Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Push replication issue from TrueNAS to FreeBSD 13.0 offsite server

Description

Hello.

I am trying to replicate snapshots from my onsite TrueNAS Core server to a vanilla offsite FreeBSD 13.0 server running ZFS. I have a data a set zdata/home, which I am trying to push to 'data/razorfish-backup/' data set on the remote server.

I get the following error when replication is completed:

Error

cannot receive aclmode property on data/razorfish-backup: permission denied

cannot receive copies property on data/razorfish-backup: permission denied

cannot receive sharenfs property on data/razorfish-backup: permission denied

cannot receive sharesmb property on data/razorfish-backup: permission denied

cannot mount 'data/razorfish-backup': Insufficient privileges

. Please make sure replication user has write permissions to its parent dataset.

Logs

[2022/02/02 21:46:13] INFO [Thread-5839] [zettarepl.paramiko.replication_task__task_4] Connected (version 2.0, client OpenSSH_7.9)

[2022/02/02 21:46:15] INFO [Thread-5839] [zettarepl.paramiko.replication_task__task_4] Authentication (publickey) successful!

[2022/02/02 21:46:18] INFO [replication_task__task_4] [zettarepl.replication.run] For replication task 'task_4': doing push from 'zdata/home' to 'data/razorfish-backup' of snapshot='auto-2020-07-11_10-51' incremental_base=None receive_resume_token=None encryption=False

[2022/02/02 21:46:24] ERROR [replication_task__task_4] [zettarepl.replication.run] For task 'task_4' non-recoverable replication error ReplicationError("cannot receive aclmode property on data/razorfish-backup: permission denied\ncannot receive copies property on data/razorfish-backup: permission denied\ncannot receive sharenfs property on data/razorfish-backup: permission denied\ncannot receive sharesmb property on data/razorfish-backup: permission denied\ncannot mount 'data/razorfish-backup': Insufficient privileges\n. Please make sure replication user has write permissions to its parent dataset")

I use a non-root user on the destination system to receive the data. It's called 'backup'. I gave it following permissions:

  1. sudo zfs allow -u backup compression,mountpoint,create,mount,receive,userprop data/razorfish-backup

(Repeated for all data sets.)

I tried with other data sets as well with a similar outcome.

Source system:

  1. uname -a

FreeBSD kennedy.jensenwaud.lan 12.2-RELEASE-p9 FreeBSD 12.2-RELEASE-p9 2ee62d665f0(HEAD) TRUENAS amd64

Destination system:

  1. uname -a

FreeBSD merkle.jensenwaud.com 13.0-RELEASE FreeBSD 13.0-RELEASE #0 releng/13.0-n244733-ea31abc261f: Fri Apr 9 04:24:09 UTC 2021 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64

Problem/Justification

None

Impact

None

Activity

Show:

Anders Jensen-Waud February 9, 2022 at 12:41 AM

Hi Vladimir, thank you. The user backup does indeed have POSIX write permissions on /data as well. I am willing to grant the backup user any kind of permission as long as I can make non-root replication work (which it currently doesn't). Perhaps you could share how to solve this short-term?

Bug Clerk February 8, 2022 at 1:48 PM

Vladimir Vinogradenko February 5, 2022 at 7:15 PM

you are listing permissions on /data/backup-razorfish-zfs. User will need write permissions on /data to be able to mount data/backup-razorfish-zfs dataset.

Your replication fails at zfs set readonly=on data/backup-razorfish-zfs. We'll fix the poor error message, but if you don't want to grant your user "set property" permission, you'll need to disable setting destination dataset to read-only (set readonly behavior to "ignore" in advanced replication options).

Anders Jensen-Waud February 5, 2022 at 8:33 AM

Yes, it does:

merkle# ls -al
total 2
drwxr-xr-x 2 backup backup 2 Feb 5 08:30 .
drwxr-xr-x 4 backup backup 4 Feb 5 08:30 ..
merkle# pwd
/data/backup-razorfish-zfs
merkle#

 

 

Vladimir Vinogradenko February 4, 2022 at 9:12 AM

other question: does replication user has write permissions to the data dataset on the receiving side like the error message suggests?

Complete

Details

Assignee

Reporter

Labels

Impact

High

Time remaining

0m

Components

Fix versions

Affects versions

Priority

Katalon Platform

Created February 3, 2022 at 1:23 AM
Updated July 1, 2022 at 5:54 PM
Resolved February 8, 2022 at 1:53 PM