I use two backup methods:
- weekly images: I publish and export images of all running containers, then rsync them elsewhere. I also encrypt them before rsync. I also tried exporting containers directly, but I found out that images are safer and can be imported in LXD servers that are configured differently, while exported containers are very picky about where they can be imported. It’s important to also backup all profiles, and the list of profiles that are applied to each container. I use profiles to configure containers (e.g. add disk devices, set boot priority, etc.)
- rsync selected directories from each container to a backup server. I recently learned how to use rrsync, so each container may execute exactly the same rsync command, but the files end up in different directories (based on each container’s unique rsa key). I typically backup /var/opt, /opt, /etc.
So, each container is responsible for its own daily file-based backup, and the host is responsible for a weekly image backup.
I avoid putting large directories in containers. I put them on the host instead (typically as a zfs dataset) and provide either read-only or read-write access via a disk device profile and an optional raw.idmap profile. I backup these directories from the host, separately from the containers.
I have tried rsyncing the container filesystems directly from the host, but that seems elusive. It stopped working with snap, because snap LXD does not keep the container filesystems mounted in a host filesystem. See: Rootfs mount locations on the host with snap lxd