PBS and borg backup

[danman]

Hi

I'm currently looking for a backup for certain VMs. Either a backup from PBS or PVE.
I have two separate buildings, in both are running PBS but I would like to have another backup of the backups on a untrusted storage.
I could use sshfs but I prefer borg backup.

If I'm going to backup the backup (PBS) of a certain VM, which files/directories should be backed up? Or is it better to go from PVE (VM itself)?

Thanks!

 

[Johannes S]

I wouldn't do this for multiple reasons:

• First you need to be careful to ensure the consistency of your datastore. People tried stunts like using rclone to backup their datastore contents to cloud providers ending in broken backups: https://forum.proxmox.com/threads/datastore-synced-with-rclone-broken.154709/ https://forum.proxmox.com/threads/pbs-appears-not-to-write-to-disk.157751/ You can mitigate this potential issues with additional measures (like stopping PBS services before the actual backup plus backing up filesystem-level snapshots (e.g. ZFS/lvm snapshots) instead of the actual datastore. Still you would need to be quite careful and test throughly to ensure that you don't actually loose your backups that way. For offsite backup of a PBS datastore the best option is to use the ncluded sync features to sync the backups to another PBS, a removable USB storage or (still technology preview) a S3 cloud provider.
• Second you will still need PBS to restore everything. If you want to ensure that you have a working backup even without your PBS it would make more sense to use borgbackup to create backups from inside the vms or lxcs so you have another backup which is not depending on PBS. I do something similiar but not as additional backup by using restic to backup my bulk data. My vserver has not enough storage to backup it even with PBS deduplication thus I seperate between the VM/lxcs installs (backed up with PBS) and bulk data (lives on a NAS, gets mounted to the VMs/lxcs with network shares, backup with restic).
• Third: Like with PBS you need a running and working server service on your remote storage (borgbackup server in this case), while there are more than enough backup tools who only needs something like S3, ssh on the target.

Now the third point is rather weak to be honest, but the first and second one are imho quite strong arguments against backups of a datastore with anything except the native feature of PBS. If you actually want to utilice something like zfs snapshots it would also make sense to use zfs send/receive feature to replicate the datastores to the target.

 

[louie1961]

Backing up from PVE is better if you are planning on doing an immediate restore, like migrating from one host to another. Otherwise take regular snapshots of your PBS data store and back up the snapshots. I do ZFS send of my snapshots to another machine running Debian with ZFS installed. I also rsync the snapshots to my Synology over ssh, using public key authentication only.

 

[bl1mp]

Hi Danman
you can use the s3 replication to avoid the requirement of running another remote PBS.

PVE provides clientsite encryption, circumvent confidentiality issus with 3rd party untrusted remote stores.

BR, Lucas