Home Explore Help
Sign In
mirrors
/
borg
mirror of https://github.com/borgbackup/borg
2
0
Fork 0
Files Issues 0 Wiki
Tree: 7f8ce02732
Branches Tags
borg
/
docs
/
deployment
/
pull-backup.rst

pull-backup.rst 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176 
  1. .. include:: ../global.rst.inc
    2. 

  2. .. highlight:: none
    3. 

  3. 

  4. Backing up in pull mode
    5. 

  5. =======================
    6. 

  6. 

  7. Assuming you have a pull backup system set up with borg, where a backup server
    8. 

  8. pulls the data from the target via SSHFS. In this mode, the backup client's file
    9. 

  9. system is mounted remotely on the backup server. Pull mode is even possible if
    10. 

  10. the SSH connection must be established by the client via a remote tunnel. Other
    11. 

  11. network file systems like NFS or SMB could be used as well, but SSHFS is very
    12. 

  12. simple to set up and probably the most secure one.
    13. 

  13. 

  14. There are some restrictions caused by SSHFS. For example, unless you define UID
    15. 

  15. and GID mappings when mounting via ``sshfs``, owners and groups of the mounted
    16. 

  16. file system will probably change, and you may not have access to those files if
    17. 

  17. BorgBackup is not run with root privileges.
    18. 

  18. 

  19. SSHFS is a FUSE file system and uses the SFTP protocol, so there may be also
    20. 

  20. other unsupported features that the actual implementations of ssfs, libfuse and
    21. 

  21. sftp on the backup server do not support, like file name encodings, ACLs, xattrs
    22. 

  22. or bsdflags. So there is no guarantee that you are able to restore a system
    23. 

  23. completely in every aspect from such a backup.
    24. 

  24. 

  25. .. warning::
    26. 

  26. 

  27.     To mount the client's root file system you will need root access to the
    28. 

  28.     client. This contradicts to the usual threat model of BorgBackup, where
    29. 

  29.     clients don't need to trust the backup server (data is encrypted). In pull
    30. 

  30.     mode the server (when logged in as root) could cause unlimited damage to the
    31. 

  31.     client. Therefore, pull mode should be used only from servers you do fully
    32. 

  32.     trust!
    33. 

  33. 

  34. Creating a backup
    35. 

  35. -----------------
    36. 

  36. 

  37. Generally, in a pull backup situation there is no direct way for borg to know
    38. 

  38. the client's original UID:GID name mapping of files, because Borg would use
    39. 

  39. ``/etc/passwd`` and ``/etc/group`` of the backup server to map the names. To
    40. 

  40. derive the right names, Borg needs to have access to the client's passwd and
    41. 

  41. group files and use them in the backup process.
    42. 

  42. 

  43. The solution to this problem is chrooting into an sshfs mounted directory. In
    44. 

  44. this example the whole client root file system is mounted. We use the
    45. 

  45. stand-alone BorgBackup executable and copy it into the mounted file system to
    46. 

  46. make Borg available after entering chroot; this can be skipped if Borg is
    47. 

  47. already installed on the client.
    48. 

  48. 

  49. ::
    50. 

  50. 

  51.     # Mount client root file system.
    52. 

  52.     mkdir /tmp/sshfs
    53. 

  53.     sshfs root@host:/ /tmp/sshfs
    54. 

  54.     # Mount BorgBackup repository inside it.
    55. 

  55.     mkdir /tmp/sshfs/borgrepo
    56. 

  56.     mount --bind /path/to/repo /tmp/sshfs/borgrepo
    57. 

  57.     # Make borg executable available.
    58. 

  58.     cp /usr/local/bin/borg /tmp/sshfs/usr/local/bin/borg
    59. 

  59.     # Mount important system directories and enter chroot.
    60. 

  60.     cd /tmp/sshfs
    61. 

  61.     for i in dev proc sys; do mount --bind /$i $i; done
    62. 

  62.     chroot /tmp/sshfs
    63. 

  63. 

  64. Now we are on the backup system but inside a chroot with the client's root file
    65. 

  65. system. We have a copy of Borg binary in ``/usr/local/bin`` and the repository
    66. 

  66. in ``/borgrepo``. Borg will back up the client's user/group names, and we can
    67. 

  67. create the backup, retaining the original paths, excluding the repository:
    68. 

  68. 

  69. ::
    70. 

  70. 

  71.     borg create --exclude /borgrepo --files-cache ctime,size /borgrepo::archive /
    72. 

  72. 

  73. For the sake of simplicity only ``/borgrepo`` is excluded here. You may want to
    74. 

  74. set up an exclude file with additional files and folders to be excluded. Also
    75. 

  75. note that we have to modify Borg's file change detection behaviour – SSHFS
    76. 

  76. cannot guarantee stable inode numbers, so we have to supply the
    77. 

  77. ``--files-cache`` option.
    78. 

  78. 

  79. Finally, we need to exit chroot, unmount all the stuff and clean up:
    80. 

  80. 

  81. ::
    82. 

  82. 

  83.     exit # exit chroot
    84. 

  84.     rm /tmp/sshfs/usr/local/bin/borg
    85. 

  85.     cd /tmp/sshfs
    86. 

  86.     for i in dev proc sys borgrepo; do umount ./$i; done
    87. 

  87.     rmdir borgrepo
    88. 

  88.     cd ~
    89. 

  89.     umount /tmp/sshfs
    90. 

  90.     rmdir /tmp/sshfs
    91. 

  91. 

  92. Thanks to secuser on IRC for this how-to!
    93. 

  93. 

  94. Restore methods
    95. 

  95. ---------------
    96. 

  96. 

  97. The counterpart of a pull backup is a push restore. Depending on the type of
    98. 

  98. restore – full restore or partial restore – there are different methods to make
    99. 

  99. sure the correct IDs are restored.
    100. 

  100. 

  101. Partial restore
    102. 

  102. ~~~~~~~~~~~~~~~
    103. 

  103. 

  104. In case of a partial restore, using the archived UIDs/GIDs might lead to wrong
    105. 

  105. results if the name-to-ID mapping on the target system has changed compared to
    106. 

  106. backup time (might be the case e.g. for a fresh OS install).
    107. 

  107. 

  108. The workaround again is chrooting into an sshfs mounted directory, so Borg is
    109. 

  109. able to map the user/group names of the backup files to the actual IDs on the
    110. 

  110. client. This example is similar to the backup above – only the Borg command is
    111. 

  111. different:
    112. 

  112. 

  113. ::
    114. 

  114. 

  115.     # Mount client root file system.
    116. 

  116.     mkdir /tmp/sshfs
    117. 

  117.     sshfs root@host:/ /tmp/sshfs
    118. 

  118.     # Mount BorgBackup repository inside it.
    119. 

  119.     mkdir /tmp/sshfs/borgrepo
    120. 

  120.     mount --bind /path/to/repo /tmp/sshfs/borgrepo
    121. 

  121.     # Make borg executable available.
    122. 

  122.     cp /usr/local/bin/borg /tmp/sshfs/usr/local/bin/borg
    123. 

  123.     # Mount important system directories and enter chroot.
    124. 

  124.     cd /tmp/sshfs
    125. 

  125.     for i in dev proc sys; do mount --bind /$i $i; done
    126. 

  126.     chroot /tmp/sshfs
    127. 

  127. 

  128. Now we can run
    129. 

  129. 

  130. ::
    131. 

  131. 

  132.     borg extract /borgrepo::archive PATH
    133. 

  133. 

  134. to partially restore whatever we like. Finally, do the clean-up:
    135. 

  135. 

  136. ::
    137. 

  137. 

  138.     exit # exit chroot
    139. 

  139.     rm /tmp/sshfs/usr/local/bin/borg
    140. 

  140.     cd /tmp/sshfs
    141. 

  141.     for i in dev proc sys borgrepo; do umount ./$i; done
    142. 

  142.     rmdir borgrepo
    143. 

  143.     cd ~
    144. 

  144.     umount /tmp/sshfs
    145. 

  145.     rmdir /tmp/sshfs
    146. 

  146. 

  147. Full restore
    148. 

  148. ~~~~~~~~~~~~
    149. 

  149. 

  150. When doing a full restore, we restore all files (including the ones containing
    151. 

  151. the ID-to-name mapping, ``/etc/passwd`` and ``/etc/group``). Everything will be
    152. 

  152. consistent automatically if we restore the numeric IDs stored in the archive. So
    153. 

  153. there is no need for a chroot environment; we just mount the client file system
    154. 

  154. and extract a backup, utilizing the ``--numeric-owner`` option:
    155. 

  155. 

  156. ::
    157. 

  157. 

  158.     sshfs root@host:/ /mnt/sshfs
    159. 

  159.     cd /mnt/sshfs
    160. 

  160.     borg extract --numeric-owner /path/to/repo::archive
    161. 

  161.     cd ~
    162. 

  162.     umount /mnt/sshfs
    163. 

  163. 

  164. Simple (lossy) full restore
    165. 

  165. ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    166. 

  166. 

  167. Using ``borg export-tar`` it is possible to stream a backup to the client and
    168. 

  168. directly extract it without the need of mounting with SSHFS:
    169. 

  169. 

  170. ::
    171. 

  171. 

  172.     borg export-tar /path/to/repo::archive - | ssh root@host 'tar -C / -x'
    173. 

  173. 

  174. Note that in this scenario the tar format is the limiting factor – it cannot
    175. 

  175. restore all the advanced features that BorgBackup supports. See
    176. 

  176. :ref:`borg_export-tar` for limitations.
    177.