[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Cloud-backup solutions for Linux?
- Subject: [Discuss] Cloud-backup solutions for Linux?
- From: richb at pioneer.ci.net (Rich Braun)
- Date: Sun, 27 Sep 2015 08:26:38 -0700
- In-reply-to: <BLUPR04MB36961A07BEDF29D3AA5D0E6DC400@BLUPR04MB369.namprd04.prod.outlook.com>
- References: <25d28188.1ER.1lD.10.iPeowC@mailjet.com> <firstname.lastname@example.org> <BLUPR04MB36961A07BEDF29D3AA5D0E6DC400@BLUPR04MB369.namprd04.prod.outlook.com>
> Edward Ned Harvey (blu) <blu at nedharvey.com> wrote: > For VM's, you only have three choices: My approach changed after I switched most of my VMs to containers (with LXC). I now make sure all user-data is in a mounted volume shared from the host into the client instance. With containers there's no overhead and you don't need something clunky like NFS or samba (which is what I'd been doing to make DVD ISO image collections available to my MythTV backends, but performance sucked for live-recording volumes). Someday I'd like to see a data-isolation tweak to LUKS: if the encryption keys were moved from host into client LXC, a container security breach would have a much tougher time trying to get hold of another container's data. (I digress, because I'm thinking of commercial cloud deployment vs. home-use for that.) Making sure user data is isolated in a mounted volume is hard to do unless you first set up a repeatable way of cloning instances. Make a tarball of your standard root volume, and set up a config-management system of some sort to apply customizations (could be as simple as storing your configs in a directory named for each hostname and checked into git, or a full-blown ansible or puppet system). Then make sure your apps like pvr software are set up to use mounted volumes. This approach also made it possible to set up warm standby containers on separate hardware without needing a complicated or expensive clustering file system or SAN. Just sync the volumes bidirectionally with a tool like unison, and use haproxy to access the instances using floating IP addresses. -rich