[CentOS] Borgbackup question

Mon Mar 2 12:35:04 UTC 2020
Alessandro Baggi <alessandro.baggi at gmail.com>

Il 02/03/20 13:18, Tobias Kirchhofer ha scritto:
> On 2 Mar 2020, at 12:58, Alessandro Baggi wrote:
>
>> Il 01/03/20 20:18, Tobias Kirchhofer ha scritto:
>>> On 1 Mar 2020, at 20:00, Gordon Messmer wrote:
>>>
>>>> On 3/1/20 12:40 AM, Alessandro Baggi wrote:
>>>>> borgbackup is a very interesting backup tool with a lot of 
>>>>> features. It is ready for "production" or I should expect some bad 
>>>>> surprise?
>>>>
>>>>
>>>> I don't know the answer to that, but to me that implies two 
>>>> questions: 1) Are there failure conditions that it doesn't handle, 
>>>> especially with an interrupted backup, and 2) Does it perform 
>>>> poorly under any specific circumstances.  If anyone has experience 
>>>> with those questions, or is familiar enough with the implementation 
>>>> to explain why those should not be an issue, I'd be interested in 
>>>> their input as well.
>>>>
>>>> I use borgbackup for several laptops backing up to a local file 
>>>> server with sshfs, and that's been good so far.
>>>
>>> We have around 50 linux clients with borg backups to two different 
>>> backup server, provisioned with Ansible. A new host is in the backup 
>>> in around 30 seconds :) One backup server is internal for DMZ and 
>>> LAN and one is for external hosts. The internal backup server syncs 
>>> its backup to the external server. Storage is made with ZFS summed 
>>> up to 16 TB each server.
>>>
>>> This runs nicely for around two years without interruption. We 
>>> learned a bit her e and there about some side effects with borg 
>>> cache in the beginning and invested some time in hardening and 
>>> Ansible role.
>>>
>>> Before we choosed borg restic was on the list. Looks good too. Do 
>>> not now anymore why we decided for borg. Maybe the name :)
>>>
>>> We startet here 
>>> https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html
>>>
>>> Tobias
>>>
>> Hi Tobias,
>>
>> How do you secure the process?
>
> Plain ssh:
>
> authorized_keys on the backup server:
>
> ```
>> command="borg serve --restrict-to-path 
> /borgbackup/vm/host-name-of-backup-client --append-only" ssh-ed25519 
> AAAAC3NzaC1… root at host-name-of-backup-client
>> ```
>
Ok thank you but how do you run prune command if append-only is enabled?

Thanks in advance