Encrypted dataset replication

[corv]

Hi, I'm having difficulty replicating a dataset with ZFS native encryption to another encrypted dataset.

My pools look as follows:
Source pool (unencrypted)
- source dataset (encrypted)

Destination pool (encrypted)

I'm using the GUI to set up a one-off replication task and no matter which setup I've tried I keep getting errors.

Destination dataset 'DESTINATION' already exists and is its own encryption root. This configuration is not supported yet. If you want to replicate into an encrypted dataset, please, encrypt its parent dataset.

I can't make sense of this error message. I've tried replicating into an unencrypted pool with a single encrypted dataset with similar results.

Currently I've got an unencrypted pool with a single encrypted dataset, that I want to replicate to another pool while preserving the encryption.

When I set up the replication task I'm asked to provide a passphrase for the destination dataset, is this supposed to match the source encryption, the destination or do I leave it empty altogether since they are already encrypted?

I'm thoroughly confused here although I've been using this OS since it was still called FreeNAS...

Could somebody please provide a known-good procedure? Unfortunately the docs and other forum posts have only added to my confusion

 

[corv]

I've solved it, the key is to provide a new dataset when choosing a destination, i.e. type in the name of a dataset that does not exist yet after the slash.

 

[heatmiser]

I've solved it, the key is to provide a new dataset when choosing a destination, i.e. type in the name of a dataset that does not exist yet after the slash.

THANK YOU. This was the missing piece for me after weeks of trying to solve this problem. I was nearly about to script this up with raw ZFS commands before I gave it one last search.

Leaving notes for others with some keywords:

desired behavior.
I want to schedule Replication Tasks which sends my locally encrypted zpool to a remote unencrypted zpool that has the same effect as the zfs command below:

zfs send \ --replicate \ --raw \ encrypted_pool/some_dataset@my_first_snapshot \ | ssh user@remote.host \ zfs receive unencrypted_pool/some_dataset

The above command assumes some_dataset does *not* exist on the remote.

solution.

• Navigate to Data Protection > Replication Tasks and click the "Add" button.
• Click on "Advanced Replication Creation"
• Name your task to whatever suits you
• Under "SSH Connection" select a configured remote server
• Under "Source" select an individual dataset. Using the above command as a reference point you want encrypted_pool/some_dataset (not encrypted_pool,encrypted_pool/some_dataset)
• Under the "Source" field tick the "Recursive" checkbox
• Under "Periodic Snapshot Tasks" select whatever suits you
• If you want this task to run periodically, tick the "Schedule" checkbox and enter a interval for the task to run on

I'm by no means a TrueNAS Scale expert so please feel free to offer some updates.

 

[Marknas2023]

I must say thank you as well as this solved my issue too! Love this forum

 

[BlueRainProd]

Thanks so much. This was exactly what the issue was for me too. Kept getting new issues when I tried to create the destination dataset myself. Glad to know now that the PUSH replicate creates exactly what it needs, encryption requirements included.