Cuddletech | Compressed Secure ZFS Archives

Compressed Secure ZFS Archives

Posted on October 27, 2007

ZFS is an amazing technology. Its snapshot capability quickly changes the way you work on the desktop or server. Add replication via zfs send .. and zfs recv .. and life gets even better.

Jeff, Bill, and crew, geniuses that they are, did something very special and exceptionally powerful that you might be overlooking… ZFS replication is just a simple stream. Simply brilliant that is, because that means you can dump a ZFS Snapshot into a single file which we would commonly call an “archive”. Example:

root@aeon ~$ zfs snapshot local@mysnapshot
root@aeon ~$ zfs send local@mysnapshot > /export/local-snapshot.zarchive

You can recover that “archive” by piping it into zfs recv….

Now, consider the possibilities if you will… we have the ability to pipe this output from one tool to the next. So what if we take a snapshot, then we zfs send… that snapshot through bzip2 to compress it, and then into “encrypt” to encrypt it and output that to an “archive” file?

root@ultra ~$ zfs create pool/test
root@ultra ~$ cp -r /var/adm/* /pool/test/


root@ultra ~$ zfs list pool/test
NAME        USED  AVAIL  REFER  MOUNTPOINT
pool/test   208K   350G   208K  /pool/test

root@ultra ~$ zfs snapshot pool/test@snapshot-`date +%m-%d-%y`

root@ultra ~$ zfs send pool/test@snapshot-`date +%m-%d-%y` | bzip2 --stdout | encrypt -a aes -o /tmp/
pool.test.snapshot-`date +%m-%d-%y`.archive
Enter key:   <---  "zfs rules"

root@ultra ~$ zfs get refer pool/test@snapshot-`date +%m-%d-%y`
NAME                         PROPERTY    VALUE                        SOURCE
pool/test@snapshot-10-24-07  referenced  208K                         -
root@ultra ~$ ls -alh /tmp/pool.test.snapshot-10-24-07.archive 
-rw-r--r--   1 root     root         11K Oct 24 13:17 /tmp/pool.test.snapshot-10-24-07.archive

Now we just turn that around to restore it...

root@ultra ~$ zfs destroy -r pool/test

root@ultra ~$ decrypt -a aes -i /tmp/pool.test.snapshot-10-24-07.archive | bunzip2 --stdout |  zfs recv -d pool
Enter key:                      
root@ultra ~$ zfs list pool/test
NAME        USED  AVAIL  REFER  MOUNTPOINT
pool/test   208K   350G   208K  /pool/test

Is that kool or what? Power, lots of power... with ZFS Snapshots you can replicate and pipe your way to glory!