The restore command looks at the configuration from the backup. If that configuration includes the ID map, it should be used upon restore.look when here /etc/pve/lxc/<lxcid>.conf
delete lines
lxc.idmap: u 468000000 1000000000 1000000
lxc.idmap: g 468000000 1000000000 1000000
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 65536
then the following command is formed
INFO: run: lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- /usr/bin/proxmox-backup-client...
-m u:0:100000:65536 -m g:0:100000:65536
and we have this result
INFO: failed to open file: ".Xauthority": access denied
INFO: failed to open file: ".bash_history": access denied
INFO: failed to open file: ".cache": access denied
INFO: failed to open file: ".config": access denied
INFO: failed to open file: ".local": access denied
INFO: failed to open file: ".bash_history": access denied
INFO: failed to open file: ".cache": access denied
INFO: failed to open file: ".mysql_history": access denied
backup just ignores these files
here is the full backup log:
()
INFO: starting new backup job: vzdump 555 --storage backup2-private-all --remove 0 --node mb3 --mode snapshot
INFO: Starting Backup of VM 555 (lxc)
INFO: Backup started at 2022-07-27 09:53:25
INFO: status = stopped
INFO: backup mode: stop
INFO: ionice priority: 7
INFO: CT Name: rew-proxysql2test
INFO: including mount point rootfs ('/') in backup
INFO: creating Proxmox Backup Server archive 'ct/555/2022-07-27T09:53:25Z'
INFO: run: lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- /usr/bin/proxmox-backup-client backup --crypt-mode=none pct.conf:/var/tmp/vzdumptmp110507_555/etc/vzdump/pct.conf root.pxar:/mnt/vzsnap0 --include-dev /mnt/vzsnap0/./ --skip-lost-and-found --exclude=/var/log/lastlog --exclude=/tmp/?* --exclude=/var/tmp/?* --exclude=/var/run/?*.pid --backup-type ct --backup-id 555 --backup-time 1658915605 --repository pbs_backup_user@pbs@backup2.us.comrivate-all
INFO: Starting backup: ct/555/2022-07-27T09:53:25Z
INFO: Client name: mb3
INFO: Starting backup protocol: Wed Jul 27 09:53:25 2022
INFO: No previous manifest available.
INFO: Upload config file '/var/tmp/vzdumptmp110507_555/etc/vzdump/pct.conf' to 'pbs_backup_user@pbs@backup2.us.com:8007rivate-all' as pct.conf.blob
INFO: Upload directory '/mnt/vzsnap0' to 'pbs_backup_user@pbs@backup2.com:8007rivate-all' as root.pxar.didx
INFO: failed to open file: ".Xauthority": access denied
INFO: failed to open file: ".bash_history": access denied
INFO: failed to open file: ".cache": access denied
INFO: failed to open file: ".config": access denied
INFO: failed to open file: ".local": access denied
INFO: failed to open file: ".bash_history": access denied
INFO: failed to open file: ".cache": access denied
INFO: failed to open file: ".mysql_history": access denied
INFO: root.pxar: had to backup 1.391 GiB of 1.437 GiB (compressed 425.446 MiB) in 10.75s
INFO: root.pxar: average backup speed: 132.56 MiB/s
INFO: root.pxar: backup was done incrementally, reused 46.815 MiB (3.2%)
INFO: Uploaded backup catalog (715.332 KiB)
INFO: Duration: 10.78s
INFO: End Time: Wed Jul 27 09:53:36 2022
INFO: Finished Backup of VM 555 (00:00:11)
INFO: Backup finished at 2022-07-27 09:53:36
INFO: Backup job finished successfully
TASK OK
If you look at the configuration in this backup, it should also include the ID map and restore of this new backup should work.but we need these files from home directories and when here /etc/pve/lxc/<lxcid>.conf
add lines
lxc.idmap: u 468000000 1000000000 1000000
lxc.idmap: g 468000000 1000000000 1000000
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 65536
then a command is formed and everything is backed up well
NFO: run: lxc-usernsexec -m u:468000000:1000000000:1000000 -m g:468000000:1000000000:1000000 -m u:0:100000:65536 -m g:0:100000:65536 -- /usr/bin/proxmox-backup-client
-m u:468000000:1000000000:1000000 -m g:468000000:1000000000:1000000 -m u:0:100000:65536 -m g:0:100000:65536
because of this
-m u:468000000:1000000000:1000000 -m g:468000000:1000000000:1000000
This older backup probably doesn't include the correct ID map in its configuration. Unfortunately, I don't think there is a direct way to override the mapping withbut the problem is that when restoring the container, there are no these arguments
-m u:468000000:1000000000:1000000 -m g:468000000:1000000000:1000000
(full restore log)
ecovering backed-up configuration from 'backup2-private-all:backup/ct/4017/2022-07-21T14:18:24Z'
restoring 'backup2-private-all:backup/ct/4017/2022-07-21T14:18:24Z' now..
Error: error extracting archive - error at entry ".bash_history": failed to set ownership: Invalid argument (os error 22)
TASK ERROR: unable to restore CT 553 - command 'lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- /usr/bin/proxmox-backup-client restore '--crypt-mode=none' ct/4017/2022-07-21T14:18:24Z root.pxar /var/lib/lxc/553/rootfs --allow-existing-dirs --repository pbs_backup_user@pbs@backup2.us..comrivate-all' failed: exit code 255
the question is, how can I substitute these arguments in the restore command, and not just the backup?
-m u:468000000:1000000000:1000000 -m g:468000000:1000000000:1000000
pct restore
. You could:- Create a clone of the container
- Mount it with
pct mount <ID>
- Remove everything in
/var/lib/lxc/<ID>/rootfs
- manually run the
lxc-usernsexec+proxmox-backup-client restore
command with the correct mapping, while specifying/var/lib/lxc/<ID>/rootfs
as the target
Code:
root@pve702 ~ # cat manual-idmap.patch
diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
index 460df57..5ea87f9 100644
--- a/src/PVE/LXC/Create.pm
+++ b/src/PVE/LXC/Create.pm
@@ -100,6 +100,8 @@ sub restore_proxmox_backup_archive {
die "got unexpected backup format '$format'\n" if $format ne 'pbs-ct';
my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
+ push $id_map->@*, ['u', '468000000', '1000000000', '1000000'];
+ push $id_map->@*, ['g', '468000000', '1000000000', '1000000'];
my $userns_cmd = PVE::LXC::userns_command($id_map);
my $cmd = "restore";
root@pve702 ~ # patch /usr/share/perl5/PVE/LXC/Create.pm manual-idmap.patch
patching file /usr/share/perl5/PVE/LXC/Create.pm
root@pve702 ~ # pct restore <ID> pbs:backup/ct/<backup ID>/<backup time>
# The following reverts to the unpatched version of the code
root@pve702 ~ # apt install --reinstall pve-container