Léa-Linux & amis :   LinuxFR   GCU-Squad   Zarb.Org   GNU
Archive de la liste aide - [Aide] Attic Backup
Bonjour Marcel, et LaListe

Je ne connaissais pas. Ca présente bien à première vue. Merci pour
Merci de nous raffraîchir l'esprit.

Je ne sais donc rien, mais je dirai tout.

En cherchant, on voit qu'on oppose les nouveaux venus (new-generation
hash-backup tools) :

- Attic
- obnam
- zbackup
- Vembu Hive
- etc

Qui fournissent de "l'encrypted incremental-forever with no
server-side processing and a convenient CLI interface, and it does let
you prune old backups."

contrairement aux "vieux" :
- duplicity
- duplicati
- rsnapshot
- rdiff-backup
- Ahsay
- etc

"All other common tools seem to fail on one of the following points
- Incremental forever (bandwidth is expensive in a lot of countries)
- Untrusted remote storage (so i can hook it up to a dodgy lowendbox VPS)
- Optional: No server-side processing needed (so i can hook it up to
S3 or Dropbox)"

Pour autant, ça suscite des débats:

"Sorry, but "Untrusted remote storage" and "No server-side processing"
are exactly the opposite of what I need.

If the original box is ever compromised, I don't want the attacker to
gain any access to the backup. If you use a dumb storage like S3 as
your backup server, you need to store your keys on the original box,
and anyone who gains control of the original box can destroy your S3
bucket as well. Ditto for any SSH-based backup scheme that requires
keys to be stored on the original box. A compromised box could also
lie about checksums, silently corrupting your backups.

Backups should be pulled from the backup box, not pushed from the
original box. Pushing backups is only acceptable for consumer devices,
and even then, only because we don't have a reliable way to pull data
from them (due to frequently changing IP addresses, NAT, etc).

The backup box needs to be even more trustworthy than the original
box, not the other way around. I'm willing to live with a significant
amount of overhead, both in storage and in bandwidth, in order not to
violate this principle.

The backup box, of course, could push encrypted data to untrusted
storage, such as S3. But only after it has pulled from the original
box. In both cases, the connection is initiated from the backup box,
not the other way around. The backup box never accepts any incoming

Does Attic support this kind of use case? The documentation doesn't
seem to have anything to say about backing up remote files to local
repositories. I don't see any reason why it won't be supported (since
rsync does), but "nominally supported" is different from "optimized
for that use case", and I suspect that many of the latest generation
of backup tools are optimized for the opposite use case."

Voilà, voilà, débats à suivre:

Pour mes DebianBox, j'ai trouvé ceci, avec des commentaires en fin
d'article. Il y a du pour, du contre {performances diminuant dans le
temps, problématique de backup de serveurs multiples avec chiffrement
on optimisé} , et des références à d'autres solutions.

Autre article de fond sur la comparaison (récente 2015) de solutions de backup

Je n'ai pas tout lu, mais j'ai compris qu'on oppose les nouveaux venus

Il me reste à lire




Serveur hébergé par ST-Hebergement et Lost-Oasis / IRC hébergé par FreeNode / NS secondaire hébergé par XName
Sauf mention contraire, les documentations publiées sont sous licence Creative-Commons