OS-7633: sysinfo should report the encryption status of a system


Issue Type:New Feature
Priority:4 - Normal
Created at:2019-03-04T21:03:40.635Z
Updated at:2019-06-26T20:13:11.773Z


Created by:Former user
Reported by:Former user
Assigned to:Former user


Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2019-06-26T20:13:11.758Z)

Fix Versions

2019-07-04 Verdukianism (Release Date: 2019-07-04)




To allow an operator to specify that an instance should have its contents encrypted on disk, sysinfo must be able to report if the zpool has encrypted enabled or not.

More simply, it should report the status of zfs get encryption zones as the Zpool Encrypted property. Any result of the zfs command other than 'yes' should result in the property reporting false.


Comment by Former user
Created at 2019-03-07T18:15:43.083Z

Testing so far:

Comment by Former user
Created at 2019-06-26T19:56:02.575Z

Retesting with recent bits. I ran sysinfo on a system with an encrypted zpool (using some EDAR bits to get there) and saw that Zpool Encrypted was reporting 'true'. I then cleared the cache (rm /tmp/.sysinfo*), destroyed the zpool, created an unencrypted zpool and re-ran sysinfo. This time it reported Zpool Encrypted as 'false' as expected.

Comment by Former user
Created at 2019-06-26T19:58:11.007Z

Since this is a part of the PI, and the ZFS encryption feature has now integrated, there should be no cross-PI version concerns -- PIs with the encryption feature will contain a sysinfo that reports the status (enabled or not enabled) while prior PIs without the ZFS encryption feature will not contain a sysinfo that will report the status.

Comment by Jira Bot
Created at 2019-06-26T20:13:09.618Z

smartos-live commit f67ae59c20c18611ac3fe982035bcfd02da99189 (branch master, by Jason King)

OS-7633 sysinfo should report the encryption status of a system
Reviewed by: Josh Wilsdon <jwilsdon@joyent.com>
Reviewed by: Mike Gerdts <mike.gerdts@joyent.com>
Approved by: Dan McDonald <danmcd@joyent.com>