PBS for remote only backups?

[krby]

I posted originally here: https://forum.proxmox.com/threads/a...-home-use-is-pbs-the-right-fit-for-me.159015/
A reply suggested I try this subforum.

I'm relatively new to Proxmox, but an experienced Linux admin. I just built a small proxmox server for home. It's a 1TB ZFS mirror for root (rpool) and most VM/CT images (I let the pve installer partition this) and a 4TB ZFS mirror for bulk data. I'm using this pool (called tank) for files I share out using a fileserver container and also the data directory for a Nextcloud VM. I'm looking for advice on backing up this PVE instance, including the tank pool.
For background: I have used Duplicati for years to do file-level backups of my old NAS and desktops to an S3 clone service (Wasabi). My mental model for backups is shaped by that. Incremental, retention policy that lets me do X days, X weeks, etc, encrypted on the client side so I don't have to trust the remote. I'm looking for advice on how to do a backup of my PVE install, and I don't think PBS is what I want, but maybe I'm wrong? Specifically, I want incremental backups to a remote destination (S3, ssh, zfs send, whatever). I don't want a local copy of the backup. The poster in my other thread suggested I could run PBS in a container if I didn't care about the local copy.
What I have looked at:

• PBS: From what I can tell with the PBS route, I'd need a separate physical host, which I'd like to avoid. It looks like I might be able to have a remote only repository on something like rsync.net. But it's not clear to me what my remote options are with PBS.
• Sanoid or some zfs send/receive solution to something like rsync.net. This seems about perfect and not too expensive, except I don't think it can do client-side only encryption. I either have encrypted pools locally and use raw sending or I have an encrypted pool mounted on the remote (which means the key is on the remote side)
• Borg backup? I've heard a lot about this, but never used it, unclear to me if it backs up files or how I backup and restore would work for PVE, including VMs and CT image

The tight integration with PBS and PVE is attractive, if I can get it to work. Are folks using PBS as a container on the PVE being backed up and doing remote-only destinations?

Thanks for any advice.

 

[krby]

Moving a few things I have learned to this thread:
* I can run PBS locally in a VM or container
* PBS use a remote destination, but it looks to me like it only supports sending to another PBS, not just raw storage using ssh, or rysnc, or s3. So the remote has to something that can run a PBS instance 24/7 and have it accept connections
* Alternately, anything I can get to show up a a local directory can be a PBS datastore. Have people tries sshfs or s3fs or similar?

The above combination doesn't get me a "simple/cheap" remote only, client-encrypted backup. Having to run a PBS instance on the remote end feels kind of heavy weight to me, it implies at least a VPS-type thing with a bunch of storage attached. I like the idea of sending backups to "just storage", but maybe that's not going to work.

I think I saw a post about someone developing a script for using with borg, I'll have a look at that. Other ideas are welcome!

UPDATE: Actually, it looks like cloud-pbs offers "datastore only" plans at good prices. How does that work? Looking at the PBS documentation it seemed to me like a datastore has to appear as a local directory to PBS

 

[tcabernoch]

Ya, sounds like maybe you do want the cloud PBS. Seems to match what you are looking for.

Look, PBS is a weird animal. Don't get me wrong, I dig it, but it operates completely unlike any other backup system you've used.

To date, there have been 2 basic backup methods, OS agent or virtual disk image.
Either you run an agent inside the OS that builds a virtual image and uploads that,
or you snapshot the virtual machine so that it's running on a delta disk which allows you to grab the root disk and copy it.

PBS is neither of those. I think the primary design focus for PBS was absolute dedupe. PBS is a database of file parts. The only thing I've ever seen anything remotely like it is the Veeam WAN Accelerator, which does exactly the same thing with its cache. Well, this is a backup system made out of a file cache.

So think about this. If the target data storage is really just a big database of file parts, sure you don't duplicate _anything_, and that's good. But just the act of writing a new data chunk requires searching the metadata to see if it already exists. The end result is a backup system that is extremely conservative with your storage space but demands fast storage.

And then we get into where this bold dream behind PBS meets reality. Lots of folks want to run their backup system as a vm on slow storage.
Well, due to the way PBS processes a backup, it can lock disk segments that are being changed until a synchronous write happens to the target storage (PBS datastore). Waiting for sync writes can lead to vms just locking up during a backup.
PBS was never supposed to have a local cache. And if you ask them, it still doesn't. Nope, so they built fleecing to address this synchronous write issue and allow some async. Which makes fleecing a local cache. With a funny name. And incomplete .alpha-release design. And bad, game-killer bugz.

I suggest you spin up a PBS server and take a look. Just run it as a Proxmox VM, give it 200gb, and run a couple backups.

 

[Johannes S]

PBS is neither of those. I think the primary design focus for PBS was absolute dedupe. PBS is a database of file parts. The only thing I've ever seen anything remotely like it is the Veeam WAN Accelerator, which does exactly the same thing with its cache. Well, this is a backup system made out of a file cache.

Aint Tools like restic or borg similiar in this regard? They work also by splitting the data in file parts.

 

[Johannes S]

* Alternately, anything I can get to show up a a local directory can be a PBS datastore. Have people tries sshfs or s3fs or similar?

They have but the resulting performance isn't worth it. Since PBS splits the data in a lot of small chunks it needs high IOPS for it's garbage collection and other house keeping Tasks. sshfs, s3fs and Co doesn't provide this.

The above combination doesn't get me a "simple/cheap" remote only, client-encrypted backup. Having to run a PBS instance on the remote end feels kind of heavy weight to me, it implies at least a VPS-type thing with a bunch of storage attached. I like the idea of sending backups to "just storage", but maybe that's not going to work.

For this you could use the native vzdump. But it will take more space. Personally I think that around 10- 20 Euro per month for a vserver isn't too expensive for my data.

There used to je a birg based script but it's develoment stoppen brfore Release 7 of PVE. I doubt it still works.

UPDATE: Actually, it looks like cloud-pbs offers "datastore only" plans at good prices. How does that work? Looking at the PBS documentation it seemed to me like a datastore has to appear as a local directory to PBS

My guess: They have a PBS in a datacenter and offer you are an access to the datastore via PBS sync.

 

[ArionWolf]

Aint Tools like restic or borg similiar in this regard? They work also by splitting the data in file parts.

I love restic used it reliably for the last few years eith my rpi server. I am in the process of switching to proxmox and I am trying to figure the best offsitr backup strategy. I tried uploading VM and CT backups using restic today by uploading the contents of /var/lib/vz/dump and i noticed that de-duplication does not work. A quick search led me to this https://forum.restic.net/t/backup-vma-proxmox-with-restic/1864

It seems that in order to have de-duplication the only way is to use PBS which is unfortunate cause I feel very confident with restic. Fortunately PBS is easy to use and make restoration easy with it's gui. Sucks that probably I'll have to buy hardware just for pbs or use an old pc for it