Hi all. I just learned the hard lesson and lost all my backup: I have no alternative copy of the catalog and no alternative copy of the configuration files, so I can't bextract since I was using PKI encryption.
bextract "sees" the files, recreates them on target disk, but zero-length, complaining with lots and lots of warnings "bextract JobId 0: Error: Unknown stream=20 ignored. This shouldn't happen!". Luckily enough this happened in a non-disaster situation. It was easy, though, to dump all the bareos server with just a single "apt purge postgresql-10" command and a couple of dreadful confirmations. bareos, which was installed along with postgres, got flushed in seconds down with it. All my fault, but I was quite sure there was a B-plan to restore from volumes. This is not true: if you use PKI and you want to restore something, then you need a fully operational bareos server with fully working catalog and fully working config file already in place. No B-plan. So now I have to rebuild all the (almost perfect) setup I had for Always Incremental, AND THEN create a cronjob to make a dump of the catalog (as simple as a pgdump in my case) and make a gz of /etc/bareos folder. Then store it in a safe place, together with all other most precious files. Just to share this nice moment with you, my friends. Cheers! Il giorno giovedì 17 giugno 2021 alle 18:45:40 UTC+2 [email protected] ha scritto: > Just my $0.02 > I have saved copies of the tape key and all other keys and bareos config > files in an encrypted vault like Vault, 1Password, Cyberark, so I’ll have > all me keys replicated in another location but in an encrypted way. > > I use as part of my catalog backup after script rclone the catalog volumes > to a cloud bucket, in addition to local tape/disk copies on the server. > > I also modified so that the SQL file is a dump to disk and then backed up, > and not deleted as part of the backup job. They may not be an option for > really large catalogs, but points is I have the catalog in a SQL dump on > disk, in cloud (encrypted one way) on disk volume (not encrypted except the > disk volume with key in replicated key storage) , and tape volume. > > Main thing is have those keys so you can pull one of these catalog backups. > > > Brock Palen > [email protected] > www.mlds-networks.com > Websites, Linux, Hosting, Joomla, Consulting > > > > > On Jun 17, 2021, at 12:29 PM, 'Christian Svensson' via bareos-users < > [email protected]> wrote: > > > > Many thanks for sanity-checking my thoughts. > > > > On Thu, Jun 17, 2021 at 10:54 AM Philipp Storz <[email protected]> > wrote: > >> In general, I think that disaster recovery and encryption are no good > friends. > > > > True as that may be, storing data unencrypted is not an option for me > :-). > > It certainly makes it harder though, but I appreciate a good challenge. > > > >> In case of a real disaster, it is always good to be able to get things > working again as simple as > >> possible. > >> > >> Encryption makes things more complex and enlarges the probability that > you are not able to recover > >> in a reasonable time. > > > > Indeed, it's a cost. > > That's also why I wanted to use bextract - to reduce complexity > > getting a new Bareos setup up and running. The alternative of > > bootstrapping a new using bscan etc. seems to be much more complex in > > my eyes. > > > >> To be prepared for a disaster, it is advisable to document and test the > procedure on a regular basis > >> to be sure that the disaster recovery really works. > > > > No arguments from me there. > > > > Regards, > > > > -- > > You received this message because you are subscribed to the Google > Groups "bareos-users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/CADiuDAQGUyhbS5ruFmU%2B0fCYpBnwE43mRsSfxFjV26J59KB6-g%40mail.gmail.com > . > > -- ** ** **Banca di Cividale **S.p.A - Società Benefit* Via sen. Guglielmo Pelizzo, 8-1 33043 - Cividale del Friuli (UD) - Italy *www.civibank.it <http://www.civibank.it/>* * *Le informazioni contenute nel presente messaggio e nei relativi eventuali allegati sono riservate e confidenziali. Ne è pertanto vietata la divulgazione, la diffusione e la riproduzione anche parziale, senza la preventiva autorizzazione del mittente. Qualora Lei non fosse la persona destinataria del messaggio La invitiamo a darcene gentilmente notizia ed eliminarlo.* -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/97710eb2-126b-4502-84ba-ac48641deed8n%40googlegroups.com.
