vnxpool/zones/ABCD-prd-as2 -a /vnxpool/ncbs-prd-as2.zfs ====
[Sun Dec 10 11:12:54 GMT 2017] Progress being logged to /var/log/zones/zoneadm.20171210T111254Z.ABCD-prd-as2.attach
[Sun Dec 10 11:12:54 GMT 2017] Pinning datasets under vnxpool/zones/ABCD-prd-as2
[Sun Dec 10 11:12:54 GMT 2017] Pinning vnxpool/zones/ABCD-prd-as2
[Sun Dec 10 11:12:54 GMT 2017] ZFS send stream
[Sun Dec 10 11:12:54 GMT 2017] Installing: This may take several minutes...
[Sun Dec 10 11:12:54 GMT 2017] cat /vnxpool/ABCD-prd-as2.zfs | zfs receive -F -u -x zoned vnxpool/zones/ncbs-prd-as2/installtmp/ds
[Sun Dec 10 11:21:49 GMT 2017] Dataset 'vnxpool/zones/ABCD-prd-as2/rpool/VARSHARE' received from archive
cannot rename 'vnxpool/zones/ncbs-prd-as2/installtmp/ds/rpool/VARSHARE': keysource doesn't allow for rename, make keysource local.
cannot rename 'vnxpool/zones/ncbs-prd-as2/installtmp/ds/rpool/VARSHARE': crypto key operation failure
[Sun Dec 10 11:21:50 GMT 2017] ERROR: Error: Command <zfs rename vnxpool/zones/ncbs-prd-as2/installtmp/ds/rpool/VARSHARE vnxpool/zones/ABCD-prd-as2/rpool/VARSHARE> exited with status



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.