[SOLVED] PBS questions

K

kokel

Member
Mar 9, 2021
34
6
13
37
Hello,

I'm new to PBS, we have installed a PBS instance to backup our 3-node Proxmox/CEPH Cluster.

  1. We have configured a user on PBS for the VE integration with permission "DatastorePowerUser" on the exact datastore for the VE Cluster. Is this sufficient as least privilege?
  2. How does the connection between VE <-> PBS work? We have a dedicated VLAN/IP-Range for Live Migration/Backup purpose. All VE Cluster nodes and the PBS resides here with a 10GB Link. In VE Storage configuration I configure the PBS server name or PBS IP address, is this relevant? Is the connection bidirectional? Who initiates this? My point is that the backup traffic sould be passed to the correct link, so the decision where the traffic goes is based on the servername/ip adress I configure here for PBS.
Thanks,
kokel
 
kokel said:
Hello,

I'm new to PBS, we have installed a PBS instance to backup our 3-node Proxmox/CEPH Cluster.

  1. We have configured a user on PBS for the VE integration with permission "DatastorePowerUser" on the exact datastore for the VE Cluster. Is this sufficient as least privilege?
  2. How does the connection between VE <-> PBS work? We have a dedicated VLAN/IP-Range for Live Migration/Backup purpose. All VE Cluster nodes and the PBS resides here with a 10GB Link. In VE Storage configuration I configure the PBS server name or PBS IP address, is this relevant? Is the connection bidirectional? Who initiates this? My point is that the backup traffic sould be passed to the correct link, so the decision where the traffic goes is based on the servername/ip adress I configure here for PBS.
Thanks,
kokel
Click to expand...

1. depends on what you mean with "least privilege". power users can prune (->delete) their own backups. if you don't want that (and setup a central prune schedule on PBS instead, or use a separate user for scripted/manual pruning), use DatastoreBackup as role. see https://pbs.proxmox.com/docs/user-management.html for details
2. the connection is always initiated from the PVE side using HTTPS to port 8007. for actual backup/restore tasks the connection is upgraded to HTTP2, which allows multiplexed transfers over a single connection.
 
Thanks @fabian for your quick response.
fabian said:
1. depends on what you mean with "least privilege". power users can prune (->delete) their own backups. if you don't want that (and setup a central prune schedule on PBS instead, or use a separate user for scripted/manual pruning), use DatastoreBackup as role. see https://pbs.proxmox.com/docs/user-management.html for details
Click to expand...
The user we have configured is for the VE integration, so for me this is no "user", more a system account. Deleting backups from VE would be nice. WI assumed the deleting of backups wouldn't produce problems with the cetral prune schedule from PBS, doens't it?

fabian said:
2. the connection is always initiated from the PVE side using HTTPS to port 8007. for actual backup/restore tasks the connection is upgraded to HTTP2, which allows multiplexed transfers over a single connection.
Click to expand...
Thanks for the explanation. So it doens't matter if we configure the Storage via servername or ip address?
 
no, manual deletion from PVE side is no different than manual deletion on the PBS side. you probably don't want to setup automatic pruning on both ends, as that doesn't make much sense. some people prefer "append-only" backups, so that in the event of your PVE host becoming compromised, an attacker cannot delete all backups and the data on the PVE side.

depending on your setup using the name might actually be preferable (e.g., if you are using a trusted certificate and want to skip the fingerprint-based pinning).
 
  • Like
Reactions: kokel
fabian said:
no, manual deletion from PVE side is no different than manual deletion on the PBS side. you probably don't want to setup automatic pruning on both ends, as that doesn't make much sense. some people prefer "append-only" backups, so that in the event of your PVE host becoming compromised, an attacker cannot delete all backups and the data on the PVE side.
Click to expand...
That's a good point, thanks.

fabian said:
depending on your setup using the name might actually be preferable (e.g., if you are using a trusted certificate and want to skip the fingerprint-based pinning).
Click to expand...
We currently stay on the default self signed certificate which is valid for ~1000 years :).
Because we use nginx as reverse proxy in front with LE certificate.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom