ZFS – Backup

All my data is currently saved in a quite trustable raidz pool, but this is not theft-proof for example. For increased safety, I chose to externalize a backup of the pool with a used tape drive on another hard drive.

Disk preparation

First, connect the backup disk to the computer, and make sure the device descriptor points to the correct drive :

# smartctl -i /dev/ad2
 smartctl 5.42 2011-10-20 r3458 [FreeBSD 8.3-RELEASE-p3 amd64] (local build)
 Copyright (C) 2002-11 by Bruce Allen, http://smartmontools.sourceforge.net
 Model Family: Seagate Barracuda Green (Adv. Format)
 Device Model: ST2000DL003-9VT166
 Serial Number: xxxxxxx
 LU WWN Device Id: 5 000c50 044b0747a
 Firmware Version: CC3C
 User Capacity: 2,000,398,934,016 bytes [2.00 TB]
 Sector Sizes: 512 bytes logical, 4096 bytes physical
 Device is: In smartctl database [for details use: -P show]
 ATA Version is: 8
 ATA Standard is: ATA-8-ACS revision 4
 Local Time is: Wed Jun 20 19:04:15 2012 CEST
 SMART support is: Available - device has SMART capability.
 SMART support is: Enabled

Then, create a new pool on this drive, with no particular option :

# zpool create backup /dev/ad2
# zpool status backup
 pool: backup
 state: ONLINE
 scan: none requested
 backup ONLINE 0 0 0
 ad2 ONLINE 0 0 0
errors: No known data errors

This is followed by the datasets creation. The option copies=2 [1] is used for the “important” datasets in order to protect them against an hypothetical bit rot [2] (but this double the used disk space).

# zfs create backup/fichiers
# zfs create -o checksum=sha256 -o copies=2 backup/fichiers/Photos

Less critical datasets can be created in a more usual way :

# zfs create -o checksum=sha256 backup/fichiers/Videos


For my backups, I chose the send option [3] included in ZFS. This feature is mainly used for data replication between hosts, but it is not recommended for backups on a external storage support, for a good reason : if one block is corrupted in the flow, the whole backup becomes unusable, which explains the importance of not forgetting the copies=2 option previously mentioned.

These backups are made from existing snapshots and encrypted with openssl this way :

# zfs send data/fichiers/Photos@062012 | openssl enc -aes-256-cbc -salt > /backup/fichiers/Photos/Photos_062012.ssl

And for “compressible” data :

# zfs send data/fichiers/Documents@062012 | compress | openssl enc -aes-256-cbc -salt > /backup/fichiers/Documents/Documents_062012.z.ssl

Once the backup is finished, the pool can be exported :

# zfs export backup

Backup validation

To make sure the backup is usable, the drive must be checked from time to time, for example with the live CD mode integrated into FreeBSD 9.0 (in this mode, the keymap can be changed via the kbdmap command).

A global check (zpool scrub) is possible after a drive import. All available pools can be listed with the zpool import command, and an alternative mountpoint can be set with the -R option, since / is in read-only mode when the live CD is used :

# zpool import
# mkdir /tmp/zfsroot
# zpool import -R /tmp/zfsroot <pool>
# zpool scrub <pool>

To check backups integrity at the filesystem level, the pool can be mounted in read-only, and checked with zstreamdump [4] :

# zpool import -o readonly=on -R /tmp/zfsroot <pool>
# openssl enc -d -aes-256-cbc -in /tmp/zfsroot/path/to/file.ssl | zstreamdump

If zstreamdump returns only the checksum, the backup data is valid. Otherwise, the command returns the following error :

Expected checksum differs from checksum in stream.

[1] : http://docs.oracle.com/cd/E19253-01/820-2315/gevpg/index.html
[2] : http://www.linux-mag.com/id/8794/
[3] : http://docs.oracle.com/cd/E19963-01/html/821-1448/gbchx.html
[4] : http://blog.richardelling.com/2009/10/check-integrity-of-zfs-send-streams.html