moving to freebsd / jails / bhyve (supplemental): export / backup jails with bastille

snapshots are not backups! do not rely on zfs snapshot to save your ass if you really break something or if a server completely loses it. (although.. a snapshot sent elsewhere, like another zpool on a different system, may be considered a backup).

going off of the earlier post i was working on getting a domain controller going. i want to export it so i can restore it just in case it comes down to having to destroy the jail and start over. i also want to test out how bastille does it.

there are two ways to do it. one way is to do everything from a shell using flags. 

root@devil:/usr/local/bastille # bastille export -l --zst -v dc

Hot exporting 'dc' to a raw image...

Creating temporary ZFS snapshot for export...

Sending ZFS data stream...
*** zstd command line interface 64-bits v1.5.2, by Yann Collet ***
full send of platters/bastille/jails/dc@bastille_dc_2025-12-20-163618 estimated size is 57.1K
full send of platters/bastille/jails/dc/root@bastille_dc_2025-12-20-163618 estimated size is 832M
total estimated size is 832M
TIME        SENT   SNAPSHOT platters/bastille/jails/dc@bastille_dc_2025-12-20-163618
TIME        SENT   SNAPSHOT platters/bastille/jails/dc/root@bastille_dc_2025-12-20-163618
(L3) Buffered :  10.0 MiB - Consumed :   286 MiB - Compressed :   155 MiB => 54.35% 16:36:19    352M   platters/bastille/jails/dc/root@bastille_dc_2025-12-20-163618
                                                                               .04% 
Exported '/usr/local/bastille/backups/dc_2025-12-20-163618.zst' successfully.

root@devil:/usr/local/bastille # ls backups/
dc_2025-12-20-163618.sha256     dc_2025-12-20-163618.zst

the -l (lower case L) is live. you can only do this if you are using zfs (which you should always always always be doing).

now i want this to be normal. so lets take a look at the bastille.conf again… (probably should have done this earlier). 

root@devil:/usr/local/bastille # edit -w /usr/local/etc/bastille/bastille.conf

bastille_export_options="--live --zst --verbose"    ## default "" predefined export options, e.g. "--live --gz"

the default is “do nothing” when using bastille export. i changed that to live using zst compression and to be verbose. lets test it out. 

root@devil:/usr/local/bastille # bastille export dc
Default export option(s): '--live --verbose --zst'

Hot exporting 'dc' to a raw image...

Creating temporary ZFS snapshot for export...

Sending ZFS data stream...
*** zstd command line interface 64-bits v1.5.2, by Yann Collet ***
full send of platters/bastille/jails/dc@bastille_dc_2025-12-20-164944 estimated size is 57.1K
full send of platters/bastille/jails/dc/root@bastille_dc_2025-12-20-164944 estimated size is 832M
total estimated size is 832M
TIME        SENT   SNAPSHOT platters/bastille/jails/dc@bastille_dc_2025-12-20-164944
TIME        SENT   SNAPSHOT platters/bastille/jails/dc/root@bastille_dc_2025-12-20-164944
(L3) Buffered :  10.0 MiB - Consumed :   286 MiB - Compressed :   155 MiB => 54.37% 16:49:45    346M   platters/bastille/jails/dc/root@bastille_dc_2025-12-20-164944
(L3) Buffered :  14.5 MiB - Consumed :   786 MiB - Compressed :   243 MiB => 30.96% 16:49:46    853M   platters/bastille/jails/dc/root@bastille_dc_2025-12-20-164944
                                                                               .04% 
Exported '/usr/local/bastille/backups/dc_2025-12-20-164944.zst' successfully.

ok. winning. later i’ll work on importing for the sake of knowing how to import but i’m sure that’s relatively easy.