q/pa
Explorer
- Joined
- Mar 16, 2015
- Messages
- 64
Hi,
I am trying to wrap my head around what will happen to my existing backup after switching from GELI to native ZFS encryption.
My setup:
This is what I did/will do:
1. Removed GELI encryption
2. Rename original datasets into temp. datasets; make recursive snapshots of renamed temp. datasets
3. Create new encrypted "original" datasets
4. send (full replication) / receive with -x encryption of temp. dataset snapshots to new encrypted datasets
The big question is, can I just resume my old incremental replication and what are my options? The best result would be to be able to do raw encrypted sends to my existing backup turning it into an encrypted backup which I would have to decrypt to check replication results from time to time.
In case there is no chance to further use my old backup I would do the following:
1. split the backup mirrored pool into backup1 and backup2
2. do a complete new full replication (encrypted raw) on backup1
3. triple check that everything worked as expected
4. attach pool backup2 to backup1, copying everything to the newly attached drive (deleting the old backup2)
I am trying to wrap my head around what will happen to my existing backup after switching from GELI to native ZFS encryption.
My setup:
- TrueNAS Core w/ 1 pool "datapool1" containing 3 datasets
- GhostBSD (FreeBSD) computer with mirrored backup pool "backup1" (encryption feature available but not enabled)
- Manual incremental replication of all 3 datasets from datapool1 to backup1 via ssh
This is what I did/will do:
1. Removed GELI encryption
2. Rename original datasets into temp. datasets; make recursive snapshots of renamed temp. datasets
3. Create new encrypted "original" datasets
4. send (full replication) / receive with -x encryption of temp. dataset snapshots to new encrypted datasets
The big question is, can I just resume my old incremental replication and what are my options? The best result would be to be able to do raw encrypted sends to my existing backup turning it into an encrypted backup which I would have to decrypt to check replication results from time to time.
In case there is no chance to further use my old backup I would do the following:
1. split the backup mirrored pool into backup1 and backup2
2. do a complete new full replication (encrypted raw) on backup1
3. triple check that everything worked as expected
4. attach pool backup2 to backup1, copying everything to the newly attached drive (deleting the old backup2)
Last edited: