Open danboid opened 2 years ago
danboid
commented
2 years ago INSTALL.md doesn't answer any of these questions either, plus it features this nonsense line:
"On newer FreeBSD and Ubuntu Xenial chacha20-poly1305@openssh.com, on other distributions arcfour crypto is the default for SSH transport since v1.4.6"
In the Other OSes section. Well it made no sense to me at least!
danboid
commented
2 years ago On my quest to find a more comprehensive beginners guide to syncoid I have discovered that the syncoid user should have sudo permissions unless its required zfs commands have been delegated.
This should be mentioned in the README, maybe in a pre-requisites section which would also include setting up passwordless SSH and...
danboid
commented
2 years ago There doesn't seem to be an incremental option so I presume the first invocation of syncoid will be run exactly the same as subsequent runs. It looks like I don't need to use any of the optional command switches.
danboid
commented
2 years ago It took me most of the weekend to work it out but I've now got syncoid working.
I wrote a short guide and I was going to submit it which is when I found the Syncoid gh wiki page, most notably the 'running without root' section which is what I had just independently, unnecessarily documented.
Most projects don't use the wiki on gh so I don't normally go looking for it but I wish I'd thought of that sooner now!
danboid
commented
2 years ago Re-use/edit this is you think its useful:
Traditionally, rsync has been used by Linux/UNIX sysadmins to incrementally backup one machine onto another. If both machines, the source and destination of a backup, are running ZFS and snapshots are being used then you should use a ZFS-native backup tool such as syncoid to preserve the snapshot data. This has the added advantage of streamlining backups by minimising the amount of data that needs to be transferred.
syncoid is packaged in the sanoid package under Ubuntu and Debian. You must install sanoid/syncoid on the destination machine. Installing it on the source machine is optional but doing so will install packages that will improve your syncoid experience by reducing the amount of data to transfer through compression.
Many zfs functions require sudo or root permissions to run which is why syncoid prefers to also log in and run as root via ssh. Logging in as root via ssh is disabled by default in Ubuntu and many other distros hence we need to use ZFS's allow feature to enable a non-root user access to all of the ZFS features required to use syncoid, if we don't want to enable root logins via ssh.
In this example, our source is a Ubuntu LXD server from which we wish to backup a container called hermes which has a dataset within lxdpool/containers. We shall create a new user called zfsbackup on the machine to be backed up and delegate the needed ZFS permissions to that user:
# useradd -m -r zfsbackup # zfs allow -u zfsbackup send,snapshot,hold lxdpool/containers
Copy your public SSH key from the target machine into the .ssh folder of the newly created zfsbackup user. Note that setting UsePAM to no (in /etc/ssh/sshd_config ) on the source machine will prevent you using SSH FROM a root account to log in as a non-root user.
You should now be ready to run syncoid with a command such as:
**# syncoid --no-sync-snap --no-privilege-elevation zfsbackup@myserver.org:lxdpool/containers/hermes astarray/backups/hermes
The key option here for those using syncoid with zfs allow and as a non-root user on the remote machine is --no-privilege-elevation, which tells syncoid not to try to use sudo. Note that the target dataset must not already exist for the initial replication to succeed.
If you are trying to replicate a dataset from a Debian box (eg Proxmox) and syncoid complains that it cannot find zfs then you'll need to create a /home/zfsbackup/.ssh/environment file to configure the $PATH for SSH which also requires that you enable PermitUserEnvironment in sshd_config.
danboid
commented
2 years ago FYI you can also put PATH at the top of ~/.bashrc . It's easier to set up that way. ("top" because it might not execute the rest in a non-interactive shell)
That doesn't work for ssh. Yiou have to use ~/.ssh/environment for that. I've only needed to do that on Debian boxes tho.
danboid
commented
2 years ago This was with Proxmox 6.
As it stands, this is an irrelevant comment in a bug. If Jim chooses to use it, he can edit it as required eg
If syncoid complains that it cannot find zfs...
danboid
commented
2 years ago The second paragraph in README.md has a typo:
"A typical Sanoid system would have a single cron job but see INSTALL.md fore more details:"
I've only got round to setting up sanoid today, up until now I've only been using syncoid. My first sandoid question that doesn't seem to be covered by the README is what does frequently default to, if anything?
EDIT:
It seems the frequent_period defaults to 15 minutes, if it will find my defaults file.
Hi Jim
I've been recommended syncoid as a tool to replicate ZFS datasets between machines but I've not tried it yet. I have read the README and I'm left with the following questions, which I'd like to see addressed with a few small additions or tweaks to the existing README.
Apparently I can probably do either a push or a pull command with syncoid to do what I want, which is to incremetally mirror a LXD containers dataset and all of its snapshots onto a remote pool on a daily basis, via cron job I expect. Are there any advantages, security or performance wise to do this using a pull versus a push command or vice versa? Is one method generally recommended over the other if possible to use it?
Can syncoid create the target dataset if it doesn't exist on the target pool and the user running syncoid has sudo rights?
Is it recommended to create a dedicated user account for running syncoid cron jobs? If I'm using syncoid to replicate snapshots of a LXD container, do I need to give the user sudo permissions to replicate all of the files and snapshots in full? Is it possible to use a non login (no shell) account for syncoid?
Should the default syncoid options work fine for replicating (LXD) container snapshots or will I have to use any non-default options?
I'm running focal (Ubuntu 20.04) is it worthwhile building from source to get the latest version or not?
My apologies if any of these (except maybe the last one about 20.04) are already covered in the README but I missed it!
Thanks