When implementing a NAS system, it is typical for a ZFS pool to be created from a set of disks where all of the disks in that pool have a common passphrase/keyfile. When it comes time to replace disks or add disks to the pool, the use case is to get the passphrase/keyfile from the user, verify it is correct, then set it on the new disks. Currently, there is no way to verify a passphrase/keyfile without modifying the system, i.e. without calling 'attach' or 'setkey'. This report is for adding a 'verify' command so this use case can be implemented.
A git pull request will be submitted to implement this.
Git pull request:
We have right now a 'dry-run' option in the attach method.
For reference, the dry run option was committed to head in the following commits:
r332361 added the geli attach dry-run option in 12-CURRENT as "-n" flag.
r333438 changed the geli attach dry-run option in 12-CURRENT to "-C" flag.
r332522 merged the geli attach dry-run option to 11-STABLE as the "-n" flag. Note however that this MFH did NOT merge the corresponding changes to g_eli_ctl.c and geli.8. The end result of this is that the end user is not aware that the "-n" flag exists, and it does not work if you try to use it.
# geli attach -n md0
geli: illegal option -- n
The 12-CURRENT change to the "-C" flag (r333438) has not been merged to 11-STABLE.
None of the work to add the new geli attach dry-run flag has been merged to 10-STABLE, as there is not anticipated to be a 10.5-RELEASE.
I have re-opened this bug to ask the question: will the new dry-run flag be merged to 11-STABLE in a working form as the "-C" flag?