Encrypted drives in OMV6 re-lock themselves

[Koliera]

Have encountered a weird bug where the drives (after some time of them being unlocked) just lock themselves and I need to go to the OMV GUI and unlock them again. Bit of a hassle and haven't seen anything in the notifications that might show why this is happening.
Also, is there a way to permanently decrypt the drives if there is no fix for this?

[ryecoaaron]

I assume you are using usb drives? If yes, they are lock when the usb controller puts the drive to sleep which is like disconnecting the drive. I don't know of a way to prevent this.

[Koliera]

Hi, tope, they're two hdds.
Though, I do use ProxMox and have passed thru the hdd to the omv vm. It used to work great before, but I've updated to both the latest proxmox and latest omv ( was running on older versions without issue for last 18 months).

[ryecoaaron]

Are you setting the drives to spin down? OMV did just switch from hdparm to smartctl in 7.0.4-2
https://github.com/openmediavault/openmediavault/blob/master/deb/openmediavault/debian/changelog#L9

[Koliera]

Everything looks to be disabled

[ryecoaaron]

I can't explain it then. Something is causing a disconnect. The plugin isn't a service and isn't constantly interacting with anything. I would look for messages in dmesg. It would be worth your time to post on the forum where people who actually use luks in this way might have run into this before.

[Koliera]

Interesting. In any case, would (as per the example picture) the command to decrypt the hdd be the following:
"cryptsetup-reencrypt --decrypt /dev/sdc"

[ryecoaaron]

No. It would be (need to replace CONTAINER_NAME with the one from your system - I don't know what it is - probably sdc-crypt):
cryptsteup luksOpen /dev/sdc CONTAINER_NAME

[Koliera]

Yes, correct, that's to decrypt them once, I was thinking to completely remove the encryption on the hdd.

[ryecoaaron]

I've worked with LUKS for years and never tried that. Seems like it would still sit on a LUKS device with is weird. I will have to try it.

[Koliera]

This looks to be the one as of 2.6.0
cryptsetup reencrypt --decrypt
Will try over the next day.

[ryecoaaron]

You are missing the --header flag. cryptsetup reencrypt --decrypt --header /test /dev/vdj

I just decrypted a container on my test system. It "moved" the ext4 filesystem from the container to the drive. So, it seems like it works well. Since fstab is mounting the filesystem, it just worked on reboot as well.

[Koliera]

Interesting, maybe the decryption option could be added to the plugin gui.
Also, noticed something interesting - I unencrypted it via the terminal using the luksOpen command and it worked and didn't re-crypt BUT for some reason it didn't actually mount the unencrypted drives in OMV.

[ryecoaaron]

Since these filesystems are in fstab, there is nothing actively watching them to mount when they get unlocked.

[Koliera]

Hmm, so why is it when I decrypt using the plugin they remount automatically?
The default situation is that once the drives re-encrypt the mounted volumes show them as missing and once decrypted they automatically go online.

[ryecoaaron]

the plugin tries to run a mount command after decrypting.

[Koliera]

Excellent, that explains it. For the simple people like myself - what would be that mounting command that's run?

[ryecoaaron]

If you really want to keep it simple, just run "sudo mount -a" after everything is unlocked.