Die Enterprise Backuplösung, Proxmox, sichert virtuelle Maschinen und Container und stellt sie wenn nötig wieder her. Die Proxmox Backup Lösung integriert sich nahtlos in Proxmox VE. Nun ist die neue Version 2.3 erschienen die einige Fehler behebt und neue Features bringt wie:
Upgrade von 2.2.x auf 2.3.x
Bei kleineren Updates z.B. von 2.2.x auf 2.3.x kann die Webui unter Administration -> Updates und Upgrade benutzt werden, oder die Command Line mit:
# apt update && apt full-upgrade
Achtung bei der Verwendung von No-Subscription, da diese entsprechend in den Debian Sources eingetragen sein muss: deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription
Highlights in Proxmox Backup Server 2.3
- Proxmox Backup Server is based on Debian 11.5 (“Bullseye”), uses the newer Linux kernel 5.15 as stable default and kernel 5.19 as opt-in, and includes ZFS 2.1.6. Features such as fine-grained access control, data integrity verification, and the possibility to create off-site backups through remote sync and tape backups help planning a ransomware defense strategy and ensure that critical data stays protected.
- Pruning namespaces: Pruning lets you specify which backup snapshots you want to keep, in a systematic manner. With this version, the prune job system has been expanded to take namespaces into account: Up until now it has only been possible to add a single-schedule per datastore; now pruning can also be limited to certain namespaces. With the built-in prune simulator users can explore the effect of different retention options with various backup schedules. Namespaces in Proxmox Backup Server (introduced in version 2.2) help organize backups from multiple sites (local and remote) hierarchically, while keeping the required storage space minimal through deduplication. With the new fine-grained control in Proxmox Backup Server 2.3, businesses can determine when and how deeply a particular namespace is pruned.
- Support for sending metrics to InfluxDB: Version 2.3 of Proxmox Backup Server can gather and send critical stats, relevant for measuring performance, to InfluxDB, an open-source database management system for time series. Such metrics are, for example, CPU load averages and IOwait percentages, NIC traffic statistics, filesystem usage or IO for datastores.
- Tape backup improvements: The inventory command, which can be used for disaster recovery, can now optionally restore the catalogs of backups stored on tape, potentially saving critical time in a worst case scenario.
- Proxmox Offline Mirror: The Proxmox Offline Mirror tool allows to keep the Proxmox Backup Server nodes – with restricted or without access to the public internet – up-to-date and running. With the ‘proxmox-offline-mirror’ utility it’s possible to manage a local APT mirror for all package updates for Proxmox and Debian projects. From that mirror, users can create an external medium (USB flash drive or a local network share), and can then update their policy-restricted or air-gapped systems. For subscribers with a Premium or Standard subscription level, Proxmox offers an offline subscription key for its product portfolio.
Proxmox Backup Server 2.3.0 Release Notes
- Enhancements in the Web Interface (GUI):
- Datastore permissions: Allow editing the ACL path and query the available namespaces and add them as ACL path to the pre-defined selections for convenience
- Datastore content: Only mask the inner view of the content tree on error, to allow a user to trigger a manual reload using the reload button in the top bar
- Improve navigating the whole Proxmox Backup Server web UI when a user only has limited permissions on a specific (sub-)namespace
- Show block device partition tree on the web UI
- Improve the prune-simulator, among other things allow setting a custom simulation “now” date/time
- Improved certificate view – for example for certificates with many SANs
- Improved translations, among others:
- Traditional Chinese
- Add Namespace Aware Prune Jobs
- Expand the single-schedule per datastore to a flexible, namespace aware prune job system
- Allow fine-grained control over when and how deep a specific namespace get pruned
- In addition to above, the manual prune action also became more powerful w.r.t. namespace and prune-depth selection
- Implement email notifications for prune jobs
- Rework the task log outputs for prune job workers
- Native Support for Sending Periodic Metrics to InfluxDB
- Support for HTTP(S) and UDP endpoints
- Optionally TLS certificate validation can be disabled for HTTPS endpoints
- Metric data is aligned as good as possible to the stats sent from a Proxmox VE node.
- Metrics include:
- CPU load averages, IOwait
- Memory used/total, Swap used/total
- NIC traffic statistics
- Filesystem usage for datastores
- Blockdevice IOPS and bytes read/written for datastores
- Support Proxmox Offline Mirroring & Subscription Handling
- Proxmox Offline Mirror: The tool supports subscriptions and repository mirrors for air-gapped systems. Newly added proxmox-offline-mirror utility can now be used to keep Proxmox Backup Server hosts, without access to the public internet up-to-date and running with a valid subscription.
- Tape Backup Improvements
- Improve behavior for vanishing snapshots, only log the event but do not fail the tasks
- Make total/throughput reporting use human-readable units on tape restore
- Include used tapes in job notification e-mails
- Optionally try to restore missing catalogs during inventory
- General Client Improvements
- Proxmox-backup-client: Added
overwriteparameters to the restore command: If any of the
ignoreparameters is set the corresponding metadata is not restored – e.g. there is no
ignore-ownershipis set. The
overwriteparameter causes the restore to overwrite a file if it is already present instead of failing.
- File-restore: Add ‘format’ and ‘zstd’ parameters to ‘extract’ CLI command.
- Add the
proxmox-backup-debug, allowing one to compare pxar archives for two arbitrary snapshots, outputting a list of added/modified/deleted files.
- Support http proxies through the
ALL_PROXYenvironment variable for proxmox-backup-client. Note that using a general tunnel for all traffic, for example
wireguardto shield traffic is preferred.
- Fix an issue with the
mountsubcommand, where reading large files could yield corrupt data.
- Proxmox-backup-client: Added
- General Backend Improvements
- New mail-forwarding binary
proxmox-mail-forward: It unifies the configuration for sending the system-generated mails to the email address configured for
root@pam, with Proxmox VE.
sync-leveloption for datastores, allowing one to configure how backup data is synced to disk to match their respective setup and needs.
- Improve error handling when removing status files and locks from jobs that were never executed
- Datastore list and datastore status: Avoid opening datastore and possibly iterating over namespace (for lesser privileged users), but rather use the in-memory ACL tree directly to check if there’s access to any namespace below.
- More robust handling of refreshing datastore states periodically and on config change – previously a lock was dropped, causing inconsistencies between long-running backup jobs and garbage collection tasks
- Datastore: Swap dirtying the internal datastore cache every 60s by just using the available config digest to detect any changes accurately when they actually happen, reducing periodic IO.
- Restore-daemon: Make file listing “streaming” for better interactivity on initial response
- API daemon: startup scheduling tasks faster by improving aligning the trigger-time to the minute boundary
- SMART: Add
raw field, for compatibility with the Proxmox VE API – it contains the same data as
value, which for now is kept for backwards compatibility
- SMART: Don’t treat certain non-zero exit codes of smartctl as error (if bit 2 of the exit-code is set the returned data is still parseable) – aligns with the implementation in Proxmox VE
- Improve file-system compatibility for various edge cases: For example take the reservation for
rootfor EXT4 into consideration
- ACME/Let’s Encrypt: Send emails on certificate renewal failure
- Optimize filtered snapshot listing
- Move some blocking parts off to their own (reused) thread to reduce the chance of sometimes blocking the
tokioreactor thread handling things like new incoming connections
- Periodically trigger unparking a
tokiothread to ensure all newly incoming requests are handled in a timely manner
- The proxmox-backup-manager
pullsubcommand now handles a missing namespace parameter by pulling to the root namespace
- New mail-forwarding binary
Known Issues & Notable Changes
- The upgrade will check if the owner of the lock file
backup, and if it is not, it will try to correct the owner.
If the automatic owner correction fails, the update process issues a warning and suggests how to try again manually.Note that this should only affect some older 1.x installations that had no need for locks outside the privileged API daemon and might have created the file with
root as owner.
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.