I have a ReadyNas 102 with 1 x Western Digital 3 TB Red. I installed it and choosed JBOD RAID and I crypted whole HD. I used it for some months. Now I would like to reinstall my Ready Nas using another Hard Disk as My OS and APPS and leave my old HD just for shares, without losing my datas. New Hard Disk is a 1 TB Hard Disk. I thought that I should do the following steps:
1) Remove 3 TB Hard Disk 2) Install the new 1 TB Hard Disk
3) Install again O.S. and all APPS
4) Remount old 3 TB Crypted Hard Disk
My question is: If I following all these steps, can I access again my shares in 3 TB Hard Disk I had before I remove it?
All you really need to do is insert the 1 TB drive and create a second jbod volume. The OS partition is created on every disk (and is mirrored with RAID, so changes to the OS are saved to all disks)..
That won't move the apps though. If that's the real goal, I don't think there's any way to get there using the web UI which preserves your existing volume.
understand... my goal is that, as if usb pendrive with Key of volume is not inside at boottime, no volume and apps will be launched, then I was thinking to use a second drive with os and apps and crypted hard disk for nfs and cifs with datas. Then you suggest to just add second hard disk? can I install apps into second hard disk and ignore/delete the old ones?
I don't know of any way to migrate the apps w/o ssh. You'd need to adjust the mount for /apps for sure, as well as copy the apps folders to the second volume. There could be some other changes you'd need to make also. Perhaps mdgm can comment on if there is a procedure that would work.
As my job is linux sys admin, there is no problem to access and manage a linux system. I usually use my readynas using ssh access. If you say that it is enough to move the /app folder I can do it myself, but I would be sure that it is enough. Then, last question, let's suppose I add second 1 TB hard disk, I'll get following configuration:
1) O.S. on first 3 TB Hard DIsk crypted
2) O.S. on second 1 TB Hard Disk not crypted
Let's suppose now I restart system with no key with pendrive inserted in usb, Ready Nas will be able to boot from second hard disk that is not crypted?
As my job is linux sys admin, there is no problem to access and manage a linux system. I usually use my readynas using ssh access.
If you look at both the btrfs subvolumes and the mount list, you'll see that there's a .apps subvolume on your existing encrypted data volume. That is also mounted as /apps. So I know for sure that you need to create a new .apps subvolume on your new volume (and copy existing files over to it), and that you need to change that /apps mount.
I'm not sure that is enough, and also I am not sure if there is anything special you need do to make your changes "sticky". ReadyNAS has a bunch of information in its SQL database, and there might be stuff in there that needs to updated. I don't work for Netgear, so I have no special access to that database design - and you are moving into things that I have not tried myself.
Since the official line would be "make a backup, rebuild the NAS", then as long as you update your backup first there is little harm in trying though - you can always failover to the factory reset.
Then, last question, let's suppose I add second 1 TB hard disk, I'll get following configuration:
1) O.S. on first 3 TB Hard DIsk crypted
2) O.S. on second 1 TB Hard Disk not crypted
Let's suppose now I restart system with no key with pendrive inserted in usb, Ready Nas will be able to boot from second hard disk that is not crypted?
It will be able to boot from either disk, since the OS partition itself is not encrypted. Whichever drive it boots from, the behavior should be identical, since the OS partition is mirrored on all installed disks.
Your initial problem wasn't that the NAS couldn't boot. In fact the problem happened because the NAS did boot w/o the key - but couldn't access the data volume. Since /apps couldn't be mounted, data ended up spilling into the OS partition.
FWIW, I suspect Netgear will put their own fix in place - not starting the apps in the first place if the mount fails.
First of all, thank you for your time to reply me, I really appreciate this.
You are right when you say that OS partition is not encrypted, then NAS can boot but doesn't access to the data partition because it is encrypted. I will try this solution, that is, I will add a new hard disk, then I will move the /apps to the second hard disk, then I will try to boot w/o usb key then I will check is all is OK. After check I will check your suggestion as Solution because it seems to be appropriate. Thank you very much.
As a little reminder, It will be nice if Netgear will think about an alternate method to retrieve the volume key. Infact, as I stated in other posts of mine, I did my self a little script who downloads the key from a secure webserver (in LAN, not Internet) and then mount the encrypted volume. Obviously as I don't know in which phase of the boot process NAS will mount the encrypted volume I cannot do it as replacement of the normal beaviour and then even if in the boot process I will be able to mount the encrypted volume w/o the key I have no snapshots mounted on filesystem, I have no app that starts and so on. Then it could be nice Netgear will add such alternate way to retrieve the key or at least they will says publicly 'where' I need to add the mount script so that boots will continue mounting snapshots and launch all the apps.
... As a little reminder, It will be nice if Netgear will think about an alternate method to retrieve the volume key ...
I don't work for Netgear, so you are in as good a position as I am to pass this idea along.
Personally I think something like a trusted platform module would be a better way to go. The disk key would be in the TPM on the system board, and would automatically mount the volume on boot w/o the USB drive whether the network is working or not. The drives would not run in another NAS unless the key was entered into its TPM. The keys could be archived and placed in a secure location (e.g. a safety deposit box).
