Hi,
inspecting backups and restoring singe files is possible using the WebUI in PVE by navigating to the PBS storage > Backup > selecting backup > File Restore. For cli you can use the proxmox-file-restore, see https://pbs.proxmox.com/docs/command-syntax.html#proxmox-file-restore
inspecting backups and restoring singe files is possible using the WebUI in PVE by navigating to the PBS storage > Backup > selecting backup > File Restore. For cli you can use the proxmox-file-restore, see https://pbs.proxmox.com/docs/command-syntax.html#proxmox-file-restore
This is already possible: You can inspect backups also from the PBS itself, just select the datastore, got to the contents tab and for the corresponding snapshot select the archive/disk you want to inspect. This however only works if the backups are not encrypted, as the encryption key is client side, so the server cannot decrypt the contents.
Just an idea: would it be possible to enter the encryption key temporarily for the wanted access to an encrypted backup? Session-only, the key should get deleted from ram when I close my browser.
Should I open a feature request on bugzilla for this, or is it not realistic? Or in development already? ;-)
Fetching a single file from a backup is really inconvenient via cli compared to the nice Web UI.
But you can already do the single file restore from the WebUI on the PVE host itself (also for encrypted backups, the key being stored on PVE side). So not sure what to gain from this. The server should not be able to decrypt encrypted backups (although passing in the key temporarily would be possible, not sure however if we want to support such a feature). What would be the use case for this?
Good point!
I have no current case, but I occasionally tried to download a (single) file from PBS. Realizing it is encrypted I went the CLI-way...
Sidenode: I am not the Thread starter, I just hijacked it with my not-so-helpful idea...
Maybe if I have only one PVE and that hardware died... and I do not like the command line. Okay, far fetched ;-)
Yeah, there might be some use cases where this could be handy, so feel free to open a bug report. Than we can evaluate further if allowing to pass a in-memory only key for decryption for encrypted snapshots might be feasible and what the security implications are.Good point!
I have no current case, but I occasionally tried to download a (single) file from PBS. Realizing it is encrypted I went the CLI-way...
Sidenode: I am not the Thread starter, I just hijacked it with my not-so-helpful idea...
Maybe if I have only one PVE and that hardware died... and I do not like the command line. Okay, far fetched ;-)
I just came across a use case.
I'm doing automated encrypted backups from a linux machine with the proxmox-backup-client. The backup consists of a few directories.
It would be great to be able to browse these backups from the PBS WebUI, instead of having to restore them first with the CLI, and then browse the restored backup.
I'm doing automated encrypted backups from a linux machine with the proxmox-backup-client. The backup consists of a few directories.
It would be great to be able to browse these backups from the PBS WebUI, instead of having to restore them first with the CLI, and then browse the restored backup.
Hi,
note that instead of restoring the full backup snapshot, you can also use the
proxmox-backup-client catalog shell to navigate the contents and selectively restore contents. This will work also with encrypted backup snapshots, you will however need to pass the encryption key via the --keyfile parameter.I get an error with
proxmox-backup-client catalog shell
Bash:
root@pve:~# proxmox-backup-client catalog shell host/pve/2024-10-21T02:29:46Z testdata.pxar --repository root@pam@192.168.11.98:USB_WD --keyfile /root/testbackup.key
Encryption Key Password: ******************************
Error: Unable to open dynamic index "/mnt/datastore/USB_WD/host/pve/2024-10-21T02:29:46Z/catalog.pcat1.didx" - No such file or directory (os error 2)
Last edited:
Did you use the
change-detection-mode set to data or metadata to create this snapshot?If so, please note that the catalog shell implementation is still lacking for split pxar archives .
A patch series to fix that issue has already been send to the developers mailing list, see https://lore.proxmox.com/pbs-devel/20240812103139.288854-1-c.ebner@proxmox.com/
Once applied, the catalog shell will be available also for these cases.
Another option you have at your disposal for the time being (until the catalog shell patches are applied) is theyup
proxmox-backup-client mount command (again passing the --keyfile parameter for your encrypted snaphsots). This will allow to mount the archive read-only via fuse and navigate its contents. You also can copy contents from the mountpoint to you local filesystem to perform single file restore.