ok probably a noob question but here goes. I want to, eventually, automate backups. I currently have a USB attached to a backup VM. I can see it in dom0 using qvm-block and qvm-usb (shows used by backup). how do i access the USB ssd attched to backup from dom0?
Attaching storage to dom0 directly would be dangerous. So what you do is attach it to a running qube and then on the backup manager you select that qube and then a dialogue box will open whenere you choose the device.
If you want to further improve your setup you then attach that usb to the qube automatically and then make use of the backup profiles and the
qvm-backup terminal utility.
so just use the command line qvm-backup utility from the appvm where the SSD is attached versus trying to access the ssd from dom0 (even though its attached to an app vm)?
No. qvm-backup is only available in dom0 because otherwise it wouldn’t be able to access other qube’s data.
You attach you ssd to a qube (for example “backup-qube”). Please read the documentation. It should be clear there.
hi deeplow - i can use the gui to perform the backup. Is it possible to access the USB SSD attached to the appvm from dom0 on the command line? How do i reference the backup location needed in qvm-backup from dom0?
perhaps the command
man qvm-backup in dom0 can help
Thanks deeplow - yes i have read the man pages on qvm-backup. And I do apologize for being a noob
the backup_location argument is my mystery. how do I reference the SSD attached to another qube in a manner that satisfies the backup_location argument?
qvm-usb provides the following
is there anyway for me to access that mounted drive in an appVM from dom0.
It either cant be done or I’m missing something simple
No need to apologize. Reading the documentation is generally key, sometimes it helps if you mention which pages you’ve read.
Maybe it’s easier if you do it via the GUI first. Then that configuration is saved to a profile so running from the terminal with
qvm-backup should be easier.
Yeah I did do that i looked at the backup.conf file in dom0 - it really is a shortened list of appvms that will be backed up plus the passphrase.
I’ll keep experimenting.
ok I really am a noob.
RTFM is the rule!
Thanks for the help
ok I can backup from the command line easily now.
qvm-backup -v -d backup --passphrase-file backup.txt /media/user/T7/Qubes work
will backup work appvm to the USB SSD attached to qube backup
I was able to use the --save-profile backup argument successfully.
But when i try to run qvm-backup --profile backup or qvm-backup --profile backup.conf I get a permission denied error for call to b’admin.backup.Info’+b’/backup.conf (b’dom0’ > b’dom0’) with payload of 0 bytes.
I checked the permissions of the saved backup profile to that of the backup.conf file created by the qubes back up manager gui and the permissions are identical.
Here is the error from journalctl using The command is qvm-backup --profile backup.conf
Jul 21 06:42:58 dom0 qubesd: permission denied for call b’admin.backup.Info’+b’backup.conf’ (b’dom0’ → b’dom0’) with payload of 0 bytes
here is the error using the default profile created by the backup manager GUI
qvm-backup --profile /etc/qubes/backup/qubes-manager-backup.conf
Jul 21 06:46:27 dom0 qubesd: permission denied for call b’admin.backup.Info’+b’/etc/qubes/backup/qubes-manager-backup.conf’ (b’dom0’ → b’dom0’) with payload of 0
File permissions for backup.conf
-rw-r–r-- 1 tim tim 321 Jul 19 21:45 backup.conf
file permissions for qubes-manager-backup.conf
-rw-r–r-- 1 tim tim 321 Jul 20 17:09 qubes-manager-backup.conf
all commands executed from the dom0 terminal
the previous journalctl log was innacurate.
Added some markdown formatting to make the post more readable. You may do so in the future.
Great to hear you’re making progress. This may be a bug. I’m not sure.
This works for me.
Permissions on backup:
drwxrwx— root qubes
-rw-rw-r-- user user
See if you can have this working with a simple backup: no pw.
Then add in pw, then the mount.
so i have a folder (not usb drive) called Qubes in my backup VM with the following permissions
drwxrwr-x 2 user qubes
how do i get the permissions set to your setting? Ive tried various methods but cant get to where you are
update: this is baffling to me
in dom0 run qvm-backup --profile back.conf
Jul 21 06:42:58 dom0 qubesd: permission denied for call b’admin.backup.Info’+b’back.conf’ (b’dom0’ → b’dom0’) with payload of 0 bytes
I run qvm-backup back.conf qvm-backup launches with this default configuration ------------------+--------------+--------------+ VM | type | size | ------------------+--------------+--------------+ dom0 | User home | 131.4 MiB | whonix-gw-15 | Template VM | 2.1 GiB | debian-10 | Template VM | 8.4 GiB | whonix-ws-15 | Template VM | 3.2 GiB | fedora-32 | Template VM | 4.8 GiB | sys-net | VM | 98.1 MiB | <-- The VM is running, backup will contain its state from before its start! sys-firewall | VM | 98.1 MiB | <-- The VM is running, backup will contain its state from before its start! proton-vpn | VM | 106.3 MiB | <-- The VM is running, backup will contain its state from before its start! sys-whonix | VM | 113.7 MiB | <-- The VM is running, backup will contain its state from before its start! whonix-ws-15-dvm | VM | 0 | anon-whonix | VM | 0 | default-mgmt-dvm | VM | 0 | finance | VM | 536.8 MiB | <-- The VM is running, backup will contain its state from before its start! fedora-32-dvm | VM | 0 | sys-usb | VM | 98.3 MiB | <-- The VM is running, backup will contain its state from before its start! debian-back | Template VM | 8.6 GiB | anom | VM | 333.4 MiB | <-- The VM is running, backup will contain its state from before its start! work | VM | 10.0 GiB | <-- The VM is running, backup will contain its state from before its start! ------------------+--------------+--------------+ Total size: | 38.6 GiB | ------------------+--------------+--------------+ VMs not selected for backup: - backup
Do you want to proceed? [y/N]
Hit Yes and get this error : Backup error: ERROR: the backup directory for back.conf does not exists
where is qvm-backup getting these settings? the default config (from the gui) in /etc/qubes/backup matches my saved profile and the command line below.
If I run this command qvm-backup -d backup /home/user/Qubes work
it starts backing up and finishes.
Those are permission on /etc/qubes/backup and the profiles therein.
I still think the best way forward is to start with a simple case,
confirm you can save and reuse profiles, and then start adding features.
Mystery solved. the saved profile that you want to use has to be in the /etc/qubes/backup dir.
Has that solved the problem? Great.
spoke too soon. I think I have permission issues. Let me look into it
Ok I have a repeatable test that passes / fails.
Your saved profile must be in /etc/qubes/backup
qvm-backup -y --profile test
contents of test.conf:
same profile with one less space character after the first argument :true vs : true
I’ll get an error: from journalctl
Jul 29 07:58:16 dom0 qubesd: in "/etc/qubes/backup/test.conf", line 2, column 17 Jul 29 07:58:16 dom0 qubesd: yaml.scanner.ScannerError: mapping values are not allowed here
Were both of these saved profiles?
How were they generated?