It looks to me that most resources on the internet seem to be suggesting the publish/image export
flow for backing up the container. Is simple lxc export
worse for some reason?
lxc publish
doesnât retain the instanceâs configuration, where as lxc export
does.
Also lxc export
will also backup snapshots, that lxc publish
does not.
So lxc export
is for backing up a particular instance so it can be restored in the event of data loss.
lxc publish
isnât for backup at all, and is for publishing an image from an existing instance so it can be used to create one or more instances from it.
I used to use published image for backup because images are less picky about importing back to another LXD system that may have different configuration (such as network configuration, filesystem paths, profiles, etc.). But then I realized that restoring from an image has an important drawback: The restored image never goes away while the restored container exists. It retains the data of the container when it was published, including log files, database content, and possibly sensitive information. You may delete all these in the restored container, but they will still be in the image for the life of the container.
I now do not backup whole containers. I backup filesystems which I attach to containers as external disk devices. To restore, I create a brand new container from an image + the attached restored filesystems.
The image is created from a temporary container whose sole purpose is creating the image. The real production container is created from this image, so all my production containers are essentially created âfrom backupâ, i.e. from an image + attached filesystems, both of which are backed-up separately. The image is backed-up once when it is created. The attached filesystems are backed up periodically.