1 |
On Mon, Mar 6, 2017 at 2:23 AM, Kai Krakow <hurikhan77@×××××.com> wrote: |
2 |
|
3 |
> Am Tue, 14 Feb 2017 16:14:23 -0500 |
4 |
> schrieb "Poison BL." <poisonbl@×××××.com>: |
5 |
> > I actually see both sides of it... as nice as it is to have a chance |
6 |
> > to recover the information from between the last backup and the death |
7 |
> > of the drive, the reduced chance of corrupt data from a silently |
8 |
> > failing (spinning) disk making it into backups is a bit of a good |
9 |
> > balancing point for me. |
10 |
> |
11 |
> I've seen bordbackup giving me good protection to this. First, it |
12 |
> doesn't backup files which are already in the backup. So if data |
13 |
> silently changed, it won't make it into the backup. Second, it does |
14 |
> incremental backups. Even if something broke and made it into the |
15 |
> backup, you can eventually go back weeks or months to get back the |
16 |
> file. The algorithm is very efficient. And every incremental backup is |
17 |
> a full backup at the same time - so you thin out backup history by |
18 |
> deleting any backup at any time (so it's not like traditional |
19 |
> incremental backup which always needs the parent backup). |
20 |
> |
21 |
> OTOH, this means that every data block is only stored once. If silent |
22 |
> data corruption is hitting here, you loose the complete history of this |
23 |
> file (and maybe others using the same deduplicated block). |
24 |
> |
25 |
> For the numbers, I'm storing my 1.7 TB system into a 3 TB disk which is |
26 |
> 2.2 TB full now. But the backup history is almost 1 year now (daily |
27 |
> backups). |
28 |
> |
29 |
> As a sort of protection against silent data corruption, you could rsync |
30 |
> borgbackup to a remote location. The differences are usually small, so |
31 |
> that should be a fast operation. Maybe to some cloud storage or RAID |
32 |
> protected NAS which can detect and correct silent data corruption (like |
33 |
> ZFS or btrfs based systems). |
34 |
> |
35 |
> |
36 |
> -- |
37 |
> Regards, |
38 |
> Kai |
39 |
> |
40 |
> Replies to list-only preferred. |
41 |
> |
42 |
|
43 |
That's some impressive backup density... and I haven't looked into |
44 |
borgbackup, but it sounds like it runs on the same principles as the |
45 |
rsync+hardlink based scripts I've seen, though those will back up files |
46 |
that've silently changed, since the checksums won't match any more, but |
47 |
that won't blow away previous copies of the file either. I'll have to give |
48 |
it a try! |
49 |
|
50 |
As for protecting against the backup set itself getting silent corruption, |
51 |
an rsync to a remote location would help, but you would have to ensure it |
52 |
doesn't overwrite anything already there that may've changed, only create |
53 |
new. Also, making the initial clone would take ages, I suspect, since it |
54 |
would have to rebuild the hardlink set for everything (again, assuming |
55 |
that's the trick borgbackup's using). One of the best options is to house |
56 |
the base backup set itself on something like zfs or btrfs on a system with |
57 |
ecc ram, and maintain checksums of everything on the side (crc32 would |
58 |
likely suffice, but sha1's fast enough these days there's almost no excuse |
59 |
not to use it). It might be possible to task tripwire to keep tabs on that |
60 |
side of it, now that I consider it. While the filesystem itself in that |
61 |
case is trying its best to prevent issues, there's always that slim risk |
62 |
that there's a bug in the filesystem code itself that eats something, hence |
63 |
the added layer of paranoia. Also, with ZFS for the base data set, you gain |
64 |
in-place compression, dedup if you're feeling adventurous (not really worth |
65 |
it unless you have multiple very similar backup sets for different |
66 |
systems), block level checksums, redundancy across physical disks, in place |
67 |
snapshots, and the ability to use zfs send/receive to do snapshot backups |
68 |
of the backup set itself. |
69 |
|
70 |
I managed to corrupt some data with zfs (w/ dedup, on gentoo) shared out |
71 |
over nfs a while back on a box with way too little ram a while back |
72 |
(nothing important, throwaway VM images), hence the paranoia of secondary |
73 |
checksum auditing and still replicating the backup set for things that |
74 |
might be important. |
75 |
|
76 |
-- |
77 |
Poison [BLX] |
78 |
Joshua M. Murphy |