I am trying to follow the advice from here for zfs replication, but using syncoid (following the commands from here). But it looks like the syncoid script has a
sudo command in the
zfs receive. I think this is because on the receiving end, I am not using a root user, so it inserts a
syncoid line 233). This makes it prompt for a password.
How can I use syncoid without a root user on the receiving end? The user I am sshing into already has the
zfs allow for the things necessary.
Ha. Nevermind. I just didn’t read far enough down the page. The answer is clearly to give
--no-privilege-elevation to syncoid.
I still get some
cannot rollback errors even though I set them to not mount on the destination.
Just mind you that on Linux, you cannot mount and unmount volumes, as this requires superuser rights.
I wrote about this (and the
--no-privilege-elevation option) in the HOWTO I posted to ‘that old space’ 3 years ago.
If you’re getting rollback errors, you may be using an elderly version of syncoid. I originally wrote it to forcibly roll back the target to the most recent common snapshot, but around the same time I wrote that delegated replication guide you’re working from at Klara, I changed the behavior to use
zfs receive -F without the explicit rollback, since that way I wouldn’t need to grant the
rollback permission to the receiving user.
At some point in the near future, we’re also looking to replace the
--no-privilege-elevation flag, for similar reasons. Make that the default behavior, with a new (not yet implemented) flag like
--use-sudo-elevation for those who need that behavior to explicitly request it.
The following seems to be working for me. I added a backup user on both my backup server (which automatically boots on a schedule via bios, then takes backups, then shuts down again) and the hosts being backed up, then added sudoers files in /etc/sudoers.d/ with minor differences between backup server and clients.
Cmnd_Alias ZFS_COMANDS = /usr/bin/zfs send *, /usr/bin/zfs get *, /usr/bin/zfs set *, /usr/bin/zfs list *, /usr/bin/zfs destroy *, /usr/bin/zfs snapshot *, /usr/bin/zfs rollback *, /usr/bin/zfs hold *, /usr/bin/zfs release *, /usr/bin/zfs bookmark *
_backups ALL=(root) NOPASSWD: ZFS_COMANDS
On the backup server:
_backups ALL=(root) NOPASSWD: ZFS_COMANDS, /usr/bin/zfs receive *, /usr/bin/zfs create *, /usr/sbin/sanoid *, /usr/sbin/poweroff