Hi,
Is there a solid resource on working with encrypted datasets in TrueNAS that anyone can point to?
Non-encrypted datasets work just fine - but I can't seem to get it to work for encrypted datasets, receiving the error:
Destination dataset 'Tank-01/01-01' already exists and is it's own encryption root. This configuration is not supported yet. If you want to replicate into an encrypted dataset, please, encrypt it's parent dataset.
In my case ... Prior to migrating to TrueNAS, both TrueNAS-01 & -02 (then "FreeNAS") had legacy GELI-encryption and I had no issue seeding replication and then handing over to the GUI for management, as needed. See Figure 1, below for general schema, adapted to TrueNAS. See Figure 2, below for seed commands.
Now with TrueNAS, I've attempted to utilize a similar schema, but I've had no luck. On both instances, the pool does not have encryption, but Tank-01/01-01 on TrueNAS-01 is encrypted, and similarly I would like the corresponding dataset on -02 to be encrypted as well.
I've poked and prodded ... and attempted to find the answer myself, to no avail. Can anyone provide a much needed hand here, please?
FIGURE 1. REPLICATION SCHEMA
FIGURE 2. REPLICATION SEEDING
Is there a solid resource on working with encrypted datasets in TrueNAS that anyone can point to?
Non-encrypted datasets work just fine - but I can't seem to get it to work for encrypted datasets, receiving the error:
Destination dataset 'Tank-01/01-01' already exists and is it's own encryption root. This configuration is not supported yet. If you want to replicate into an encrypted dataset, please, encrypt it's parent dataset.
In my case ... Prior to migrating to TrueNAS, both TrueNAS-01 & -02 (then "FreeNAS") had legacy GELI-encryption and I had no issue seeding replication and then handing over to the GUI for management, as needed. See Figure 1, below for general schema, adapted to TrueNAS. See Figure 2, below for seed commands.
Now with TrueNAS, I've attempted to utilize a similar schema, but I've had no luck. On both instances, the pool does not have encryption, but Tank-01/01-01 on TrueNAS-01 is encrypted, and similarly I would like the corresponding dataset on -02 to be encrypted as well.
I've poked and prodded ... and attempted to find the answer myself, to no avail. Can anyone provide a much needed hand here, please?
FIGURE 1. REPLICATION SCHEMA
Code:
TrueNAS DIRECTION TrueNAS Incremental Seed Comment -01 (=> or <=) -02 Task Task Tank-01 Tank-01 N/A (Pool) N/A (Pool) 01-01 => 01-01 Inc_Task-01 Seed_Task-01 01-01 & 01-01 both encrypted DS with passphrase DS_01 DS_01 Inc_Task-01 Seed_Task-02 DS_02 DS_02 Inc_Task-01 Seed_Task-03 01-02 => 01-02 Inc_Task-02 Not encrypted 02-01 <= 02-01 Inc_Task-03 02-01 & 02-01 both encrypted DS with passphrase 02-02 <= 02-02 Inc_Task-04 Not encrypted for clarity, via #zfs list NAME ... MOUNTPOINT Tank-01 /mnt/Tank-01 Tank-01/01-01 /mnt/Tank-01/01-01 Tank-01/01-01/DS_01 /mnt/Tank-01/01-01/DS_01 Tank-01/01-01/DS_02 /mnt/Tank-01/01-01/DS_02
FIGURE 2. REPLICATION SEEDING
Code:
Seed_Task-01 zfs send Tank-01/01-01@SNAP-YYYY-MM-DD_HH-MM | mbuffer -s 128k -m 1G -O <TrueNAS-02 IP>:9001 mbuffer -4 -s 128k -m 1G -I 9001 | zfs receive -F Tank-01/01-01 Seed_Task-02 zfs send Tank-01/01-01/DS_01@SNAP-YYYY-MM-DD_HH-MM | mbuffer -s 128k -m 1G -O <TrueNAS-02 IP>:9002 mbuffer -4 -s 128k -m 1G -I 9002 | zfs receive -F Tank-01/01-01/DS_01 Seed_Task-03 zfs send Tank-01/01-01/DS_02@SNAP-YYYY-MM-DD_HH-MM | mbuffer -s 128k -m 1G -O <TrueNAS-02 IP>:9003 mbuffer -4 -s 128k -m 1G -I 9003 | zfs receive -F Tank-01/01-01/DS_02