[[advanced:target]]

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
advanced:target [2018/10/05 00:40] – [Create a replication user] danadvanced:target [2018/10/05 13:26] – [Enable encryption, and create an encrypted dataset] dan
Line 56: Line 56:
  
 ===== Enable encryption, and create an encrypted dataset ===== ===== Enable encryption, and create an encrypted dataset =====
-**FreeNAS doesn't support OpenZFS encryption at this time, and it's not possible to replicate from a non-encrypted dataset to an encrypted one.  This documentation is left for the sake of completeness.** 
  
 The idea of this system is to be a standalone storage "brick", which could be left at a remote location where you might not fully trust the network operator.  ZFS on Linux supports dataset encryption for this purpose, and material for this section is drawn from this [[https://datacenteroverlords.com/2017/12/17/zfs-on-linux-with-encryption-part-2/|blog post]].  You'll first need to enable that feature on your pool: The idea of this system is to be a standalone storage "brick", which could be left at a remote location where you might not fully trust the network operator.  ZFS on Linux supports dataset encryption for this purpose, and material for this section is drawn from this [[https://datacenteroverlords.com/2017/12/17/zfs-on-linux-with-encryption-part-2/|blog post]].  You'll first need to enable that feature on your pool:
Line 77: Line 76:
 where "userid" is the numeric user ID noted on the FreeNAS box. where "userid" is the numeric user ID noted on the FreeNAS box.
  
-Generate a SSH keypair for that user: 
-<code> 
-sudo -u zfsuser ssh-keygen 
-</code> 
 Now allow that user to make changes on the encrypted dataset: Now allow that user to make changes on the encrypted dataset:
 <code> <code>
 zfs allow -ldu zfsuser create,destroy,diff,mount,readonly,receive,release,send,userprop dozer/backup zfs allow -ldu zfsuser create,destroy,diff,mount,readonly,receive,release,send,userprop dozer/backup
 </code> </code>
 +===== Install Zerotier ===== 
 +Zerotier will create an encrypted virtual network connection between your Odroid and your FreeNAS box.  It's installed by default on FreeNAS, but you'll need to install it on the Odroid.  Run these commands: 
 +<code> 
 +sudo apt install curl 
 +curl https://install.zerotier.com | sudo bash 
 +</code>
  • advanced/target.txt
  • Last modified: 2018/10/10 00:02
  • by dan