On 2014-01-31 15:49, Benedict Reuschling wrote:
> Hi Allan,
> how are you? Judging from BSDnow, you're doing fine. :)
> Can you help me with the ZFS send via SSH part for the ZFS chapter
> rewrite below? Benjamin Kaduk remarked that he does not understand
> what needs to be done on each side. I think this needs more work and I
> don't know exactly what needs to be set for root to be able to do this
> (on each system). Plus, if you know some ports or other software that
> does that, we could mention that in the paragraph as well.
> I also need to look up the newer ZFS send stuff (hole-less send, the
> bookmark-based resume feature, etc.) so that we can reflect this in
> the handbook right from the start. If you have some time, I'd be glad
> for a patch or some paragraphs that I can put into DocBook.
> While on the subject: a while back you mentioned a port that does
> grandfather, father, son snapshots and rotates them automatically.
> What was the name of that port? I can't recall, but I want to try it
> out at work and it would also be a good addition for the snapshot part.
> Thanks and keep up the good work with BSDnow and all your other BSD
> activities.
> Cheers
> Benedict
> -------- Original-Nachricht --------
> Betreff: Re: svn commit: r43697 -
> projects/zfsupdate-201307/en_US.ISO8859-1/books/handbook/zfs
> Datum: Fri, 31 Jan 2014 14:32:11 -0500 (EST)
> Von: Benjamin Kaduk <ka...@mit.edu>
> An: Benedict Reuschling <b...@freebsd.org>
> Kopie (CC): doc-committ...@freebsd.org, svn-doc-proje...@freebsd.org
> On Thu, 30 Jan 2014, Benedict Reuschling wrote:
>> + +    <listitem> +      <para>The <literal>root</literal> user needs
>> to be able to +            log into the receiving system because only
>> that user can +            send streams from the pool.  SSH should be
>> configured so +            that <literal>root</literal> can only
>> execute +          <command>zfs recv</command> and nothing else to
>> prevent +          users that might have hijacked this account from
>> doing +            any harm on the system.</para>
> This paragraph is a little confusing about what happens on the sending
> and
> receiving systems.  (For example, at first I was confused by the first
> sentence, thinking that it was saying that the receiving system would be
> sending streams from the pool.)  Do both the send and receive have to
> happen as root on the respective machines?  I also think that the
> restriction to 'zfs recv' should apply only to the particular ssh key
> which is doing the automated backups; it would be absurd to prevent root
> login from one server to another just because there is a backup
> relationship in place.
>> +      </listitem> + </itemizedlist> + +     <para>After these security
>> measures have been put into place +    and <literal>root</literal>
>> can connect passwordless via SSH

I have made a first pass on this. It still needs some more work. I am
not sure if it fits best in this section or the delegation section, but
it would be good to document how to do it without root, as it is much
safer than having unencrypted root keys laying around, and it is only 2
or 3 extra commands (zfs allow snapshot/send on one side and zfs
receive/create etc on the other plus 1 sysctl (usermount))

In a future pass I'll update the screen sections to be more consistent
as well

Allan Jude
Index: chapter.xml
--- chapter.xml (revision 43727)
+++ chapter.xml (working copy)
@@ -1250,7 +1250,7 @@
     <sect2 xml:id="zfs-zfs-send">
       <title>ZFS Replication</title>
-      <para>Keeping the data on a single pool in one location exposes
+      <para>Keeping data on a single pool in one location exposes
        it to risks like theft, natural and human disasters.  Keeping
        regular backups of the entire pool is vital when data needs to
        be restored.  ZFS provides a built-in serialization feature
@@ -1268,7 +1268,7 @@
       <para>The following examples will demonstrate the functionality
        of ZFS replication using these two pools:</para>
-      <screen>&prompt.root; <userinput>zpool list</userinput>
+      <screen>&prompt.root; <command>zpool list</command>
 backup  960M    77K   896M     0%  1.00x  ONLINE  -
 mypool  984M  43.7M   940M     4%  1.00x  ONLINE  -</screen>
@@ -1277,36 +1277,38 @@
        primary pool where data is written to and read from on a
        regular basis.  A second pool,
        <replaceable>backup</replaceable> is used as a standby in case
-       the primary pool becomes offline.  Note that this is not done
+       the primary pool becomes unavailable.  Note that this is not done
        automatically by ZFS, but rather done by a system
-       administrator in case it is needed.  First, a snapshot is
+       administrator in case it is needed.  First, a snapshot must be
        created on <replaceable>mypool</replaceable> to have a copy
-       of the current state of the data to send to the pool
-       <replaceable>backup</replaceable>.</para>
+       of the current state of the data to send to the 
+       <replaceable>backup</replaceable> pool.  ZFS only replicates
+       snapshots, changes since the most recent snapshot will not
+       be replicated.</para>
-      <screen>&prompt.root; <userinput>zfs snapshot 
-&prompt.root; <userinput>zfs list -t snapshot</userinput>
+      <screen>&prompt.root; <command>zfs snapshot 
+&prompt.root; <command>zfs list -t snapshot</command>
 mypool@backup1             0      -  43.6M  -</screen>
       <para>Now that a snapshot exists, <command>zfs send</command>
        can be used to create a stream representing the contents of
-       the snapshot locally or remotely to another pool.  The stream
+       the snapshot, which can be stored as a file, or received by another 
pool.  The stream
        must be written to the standard output, otherwise ZFS will
-       produce an error like in this example:</para>
+       produce an error:</para>
-      <screen>&prompt.root; <userinput>zfs send 
+      <screen>&prompt.root; <command>zfs send 
 Error: Stream can not be written to a terminal.
 You must redirect standard output.</screen>
-      <para>The correct way to use <command>zfs send</command> is to
-       redirect it to a location like the mounted backup pool.
-       Afterwards, that pool should have the size of the snapshot
-       allocated, which means all the data contained in the snapshot
-       was stored on the backup pool.</para>
+      <para>To backup a dataset with <command>zfs send</command>,
+       redirect to a file located on the mounted backup pool.  First
+       ensure that the pool has enough free space to accommodate the size of 
the snapshot,
+       which means all the data contained in the snapshot, not
+       only the changes in the snapshot.</para>
-      <screen>&prompt.root; <userinput>zfs send 
<replaceable>mypool</replaceable>@<replaceable>backup1</replaceable> > 
-&prompt.root; <userinput>zpool list</userinput>
+      <screen>&prompt.root; <command>zfs send 
<replaceable>mypool</replaceable>@<replaceable>backup1</replaceable> > 
+&prompt.root; <command>zpool list</command>
 backup  960M  63.7M   896M     6%  1.00x  ONLINE  -
 mypool  984M  43.7M   940M     4%  1.00x  ONLINE  -</screen>
@@ -1314,98 +1316,100 @@
       <para>The <command>zfs send</command> transferred all the data
        in the snapshot called <replaceable>backup1</replaceable> to
        the pool named <replaceable>backup</replaceable>.  Creating
-       and sending these snapshots could be done automatically by a
-       cron job.</para>
+       and sending these snapshots could be done automatically with a
+       &man.cron.8; job.</para>
+      <para>Instead of storing the backups as archive files,
+       <acronym>ZFS</acronym> can receive them as a live file system,
+       allowing the backed up data to be accessed directly.
+       To get to the actual data contained in
+       those streams, the reverse operation of <command>zfs
+         send</command> has to be used to transform the streams
+       back into files and directories.  The command is
+       <command>zfs receive</command>.  The example below combines
+       <command>zfs send</command> and <command>zfs
+         receive</command> using a pipe to copy the data from one
+       pool to another.  This way, the data can be used directly on
+       the receiving pool after the transfer is complete.  A
+       dataset can only be replicated to an empty dataset.</para>
+      <screen>&prompt.root; <command>zfs snapshot 
+&prompt.root; <command>zfs send -v 
<replaceable>mypool</replaceable>@<replaceable>replica1</replaceable> | zfs 
receive <replaceable>backup/mypool</replaceable></command>
+send from @ to mypool@replica1 estimated size is 50.1M
+total estimated size is 50.1M
+&prompt.root; <command>zpool list</command>
+backup  960M  63.7M   896M     6%  1.00x  ONLINE  -
+mypool  984M  43.7M   940M     4%  1.00x  ONLINE  -</screen>
       <sect3 xml:id="zfs-send-incremental">
        <title>ZFS Incremental Backups</title>
-       <para>Another feature of <command>zfs send</command> is that
-         it can determine the difference between two snapshots to
-         only send what has changed between the two.  This results in
-         saving disk space and time for the transfer to another pool.
+       <para><command>zfs send</command> can also
+         determine the difference between two snapshots and
+         only send the changes between the two.  This results in
+         saving disk space and transfer time.
          For example:</para>
-       <screen>&prompt.root; <userinput>zfs snapshot 
-&prompt.root; <userinput>zfs list -t snapshot</userinput>
+       <screen>&prompt.root; <command>zfs snapshot 
+&prompt.root; <command>zfs list -t snapshot</command>
-mypool@backup1         5.72M      -  43.6M  -
-mypool@backup2             0      -  44.1M  -
-&prompt.root; <userinput>zpool list</userinput>
+mypool@replica1         5.72M      -  43.6M  -
+mypool@replica2             0      -  44.1M  -
+&prompt.root; <command>zpool list</command>
 backup  960M  61.7M   898M     6%  1.00x  ONLINE  -
 mypool  960M  50.2M   910M     5%  1.00x  ONLINE  -</screen>
        <para>A second snapshot called
-         <replaceable>backup2</replaceable> was created.  This second
+         <replaceable>replica2</replaceable> was created.  This second
          snapshot contains only the changes on the ZFS filesystem
-         between now and the last snapshot,
-         <replaceable>backup1</replaceable>.  Using the
-         <literal>-i</literal> flag to <command>zfs send</command>
-         and providing both snapshots, an incremental snapshot can be
-         transferred, containing only the data that has
+         between now and the previous snapshot,
+         <replaceable>replica1</replaceable>.  Using the
+         <literal>-i</literal> flag of <command>zfs send</command>
+         and indicating the pair of snapshots, an incremental replica
+         stream can be generated, containing only the data that has
-       <screen>&prompt.root; <userinput>zfs send -i 
<replaceable>mypool</replaceable>@<replaceable>backup2</replaceable> > 
-&prompt.root; <userinput>zpool list</userinput>
+       <screen>&prompt.root; <command>zfs send -v -i 
<replaceable>mypool</replaceable>@<replaceable>replica2</replaceable> | zfs 
receive <replaceable>/backup/mypool</replaceable></command>
+send from @replica1 to mypool@replica2 estimated size is 5.02M
+total estimated size is 5.02M
+&prompt.root; <command>zpool list</command>
 backup  960M  80.8M   879M     8%  1.00x  ONLINE  -
 mypool  960M  50.2M   910M     5%  1.00x  ONLINE  -
-&prompt.root; <userinput>ls -lh /backup</userinput>
-total 82247
-drwxr-xr-x     1 root   wheel      61M Dec  3 11:36 backup1
-drwxr-xr-x     1 root   wheel      18M Dec  3 11:36 incremental</screen>
+&prompt.root; <command>zfs list</command>
+NAME                         USED  AVAIL  REFER  MOUNTPOINT
+backup                      55.4M   240G   152K  /backup
+backup/mypool               55.3M   240G  55.2M  /backup/mypool
+mypool                      55.6M  11.6G  55.0M  /mypool
+&prompt.root; <command>zfs list -t snapshot</command>
+NAME                                         USED  AVAIL  REFER  MOUNTPOINT
+backup/mypool@replica1                       104K      -  50.2M  -
+backup/mypool@replica2                          0      -  55.2M  -
+mypool@replica1                             29.9K      -  50.0M  -
+mypool@replica2                                 0      -  55.0M  -</screen>
        <para>The incremental stream was successfully transferred and
-         the file on disk is smaller than any of the two snapshots
-         <replaceable>backup1</replaceable> or
-         <replaceable>backup2</replaceable>.  This shows that it only
+         only the data that has changed was replicated, rather than
+         the entirety of
+         <replaceable>replica1</replaceable> and
+         <replaceable>replica2</replaceable> with both contain mostly the same 
data.  This shows that it only
          contains the differences, which is much faster to transfer
          and saves disk space by not copying the complete pool each
          time.  This is useful when having to rely on slow networks
          or when costs per transferred byte have to be
-      </sect3>
-      <sect3 xml:id="zfs-send-recv">
-       <title>Receiving ZFS Data Streams</title>
-       <para>Up until now, only the data streams in binary form were
-         sent to other pools.  To get to the actual data contained in
-         those streams, the reverse operation of <command>zfs
-           send</command> has to be used to transform the streams
-         back into files and directories.  The command is called
-         <command>zfs receive</command> and has also a short version:
-         <command>zfs recv</command>.  The example below combines
-         <command>zfs send</command> and <command>zfs
-           receive</command> using a pipe to copy the data from one
-         pool to another.  This way, the data can be used directly on
-         the receiving pool after the transfer is complete.</para>
-       <screen>&prompt.root; <userinput>zfs send 
<replaceable>mypool</replaceable>@<replaceable>backup1</replaceable> | zfs 
receive <replaceable>backup/backup1</replaceable></userinput>
-&prompt.root; <userinput>ls -lh /backup</userinput>
-total 431
-drwxr-xr-x     4219 root   wheel      4.1k Dec  3 11:34 backup1</screen>
-       <para>The directory <replaceable>backup1</replaceable> does
-         contain all the data, which were part of the snapshot of the
-         same name.  Since this originally was a complete filesystem
-         snapshot, the listing of all ZFS filesystems for this pool
-         is also updated and shows the
-         <replaceable>backup1</replaceable> entry.</para>
-       <screen>&prompt.root; <userinput>zfs list</userinput>
-backup                 43.7M   884M    32K  /backup
-backup/backup1         43.5M   884M  43.5M  /backup/backup1
-mypool                 50.0M   878M  44.1M  /mypool</screen>
-       <para>A new filesystem, <replaceable>backup1</replaceable> is
-         available and has the same size as the snapshot it was
-         created from.  It is up to the user to decide whether the
-         streams should be transformed back into filesystems directly
-         to have a cold-standby for emergencies or to just keep the
-         streams and transform them later when required.  Sending and
+       <para>A new filesystem, <replaceable>backup/mypool</replaceable> is
+         available and has all of the files and data from the pool
+         <replaceable>mypool</replaceable>.  Sending and
          receiving can be automated so that regular backups are
          created on a second pool for backup purposes.</para>
@@ -1428,14 +1432,17 @@
          encrypted, <application>SSH</application> can be used.
          Since ZFS only requires the stream to be redirected from
          standard output, it is relatively easy to pipe it through
-         SSH.</para>
+         SSH.  If you wish the contents of your
+         <acronym>ZFS</acronym> file system to remain encrypted,
+         consider using <link
+           xlink:href="http://wiki.freebsd.org/PEFS";>PEFS</link>.</para>
        <para>A few settings and security precautions have to be made
          before this can be done.  Since this chapter is about ZFS
          and not about configuring SSH, it only lists the things
          required to perform the encrypted <command>zfs
-         send</command> operation.  The following settings should
-         be made:</para>
+         send</command> operation.  The following configuration is
+         required:</para>
@@ -1450,7 +1457,10 @@
              that <literal>root</literal> can only execute
              <command>zfs recv</command> and nothing else to prevent
              users that might have hijacked this account from doing
-             any harm on the system.</para>
+             any harm on the system.  Using the <link
+               linkend="zfs-zfs-allow">delegation</link> system it is
+             possible to perform replication without requiring
+             root access.</para>
@@ -1460,8 +1470,8 @@
          encrypted stream can be sent using the following
-       <screen>&prompt.root; <userinput>zfs snapshot -r 
-&prompt.root; <userinput>zfs send -R 
<replaceable>mypool/home</replaceable>@<replaceable>monday</replaceable> | ssh 
<replaceable>backuphost</replaceable> zfs recv -dvu 
+       <screen>&prompt.root; <command>zfs snapshot -r 
+&prompt.root; <command>zfs send -R 
<replaceable>mypool/home</replaceable>@<replaceable>monday</replaceable> | ssh 
<replaceable>backuphost</replaceable> zfs recv -dvu 
        <para>The first command creates a recursive snapshot (option
          <literal>-r</literal>) called

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to