zfs external backup drive with snapshot and encryption

Search…

​main source​
Get device id
1
$ ls /dev/disk/by-id -alh
2
...
3
lrwxrwxrwx 1 root root  10 okt 24 06:06 ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 -> ../../sda4
4
...
Copied!
For example, I'm going to use /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4
Setup disk encryption with LUKS
setup LuKS​
1
$ sudo apt install cryptsetup
2
$ cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --iter-time 10000 --use-random -y /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4
Copied!
--cipher encryption algorithm
--key-size encryption key size
--iter-time Number of millisecond to spend P8KDF passphrase processing
--use-random use /dev/random
-y verify passphrase
Disk device can now be opened.
1
$ sudo cryptsetup luksOpen /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 luks1
Copied!
Create new zfs pool
1
$ sudo zpool create ext-backup /dev/mapper/luks1
Copied!
Create initial snapshot
Example i have data set tank/ROOT/home
1
$ sudo zfs snapshot tank/ROOT/[email protected]
Copied!
Send the backup
1
$ sudo zfs send tank/ROOT/[email protected] | pv | sudo zfs recv ext-backup/home
Copied!
Or with incremental-backup
1
$ sudo zfs snapshot tank/ROOT/[email protected]
2
$ sudo zfs send -R -i tank/ROOT/[email protected] tank/ROOT/[email protected] | sudo zfs recv ext-backup/hom
Copied!
A good idea is to set the external drive to be read-only
1
$ sudo zfs set readonly=on ext-backup
Copied!
Safely close and remove external drive
After finished sending the snapshot, close the disk and export the pool
1
$ sudo zpool export ext-backup
2
$ sudo cryptsetup luksClose ext-backup
Copied!
Reference:

zfs auto snapshot

net

Last modified 1mo ago

Copy link

Contents

Get device id

Setup disk encryption with LUKS

Create new zfs pool

Create initial snapshot

Send the backup

Safely close and remove external drive