[CentOS] Borgbackup question

Mon Mar 2 12:50:40 UTC 2020
Tobias Kirchhofer <collect at shift.agency>

On 2 Mar 2020, at 13:35, Alessandro Baggi wrote:

> Il 02/03/20 13:18, Tobias Kirchhofer ha scritto:
>> On 2 Mar 2020, at 12:58, Alessandro Baggi wrote:
>>> Il 01/03/20 20:18, Tobias Kirchhofer ha scritto:
>>>> On 1 Mar 2020, at 20:00, Gordon Messmer wrote:
>>>>> On 3/1/20 12:40 AM, Alessandro Baggi wrote:
>>>>>> borgbackup is a very interesting backup tool with a lot of 
>>>>>> features. It is ready for "production" or I should expect some 
>>>>>> bad surprise?
>>>>> I don't know the answer to that, but to me that implies two 
>>>>> questions: 1) Are there failure conditions that it doesn't handle, 
>>>>> especially with an interrupted backup, and 2) Does it perform 
>>>>> poorly under any specific circumstances.  If anyone has 
>>>>> experience with those questions, or is familiar enough with the 
>>>>> implementation to explain why those should not be an issue, I'd be 
>>>>> interested in their input as well.
>>>>> I use borgbackup for several laptops backing up to a local file 
>>>>> server with sshfs, and that's been good so far.
>>>> We have around 50 linux clients with borg backups to two different 
>>>> backup server, provisioned with Ansible. A new host is in the 
>>>> backup in around 30 seconds :) One backup server is internal for 
>>>> DMZ and LAN and one is for external hosts. The internal backup 
>>>> server syncs its backup to the external server. Storage is made 
>>>> with ZFS summed up to 16 TB each server.
>>>> This runs nicely for around two years without interruption. We 
>>>> learned a bit her e and there about some side effects with borg 
>>>> cache in the beginning and invested some time in hardening and 
>>>> Ansible role.
>>>> Before we choosed borg restic was on the list. Looks good too. Do 
>>>> not now anymore why we decided for borg. Maybe the name :)
>>>> We startet here 
>>>> https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html
>>>> Tobias
>>> Hi Tobias,
>>> How do you secure the process?
>> Plain ssh:
>> authorized_keys on the backup server:
>> ```
>>>> command="borg serve --restrict-to-path 
>> /borgbackup/vm/host-name-of-backup-client --append-only" ssh-ed25519 
>> AAAAC3NzaC1… root at host-name-of-backup-client
>>>> ```
> Ok thank you but how do you run prune command if append-only is 
> enabled?

Prune is startet on the client after each backup. Before we did it on 
the backup server at once. But borg recreated the whole index per repo 
each time. The mailing list was helpful with this. borg prune must run 
on the machine where the backup is created.

append-only is not involved in borg prune.

collect at shift.agency