Hi,
I was wondering if there is an option in the TrueNAS Scale GUI or CLI to automatically enable a NIC before and disable it again after a scheduled replication task in order to “air-gap” the system while no replication is taking place?
The replication task would be a “pull” from our main storage, so the backup server would be able to time the replication by itself and not need an active NIC where the source could connect (as in a “push” scenario).
Best,
rokyo
Just putting it out there, if no one here can offer a neat CLI or possibly shell-solution that works reliably, fully knowing it’s not an especially pretty solution:
You could employ a smart power brick connected to and controlled exclusively from the backup server. By having a dedicated switch in the middle linking your main and backup server you can power the switch off when you want to kill connectivity. Essentially brute forcing it.
There would definitely be the option to do this via a BASH script and have it run via Cron, but I’m not sure if:
A. the time in the Scale GUI (where you schedule the replication tasks) and the system time (which Cron would use) are necessarily the same?
B. doing hardware-related things “behind the GUIs back” is a good idea
It isn’t air-gapped if the cable’s still plugged in. If you can disable it by software, you can enable it by (possibly malicious) software).
Yes, they would be the same.
Generally not.
Since interfaces can be enabled and disabled through the GUI, I’d expect that could also be done using the API and one of the CLI API clients at GitHub - truenas/api_client. But I don’t know what the specific command(s) would be.
It isn’t air-gapped if the cable’s still plugged in. If you can disable it by software, you can enable it by (possibly malicious) software).
Sure, but for this the malicious software would need to be present on the system, which hopefully will never happen if the system is only ever available in the network for ~30 minutes each day to pull the snapshots from main storage and than go back to being completely unavailble from outside for the rest of the day.
