Sync jobs only pulls namespace names, no content

8

8192K

Member
Apr 12, 2024
34
0
6
I have an on-site PBS server with one datastore called mainDisk. This server has a user remote@pbs which is used to backup from my Proxmox VMs/LXCs or other bare metal Linux installations. It has the role DatastoreBackup as well as an API token also set to the role DatastoreBackup, both for /datastore/mainDisk. This works fine.

I am now trying to add an off-site PBS server that is only supposed to sync from that on-site PBS server (let's call it mainPBS and offsitePBS). offsitePBS has one datastore, also called mainDisk.

For the sync process, I now created a new user on mainPBS called offsite@pbs with roles DatastoreBackup, RemoteSyncOperator on /datastore/mainDisk. On offsitePBS I created a user called remote@pbs that has the following roles: DatastoreBackup and RemoteSyncOperator set to /datastore/mainDisk and RemoteSyncOperator set to /remote/mainPBS/mainDisk.

The sync job I set up on the offsitePBS has root@pam as the local owner and setting the remote works as its mainDisk datastorage is being found in the dialogue. The max depth parameter in the sync job is not set, neither the source namespace parameter.

However, when I run the sync job, only the name spaces on mainPBS are synced, without any content. There should be 6 VMs under the root namespace and under each namespace under root there should be one entry.

Output:
2024-11-15T15:24:45+01:00: Starting datastore sync job 'mainPBS:mainDisk:mainDisk::s-3b2b1b84-b780'
2024-11-15T15:24:45+01:00: sync datastore 'mainDisk' from 'mainPBS/mainDisk'
2024-11-15T15:24:45+01:00: ----
2024-11-15T15:24:45+01:00: Syncing datastore 'mainDisk', root namespace into datastore 'mainDisk', root namespace
2024-11-15T15:24:45+01:00: found 0 groups to sync (out of 0 total)
2024-11-15T15:24:45+01:00: Finished syncing root namespace, current progress: 0 groups, 0 snapshots
2024-11-15T15:24:45+01:00: ----
2024-11-15T15:24:45+01:00: Syncing datastore 'mainDisk', namespace 'share' into datastore 'mainDisk', namespace 'share'
2024-11-15T15:24:45+01:00: found 0 groups to sync (out of 0 total)
2024-11-15T15:24:45+01:00: Finished syncing namespace share, current progress: 0 groups, 0 snapshots
2024-11-15T15:24:45+01:00: ----
2024-11-15T15:24:45+01:00: Syncing datastore 'mainDisk', namespace 'beast' into datastore 'mainDisk', namespace 'beast'
2024-11-15T15:24:45+01:00: found 0 groups to sync (out of 0 total)
2024-11-15T15:24:45+01:00: Finished syncing namespace beast, current progress: 0 groups, 0 snapshots
2024-11-15T15:24:45+01:00: ----
2024-11-15T15:24:45+01:00: Syncing datastore 'mainDisk', namespace 'mini-manjaro' into datastore 'mainDisk', namespace 'mini-manjaro'
2024-11-15T15:24:45+01:00: found 0 groups to sync (out of 0 total)
2024-11-15T15:24:45+01:00: Finished syncing namespace mini-manjaro, current progress: 0 groups, 0 snapshots
2024-11-15T15:24:45+01:00: ----
2024-11-15T15:24:45+01:00: Syncing datastore 'mainDisk', namespace 'mini-proxmox' into datastore 'mainDisk', namespace 'mini-proxmox'
2024-11-15T15:24:45+01:00: found 0 groups to sync (out of 0 total)
2024-11-15T15:24:45+01:00: Finished syncing namespace mini-proxmox, current progress: 0 groups, 0 snapshots
2024-11-15T15:24:45+01:00: Summary: sync job found no new data to pull
2024-11-15T15:24:45+01:00: sync job 'mainPBS:mainDisk:mainDisk::s-3b2b1b84-b780' end
2024-11-15T15:24:45+01:00: TASK OK
Click to expand...

Is this a permissions problem? Or an issue when running a sync job for the first time?

remote.cfg:
Code: 
remote: mainPBS
        auth-id offsite@pbs
        fingerprint xxxxxxxx
        host 192.168.xxx.xx
        password xxxxxxxxx

sync.cfg:
Code: 
sync: s-3b2b1b84-b780
        ns 
        owner root@pam
        remote mainPBS
        remote-ns 
        remote-store mainDisk
        remove-vanished false
        schedule hourly
        store mainDisk

acl.cfg on offsitePBS:
Code: 
acl:1:/datastore/mainDisk:remote@pbs:DatastoreBackup,RemoteSyncOperator
acl:1:/remote/mainPBS/mainDisk:remote@pbs:RemoteSyncOperator

acl.cfg on mainPBS:
Code: 
acl:1:/datastore/mainDisk:offsite@pbs:RemoteSyncOperator
acl:1:/datastore/mainDisk:offsite@pbs,remote@pbs,remote@pbs!backup_token:DatastoreBackup
 
8192K said:
I have an on-site PBS server with one datastore called mainDisk. This server has a user remote@pbs which is used to backup from my Proxmox VMs/LXCs or other bare metal Linux installations. It has the role DatastoreBackup as well as an API token also set to the role DatastoreBackup, both for /datastore/mainDisk. This works fine.

I am now trying to add an off-site PBS server that is only supposed to sync from that on-site PBS server (let's call it mainPBS and offsitePBS). offsitePBS has one datastore, also called mainDisk.

For the sync process, I now created a new user on mainPBS called offsite@pbs with roles DatastoreBackup, RemoteSyncOperator on /datastore/mainDisk. On offsitePBS I created a user called remote@pbs that has the following roles: DatastoreBackup and RemoteSyncOperator set to /datastore/mainDisk and RemoteSyncOperator set to /remote/mainPBS/mainDisk.

The sync job I set up on the offsitePBS has root@pam as the local owner and setting the remote works as its mainDisk datastorage is being found in the dialogue. The max depth parameter in the sync job is not set, neither the source namespace parameter.

However, when I run the sync job, only the name spaces on mainPBS are synced, without any content. There should be 6 VMs under the root namespace and under each namespace under root there should be one entry.

Output:


Is this a permissions problem? Or an issue when running a sync job for the first time?

remote.cfg:
Code: 
remote: mainPBS
        auth-id offsite@pbs
        fingerprint xxxxxxxx
        host 192.168.xxx.xx
        password xxxxxxxxx

sync.cfg:
Code: 
sync: s-3b2b1b84-b780
        ns
        owner root@pam
        remote mainPBS
        remote-ns
        remote-store mainDisk
        remove-vanished false
        schedule hourly
        store mainDisk

acl.cfg on offsitePBS:
Code: 
acl:1:/datastore/mainDisk:remote@pbs:DatastoreBackup,RemoteSyncOperator
acl:1:/remote/mainPBS/mainDisk:remote@pbs:RemoteSyncOperator

acl.cfg on mainPBS:
Code: 
acl:1:/datastore/mainDisk:offsite@pbs:RemoteSyncOperator
acl:1:/datastore/mainDisk:offsite@pbs,remote@pbs,remote@pbs!backup_token:DatastoreBackup
Click to expand...

Hi,
first of all please note that permissions on api token do not imply permission for the user and vice versa, you will have to give them the permission accordingly. So if you configured the remote using the api token, you will have to set the permissions for the api token on the source PBS instance, otherwise you will have to configure them for the user (which I guess is your case, according to the output).

The user on mainPBS used to pull the snapshots does not require the `RemoteSyncOperator`. This is only required for the user on offsitePBS for at least the path including the configured remote and datastore e.g. `/remote/mainPBS/mainDisk`. Further, it need at least `Datastore.Backup` on offsitePBS target datastore (I assume that one is named `mainDisk` as well?) so `/datastore/mainDisk`.

On the mainPBS, the user/token will need at least the permission to read backup snpshots, e.g. `Datastore.Backup` to read snapshot owned by that user or `Datastore.Read` on the corresponding datastore, e.g. `/datastore/mainDisk`.

Hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back