Install normally using the installer, after the setup reboot into recovery mode (from the USB stick). Make sure to install in UEFI mode (you need systemd-boot).
If the USB stick is not working for you, because of the old Kernel version (2.6.x), you can also use an Ubuntu 19.10 / 20.04 boot stick. ZFS suport is enabled there out of the box.
Steps:
# Import the old
zpool import -f rpool
# Make a snapshot of the current one
zfs snapshot -r rpool/ROOT@copy
# Send the snapshot to a temporary root
zfs send -R rpool/ROOT@copy | zfs receive rpool/copyroot
# Destroy the old unencrypted root
zfs destroy -r rpool/ROOT
# Create a new zfs root, with encryption turned on
# OR -o encryption=aes-256-gcm - aes-256-ccm vs aes-256-gcm
zfs create -o encryption=on -o keyformat=passphrase rpool/ROOT
# Copy the files from the copy to the new encrypted zfs root
zfs send -R rpool/copyroot/pve-1@copy | zfs receive -o encryption=on rpool/ROOT/pve-1
# Set the Mountpoint
zfs set mountpoint=/ rpool/ROOT/pve-1
# Delete the old unencrypted copy
zfs destroy -r rpool/copyroot
# Export the pool again, so you can boot from it
zpool export rpool
If you want turn compression and other ZFS features on afterwards.
Helpful commands:
# list all mounts
zfs list
# Check which ZFS pools are encrypted
zfs get encryption
# Mount everything
zfs mount -l -a
# Show status and devices
zpool list
Original steps from from Yakuraku (proxmox-forum). Thanks to @nschemel for suggesting to delete the copy.
Using Proxmox 7.3 and following this guide to install it on a Hetzner server with ZFS Encryption enabled.
All setup works fine and login to Proxmox is fast, until I encrypt the ZFS root partition.
After having typed zfs_unlock and waited the system to boot fully, the login takes +25 seconds to complete due to systemd-logind service fails to start.
Any ideas why this is or how to fix it?
Also when using dropbear-initramfs, there's a crypt error, not sure if there's any impact: