Truenas Replication

jbates5873 · October 13, 2023, 11:07pm

Hi All,

I have a question relating to ZFS replication.

My friend and I both have our independent Truenas servers.

We would like to set up a replication / sync task between them, where they are the backup target for my storage pool, and I and the replication target for their storage pool. Essentially giving us an off-site, Geo-graphically separate data backup.

On my pool I have it constructed like below:

Pool
 - Dataset 1
 - Dataset 2
 -  - Sub-Dataset 1
 -  - Sub-Dataset 2
 - Dataset 3
 - Dataset 4
 - Friends Dataset storage <- This is where their data will be backing up to in my server

And my friend has their pool like below:

Pool
 - Dataset A
 - Dataset B
 -  - Sub-Dataset A
 -  - Sub-Dataset B
 - Dataset C
 - Dataset D
 - My Dataset storage <- This is where my data will be backing up to in their server

I am wanting to know what the best advised approach to this is? we have separate snapshot tasks configured for each dataset as needed, as well as encryption on the pools at the top level. Ideally if it can be so that each of out data backups have separate encryption, that would be great so that neither side can access the data for security.

Ideally, we want to do a complete backup of the pool (sans the other parties backup dataset) to the backup dataset on the other host.

As these are both in production units, and resources are not available to sandbox this for me to test it out, I am reaching out to get some assistance on doing it correctly from the start.

It would also be good if we can have the sync run through a NON root user, and we can create specific named accounts on each end for this. We have tried creating them and loading in the SSH key pairs etc… However, it never seems to accept the keys for the user, and always wants a password. So perhaps I’m doing something wrong there.

Thanks for reading all. Looking forward to reading your replies.

Jason.

LTS_Tom · October 13, 2023, 11:19pm

Each encrypted pool you create will have it’s own key and make sure you have a backup of that key. When you replicate the data to another pool the key does not go with that meaning your friend would not have access to your data without that key, which is also why it’s important that you have a copy of that key because that is the only way the data can be restored. And as long as neither of you have each others key the data secure.

As for the root/admin user issue, I don’t think there is a way around that with TrueNAS.

jbates5873 · October 13, 2023, 11:47pm

Hi tom. (Wow, a reply from the man himself.)

First up, solid thanks for all your truenas videos. I always refer back to your truenas permissions video as I always get them wrong.

Based on our requirements, would you recommend zfs replication, or rsync?

And if zfs replication, we would create the data set on each end, and then just sync the whole pool? Perhaps excluding each others data set?

As we don’t have the ability to have extra drives where we can each have a pool on each end.

Just wanting to understand the mechanism first.

We have the machines connected via a LAN interface, (we have our houses connected via a lan and use each other for redundant WAN failover, so speed and time taken are not an issue.

LTS_Tom · October 14, 2023, 9:53am

Using rsync would be much slower, less efficient because it does not track the ZFS block level changes, and would not offer any encryption.

ZFS replication of the entire pool excluding each others data set feels messy to me. I am generally more concise and create a task for each dataset as there may be different backup and snapshot retention policies I would like to set per data set.