PBS cron script works on three PMX and fails on one

DynFi User

Well-Known Member
Apr 18, 2016
147
16
58
48
dynfi.com
I have this cron script setup and working "ok" on three of four servers of ours : goal is to backup PVE directories and key directories in case of "server crash" for a fast restore.

I am using client version: 1.1.5 and latest proxmox server 6.4.5


Code:
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
PBS_PASSWORD="94dc2daa-blablablalabla-0a1199377a5a"

46 0 * * * root proxmox-backup-client backup etc-pve.pxar:/etc/pve var-lib-pvecluster.pxar:/var/lib/pve-cluster root.pxar:/root etc-network-interfaces.pxar:/etc/network --all-file-systems true --repository 'backup@pbs!backup_etc@mysrv.domain.lan:BackupPMX' > /dev/null

This script has been debuged and is working very well on three of our four servers.

On the last server it is pulling out an error which is weird and impossible to understand to me :

Code:
root@mysrv:/home/user# proxmox-backup-client backup etc-pve.pxar:/etc/pve var-lib-pvecluster.pxar:/var/lib/pve-cluster root.pxar:/root etc-network-interfaces.pxar:/etc/network --all-file-systems true --repository 'backup@pbs!backup_etc@mysrv.domain.lan:BackupPMX'
Starting backup: host/mysrv/2021-05-05T06:05:20Z
Client name: mysrv
Starting backup protocol: Wed May  5 08:05:20 2021
Error: backup owner check failed (backup@pbs!backup_etc != remotebckp@pbs!remote_bckp)

  1. I am not asking this cron script to be executed using "remotebckp@pbs!remote_bckp" but "backup@pbs!backup_etc"
  2. PBS_PASSWORD is properly set and works as expected on all servers
  3. I don't understand why this server seems to switch user / token when asked to do his backup ???
  4. No previous file level backup have been done for this PMX server and keys are properly set (AFAICT)

I could use some help since this is looking like a bug at this stage to me.


Sincerely yours.
 
  1. I am not asking this cron script to be executed using "remotebckp@pbs!remote_bckp" but "backup@pbs!backup_etc"
exactly, but the backup group on pbs (for the group 'host/mysrv') belongs to the user 'remotebckp@pbs!remote_bckp'
so you either have to
* use the correct user for the backup group
* change the owner of the backup group
* change the group by giving a different '--backup-id' (note that while all backups on a datastore are deduplicated, for security reasons a client only knows of the chuks from the previous snapshot of the same group, iow. if you change id, you'll upload all chunks to the server, regardless if those exist already on the server)
 
exactly, but the backup group on pbs (for the group 'host/mysrv') belongs to the user 'remotebckp@pbs!remote_bckp'
so you either have to
* use the correct user for the backup group
* change the owner of the backup group
* change the group by giving a different '--backup-id' (note that while all backups on a datastore are deduplicated, for security reasons a client only knows of the chuks from the previous snapshot of the same group, iow. if you change id, you'll upload all chunks to the server, regardless if those exist already on the server)

Well the GUI does not display any 'host/mysrv' on my backup server.

These are genuine backup launched for the first time on the backup server, and they worked for my three other hypervisors which were configured the exact same way.

My DataStore 'BackupPMX' has already been assigned a default user and group that's the right one 'backup@pbs'

User 'backup@pbs' has the right authorisation on all datastores and the token 'remote_bckp' is also set correctly and has backup authorisation on the target datastore ==> 'BackupPMX'

So I am not sure how I can set permission on a 'host/mysrv' that's not displayed in the GUI ??
Maybe you have some kind of hidden permission handling file which keeps track of permissions.

What would be the CLI to set this authorisation properly for this Mount Point ?

Thx
 
ok so if there are no snapshots left for this group (e.g. because all are deleted) it sadly does not show up currently (see https://bugzilla.proxmox.com/show_bug.cgi?id=3336 for details)
you can change the owner on the cli though with
Code:
proxmox-backup-client change-owner 'host/mysrv' newowner@pam
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!