Syncoid questions

firecat53 · March 16, 2023, 7:03pm

I’m trying to run syncoid with multiple commands blocks backing up the same pool to different locations but the created timer units run at exactly the same time, causing at least one of the units to fail. It appears the zfs permissions delegation (allow and then unallow for each unit on each run) is causing the issue because when one unit is finished, it unallows permissions, causing the second unit to fail in the middle of its run.

Configuration:

services.syncoid = {
    enable = true;
    user = "backupuser";
    commonArgs = [ "--no-sync-snap" "--skip-parent" "--recursive" ];
    sshKey = "/var/lib/syncoid/backup";
    commands."backup1" = {
      source = "rpool/data";
      target = "backup1";
    };
    commands."truenas" = {
      source = "rpool/data";
      target = "backupuser@192.168.200.103:backuppool/data";
      extraArgs = [ "--sshoption=StrictHostKeyChecking=off" ];
    };

Journal:

.....
Mar 16 11:00:28 homeserver syncoid[3240682]: NEWEST SNAPSHOT: autosnap_2023-03-16_18:00:01_hourly
Mar 16 11:00:30 homeserver syncoid[3240682]: Sending incremental rpool/data/wallpaper@autosnap_2023-03-16_17:00:01_hourly ... autosnap_2023-03-16_18:00:01_hourly (~ 4 KB):
Mar 16 11:00:30 homeserver syncoid[3245741]: cannot hold: permission denied
Mar 16 11:00:30 homeserver syncoid[3245741]: cannot send 'rpool/data/wallpaper': permission denied
Mar 16 11:00:30 homeserver syncoid[3245739]: cannot receive: failed to read from stream
Mar 16 11:00:30 homeserver syncoid[3240682]: CRITICAL ERROR:  zfs send  -I 'rpool/data/wallpaper'@'autosnap_2023-03-16_17:00:01_hourly' 'rpool/data/wallpaper'@'autosnap_2023-03-16_18:00:01_hourly' | pv -p -t -e -r -b -s 4096 | lzop  | mbuffer  -q -s 128k -m 16M 2>/dev/null | ssh  -o StrictHostKeyChecking=off  -i /var/lib/syncoid/backup -S /tmp/syncoid-backupuser@192.168.200.103-1678989600 ansible@192.168.200.103 ' lzop -dfc |  zfs receive  -s -F '"'"'backuppool/data/wallpaper'"'"' 2>&1' failed: 256 at /nix/store/0c2gjxabll87wfi9km6b13lyrry286lw-sanoid-2.1.0/bin/.syncoid-wrapped line 817.
Mar 16 11:00:30 homeserver systemd[1]: syncoid-truenas.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 16 11:00:30 homeserver systemd[1]: syncoid-truenas.service: Failed with result 'exit-code'.

I thought about trying to add After= and Conflicts= to the service file, but those are in the [Unit] section and the syncoid service only has a configuration option for the [Service] section.

Any ideas how to work around this, or is this a bug?

Thanks!

Edit: sorry, second question. Is there a reason why the unit can’t access the ssh key when it’s located in /home/backupuser/.ssh/backup? The only way I could get the unit to work was by moving the key location to /var/lib/syncoid/backup.

firecat53 · March 21, 2023, 7:31pm

Worked around the problem by just defining systemd services instead of using the nixos sanoid service and by defining the zfs permissions directly on the pool zfs allow -u user compression,create,destroy,mount,mountpoint,receive,rollback

I still don’t know exactly why the SSH key can only be read from /var/lib/syncoid instead of /home/user.

  ## `backup1` pool is external SSD (for all data except `downloads`)
  systemd.services.syncoid-backup1 = {
    description = "Syncoid backup to `backup1` pool";
    after = [ "sanoid.service" ];
    before = [ "syncoid-nas.service" ];
    wantedBy = [ "sanoid.service" ];
    serviceConfig = {
      ExecStart = "${pkgs.sanoid}/bin/syncoid --no-privilege-elevation --no-sync-snap --skip-parent --recursive rpool/data backup1";
      User = "user";
    };
    path = [ pkgs.openssh pkgs.sanoid pkgs.zfs ];
  };
  systemd.services.syncoid-nas = {
    description = "Syncoid backup to nas server";
    after = [ "network-online.target" "syncoid-backup1.service" ];
    wantedBy = [ "syncoid-backup1.service" ];
    serviceConfig = {
      ExecStartPre = "${pkgs.sanoid}/bin/syncoid --no-privilege-elevation --no-sync-snap --skip-parent --recursive --sshkey /var/lib/syncoid/backup rpool/data user@192.168.2.103`:backuppool/data";
      ExecStart = "${pkgs.sanoid}/bin/syncoid --no-privilege-elevation --no-sync-snap --sshkey /var/lib/syncoid/backup downloadpool/downloads user@192.168.2.103:backuppool/data/downloads";
      User = "user";
    };
    path = [ pkgs.openssh pkgs.sanoid pkgs.zfs ];
  };