Install normally using the installer, after the setup reboot into recovery mode (from the USB stick). Make sure to install in UEFI mode (you need systemd-boot).
If the USB stick is not working for you, because of the old Kernel version (2.6.x), you can also use an Ubuntu 19.10 / 20.04 boot stick. ZFS suport is enabled there out of the box.
Steps:
# Import the old
zpool import -f rpool
# Make a snapshot of the current one
zfs snapshot -r rpool/ROOT@copy
# Send the snapshot to a temporary root
zfs send -R rpool/ROOT@copy | zfs receive rpool/copyroot
# Destroy the old unencrypted root
zfs destroy -r rpool/ROOT
# Create a new zfs root, with encryption turned on
# OR -o encryption=aes-256-gcm - aes-256-ccm vs aes-256-gcm
zfs create -o encryption=on -o keyformat=passphrase rpool/ROOT
# Copy the files from the copy to the new encrypted zfs root
zfs send -R rpool/copyroot/pve-1@copy | zfs receive -o encryption=on rpool/ROOT/pve-1
# Set the Mountpoint
zfs set mountpoint=/ rpool/ROOT/pve-1
# Delete the old unencrypted copy
zfs destroy -r rpool/copyroot
# Export the pool again, so you can boot from it
zpool export rpool
If you want turn compression and other ZFS features on afterwards.
Helpful commands:
# list all mounts
zfs list
# Check which ZFS pools are encrypted
zfs get encryption
# Mount everything
zfs mount -l -a
# Show status and devices
zpool list
Original steps from from Yakuraku (proxmox-forum). Thanks to @nschemel for suggesting to delete the copy.
Did some testing during my reinstalls/upgrade to Proxmox VE 8.0 and managed to reproduce the issues reported here (like services failing to start on boot) after enabling encryption.
The issue seems to be related to not properly destroying the temporary root ZFS filesystem and snapshot. Make sure to do so when encrypting the
rpool/ROOT dataset
.If you already have the server up and running just press
e
in thesystemd-boot
bootloader and remove the entire argument and press enter (or use recovery mode from the USB stick) and run the following: