Backup from PBS to PVE - Pull

[dima1002]

Can I set up the backup so that I pull the backups from the Proxmox server?
Unfortunately, I only have 2 servers available and would like to have the backup server in the DMZ. So that there is no physical connection.

Or how do you set up the backup? I want it safe from encryption trojans.

 

[dcsapak]

Can I set up the backup so that I pull the backups from the Proxmox server?

no it is currently not possible that the PBS pulls backups from PVE. what is possible is that a second PBS pulls backups from your first PBS instance

Or how do you set up the backup? I want it safe from encryption trojans.

if you only allow access to port 8007 (the api/webui), a 'normal' encryption trojan should not be able to do any harm
the worst thing is that it deletes older backups, which you can prevent by using a user/token that has only the 'DatastoreBackup' privilege and not Prune or Modify
(note that you cannot use pves retention settings anymore since the pve cannot delete any backup then)

 

[ReverZ]

A pull mechanism would be a great feature for the future to increase the security.

 

[guletz]

would be a great feature for the future to increase the security.

.... highly increase the security!

 

[CH.illig]

You can just do this by yourself.

- First, disable the Backup Jobs on PVE (if you not want them to run)
- then go to your PBS

- add a bash script that ssh your PVE and start the backup
or
- add a curl command that trigers the PVE API
POST /api2/json/nodes/{node}/qemu/{vmid}/backup


i don't have currently enough Time to give you a full script, but the hint should be enough?

 

[shalak]

- add a bash script that ssh your PVE and start the backup
or
- add a curl command that trigers the PVE API
POST /api2/json/nodes/{node}/qemu/{vmid}/backup

I believe that would defeat the purpose - the PVE in this scenario would need to have access to PBS host, thus exposing us at risk of encryption trojans

no it is currently not possible that the PBS pulls backups from PVE. what is possible is that a second PBS pulls backups from your first PBS instance

Is it possible to have the following setup:
- First PBS, running on PVE in a VM/LXC keeps only the latest backup
- Second PBS, running on another machine, pulls the backup from first PBS, but keeps last N backups?

 

[fabian]

I believe that would defeat the purpose - the PVE in this scenario would need to have access to PBS host, thus exposing us at risk of encryption trojans

at the end of the day, the same risk applies for pull based backups as well - the system that gives you the data can always be compromised and give you garbage instead?

you can already set up PVE and PBS in a way that PVE can only ever add new snapshots but never remove old ones..

Is it possible to have the following setup:

yes.

 

[shalak]

you can already set up PVE and PBS in a way that PVE can only ever add new snapshots but never remove old ones..

I understand, that in this scenario, the PBS can prone old ones?

Ok, so basically, assuming that PBS is not compromised and it keeps last N snapshots, I don't need the PBS-in-the-middle to keep things secure. I guess that solves the issue. Thanks!

 

[fabian]

I understand, that in this scenario, the PBS can prone old ones?

you can configure the privileges so that the PVE host cannot prune, if that is what you meant to ask but you still need to be careful with automated pruning at the moment until this is fixed:

https://forum.proxmox.com/threads/backup-threat-modelling-pruning-sidechannel.141014/#post-631902