| 1 |
On Mon, Mar 6, 2017 at 2:23 AM, Kai Krakow <hurikhan77@×××××.com> wrote: |
| 2 |
|
| 3 |
> Am Tue, 14 Feb 2017 16:14:23 -0500 |
| 4 |
> schrieb "Poison BL." <poisonbl@×××××.com>: |
| 5 |
> > I actually see both sides of it... as nice as it is to have a chance |
| 6 |
> > to recover the information from between the last backup and the death |
| 7 |
> > of the drive, the reduced chance of corrupt data from a silently |
| 8 |
> > failing (spinning) disk making it into backups is a bit of a good |
| 9 |
> > balancing point for me. |
| 10 |
> |
| 11 |
> I've seen bordbackup giving me good protection to this. First, it |
| 12 |
> doesn't backup files which are already in the backup. So if data |
| 13 |
> silently changed, it won't make it into the backup. Second, it does |
| 14 |
> incremental backups. Even if something broke and made it into the |
| 15 |
> backup, you can eventually go back weeks or months to get back the |
| 16 |
> file. The algorithm is very efficient. And every incremental backup is |
| 17 |
> a full backup at the same time - so you thin out backup history by |
| 18 |
> deleting any backup at any time (so it's not like traditional |
| 19 |
> incremental backup which always needs the parent backup). |
| 20 |
> |
| 21 |
> OTOH, this means that every data block is only stored once. If silent |
| 22 |
> data corruption is hitting here, you loose the complete history of this |
| 23 |
> file (and maybe others using the same deduplicated block). |
| 24 |
> |
| 25 |
> For the numbers, I'm storing my 1.7 TB system into a 3 TB disk which is |
| 26 |
> 2.2 TB full now. But the backup history is almost 1 year now (daily |
| 27 |
> backups). |
| 28 |
> |
| 29 |
> As a sort of protection against silent data corruption, you could rsync |
| 30 |
> borgbackup to a remote location. The differences are usually small, so |
| 31 |
> that should be a fast operation. Maybe to some cloud storage or RAID |
| 32 |
> protected NAS which can detect and correct silent data corruption (like |
| 33 |
> ZFS or btrfs based systems). |
| 34 |
> |
| 35 |
> |
| 36 |
> -- |
| 37 |
> Regards, |
| 38 |
> Kai |
| 39 |
> |
| 40 |
> Replies to list-only preferred. |
| 41 |
> |
| 42 |
|
| 43 |
That's some impressive backup density... and I haven't looked into |
| 44 |
borgbackup, but it sounds like it runs on the same principles as the |
| 45 |
rsync+hardlink based scripts I've seen, though those will back up files |
| 46 |
that've silently changed, since the checksums won't match any more, but |
| 47 |
that won't blow away previous copies of the file either. I'll have to give |
| 48 |
it a try! |
| 49 |
|
| 50 |
As for protecting against the backup set itself getting silent corruption, |
| 51 |
an rsync to a remote location would help, but you would have to ensure it |
| 52 |
doesn't overwrite anything already there that may've changed, only create |
| 53 |
new. Also, making the initial clone would take ages, I suspect, since it |
| 54 |
would have to rebuild the hardlink set for everything (again, assuming |
| 55 |
that's the trick borgbackup's using). One of the best options is to house |
| 56 |
the base backup set itself on something like zfs or btrfs on a system with |
| 57 |
ecc ram, and maintain checksums of everything on the side (crc32 would |
| 58 |
likely suffice, but sha1's fast enough these days there's almost no excuse |
| 59 |
not to use it). It might be possible to task tripwire to keep tabs on that |
| 60 |
side of it, now that I consider it. While the filesystem itself in that |
| 61 |
case is trying its best to prevent issues, there's always that slim risk |
| 62 |
that there's a bug in the filesystem code itself that eats something, hence |
| 63 |
the added layer of paranoia. Also, with ZFS for the base data set, you gain |
| 64 |
in-place compression, dedup if you're feeling adventurous (not really worth |
| 65 |
it unless you have multiple very similar backup sets for different |
| 66 |
systems), block level checksums, redundancy across physical disks, in place |
| 67 |
snapshots, and the ability to use zfs send/receive to do snapshot backups |
| 68 |
of the backup set itself. |
| 69 |
|
| 70 |
I managed to corrupt some data with zfs (w/ dedup, on gentoo) shared out |
| 71 |
over nfs a while back on a box with way too little ram a while back |
| 72 |
(nothing important, throwaway VM images), hence the paranoia of secondary |
| 73 |
checksum auditing and still replicating the backup set for things that |
| 74 |
might be important. |
| 75 |
|
| 76 |
-- |
| 77 |
Poison [BLX] |
| 78 |
Joshua M. Murphy |
Archives