Zfs backup of /var/lib/incus

ckruijntjens · June 27, 2024, 8:18pm

Hi All,

I have a question i hope someone could help me with. I am using zfs snapshot (sanoid) to backup my rpool and incuspool.

However when i look in the snapshot is see all the folders but there are no file in

/var/lib/incus/devices/container/config.mount/

If i browse the filesystem i see some files there. Are these files locked or is it not possible to back this up true zfs?

To backup profiles do i only need to backup the database?

stgraber · June 27, 2024, 10:10pm

/var/lib/incus/devices is basically just temporary files, same goes for security, you don’t really need to back those up.

All the configuration is in the database, so you definitely need to have /var/lib/incus/database backed up.

cemzafer · June 28, 2024, 6:05am

Hi @stgraber, just to be sure, so do you mean we dont really need security directory, which it consists apparmor and seccomp rules, did you mean those rules are all in the database?
Regards.

ckruijntjens · June 28, 2024, 7:38am

HI @stgraber

Thanks for the feedback. I tried it and indeed this seems to work on a restore. However if the storage pool is different than the backup you cant use it. (because of naming) Whe can not rename a storage id. I did find a post how to do this in lxd. But for incus this does not work. Any advise on this?

LXD internally uses an SQLite database to store its configuration, so we can always fall back to tampering with its DB manually. This is a bit dangerous, but it seems we have to do it anyway…

ZFS-based storage information is stored here:

$ lxd sql global "SELECT * FROM storage_pools_config;"
+----+-----------------+---------+-------------------------+-------------------+
| id | storage_pool_id | node_id |           key           |       value       |
+----+-----------------+---------+-------------------------+-------------------+
| 6  | 2               | 1       | zfs.pool_name           | zroot/var/lib/lxc |
| 7  | 2               | 1       | source                  | zroot/var/lib/lxc |
| 8  | 2               | 1       | volatile.initial_source | zroot/var/lib/lxc |
+----+-----------------+---------+-------------------------+-------------------+

We just need to update these values!

$ lxd sql global "UPDATE storage_pools_config SET value='zroot/crypt/var/lib/lxc';"
Rows affected: 3

Note: Please add a WHERE clause to narrow down the records you wish to update if you have multiple storage configurations! I don’t need one because I only have the default storage configured.

In a minute, the storage should become available again:

$ lxc storage list
+---------+--------+-------------------------+-------------+---------+---------+
|  NAME   | DRIVER |         SOURCE          | DESCRIPTION | USED BY |  STATE  |
+---------+--------+-------------------------+-------------+---------+---------+
| default | zfs    | zroot/crypt/var/lib/lxc |             | 6       | CREATED |
+---------+--------+-------------------------+-------------+---------+---------+

stgraber · June 28, 2024, 5:04pm

Yeah, all the /var/lib/incus/security/ stuff is generated by Incus when the instance starts based on the instance configuration (its devices, config keys, …).