Replication Task related to encrypted datasets not jet possible :(

L

Louis2

Contributor
Joined
Sep 7, 2019
Messages
177
I have a TrueNas core system and a TrueNas scale system and prefer to use replication above rsync to transfer (pull or send) data between the two systems. That is no problem as long as the data is not encrypted. However:

  • On scale, when replicating data from one encrypted dataset-1 to another dataset-2 that works, but in order to access / read dataset-2 you have to copy the key of dataset-1 to dataset-2. That is not even bad in my option, since I can imagine that the copied dataset should not be accessible, unless you are the data owner having the key
  • However trying to do the same from the remote source (in this case my core system), towards the scale system, it completely fails. Messages are showing that it is not yet supported. And that you should try with <encrypted parent>/<the destination dataset>. Apart from the fact that this is IMHO ridiculous, it did not work.
  • Creating an new encrypted destination dataset, using the key from the source data-set did not work as well
So actually the only option left is to use Rsync which is far less efficient.

So two questions:
  1. in which release will this missing functionality be implemented
  2. Is there a command line option to define a Replication task pulling data from a remote encrypted dataset to a local encrypted dataset (without nonsense like required higher level encrypted dataset)
I really prefer a GUI option :wink:
 
winnielinnie

winnielinnie

MVP
Joined
Oct 22, 2019
Messages
3,641
It's hard to assess without the Replication Task options and the properties and hierarchy of the pools and datasets in question.

For starters, this helps give a bird's eye view:
Code:
zfs list -r -t filesystem -o name,encroot,encryption,keyformat sourcepool
zfs list -r -t filesystem -o name,encroot,encryption,keyformat destinationpool


Also a screenshot of the Replication Task(s).
 
L

Louis2

Contributor
Joined
Sep 7, 2019
Messages
177
Some extra explanation

The situation I tried to deal with is not complex at all. I should be .... simple to configure

TrueNas Core (as source)
Pool-A
- dataset-1
- dataset-2 this dataset is encrypted and is intended to be backuped to the TrueNas scale system
- etc

TrueNAS Scale (as destination)
Pool-B
- dataset-A
- dataset-B which should become the encrypted backup of dataset-2 as situated on the core-system
- etc

Pulling this from the scale system using RootSSH is possible

Trying to do this via a (gui) replication task ..... forget it. I tried to do it in multiple ways.
Where the error messages are even explaining that it is not yet supported ...
There is also a remark in the error messages that you could work around ^the limitation^ by defining something like
Pool-B,
- dataset-B-lev1 (encrypted), real-dataset-B on level-2 (I do not like it at all, and beside that, it did not work for me)


Trying to do the same locally on scale from Pool-X dataset-1 to Pool-Y dataset-2, works which as written before as note that you need to load the datas-set-1 encryption-key in dataset-2 (you have to create the json yourself, but that is not terrible complex) to be capable of reading dataset-2
 
You must log in or register to reply here.

Similar threads

R
Suggestion? Backing up unencrypted dataset to encrypted
Replies
6
Views
1K
infinitytec
I
R
Random nesting behaviour for encrypted replication tasks
Replies
0
Views
370
rusty6285
R
Z
Replication Task to new NAS/Server without Sub-Datasets being encrypted
Replies
2
Views
929
Zyrox
Z
corv
Encrypted dataset replication
Replies
4
Views
2K
BlueRainProd
BlueRainProd
C
replication task, from 11.3 (unencrypted) to 12 (encrypted)
Replies
2
Views
1K
chocamo
C
Top