Default option and encryption when create a zpool via cli command

[JOduMonT]

Hi;
Few questions about zpool create

1. What are the options I should specify to have the same result that if I created a defauly zpool via the GUI.

2.1. How to create an encrypted zpool via cli and using an HEX as key like in the GUI
2.2. If I understand well the key should stored in /data/freenas-v1.db or I could store my new HEX Key with others HEX Key.

3. Would you recommend create unencrypted datapool then, as need encrypted volume as needed or it's performance wisely better to encrypted the whole pool.

 

[Arwen]

1. Did you mean a Unix SHELL or the TrueNAS CLI?

2.1 & 2.2 - See 1.

3. Their is no performance issue with a partially encrypted pool. In fact the opposite. Having some datasets unencrypted would be faster access for them.


What is the purpose of trying to create a pool outside of the GUI?

In general, all configuration changes to a TrueNAS server should be through the GUI or the CLI. Otherwise, the changes could / would be lost.

 

[JOduMonT]

1. Did you mean a Unix SHELL or the TrueNAS CLI?

In Linux Shell
as, at least for me zpool create is a linux command.

> What is the purpose of trying to create a pool outside of the GUI?
- probably old habit of doing stuff via the CLI

...

I didn't know TrueNAS Scale offer a freeBSD version, where I could download it?

 

[Patrick M. Hausen]

I didn't know TrueNAS Scale offer a freeBSD version, where I could download it?

It's called TrueNAS CORE, and is the original NAS/ZFS platform named "FreeNAS". TrueNAS SCALE is the new kid on the block. CORE tends to perform better at the moment and be more stable. The downside is it's more picky about hardware and does not support Linux containers (obviously).

See here for more.

If you create a pool on the command line there are so many constraints you need to consider you might as well use the UI. For example you must use a particular GPT partition layout and you must reference the zpool partitions by their UUID, not their device name. Then after creation you must export the pool again, then re-import it via UI so the UI and middleware know about it. Etc. Might really not be worth the effort.

Since you are an experience Linux user I suggest you create a pool in the UI and then examine its structure to get a feeling for what is happening under the hood.

 

[JOduMonT]

I know about FreeNAS Core and this is why I posted under TrueNAS Scale and now I remember why I didn't consider using these products for so many years.

I guess, nobody what to admit they don't know and we will just go into an argumentative thread.

 

[Patrick M. Hausen]

I do know and can tell you the commands for CORE if that helps you in any way ...

 

[winnielinnie]

I guess, nobody what to admit they don't know and we will just go into an argumentative thread.

It's because you're not supposed to use the command-line when the GUI is designed to handle these things. Like @Patrick M. Hausen mentioned above, it's not just that you need to get the syntax correct, but you need to assure that the middleware is aware of what you did outside of the GUI controls.

You can use the zpool create command combined with -O for root dataset options (inheritable, encryption, compression, sync, etc), and -o for pool options (devices, ashift, vdev, etc).

For reference, the defaults for the root dataset on Core (and likely on SCALE) are:

• compression=lz4
• checksum=on (which is Fletcher4 if deduplication is not used)
• sync=standard
• atime=off
• exec=on
• xattr=on
• encryption=off (defaults to aes-256-gcm if set to "on")
• keyformat=hex

 

[Arwen]

You can create a ZFS pool outside of the GUI or CLI, but as been said, you have to use specific syntax. We normally don't test or fully document something that the GUI or CLI does perfectly fine.

You can use zpool history to see what the GUI or CLI actually did. Here is mine from the test SCALE VM:

Code:

root@truenas[/]# zpool history tank | grep create | grep zpool
2021-02-12.17:51:58  zpool create -o feature@lz4_compress=enabled -o altroot=/mnt -o cachefile=/data/zfs/zpool.cache -o failmode=continue -o autoexpand=on -o ashift12 -o feature@async_destroy=enabled -o feature@empty_bpobj=enabled -o feature@multi_vdev_crash_dump=enabled -o feature@spacemap_histogram=enabled -o feature@enabled_txg=enabled -o feature@hole_birth=enabled -o feature@extensible_dataset=enabled -o feature@embedded_data=enabled -o feature@bookmarks=enabled -o feature@filesystem_limits=enabled -o feature@large_blocks=enabled -o feature@large_dnode=enabled -o feature@sha512=enabled -o feature@skein=enabled -o feature@edonr=enabled -o feature@userobj_accounting=enabled -o feature@encryption=enabled -o feature@project_quota=enabled -o feature@device_removal=enabled -o feature@obsolete_counts=enabled -o feature@zpool_checkpoint=enabled -o feature@spacemap_v2=enabled -o feature@allocation_classes=enabled -o feature@resilver_defer=enabled -o feature@bookmark_v2=enabled -o feature@redaction_bookmarks=enabled -o feature@redacted_datasets=enabled -o feature@bookmark_written=enabled -o feature@log_spacemap=enabled -o feature@livelist=enabled -o feature@device_rebuild=enabled -o feature@zstd_compress=enabled -O compression=lz4 -O aclinherit=passthrough -O mountpoint=/tank -O acltype=posixacl tank mirror /dev/disk/by-partuuid/dd575f79-512c-4cdb-b334-27f6a38aea61 /dev/disk/by-partuuid/a3a92d10-3297-4ea4-92ec-fae4918ee579

But as has been said, their is more to it than just creating the pool.

 

[Patrick M. Hausen]

OK, so for others who might stumble upon this thread ... the zpool create options are not the problem.

Let's start with CORE because that is what I know. Let's assume that you want to create a mirrored pool on the drives ada0 and ada1, respectively.

1. Get rid of any partition information that might be on the drives:

Code:

gpart destroy -f ada0
gpart destroy -f ada1

2. Create a GPT partition scheme:

Code:

gpart create -s gpt ada0
gpart create -s gpt ada1

3. Create swap partitions:

Code:

gpart add -t freebsd-swap -s 2g ada0
gpart add -t freebsd-swap -s 2g ada1

If you changed the default swap partition size to anything but 2g (the default) in System > Advanced, then you need to substitute that value for 2g.

4. Create ZFS partitions:

Code:

gpart add -t freebsd-zfs ada0
gpart add -t freebsd-zfs ada1

5. Find the rawuuid values of the second partition of each of the disks:

Code:

gpart list ada0
[...]
2. Name: ada0p2
[...]
rawuuid: cdf41064-858b-11ea-a52c-0cc47afa3c72
[...]
gpart list ada1
2. Name: ada1p2
[...]
rawuuid: cdbefe36-858b-11ea-a52c-0cc47afa3c72
[...]

6. Now create your zpool with default values:

Code:

zpool create -o altroot=/mnt mypool mirror gptid/cdf41064-858b-11ea-a52c-0cc47afa3c72 gptid/cdbefe36-858b-11ea-a52c-0cc47afa3c72

7. Now you still MUST export the pool from the CLI and import it in the UI:

Code:

zpool export mypool

That's why I wrote there's probably no point in doing that. If you go ahead and just zpool create on the raw devices, neither your status display nor any extension or disk replacement operation in the UI will work. To use the pool in TrueNAS it MUST be constructed in specifically this way. The final export/import is necessary for the UI to know about the pool and record its existence in the configuration database.

@Samuel Tai can possibly add a midclt call for the import via UI so it can all be done in the CLI. Worth the effort? Your decision.


Now for SCALE you need to create the same partition scheme only you use (probably) parted in ways I am not familiar with. And of course different partition types. You can then probably get the UUIDs of the partitions with lsblk. When creating the pool you need to omit the gptid/ part from partition references - these are FreeBSD specific. Just use the plain UUIDs. Probably. As I wrote I am not as familiar with Linux as I am with FreeBSD.

Finally just as with CORE you MUST export and re-import the pool.


HTH,
Patrick

 

[JOduMonT]

Wow; simply thank you for all of you for these real information.
As I may, understand and correct me if I'm wrong;

Free/TrueNAS Community are hyper careful about given command because they want to control the outcome nor don't want to be blamed for advice which could be misinterpreted or even simply give bad experience and I understand that in the best of world we use peered storage device but as life happen; sometime you have to do what is possible and not what is the best.

To be fair with you, it is because I used this guide to alter the [/usr/sbin/truenas-install](https://www.reddit.com/r/truenas/comments/lgf75w/scalehowto_split_ssd_during_installation/) which work pretty straightforward
and then I added True Chart on top, which I tunnelled service via Cloudflared since my tested laptop_server is on the road with me.

But anyway.