Dual Level Encryption & Replication - Cannot Restore

[CookieMonster1]

I have done my research on Replication Tasks with truenas watched some videos and forums posts. I have run into a problem with the encryption keys. I looked around and didn't see anything about this. Before any Replication Tasks. On my main pool, I use 2 encryption passwords. The main dir and then a sub dir both encrypted with different keys so I need to put both passwords to unlock the data set. Everything's working but this. When starting a Replication Task with the pool and copy everything over to another pool and try restore/ de encrypt it asks for 1 password key not 2 passwords? I tried both keys and nothing work. I thought maybe adding both keys together would work but nope.

I tried with with a new dir/ 2gb file to make I am doing this right and I was. Same thing. I spent about 2 hours playing with it and researching and nothing. Am I missing something. The main Dir has 2 passwords and then to restore it asks for 1 password???

I am trying to backup that 1 year old data to many different pools.
This is on the same local host just for a testing. Backing up 3 different pools just in case for long term storage. Never losing data again!

 

[Samuel Tai]

@winnielinnie is the resident ZFS encryption expert here. I don’t think your setup will work using recursive, which assumes inherited keys. You’ll need separate jobs for each of the nested datasets with different keys.

 

[CookieMonster1]

Can you explain what setup I should do for my backup process?

 

[Samuel Tai]

So for the parent dataset, create one replication job with recursive on, but set the daughter dataset to be excluded:

This will replicate the parent with its keys.

Then create another replication job for the daughter. You can leave recursive on, and leave the Exclude Child Datasets blank. This will replicate the daughter with its keys.

 

[CookieMonster1]

For my setup I have main dataset with nothing in it besides the daughter dataset below. Both have its on own keys.

When I just try the daughter it should only have the daughter key by itself?

I am way from my setup right now.

 

[Samuel Tai]

When I just try the daughter it should only have the daughter key by itself?

Yes, that's correct.

 

[winnielinnie]

I assume you mean "dataset" when you use the word "dir".

Can you post the following output:

Code:

zfs list -r -t filesystem -o name,encryption,encryptionroot,keylocation,keyformat NameOfMainPool
zfs list -r -t filesystem -o name,encryption,encryptionroot,keylocation,keyformat NameOfBackupPool

Can you show a screenshot of how you setup the Replication Task? (Showing all the options. Using multiple screenshots if needed to fit everything.)

 

[CookieMonster1]

I assume you mean "dataset" when you use the word "dir".

Can you post the following output:

Code:

zfs list -r -t filesystem -o name,encryption,encryptionroot,keylocation,keyformat NameOfMainPool
zfs list -r -t filesystem -o name,encryption,encryptionroot,keylocation,keyformat NameOfBackupPool

Can you show a screenshot of how you setup the Replication Task? (Showing all the options. Using multiple screenshots if needed to fit everything.)

I figured it out, was doing it wrong. Thank You all for your help!

 

[winnielinnie]

I figured it out, was doing it wrong.

...care to share?

 

[CookieMonster1]

...care to share?

The key is the second data set named: Main_Data not Rabbit_Data. I used different passwords. I was trying to backup Main_Data to another pool with A-Z folders in one task. It doesn't work so I just did one by one A, B, C, etc with there own tasks each. You can see below I was testing testa with 300MIB of data. Backed up the data to the folder called backup. Restored the file to the restore folder. Made a NFS share and it worked with the data there. I have wasted enough time so I will leave it with each task per folder A-Z. If you know how to get around this let me know.