zfs external backup drive with snapshot and encryption

Search…

​main source​
Get device id
$ ls /dev/disk/by-id -alh
...
lrwxrwxrwx 1 root root  10 okt 24 06:06 ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 -> ../../sda4
...
For example, I'm going to use /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4
Setup disk encryption with LUKS
setup LuKS​
$ sudo apt install cryptsetup
$ cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --iter-time 10000 --use-random -y /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4
--cipher encryption algorithm
--key-size encryption key size
--iter-time Number of millisecond to spend P8KDF passphrase processing
--use-random use /dev/random
-y verify passphrase
Disk device can now be opened.
$ sudo cryptsetup luksOpen /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 luks1
Create new zfs pool
$ sudo zpool create ext-backup /dev/mapper/luks1
Create initial snapshot
Example i have data set tank/ROOT/home
$ sudo zfs snapshot tank/ROOT/[email protected]
Send the backup
$ sudo zfs send tank/ROOT/[email protected] | pv | sudo zfs recv ext-backup/home
Or with incremental-backup
$ sudo zfs snapshot tank/ROOT/[email protected]
$ sudo zfs send -R -i tank/ROOT/[email protected] tank/ROOT/[email protected] | sudo zfs recv ext-backup/hom
A good idea is to set the external drive to be read-only
$ sudo zfs set readonly=on ext-backup
Safely close and remove external drive
After finished sending the snapshot, close the disk and export the pool
$ sudo zpool export ext-backup
$ sudo cryptsetup luksClose ext-backup
Reference:

zfs auto snapshot

net

Last modified 8mo ago

Copy link

Outline

Get device id

Setup disk encryption with LUKS

Create new zfs pool

Create initial snapshot

Send the backup

Safely close and remove external drive