zfs external backup drive with snapshot and encryption

2018-10-24 :: ( 1 minutes reading )

[main source][1]

Get device id

$ ls /dev/disk/by-id -alh
...
lrwxrwxrwx 1 root root  10 okt 24 06:06 ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 -> ../../sda4
...

For example, I’m going to use /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4

Setup disk encryption with LUKS

setup [LuKS][1]

$ sudo apt install cryptsetup
$ cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --iter-time 10000 --use-random -y /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4
  • --cipher encryption algorithm
  • --key-size encryption key size
  • --iter-time Number of millisecond to spend P8KDF passphrase processing
  • --use-random use /dev/random
  • -y verify passphrase

Disk device can now be opened.

$ sudo cryptsetup luksOpen /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 luks1

Create new zfs pool

$ sudo zpool create ext-backup /dev/mapper/luks1

Create initial snapshot

Example i have data set tank/ROOT/home

$ sudo zfs snapshot tank/ROOT/home@ext-backup

Send the backup

$ sudo zfs send tank/ROOT/home@ext-backup | pv | sudo zfs recv ext-backup/home

Or with incremental-backup

$ sudo zfs snapshot tank/ROOT/home@ext-backup20180101
$ sudo zfs send -R -i tank/ROOT/home@ext-backup tank/ROOT/home@ext-backup20180101 | sudo zfs recv ext-backup/hom

A good idea is to set the external drive to be read-only

$ sudo zfs set readonly=on ext-backup

Safely close and remove external drive

After finished sending the snapshot, close the disk and export the pool

$ sudo zpool export ext-backup
$ sudo cryptsetup luksClose ext-backup

Reference:
[1]: http://ryan.himmelwright.net/post/zfs-backups-to-luks-external/
[2]: https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md

comments powered by Disqus

Archives

English

  • My Desktop With i3, polybar, conky, and rofi
  • Convert Intellij Live Template to vscode Snippet
  • Why for-range behaves differently depending on the size of the element (A peek into go compiler optimization)
  • Testing go 1.5 cross compilation on raspberry pi
  • osx-push-to-talk App
  • Tracking origin of bugs with git bisect
  • Stubbing Time.Now() in golang
  • My account just got hacked by Romanian (Possibly)
  • berks upload core dump
  • Safely sharing credentials with PGP

Indonesia

  • Ruby Fiber apaan sih ?
  • Scale MongoDB dengan Sharding
  • Telepon murah ke Indonesia dengan voip

Today I Learned

  • Intellij as git diff and mergetool
  • Checksum a File From a URL
  • Global Gitignore File
  • View kubernetes secret
  • Push Only Current Branch
  • Convert PDF to Text Using OCR
  • Checkout Last Branch
  • Replacing Last Command and Execute It
  • Open Last Command in the Editor With Fc
  • Regex for Validating Password
Labs.Yulrizka.com
twitter github feed
    • Left Panel
    • No Panel
    • Right Panel
  • Home
  • EN
  • ID
  • Today I Learned

© Ahmy Yulrizka 2019. Made with hugo source