Hello,
I am currently using ZFS on linux without encryption. I want to migrate some datasets to be encrypted.
Currently the datasets I want to encrypt are as follows:
rpool/stuff (empty)
rpool/stuff/a
rpool/stuff/b
rpool/stuff/c
rpool/stuff/c/main
rpool/stuff/c/extra
There are other datasets under rpool as well which I want to remain unencrypted.
I use sanoid and syncoid to maintain historical snapshots of the datasets.
What is the best way to change “stuff” and all its child datasets to be encrypted?
I was thinking of the following method:
- Create snapshot of rpool/stuff.
- Create new encrypted dataset rpool/stuff-enc
- zfs send snapshot created in step 1 to the new dataset (rpool/stuff-enc)
- Delete unencrypted stuff dataset
- Rename stuff-enc dataset to stuff
Does this sound like an appropriate method?
Do I need to create the child datasets in step 2 or just the root one (rpool/stuff-enc)?
Will this retain all the historical snapshots created using sanoid?
Thanks in advance for any advice!