[OpenIndiana-discuss] ZFS remote receive
Timothy Coalson
tsc5yc at mst.edu
Tue Oct 23 20:13:06 UTC 2012
I set this up with pfexec, I think on 151a4, and it has survived updates
without change so far (currently working on a7), and all I had to do was
add the "ZFS File System Management" profile to the backup user. I did
this via the users-admin gui, I think usermod -P does the same thing, but
here is the relevant line from /etc/user_attr:
backup::::type=normal;profiles=ZFS File System
Management;roles=netadm,netcfg,root,zfssnap
I didn't need to mess with the properties on the filesystem. I set up ssh
keys for passwordless ssh, and my incremental zfs send/receive command
looks like this (with variables replaced and logging redirection removed):
zfs send -vI "<oldsnap>" "<fs>@<newsnap>" | ssh "backup@<host>" "pfexec zfs
receive -vF \"<destfs>\""
Works pretty well, though I get ~70MB/s on gigabit ethernet instead of the
theoretically possible 120MB/s, and I'm not sure why (NFS gets pretty close
to 120MB/s on the same network).
Tim
On Tue, Oct 23, 2012 at 12:59 PM, Geoff Nordli <geoffn at gnaa.net> wrote:
> On 12-10-23 04:52 AM, Sebastian Gabler wrote:
>
>> Hi,
>>
>> I am facing a problem with zfs receive through ssh. As usually, root
>> can't log on ssh; the log on users can't receive a zfs stream (rights
>> problem), and pfexec is disabled on the target host (as I understand it is
>> nowadays default for OI151_a...)
>>
>> What are the suggestions to solve this? I tried several approaches with
>> sudo, and su to no avail. I had tried to enable pfexec on the target
>> system, too and couldn't do it.
>>
>> Thanks for your help.
>>
>> BR
>>
>> Sebastian
>>
>
>
> Hi Sebastian.
>
> I use the sudo method and I also assign the user zfs rights for that pool.
> here is my sudoers file:
>
> bkuser ALL = NOPASSWD: /usr/sbin/zfs
>
> and here is the rights assignment:
>
> zfs allow -s @adminrole clone,create,destroy,mount,**
> promote,quota,receive,rename,**reservation,rollback,send,**snapshot,userprop
> backup
> zfs allow bkuser @adminrole backup
>
>
> I am sure it could be a lot tighter for security, but it works.
>
> Have a great day!!
>
> Geoff
>
>
>
>
>
>
> ______________________________**_________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss@**openindiana.org<OpenIndiana-discuss at openindiana.org>
> http://openindiana.org/**mailman/listinfo/openindiana-**discuss<http://openindiana.org/mailman/listinfo/openindiana-discuss>
>
More information about the OpenIndiana-discuss
mailing list