[CentOS] Borgbackup question

Mon Mar 2 12:35:04 UTC 2020
Alessandro Baggi <alessandro.baggi at gmail.com>

Il 02/03/20 13:18, Tobias Kirchhofer ha scritto:
> On 2 Mar 2020, at 12:58, Alessandro Baggi wrote:
>> Il 01/03/20 20:18, Tobias Kirchhofer ha scritto:
>>> On 1 Mar 2020, at 20:00, Gordon Messmer wrote:
>>>> On 3/1/20 12:40 AM, Alessandro Baggi wrote:
>>>>> borgbackup is a very interesting backup tool with a lot of 
>>>>> features. It is ready for "production" or I should expect some bad 
>>>>> surprise?
>>>> I don't know the answer to that, but to me that implies two 
>>>> questions: 1) Are there failure conditions that it doesn't handle, 
>>>> especially with an interrupted backup, and 2) Does it perform 
>>>> poorly under any specific circumstances.  If anyone has experience 
>>>> with those questions, or is familiar enough with the implementation 
>>>> to explain why those should not be an issue, I'd be interested in 
>>>> their input as well.
>>>> I use borgbackup for several laptops backing up to a local file 
>>>> server with sshfs, and that's been good so far.
>>> We have around 50 linux clients with borg backups to two different 
>>> backup server, provisioned with Ansible. A new host is in the backup 
>>> in around 30 seconds :) One backup server is internal for DMZ and 
>>> LAN and one is for external hosts. The internal backup server syncs 
>>> its backup to the external server. Storage is made with ZFS summed 
>>> up to 16 TB each server.
>>> This runs nicely for around two years without interruption. We 
>>> learned a bit her e and there about some side effects with borg 
>>> cache in the beginning and invested some time in hardening and 
>>> Ansible role.
>>> Before we choosed borg restic was on the list. Looks good too. Do 
>>> not now anymore why we decided for borg. Maybe the name :)
>>> We startet here 
>>> https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html
>>> Tobias
>> Hi Tobias,
>> How do you secure the process?
> Plain ssh:
> authorized_keys on the backup server:
> ```
>> command="borg serve --restrict-to-path 
> /borgbackup/vm/host-name-of-backup-client --append-only" ssh-ed25519 
> AAAAC3NzaC1… root at host-name-of-backup-client
>> ```
Ok thank you but how do you run prune command if append-only is enabled?

Thanks in advance