I’ve been thinking about the best and safest way to backup containers. I can either use lxc export to export the container to a tarball, or I can use lxc snapshot to create a snapshot of a container.
I’ve noticed that exporting a container is heavier on the server than just creating a snapshot and it seems like a snapshot is more storage efficient. Could anyone explain what the differences are and tell me if one of the two methods is safer than the other?
lxc export gets you a tarball you can put on a USB drive or ship to a backup server.
lxc snapshot uses the filesystem to create a copy-on-write snapshot of the data.
If you care about a container, having an automatic snapshot policy configured (snapshot schedule and snapshot expiry properties) is a must. That will let you recover from any accidental data deletion in the container, failed upgrades, …
This however doesn’t save you from something bad happening to your LXD host.
If the host drive gets corrupted, then snapshots won’t help you recover your containers.
To prevent this kind of issue you have two options:
lxc export once a day or once a week and ship the resulting tarballs to an external system, backup server, external hard drive, whatever…lxc copy CTN destination:CTN --refresh. It will sync the snapshots and container state to the remote server so that should the local server die, you can easily start them back up on that other system, or copy/move them elsewhere.Thanks for the clear explanation! Initially I’ll go with the automatic snapshot policy and make sure to create backups of the whole server for disaster recovery.
I’ve noticed one drawback with snapshots on a ZFS storage backend though. Imagine that I give my customers a 14 day backup retention and a customer decides to restore a snapshot older than the most recent one. This means that I have to create a new container based on the selected snapshot with lxc copy containerName/snapshotName newContainerName. This works flawlessly, but because I have to keep the snapshots under containerName around for the promised 14 day backup retention, I also have to keep that container around. Am I doing the right thing here, or am I missing something? Can I somehow move the snapshots from the old container to the new one?
Yeah, that’s an annoying zfs restriction and not one you can really do a whole lot about…
You can only restore from the latest snapshot, so when restoring an older one, all newer snapshots are lost.
Snapshots cannot be moved between datasets either so you can’t create a new container and move the snapshots (otherwise we’d have been doing that automatically in LXD all along :)).