Linstor cannot correctly clone a volume that already exists on a zfs encrypted pool

LINSTOR
1

As discussed in here, I encountered some BUGs when using linstor as storage backend of incus.

I can use linstor storage-pool create zfsthin aaa incus tmp-pool/incus to create a linstor storage pool on an encrypted zfs pool, and then set it as the backend of the incus. However, when lunching containers in incus, incus started a clone operation, and the linstor seems not handled the clone operation on encrypted zfs pool correctly, as it reported:

linstor err show 68176B7C-B37A4-000000
ERROR REPORT 68176B7C-B37A4-000000

============================================================

Application:                        LINBIT® LINSTOR
Module:                             Satellite
Version:                            1.31.0
Build ID:                           a187af5c85a96bb27df87a5eab0bcf9dd6de6a34
Build time:                         2025-04-08T09:36:27+00:00
Error time:                         2025-05-04 13:29:37
Node:                               aaa
Thread:                             clone_ZFS_COPY(incus-volume-113d198b22bb4085bb18ba29ee3a0d36/0->incus-volume-b838c402629d4b55968172d6d262453d/0)

============================================================

Reported error:
===============

Category:                           LinStorException
Class name:                         LinStorException
Class canonical name:               com.linbit.linstor.LinStorException
Generated at:                       Method 'run', Source file 'CloneDaemon.java', Line #137

Error message:                      None 0 exit from: [timeout, 0, bash, -c, set -o pipefail; zfs send --embed --large-block tmp-pool/incus/incus-volume-113d198b22bb4085bb18ba29ee3a0d36_00000@CF_ad1d8095 | zfs receive -F tmp-pool/incus/incus-volume-b838c402629d4b55968172d6d262453d_00000 && zfs destroy -r tmp-pool/incus/incus-volume-b838c402629d4b55968172d6d262453d_00000@%]

ErrorContext:
  Description: Clone command failed
  Cause:       cannot receive new filesystem stream: zfs receive -F cannot be used to destroy an encrypted filesystem or overwrite an unencrypted one with an encrypted one


Call backtrace:

    Method                                   Native Class:Line number
    run                                      N      com.linbit.linstor.clone.CloneDaemon:137
    run                                      N      java.lang.Thread:1583


END OF ERROR REPORT.

According to the openzfs document, using zfs send will cause zfs to decrypt the encrypted volume and send it. zfs recv cannot receive decrypted data streams on encrypted volumes. An additional --raw option can make zfs send not decrypt when sending.

It seems zfs is fully supported according here while zfs native encryption is not supported as discussed in this issue. However, personally I don’t think that a zfs support without zfs native encryption can be called a “fully support”.

I think that this problem can be solved by simply changing the zfs send --embed --large-block in doZFSCopy to zfs send --raw --embed --large-block to let zfs send encrypted streams.