Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
advanced:target [2018/10/05 00:40] – [Create a replication user] dan | advanced:target [2018/10/05 23:17] – [Rebuild the kernel] dan |
---|
<code> | <code> |
sudo apt update && sudo apt upgrade | sudo apt update && sudo apt upgrade |
sudo apt install git gcc g++ build-essential | sudo apt install git gcc g++ build-essential bc |
git clone --depth 1 https://github.com/hardkernel/linux -b odroidxu4-4.14.y | git clone --depth 1 https://github.com/hardkernel/linux -b odroidxu4-4.14.y |
cd linux | cd linux |
| |
===== Enable encryption, and create an encrypted dataset ===== | ===== Enable encryption, and create an encrypted dataset ===== |
**FreeNAS doesn't support OpenZFS encryption at this time, and it's not possible to replicate from a non-encrypted dataset to an encrypted one. This documentation is left for the sake of completeness.** | |
| |
The idea of this system is to be a standalone storage "brick", which could be left at a remote location where you might not fully trust the network operator. ZFS on Linux supports dataset encryption for this purpose, and material for this section is drawn from this [[https://datacenteroverlords.com/2017/12/17/zfs-on-linux-with-encryption-part-2/|blog post]]. You'll first need to enable that feature on your pool: | The idea of this system is to be a standalone storage "brick", which could be left at a remote location where you might not fully trust the network operator. ZFS on Linux supports dataset encryption for this purpose, and material for this section is drawn from this [[https://datacenteroverlords.com/2017/12/17/zfs-on-linux-with-encryption-part-2/|blog post]]. You'll first need to enable that feature on your pool: |
where "userid" is the numeric user ID noted on the FreeNAS box. | where "userid" is the numeric user ID noted on the FreeNAS box. |
| |
Generate a SSH keypair for that user: | |
<code> | |
sudo -u zfsuser ssh-keygen | |
</code> | |
Now allow that user to make changes on the encrypted dataset: | Now allow that user to make changes on the encrypted dataset: |
<code> | <code> |
zfs allow -ldu zfsuser create,destroy,diff,mount,readonly,receive,release,send,userprop dozer/backup | zfs allow -ldu zfsuser create,destroy,diff,mount,readonly,receive,release,send,userprop dozer/backup |
</code> | </code> |
| ===== Install Zerotier ===== |
| [[https://zerotier.com/|Zerotier]] will create an encrypted virtual network connection between your Odroid and your FreeNAS box. It's installed by default on FreeNAS, but you'll need to install it on the Odroid. Run these commands: |
| <code> |
| sudo apt install curl |
| curl https://install.zerotier.com | sudo bash |
| </code> |