I would like help to sanity check the results of my ZFS backup googling, this is my understanding of attainable best practice and would like to put into action if correct.
- zpool [source] (mirror)
- Drive A
- Drive B
- zpool [rotating backup 1] (online, onsite)
- Drive C
- zpool [rotating backup 2] (offline, offsite)
- Drive D
[source]/datasets/[useful_data]
[source]/datasets/[important_data]
[source]/datasets/[unimportant_data]
[useful_data]/[important_data] deserve offline/offsite backup
[unimportant_data] only deserves redundant access of being on a mirror.
So that data is never all in one place, I move the live [rotating backup 1] offsite, then bring [rotating backup 2] onsite.
- Is cron continuously running zfs send/recv [useful_data]/[important_data] to [rotating backup 1]?
- Is this what sanoid is for?
- Are there sync issues if snapshots are deleted?
- To move [rotating backup 1] offsite, is that just zpool offline [rotating backup 1] then disconnect drive?
- Does it need snapshot something? Scrub?
- To bring [rotating backup 2] onsite, is that just connect drive and zpool online [rotating backup 2]?
- I would rather not manage whether cron is pointing zfs send at [rotating backup 1] or [rotating backup 2], can it be ignorant of this somehow?
- I’m concerned with encryption
- Can I just turn on encryption for a zpool after the fact? For a dataset? I assume not
- When I am ready can I zfs send [source] to [encrypted source]?
- How would [encrypted source] go being sent to [rotating backup n]?
- Once both offline backups have been rotated through and [source] is scuttled, will this all look the way I expect it would?
With this set up I avoid the resilvering and DEGRADED issues of just having 3 and 4 in the mirror.
My lack of experience with ZFS means I don’t understand the implications of the steps I’m doing, but I want setting this pipeline up to be my learning exercise. I want this to be where I put my resilient long term data, but the first pass of all of this would be entirely with dummy data just to see it works and would likely rebuild everything from scratch. I’m concerned with the implications of potentially including encryption later, but I’m not in a position to start out with it in place.
Commentary and advice welcome, thanks. Hopefully you can see my question through the ramble, I couldn’t figure out how better to explain.