Auto Backup protection

T

Tipenso

Member
May 12, 2022
16
4
8
Hi to all from Italy.
I'm testing very hardly Proxmox in my company.
A requirement of ours for auditing purposes, is the immutability of backups. I hope this feature will be in the Proxmox Backup Server roadmap....
In the meantime, to address the lack of immutability, I would like to at least enable by default and automatically, backup protection on all retention points, without the need to have to enable it manually.
Is this possible? If so, how?
Thank you in advance.
 
You can work with privileges to only allow creating and restoring backups snapshots but not deleting them. That in combination with a prune job running on the PBS instead of PVE should give you immutable backups.
 
Dunuin said:
You can work with privileges to only allow creating and restoring backups snapshots but not deleting them. That in combination with a prune job running on the PBS instead of PVE should give you immutable backups.
Click to expand...
Thank you for answer.
If I understand well, I would use Access Role "DatastoreBackup" for job.
At that point, job-level retentions would no longer work, but I would have to set pruning at the namespace level, correct? Which, however, would prevent me from having jobs with diversified retentions in the same namespace...
That said, how can I run a job with the DatastoreBackup access role? In the web GUI I don't see the ability to choose a specific user for jobs...
Thanks in advance.
 
Tipenso said:
Thank you for answer.
If I understand well, I would use Access Role "DatastoreBackup" for job.
At that point, job-level retentions would no longer work, but I would have to set pruning at the namespace level, correct? Which, however, would prevent me from having jobs with diversified retentions in the same namespace...
That said, how can I run a job with the DatastoreBackup access role? In the web GUI I don't see the ability to choose a specific user for jobs...
Thanks in advance.
Click to expand...
Right. I created different namespaces for different retentions. Then you can create different prune jobs with different retentions in the PBS webUI for the different namespaces. And for the user that got the DatastoreBackup, you set that by choosing a user when adding a PBS storage to PVE and not at the job level.

Edit: Different prune jobs per namespace is by the way on the PBS roadmap.
 
Last edited:
You must log in or register to reply here.
Top Bottom