SOLVED Recreating a pool - keeping ACLs.

[rodfantana]

I'm running TrueNAS Core 12u8. Need to drop a pool that is currently configured as span (failed disk, will be replaced at the time). The pool will be reconfigured as RAIDZ1. Same dataset structure will be recreated and data migrated back.

I'm assuming that the ACLs that are currently set on each dataset will be dropped along with pool. Is there a way to make a backup of that, even for reference purposes? Currently my plan is to take screenshots of permissions and dataset options in the GUI. Is there a command line that i can dump all of that into a readable txt file (getfacls?) so I can reference that when I'm recreating them in the new pool??

Also, I have SMB and NFS shares tied to the dataset that will be recreated. Will I lose those, or will they be kept and continue to work if same name file systems are recreated?

Thank you.

 

[sretalla]

Is your intention to re-create the pool with the same structure, only empty?

If you're also bringing the data back, you're much better off using zfs send | recv to get everything (including ACLs) off to temporary media, and then back again. (or a replication task if you don't like CLI)

 

[rodfantana]

Yea, I messed up and created a span instead of raidz1. Lived with it until i realized by having a failed disk. Got lucky with the data. So now I'm recreating the array in raidz1 config. The structure of datasets underneath the volume will be the same. I've moved data off of it using replication tasks and the move back would entail the same. Per your comment, It sounds like ACLs will come back for those filesystems.

There are a couple of file systems that I did not replicate due to space constraint on another TN instance etc. I don't really need that data as it's backups and can be regenerated. Those datasets will just be created manually to resemble the old structure. For these, It doesn't sound like there is a better way of capturing ACLs other than just taking screenshots?

 

[sretalla]

As you already suggested, you can dump it out with getfacl, but there's no real export/import option there.

You may be able to hunt around for some scripts that have no doubt been developed to do something like that though.

... https://www.unix.com/solaris/99522-export-import-zfs-acls.html

 

[rodfantana]

Understood, thank you.

 

[anodos]

I considered altering mtree to allow restoring ACLs, but was rather too busy with other things.

I added a tool to TrueNAS a while back that can rebuild ACLs from a snapshot of a dataset if for instance a sysadmin goes on vacation and while he's out a well-meaning junior IT minion decides to follow a youtube video by some influencer and "strip" ACLs to "make things work", but that's not quite what you want.

Generally though, you can throw getfacl output to a file and then use setfacl -b -M <file> <target>.

Code:

getfacl /path/to/file > /acl_spec.out
setfacl -b -M /acl_spec.out /path/to/file

You may have to clean up owner@, group@, and everyone@ entries afterwards though.