From 31C3_Public_Wiki
Jump to: navigation, search

Description zogftw (ZFS on geli for the win) creates redundant backups on encrypted external ZFS pools.
Has website http://www.fabiankeil.de/gehacktes/zogftw/
Persons working on Fk
Tags zogftw, OpenZFS, FreeBSD, geli, ZFS, encryption, FDE, cloud, buzzword-compliance, Free Software, privacy
Other projects...


OpenZFS currently has no integrated full disk encryption support which is mitigated on FreeBSD by using geli.

It works great out of the box for pools that are always attached, but using external pools, which are exported most of the time, is inconvenient. Automatically importing available pools doesn't work because the ZFS metadata isn't available until the geli provider has been attached. It's especially inconvenient when multiple pools are supposed to be attached at the same time, specifying lots of passphrases and optionally keyfiles is rather boring.

Manually using the external pools for backups is time consuming even without encryption being involved. One has to provide the proper snapshot names as the zfs process that sends the snapshot doesn't see the receiving dataset and thus can't easily send whatever is missing.

zogftw makes importing, exporting and sending snapshots to such pools more convenient and has a bunch of additional ZFS-related features. It's extendable in shell (and thus pretty much any language you might care about). Additionally it can be used as function library for other shell scripts or interactive shells.