Hello all, ZFS Newbie here. I’m sure this has been asked in many ways before…but I’ve been running ZFS in Proxmox for a while and moved my main storage to TrueNAS Scale. I’m finally getting my 2+1 backup strategy going and I want a sanity check on if what I’m trying to do is craziness or a reasonable setup. I have tried to do my research but I’m a bit stuck
The internets have already told me that it’s not possible to send/sync an unencrypted dataset to an untrusted (key not loaded) encrypted dataset using raw send. So I imagined/plagarized this scenario:
- A - hot storage - unencrypted (raidz mirror)
- B - local backup - encrypted (mounted with key)
- C - remote backup - encrypted (untrusted/unmounted, no key)
B runs syncoid on A to pull snapshots, B runs syncoid to push raw snapshots to C.
As such, I used Jim’s wonderful advice from Ars and created some test datasets using raw files on 3 local machines to test the setup before I replicated my real data. I can pull the data from A to B, then push the encrypted dataset from B to C, but when I add more data to A and pull from B, I get this message:
NEWEST SNAPSHOT: syncoid_xeon_2024-06-22:22:39:49-GMT-05:00
CRITICAL ERROR: Target zoffsite/crypt1/evectra exists but has no snapshots matching with zbackup/crypt1/evectra!
Replication to target would require destroying existing
target. Cowardly refusing to destroy your existing target.
What am I doing wrong?
This is how I’m doing the initial sync:
(force because I don’t want to blow away the dataset every time I get snapshots out of sync)
B: syncoid -r --force --dumpsnaps root@storage.lan:zroot/evectra zbackup/crypt1/evectra
B: syncoid -r --sendoptions=wrp --dumpsnaps --no-sync-snap zbackup/crypt1/evectra root@offsite:zoffsite/crypt1/evectra
This is how I’m running the 2nd sync:
B: syncoid -r --dumpsnaps root@storage.lan:zroot/evectra zbackup/crypt1/evectra
B: ERROR, plus there aren't common snapshots between A and B anymore
I’ve tried adding --no-sync-snap to both commands, but I haven’t tried using a raw zfs send from B->C after A->B
I’d paste more detail, including the commands I used to create and encrypt the datasets on A, B, and C if needed, but this post is already too long.
As an addendum, if I can get past this, I already have an unencrypted sync of A->B and want to do a one-time mount and sync from A->C so I can be protected while I wipe B’s dataset sync it as encrypted; then I’ll do the A (une) → B (e) → C (e) sync. I’d love to not screw this up as C is going to a family members’ house in another state (losing a common snapshot would be nigh-impossible to resync in a timely fashion without shipping drives)
References:
Ars - using file vdevs to test ZFS
comment describing similar setup, but mostly discussing feasibility