Skip to main content

I set up a linux hardened repository for immutable backups. In the Backup Repository I have set the minimu 7 days as immutable.

The Backup Job finished sucessfully on this linux repository. But i can still delete the backup. I have also checked in Linux directory, there should all backup files have an extension “i” to say that this file is immutable. But there is also no “i” in the directory.

 

What am I doing wrong? Can someone help me?

Are you running synthentic or active fulls periodically?

You must configure FullBackups, or the files won’t be immutable.

Forever Forward Incremental Backup Chains will not be immutable

Wrong selected chain-type should show a error in console. It should not be possible to configure this. Would be a bug ...


No, synthetic and active full both works.


Sorry the last picture is from a Computer that actually not finished backing up.

 

I have now a successful backup from a smaler one. It looks like it worked. I cant delete it from Veeam Disk. Also have the “i” in the repository.

 

I have still ssh activated, due to set up. Does this affect somehow if i disable the ssh, i think its recommendet to deactivate ssh if all is set up?


Do I see it right? Now it worked? 

 

It seems so. I’m just startet another backup with a small computer to see the result.

You can may help me with two other questions:

  • We now dont have the server directly on the core switch. Just had a LAN cable with internet. The Backup process seems to be very slowly, will this be better if the linux server is on the core switch?
  • I have used the single use credentials for adding the server to veeam. Can i use the same user for another veeam instance we have in use with a vpn? I have tried this and it failed, also the first Added Server was unavailable after wards.

Sorry the last picture is from a Computer that actually not finished backing up.

 

I have now a successful backup from a smaler one. It looks like it worked. I cant delete it from Veeam Disk. Also have the “i” in the repository.

 

I have still ssh activated, due to set up. Does this affect somehow if i disable the ssh, i think its recommendet to deactivate ssh if all is set up?

Correct disable SSH as soon as you can 🙂 will not impact this


What Linux distribution and version do you use?

I am using Ubuntu Server 20.04.3 LTS.

I have all set it up like this: https://nolabnoparty.com/en/veeam-v11-hardened-repository-immutability-pt-1/

but instead of one Backup Disk i chose software Raid 6 in the installation, cause i have 6 disks.


could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time

I can see you’re signed in as root, root can bypass immutability, is this the problem?

 

Go to the directory with the backups in and use the lsattr command to see the immutability flag

For setting up i have used another user and used Single-use credentials to set up veeam repository. The user was in root and afterwards i deleted the user from root again.

This is the lsattr view

 

 

please let us see the file extentions


How did you try to delete files? within Linux (shell) or by deleting restore points in VBR console?


could you share the screenshot of lsattr?


could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time

I can see you’re signed in as root, root can bypass immutability, is this the problem?

 

Go to the directory with the backups in and use the lsattr command to see the immutability flag


could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time


could you please check the system time on your hardened repo server


Do I see it right? Now it worked? 

 


Did you follow the guide for creating the immutable linux repo?

https://helpcenter.veeam.com/docs/backup/vsphere/hardened_repository_deploy.html?ver=110

 


What backup job do you perform?


Do I see it right? Now it worked? 

 

It seems so. I’m just startet another backup with a small computer to see the result.

You can may help me with two other questions:

  • We now dont have the server directly on the core switch. Just had a LAN cable with internet. The Backup process seems to be very slowly, will this be better if the linux server is on the core switch?
  • I have used the single use credentials for adding the server to veeam. Can i use the same user for another veeam instance we have in use with a vpn? I have tried this and it failed, also the first Added Server was unavailable after wards.

Not quite sure I understand your questions right. But:

  • In my experience network is not probably the bottleneck when it comes to Linux repository. So the faster the network the faster the backup will be.
  • I already added a Hardened Repo server to a second VBR server which worked fine. Just a guess: did you change anything in SSH-settings when adding to a second server?

     

Interesting you say that @vNote42 as it’s a listed limitation for the hardened repository that it can’t be shared between different VBR servers

must admit you are right :thinking: at least it worked in the first instance. I will check the current state.

Just checked with the customer. What still works fine: Linux Hardened Repo server was added to two different VBR servers. For adding, single-use credential was used on both VBR instances. Also same user was used. Since then - a few weeks ago, customer had no problems with both VBR server using Hardened Repo Server as target. Maybe the important fact is here: different repositories are used for each VBR server. So it is the same server, but different XFS-volumes. In the helpcenter the first limitation is to read (https://helpcenter.veeam.com/docs/backup/vsphere/hardened_repository_limitations.html?ver=110):

The hardened repository cannot be shared between different Veeam Backup & Replication servers.

Literally speaking, this configuration does not violate.


.


So the Backup finished successfully thanks for your prompt help!


Do I see it right? Now it worked? 

 

It seems so. I’m just startet another backup with a small computer to see the result.

You can may help me with two other questions:

  • We now dont have the server directly on the core switch. Just had a LAN cable with internet. The Backup process seems to be very slowly, will this be better if the linux server is on the core switch?
  • I have used the single use credentials for adding the server to veeam. Can i use the same user for another veeam instance we have in use with a vpn? I have tried this and it failed, also the first Added Server was unavailable after wards.

Not quite sure I understand your questions right. But:

  • In my experience network is not probably the bottleneck when it comes to Linux repository. So the faster the network the faster the backup will be.
  • I already added a Hardened Repo server to a second VBR server which worked fine. Just a guess: did you change anything in SSH-settings when adding to a second server?

     

Interesting you say that @vNote42 as it’s a listed limitation for the hardened repository that it can’t be shared between different VBR servers


Do I see it right? Now it worked? 

 

It seems so. I’m just startet another backup with a small computer to see the result.

You can may help me with two other questions:

  • We now dont have the server directly on the core switch. Just had a LAN cable with internet. The Backup process seems to be very slowly, will this be better if the linux server is on the core switch?
  • I have used the single use credentials for adding the server to veeam. Can i use the same user for another veeam instance we have in use with a vpn? I have tried this and it failed, also the first Added Server was unavailable after wards.

Not quite sure I understand your questions right. But:

  • In my experience network is not probably the bottleneck when it comes to Linux repository. So the faster the network the faster the backup will be.
  • I already added a Hardened Repo server to a second VBR server which worked fine. Just a guess: did you change anything in SSH-settings when adding to a second server?

     

Interesting you say that @vNote42 as it’s a listed limitation for the hardened repository that it can’t be shared between different VBR servers

must admit you are right :thinking: at least it worked in the first instance. I will check the current state.


could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time

I can see you’re signed in as root, root can bypass immutability, is this the problem?

 

Go to the directory with the backups in and use the lsattr command to see the immutability flag

For setting up i have used another user and used Single-use credentials to set up veeam repository. The user was in root and afterwards i deleted the user from root again.

This is the lsattr view

 

 

please let us see the file extentions

 


Are you running synthentic or active fulls periodically?

You must configure FullBackups, or the files won’t be immutable.

Forever Forward Incremental Backup Chains will not be immutable


How did you try to delete files? within Linux (shell) or by deleting restore points in VBR console?

I have tried to delete it from veeam directly, after that i was looking for the lsattr and cant find the immutable “i”


could you please check the system time on your hardened repo server

the time on the server is one hour behind the local time

I can see you’re signed in as root, root can bypass immutability, is this the problem?

 

Go to the directory with the backups in and use the lsattr command to see the immutability flag

For setting up i have used another user and used Single-use credentials to set up veeam repository. The user was in root and afterwards i deleted the user from root again.

This is the lsattr view

 

 


Did you follow the guide for creating the immutable linux repo?

https://helpcenter.veeam.com/docs/backup/vsphere/hardened_repository_deploy.html?ver=110

 

I have used this discription: https://nolabnoparty.com/en/veeam-v11-hardened-repository-immutability-pt-1/ 
but im not a linux master


Comment