I’m currently using incus export (with --optimized-storage ) to generate tarballs of my containers/VMs, and then I’m uploading them to my backup provider using borg create. This works, but I feel that I could do better here.
For starters, incus export takes a long time to finish, which is OK-ish if you run it overnight but still… Also, because I’m using a ZFS-backed storage, I could make use of its snapshotting features directly.
I’ve been doing some research and found many approaches/suggestions:
Use zfs snapshot , mounting them and then running borg create from inside the mountpoint. Does this even work with incus datasets?
Use zfs send directly (my backup provider accepts it). The problem here is that my datasets aren’t encrypted, and while there is a way to encrypt only the remote part, I’d like stick with using borg.
Use another incus server for backup. Unfortunately this isn’t feasible in my situation.
I’m curious to understand what other folks are doing.
Hmm, so for a full backup, your current approach with --optimized-storage will be pretty much as good as it gets.
I guess the main issue is for incremental changes on top of that as the delta from one day to the next isn’t going to be nice.
For that, you’d indeed ideally like a filesystem API on top of a snapshot so you have a consistent state, then pick that up in the snapshot. It will be less compact on the first snapshot, but then cheaper for incrementals.
There is no current clean way to do this.
The hackish way to do it is this:
incus copy my-container my-container-backup
incus file mount my-container-backup/ /tmp/foo
Backup /tmp/foo
Terminate the incus file mount
incus delete -f my-container-backup
This creates a snapshot of my-container, clones it as a new container, lets you access its filesystem in a consistent way and then delete it.
Interesting, I hadn’t considered using the incus file mount approach. I believe it will only work smoothly when using a container, though? Either way, I have to think about it.
Thanks a lot for taking the time to reply. I’ll keep exploring the options I have, but meanwhile I’ll stick with incus export.