manage syncoid's snapshots (keep-sync-snap) with sanoid

[matlacki]

Hi, AFAIK sanoid can create snapshots of a dataset, but doesn't manage (in particular: prune) snapshots created by syncoid (@syncoid_ type). Normally there are just two such snapshots, but with --keep-sync-snap the number quickly increases

How about there would be possibility to traverse all @syncoid_* snaps and eliminate some of them in frequent/hourly/weekly/monthly fashion?

[matlacki]

I realize that syncoid can be set to use sanoid's snapshots instead its own, but then AFAIK there is a hole: if backup host is offline for sufficiently long then snapshots necessary for incremental backups are not preserved. Option to keep "last snapshot sent by sanoid" during the prune would also be handy. Am I missing something?

[TazerReloaded]

Same problem here. Syncing with syncoid snapshots works fine, but I don't want my servers having full access to the ZFS on the backup server. If only one server is compromised, the attacker can rollback or destroy backup datasets, making the backup system extremely vulnerable to attacks. As a solution I restricted the permissions of the backup user to create,mount,receive, which solves the security issue, but causes aforementioned Problem:

• if I sync from my production servers (push-configuration), I cannot rollback or destroy snapshots on the backup machine, which leads to lots of abandoned snapshots.
• if I enable --no-sync-snap, it works as expected, but if the backup fails for a few days, the snapshots on the production machine are completely different from the ones on the backup machine, making incremental sync impossible.

I could run syncoid on the backup machine (pull configuration), which solves the permission problem, but that means a quite large reconfiguration. I could also only prune snapshots if the last backup was successful, but that seems a bit complicated. Any ideas?