I would like to prepare a move of data that is currently stored in a legacy encrypted pool (= poolA) on a TrueNAS Core host. There are a couple of questions I have performing this move:
Should the new pool (= poolB) be a ZFS encrypted pool? While I do understand that this is a bit of personal preference, I was wondering whether the ZFS encrypted storage pools will at some point be not supported or - like it is with the legacy encryption now - be somewhat of an obstacle when upgrading in the future?
How to move the actual data? Is it recommended to just log into a root ssh session and run an rsync command? Is rsync recommended to perform such a move?
Rsync options: I looked into the rsync options and came up with the following. Is that a proper way to move roughly 2.9 TB of storage?
rsync -aHAX /poolA /poolB
Due to hardware limitations the newly created poolB will initially consist of 2 drives to enable the data move. Am I right to understand that I will be able to add additional physical drives to the pool using the TrueNAS Community Edition at a later point in time?
Your preference. Your guess, but I would assume that ZFS native encryption is here to stay in OpenZFS, while GELI encryption is tied to FreeBSD.
From ZFS to ZFS, the best option is replication, not retaining the settings of the original pool so as to enforce the new encryption setting on destination.
—
Two drives have to be a mirror. You can always add further mirror vdevs later. But you’d need to start with three or four drives to have a raidz1/2 pool.
I have just created a new pool with ZFS encryption. Now, I would like to replicate the dataset as you have suggested in 2. @etorix .
As I have never done this but read through the documentation, I believe this is done via Tasks/ Replication Task - right? In my example data within core (old, geli encryption) should be replicated to core2 (new, openzfs encryption). What confuses me is the additional encryption option in the replication task. From my understanding this is not really needed as the new pool core2 is already encrypted.
Edit: I have tried replicating a single dataset that sits in core. While the replicating has worked, it finished with a warning: The following datasets are not encrypted but are within an encrypted dataset: 'core2/homelab' which is not supported behaviour and may lead to various issues.
Looking at the pool overview, the newly replicated dataset seems to be not encrypted, but is in the OpenZFS encrypted pool core2. I don’t understand.
Also, do I need to select each source dataset in core manually and specify the path name in the destination location? This is what I did for this example. But I would like to replicate all datasets in core and have them replicated 1:1 in core2.
Additional question: is there a way to verify that both datasets are the same once replication will be finished?
Well, the encryption box in replication tasks is - according to the documentation - an additional layer that can be applied. But it does not resolve the problem described in my previous post.
However, unchecking the ‘Include Dataset Properties’ does remove the weird error. Although the documentation says that ACLs are not replicated when this is unchecked it seems like my ACLs have also been transported over.
Additionally, I have created replication tasks per dataset so I have a little more overview about what has been done and to double check ACLs upon completion.
The final thing that remains is that I would like to rename the core2 pool back to core once everything is done so that is should be a seamless migration after all. How to achieve that?