Before ProxMox, I had one Ubuntu server running a collection of applications using docker-compose, LXC, and VMs.
Each docker-compose service had a "backup" container that would take backups (whatever that meant for the application) and put the backed up files on rsync.net using borg/borgmatic.
For VMs, same thing: I'd have borgmatic run on a cron to do whatever taking a backup meant (stopping the database etc) and put it on rsync.net
The result was neat because I had actual files visible on rsync.net backups and it's very nimble because I'd only save the actual files and data that needs backing up instead of the whole disk (on which 90% of the data is just the OS files which can be reinstalled from an ISO + Ansible playbook/Dockerfile)
My genius idea was to have ProxMox run a ZFS mirrored pool, which would contain a `backups` dataset. And in that dataset, each VM/CT would have its own subdirectory. This subdirectory would be mounted inside the VM/CT and backups dumped on it. Then I'd have a CT or a cron on ProxMox directly send these to rsync.net once a day using borg. This would save me from configuring borgmatic in every single VM/CT I wanted to backup, I wouldn't have to deal with dozens of public keys on rsync.net, and the backup process would be more transparent to the VM/CT.
Except that I can't easily mount a directory inside VMs and CTs. I thought it would be as simple as with VirtualBox's shared folders and Docker's volumes. But it's not at all. And I don't want to deal with hardening NFS just to expose the `backups` dataset's subdirs to each VM and CT.
I could create a small backup disk for each VM/CT and have that stored on the `backups` dataset, which then gets backed up to rsync.net from ProxMox. But that's opaque (I can't easily see what files exactly are in each backup, only the VM/CT disk file) and I'm not sure how well it would dedup with borg either.
Where does that leave me? How could I make this backup system work for me so that:
- the process is mostly transparent to the VM/CT; all it has to know is how to provide the files to backup
- isn't opaque, so I can see the actual files contained in each rsync.net/borg backup
- works as it should with borg's deduplication mechanism
- doesn't involve NFS or SMB because hardening is very hard with the former and messy with the latter
Each docker-compose service had a "backup" container that would take backups (whatever that meant for the application) and put the backed up files on rsync.net using borg/borgmatic.
For VMs, same thing: I'd have borgmatic run on a cron to do whatever taking a backup meant (stopping the database etc) and put it on rsync.net
The result was neat because I had actual files visible on rsync.net backups and it's very nimble because I'd only save the actual files and data that needs backing up instead of the whole disk (on which 90% of the data is just the OS files which can be reinstalled from an ISO + Ansible playbook/Dockerfile)
My genius idea was to have ProxMox run a ZFS mirrored pool, which would contain a `backups` dataset. And in that dataset, each VM/CT would have its own subdirectory. This subdirectory would be mounted inside the VM/CT and backups dumped on it. Then I'd have a CT or a cron on ProxMox directly send these to rsync.net once a day using borg. This would save me from configuring borgmatic in every single VM/CT I wanted to backup, I wouldn't have to deal with dozens of public keys on rsync.net, and the backup process would be more transparent to the VM/CT.
Except that I can't easily mount a directory inside VMs and CTs. I thought it would be as simple as with VirtualBox's shared folders and Docker's volumes. But it's not at all. And I don't want to deal with hardening NFS just to expose the `backups` dataset's subdirs to each VM and CT.
I could create a small backup disk for each VM/CT and have that stored on the `backups` dataset, which then gets backed up to rsync.net from ProxMox. But that's opaque (I can't easily see what files exactly are in each backup, only the VM/CT disk file) and I'm not sure how well it would dedup with borg either.
Where does that leave me? How could I make this backup system work for me so that:
- the process is mostly transparent to the VM/CT; all it has to know is how to provide the files to backup
- isn't opaque, so I can see the actual files contained in each rsync.net/borg backup
- works as it should with borg's deduplication mechanism
- doesn't involve NFS or SMB because hardening is very hard with the former and messy with the latter
Last edited:
