Solved

Immutable Backup on Linux Hardened Repository


Userlevel 3

I set up a linux hardened repository for immutable backups. In the Backup Repository I have set the minimu 7 days as immutable.

The Backup Job finished sucessfully on this linux repository. But i can still delete the backup. I have also checked in Linux directory, there should all backup files have an extension “i” to say that this file is immutable. But there is also no “i” in the directory.

 

What am I doing wrong? Can someone help me?

icon

Best answer by SchuleRothrist 10 February 2022, 13:30

View original

35 comments

Userlevel 7
Badge +7

Do I see it right? Now it worked? 

 

It seems so. I’m just startet another backup with a small computer to see the result.

You can may help me with two other questions:

  • We now dont have the server directly on the core switch. Just had a LAN cable with internet. The Backup process seems to be very slowly, will this be better if the linux server is on the core switch?
  • I have used the single use credentials for adding the server to veeam. Can i use the same user for another veeam instance we have in use with a vpn? I have tried this and it failed, also the first Added Server was unavailable after wards.

Not quite sure I understand your questions right. But:

  • In my experience network is not probably the bottleneck when it comes to Linux repository. So the faster the network the faster the backup will be.
  • I already added a Hardened Repo server to a second VBR server which worked fine. Just a guess: did you change anything in SSH-settings when adding to a second server?

     

Interesting you say that @vNote42 as it’s a listed limitation for the hardened repository that it can’t be shared between different VBR servers

must admit you are right :thinking: at least it worked in the first instance. I will check the current state.

Just checked with the customer. What still works fine: Linux Hardened Repo server was added to two different VBR servers. For adding, single-use credential was used on both VBR instances. Also same user was used. Since then - a few weeks ago, customer had no problems with both VBR server using Hardened Repo Server as target. Maybe the important fact is here: different repositories are used for each VBR server. So it is the same server, but different XFS-volumes. In the helpcenter the first limitation is to read (https://helpcenter.veeam.com/docs/backup/vsphere/hardened_repository_limitations.html?ver=110):

The hardened repository cannot be shared between different Veeam Backup & Replication servers.

Literally speaking, this configuration does not violate.

Userlevel 7
Badge +7

Do I see it right? Now it worked? 

 

It seems so. I’m just startet another backup with a small computer to see the result.

You can may help me with two other questions:

  • We now dont have the server directly on the core switch. Just had a LAN cable with internet. The Backup process seems to be very slowly, will this be better if the linux server is on the core switch?
  • I have used the single use credentials for adding the server to veeam. Can i use the same user for another veeam instance we have in use with a vpn? I have tried this and it failed, also the first Added Server was unavailable after wards.

Not quite sure I understand your questions right. But:

  • In my experience network is not probably the bottleneck when it comes to Linux repository. So the faster the network the faster the backup will be.
  • I already added a Hardened Repo server to a second VBR server which worked fine. Just a guess: did you change anything in SSH-settings when adding to a second server?

     

Interesting you say that @vNote42 as it’s a listed limitation for the hardened repository that it can’t be shared between different VBR servers

must admit you are right :thinking: at least it worked in the first instance. I will check the current state.

Userlevel 7
Badge +8

Do I see it right? Now it worked? 

 

It seems so. I’m just startet another backup with a small computer to see the result.

You can may help me with two other questions:

  • We now dont have the server directly on the core switch. Just had a LAN cable with internet. The Backup process seems to be very slowly, will this be better if the linux server is on the core switch?
  • I have used the single use credentials for adding the server to veeam. Can i use the same user for another veeam instance we have in use with a vpn? I have tried this and it failed, also the first Added Server was unavailable after wards.

Not quite sure I understand your questions right. But:

  • In my experience network is not probably the bottleneck when it comes to Linux repository. So the faster the network the faster the backup will be.
  • I already added a Hardened Repo server to a second VBR server which worked fine. Just a guess: did you change anything in SSH-settings when adding to a second server?

     

Interesting you say that @vNote42 as it’s a listed limitation for the hardened repository that it can’t be shared between different VBR servers

Userlevel 7
Badge +7

Do I see it right? Now it worked? 

 

It seems so. I’m just startet another backup with a small computer to see the result.

You can may help me with two other questions:

  • We now dont have the server directly on the core switch. Just had a LAN cable with internet. The Backup process seems to be very slowly, will this be better if the linux server is on the core switch?
  • I have used the single use credentials for adding the server to veeam. Can i use the same user for another veeam instance we have in use with a vpn? I have tried this and it failed, also the first Added Server was unavailable after wards.

Not quite sure I understand your questions right. But:

  • In my experience network is not probably the bottleneck when it comes to Linux repository. So the faster the network the faster the backup will be.
  • I already added a Hardened Repo server to a second VBR server which worked fine. Just a guess: did you change anything in SSH-settings when adding to a second server?

     

Userlevel 7
Badge +7

So the Backup finished successfully thanks for your prompt help!

Did you change anything to make it work now?

Userlevel 3

So the Backup finished successfully thanks for your prompt help!

Userlevel 3

Do I see it right? Now it worked? 

 

It seems so. I’m just startet another backup with a small computer to see the result.

You can may help me with two other questions:

  • We now dont have the server directly on the core switch. Just had a LAN cable with internet. The Backup process seems to be very slowly, will this be better if the linux server is on the core switch?
  • I have used the single use credentials for adding the server to veeam. Can i use the same user for another veeam instance we have in use with a vpn? I have tried this and it failed, also the first Added Server was unavailable after wards.
Userlevel 3

.

Userlevel 7
Badge +7

Do I see it right? Now it worked? 

 

Userlevel 7
Badge +8

Sorry the last picture is from a Computer that actually not finished backing up.

 

I have now a successful backup from a smaler one. It looks like it worked. I cant delete it from Veeam Disk. Also have the “i” in the repository.

 

I have still ssh activated, due to set up. Does this affect somehow if i disable the ssh, i think its recommendet to deactivate ssh if all is set up?

Correct disable SSH as soon as you can 🙂 will not impact this

Userlevel 3

Sorry the last picture is from a Computer that actually not finished backing up.

 

I have now a successful backup from a smaler one. It looks like it worked. I cant delete it from Veeam Disk. Also have the “i” in the repository.

 

I have still ssh activated, due to set up. Does this affect somehow if i disable the ssh, i think its recommendet to deactivate ssh if all is set up?

Userlevel 3

could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time

I can see you’re signed in as root, root can bypass immutability, is this the problem?

 

Go to the directory with the backups in and use the lsattr command to see the immutability flag

For setting up i have used another user and used Single-use credentials to set up veeam repository. The user was in root and afterwards i deleted the user from root again.

This is the lsattr view

 

 

please let us see the file extentions

 

Userlevel 7
Badge +7

could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time

I can see you’re signed in as root, root can bypass immutability, is this the problem?

 

Go to the directory with the backups in and use the lsattr command to see the immutability flag

For setting up i have used another user and used Single-use credentials to set up veeam repository. The user was in root and afterwards i deleted the user from root again.

This is the lsattr view

 

 

please let us see the file extentions

Userlevel 3

How did you try to delete files? within Linux (shell) or by deleting restore points in VBR console?

I have tried to delete it from veeam directly, after that i was looking for the lsattr and cant find the immutable “i”

Userlevel 3

could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time

I can see you’re signed in as root, root can bypass immutability, is this the problem?

 

Go to the directory with the backups in and use the lsattr command to see the immutability flag

For setting up i have used another user and used Single-use credentials to set up veeam repository. The user was in root and afterwards i deleted the user from root again.

This is the lsattr view

 

 

Userlevel 7
Badge +7

How did you try to delete files? within Linux (shell) or by deleting restore points in VBR console?

Userlevel 7
Badge +7

could you share the screenshot of lsattr?

Userlevel 7
Badge +8

could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time

I can see you’re signed in as root, root can bypass immutability, is this the problem?

 

Go to the directory with the backups in and use the lsattr command to see the immutability flag

Userlevel 3

Did you follow the guide for creating the immutable linux repo?

https://helpcenter.veeam.com/docs/backup/vsphere/hardened_repository_deploy.html?ver=110

 

I have used this discription: https://nolabnoparty.com/en/veeam-v11-hardened-repository-immutability-pt-1/ 
but im not a linux master

Userlevel 3

could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time

Userlevel 7
Badge +7

could you please check the system time on your hardened repo server

Userlevel 3

And also:

 

What file system is the repository using?

And can you show us the repository settings/configuration in Veeam?

The file system is xfs (or do you mean something else?)

 

this is the configuration in veeam

 

 

Userlevel 7
Badge +8

And also:

 

What file system is the repository using?

And can you show us the repository settings/configuration in Veeam?

Userlevel 3

What Linux distribution and version do you use?

I am using Ubuntu Server 20.04.3 LTS.

I have all set it up like this: https://nolabnoparty.com/en/veeam-v11-hardened-repository-immutability-pt-1/

but instead of one Backup Disk i chose software Raid 6 in the installation, cause i have 6 disks.

Userlevel 7
Badge +3

Did you follow the guide for creating the immutable linux repo?

https://helpcenter.veeam.com/docs/backup/vsphere/hardened_repository_deploy.html?ver=110

 

Comment