ProxmoxCentral

New Way to Install Proxmox Backup Server——Systemd Container!

Allen Judson

Preface

Proxmox Backup Server (PBS) as a backup server offers a good experience. Besides backing up PVE virtual machines, it also provides a great experience for backing up important system files. Now, I use it mainly to back up important files, whether on the intranet or the internet, it is very convenient to back up.

Of course, the official recommended way is to use a dedicated physical machine, but using a virtual machine under the premise of limited resources for personal use is also fine. Some even turned it into a Docker container: ayufan/proxmox-backup-server. However, these methods have their disadvantages for personal use:

  • Physical machine: No dedicated physical machine available.
  • Virtual machine: It wastes too much memory resources; if memory resources are tight, avoid using a virtual machine.
  • Docker container: Updates may lag behind the official releases, and functionality might be incomplete, such as viewing PBS system logs and automatically renewing SSL certificates. Additionally, every time the image updates, it writes hundreds of megabytes or even gigabytes to the disk, which is not SSD-friendly.
  • LXC container: Configuration is troublesome. Directly accessing the host’s disk is either complicated or severely degrades performance.
  • Another way is to install Proxmox Backup Server directly on the existing NAS system, but this requires the NAS system to be Debian or Debian-based, which raises a new issue of poor system isolation.

Is there a way to avoid these shortcomings? Yes, that is the Systemd Container. For a detailed introduction, see Systemd-nspawn on the Arch Wiki. It contains some common commands and frequently asked questions not mentioned in this article.

systemd-nspawn is similar to the chroot command; it’s an advanced version of chroot. systemd-nspawn can run commands or systems in a lightweight namespace container. It is more powerful than chroot as it fully virtualizes the filesystem hierarchy, process tree, various IPC subsystems, and hostname. systemd-nspawn limits the access to various kernel interfaces in the container to read-only, such as /sys, /proc/sys, and /sys/fs/selinux. Network interfaces and system clocks cannot be changed from within the container, device nodes cannot be created, and the host cannot be rebooted from the container, nor can kernel modules be loaded. Compared to LXC or Libvirt, systemd-nspawn is easier to configure.

Installation

The following commands should be run as the root user.

Basic Environment

For Debian and Debian-based systems, install systemd-container and debootstrap:

apt install debootstrap systemd-container

For Arch Linux and Arch-based systems, the default installed systemd already includes systemd-container, just install debootstrap and debian-archive-keyring:

pacman -S debootstrap debian-archive-keyring

Install Debian Base

Proxmox Backup Server is based on Debian. Before installing Proxmox Backup Server, you need to install Debian Base, taking bookworm as an example:

cd /var/lib/machines

debootstrap –include=dbus-broker,systemd-container –components=main bookworm pbs https://deb.debian.org/debian

dbus-broker and systemd-container are essential, as explained in Systemd-nspawn.

Set Password

cd /var/lib/machines

systemd-nspawn -D ./pbs

passwd

logout

Configure macvlan Network Card

It is recommended that Proxmox Backup Server uses a different IP from the host, which can be achieved using MacVLAN. On the host, configure pbs:

mkdir -p /etc/systemd/nspawn

nano /etc/systemd/nspawn/pbs.nspawn

Then enter the following content:

[Exec]

Hostname=pbs

[Network]

MACVLAN=eth0

## eth0 refers to the creation of a MacVLAN network card based on the host’s eth0, modify it to your own, such as vmbr0, ens18, eno1, etc.

[Files]

PrivateUsersChown=yes

Bind=/mnt/data:/mnt/data

## Location to store Proxmox Backup Server backup data, similar to Docker mapping, the path on the left side of the colon is the host path, and the path on the right side is the container path. If you have used Docker before, you can directly use the previous configuration path

Start

machinectl start pbs       # Start pbs

machinectl shell root@pbs  # Enter pbs

Configure Network

Since we use the MacVLAN network, we need to configure the network separately for the container. Enter the container, create and edit /etc/network/interfaces.d/macvlan with the following content. The mv-eth0 is the MacVLAN virtual network card name in the container, which can be seen by typing the command `ip a`.

auto mv-eth0

iface mv-eth0 inet dhcp

iface mv-eth0 inet6 dhcp

This configures the network using DHCP; you can also set a static IP according to your preferences.

Then restart the network:

systemctl enable –now networking.service

systemctl restart networking.service

If you still cannot access the network, set the DNS server by editing /etc/resolv.conf and setting the nameserver as follows. You can change it to the DNS server you use.

nameserver 223.5.5.5

Install Proxmox Backup Server

Enter pbs, configure Debian and Proxmox Backup Server repository sources, and modify /etc/apt/sources.list as follows (based on Debian 12 bookworm):

deb https://deb.debian.org/debian bookworm main contrib

deb https://deb.debian.org/debian bookworm-updates main contrib

deb https://deb.debian.org/debian-security bookworm-security main contrib

Trust the Proxmox keyring (only downloaded the current version bookworm key):

apt install wget

wget http://download.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg

Create /etc/apt/sources.list.d/pbs.list with the following content:

deb http://download.proxmox.com/debian/pbs bookworm pbs-no-subscription

Install Proxmox Backup Server:

apt update

apt install proxmox-backup-server

After installation, a file /etc/apt/sources.list.d/pbs-enterprise.list will be generated. Comment out its content.

Then you can happily access https://<IP>:8007 to configure PBS. Those with DDNS can also set up acme for automatic SSL certificate renewal in the web UI.

Others

1. To view the disk’s SMART information in Proxmox Backup Server, modify /etc/systemd/nspawn/pbs.nspawn as follows:

[Exec]

Hostname=pbs

Capability=CAP_SYS_RAWIO

[Network]

MACVLAN=eth0

## eth0 refers to the creation of a MacVLAN network card based on the host’s eth0, modify it to your own, such as vmbr0, ens18, eno1, etc.

[Files]

PrivateUsersChown=yes

Bind=/mnt/data:/mnt/data

## Location to store Proxmox Backup Server backup data, similar to Docker mapping, the path on the left side of the colon is the host path, and the path on the right side is the container path. If you have used Docker before, you can directly use the previous configuration path

Bind=/dev/sda

Bind=/dev/sdb

## Allow Proxmox Backup Server to view SMART information of certain disks, map them all to it

…other disks

Then set the disks mentioned above to allow the container to read information:

systemctl set-property systemd-nspawn@pbs DeviceAllow=’/dev/sda r’

systemctl set-property systemd-nspawn@pbs DeviceAllow=’/dev/sdb r’

…other disks

2. Set the pbs container to start automatically when the host boots:

machinectl enable pbs

3. By default, the hostname in the container is still the host’s hostname. Modify /etc/hostname in the container to pbs.

4. To update PBS in the future, enter the container and run `apt update && apt upgrade`, simple and convenient.

5. When using MacVLAN, by default, the host cannot access the systemd container in the same subnet. It can be accessed if not in the same subnet. Therefore, it is recommended to set the PBS IP in a different subnet from the host. Of course, it is possible to access it in the same subnet by creating an additional MacVLAN bridge on the host:

ip link add mymv link eth0 type macvlan mode bridge

# mymv is the name of the newly created bridge, eth0 is the host network card name that the virtual MacVLAN network card in the container is bridged to, modify both as needed

ip link set dev mymv address “76:d3:4a:8b:81:47”    

# Modify the new bridge’s MAC address as needed

ip link set mymv up

ip route add “10.0.0.30” dev mymv                   

# 10.0.0.30 is the pbs container’s IP, modify it to your own

After rebooting the host, the above commands need to be re-entered. To automate this, choose the appropriate method based on the host system.

  • If the host is Debian, create /etc/network/if-up.d/mymv with the following content, where eth0, mymv, 76:d3:4a:8b:81:47, and 10.0.0.30 should be modified based on the explanation above and your actual situation.

#!/bin/sh

if [ “$IFACE” = “eth0” ]; then

    ip link add mymv link eth0 type macvlan mode bridge

    ip link set dev mymv address “76:d3:4a:8b:81:47”

    ip link set mymv up

    ip route add 10.0.0.30 dev mymv

fi

Then add execute permissions to this script:

chmod +x /etc/network/if-up.d/mymv

  • If the host is Arch Linux and using network manager, create /etc/NetworkManager/dispatcher.d/10-mymv with the following content, where eth0, mymv, 76:d3:4a:8b:81:47, and 10.0.0.30 should be modified based on the explanation above and your actual situation.

#!/bin/bash

export LANG=’C’

INTERFACE=$1

STATUS=$2

set_ip_route() {

    if [[ “$INTERFACE” == “eth0” ]]; then

        ip link add mymv link eth0 type macvlan mode bridge

        ip link set dev mymv address “76:d3:4a:8b:81:47”

        ip link set mymv up

        ip route add 10.0.0.30 dev mymv

    fi

}

case “$STATUS” in

    “up”|”vpn-up”) set_ip_route;;

esac

exit 0

This script also needs execute permissions:

chmod +x /etc/NetworkManager/dispatcher.d/10-mymv

6.For other functionalities, refer to Systemd-nspawn.

Leave a Reply

Your email address will not be published. Required fields are marked *