In Procedure 17.4 step 2 (Generate the Master Key) there is a wrong description of the master key:
"The following commands generate a master key (/root/da2.key) that is protected with a passphrase."
/root/da2.key is NOT the master key. The master key is random and each stored copy of the master key is encrypted with a user key, which in turn is generated by the geli utility from a passphrase and/or a key file (see KEY SUMMARY in geli(8)).
I suggest changing the sentence into:
"The following commands generate a master key that is protected with a key file (/root/da2.key) and a passphrase."