BorgBackup 5.1.5 on 5.5.11-1 remote repo create and/or use failure

  • I have two OMV (NAS and BackupNas) both running 5.5.11-1 with BorgBackup 5.1.5. On either I can create a shared folder and then create a local Repo.


    What I would like to do is create a Repo on BackupNAS to backup NAS to (remote).


    1) If I create the Repo on BackupNAS and then on NAS create a repo pointing to the one on BackupNAS with "Skip init" selected I get an Error on NAS


    OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; BORG_PASSPHRASE='password' /usr/bin/borg check --repository-only --info 'scott@backupnas:/srv/dev-disk-by-label-Backup/Borg/'' with exit code '2': in /usr/share/php/openmediavault/system/process.inc:182


    If I run the command myself it initially failes becuase BorgBackup has created the Repo all owned by root


    PermissionError: [Errno 13] Permission denied: '/srv/dev-disk-by-label-Backup/Borg/config'


    If I chown recuresively the directory then the command will complete if run by hand

    scott@nas:~$ BORG_PASSPHRASE='password' /usr/bin/borg check --repository-only --info 'scott@backupnas:/srv/dev-disk-by-label-Backup/Borg/'

    Remote: Starting repository check

    Remote: Starting repository index check

    Remote: Index object count match.

    Remote: Completed repository check, no problems found.


    However the wizzard in the plugin will still fail as above



    2) If I create a Shared Folder on BackupNAS and then create a repo from NAS remotely it fails


    Error #0:
    OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; BORG_PASSPHRASE='password' /usr/bin/borg init --encryption=none 'scott@backupnas:/srv/dev-disk-by-label-Backup/Borg/'' with exit code '2': in /usr/share/php/openmediavault/system/process.inc:182
    Stack trace:
    #0 /usr/share/openmediavault/engined/rpc/borgbackup.inc(158): OMV\System\Process->execute(Array)
    #1 [internal function]: OMVRpcServiceBorgBackup->setRepo(Array, Array)
    #2 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
    #3 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('setRepo', Array, Array)
    #4 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('BorgBackup', 'setRepo', Array, Array, 1)
    #5 {main}

    Running the command by hand works (the directory is writable by scott)


    scott@nas:~$ BORG_PASSPHRASE='password' /usr/bin/borg init --encryption=none 'scott@backupnas:/srv/dev-disk-by-label-Backup/Borg/'


    and creates the repo


    scott@backupnas:/srv/dev-disk-by-label-Backup/Borg$ ls -al

    total 72

    drwxrwsr-x 3 root users 4096 Sep 23 09:46 .

    drwxr-xr-x 6 root root 4096 Sep 23 09:41 ..

    -rw------- 1 scott users 209 Sep 23 09:46 config

    drwx--S--- 3 scott users 4096 Sep 23 09:46 data

    -rw------- 1 scott users 52 Sep 23 09:46 hints.1

    -rw------- 1 scott users 41258 Sep 23 09:46 index.1

    -rw------- 1 scott users 190 Sep 23 09:46 integrity.1

    -rw------- 1 scott users 73 Sep 23 09:46 README


    and the check works


    scott@nas:~$ BORG_PASSPHRASE='password' /usr/bin/borg check --repository-only --info 'scott@backupnas:/srv/dev-disk-by-label-Backup/Borg/'

    Remote: Starting repository check

    Remote: Starting repository index check


    however trying to tell BorgBackup to use that remote repo still fails with the same error


    Error #0:
    OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; BORG_PASSPHRASE='password' /usr/bin/borg check --repository-only --info 'scott@backupnas:/srv/dev-disk-by-label-Backup/Borg/'' with exit code '2': in /usr/share/php/openmediavault/system/process.inc:182
    Stack trace:
    #0 /usr/share/openmediavault/engined/rpc/borgbackup.inc(158): OMV\System\Process->execute(Array)
    #1 [internal function]: OMVRpcServiceBorgBackup->setRepo(Array, Array)
    #2 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
    #3 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('setRepo', Array, Array)
    #4 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('BorgBackup', 'setRepo', Array, Array, 1)
    #5 {main}

    So I can not move on to create an archive.


    Any suggestions for debugging greatly recieved






  • on the primary NAS, did you create an ssh key for the user that will be creating the repo on the remote NAS and then add the public ssh key to the authorized keys of the user you want to use on the remote NAS? you will also need to ssh to the remote NAS from the primary NAS one time to accept the ssh certificate.


    On a test setup, I just used the root user but I did the following:


    root@borg1:~# ssh-keygen # skip if using root since a key has already been created and don't use password

    root@borg1:~# cat .ssh/id_rsa.pub # copy the output


    root@borg2:~# nano .ssh/authorized_keys # i prefer vi but nano is easier for noobs

    # paste the key key from borg1 into the file, ctrl-o to save, ctrl-x to exit


    root@borg1:~ # ssh root@borg2 # accept cert and should ready to go.


    And no, the plugin cannot do all of this. You can do the cert stuff in the web interface but you will still need to ssh from the primary to remote to accept the cert one time.

    omv 5.5.13 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.2
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Hi. Yes this is already done. In fact I went as far as checking that the commands run without anything interactive, for example


    scott@nas:~$ BORG_PASSPHRASE='password' /usr/bin/borg check --repository-only --info 'scott@backupnas:/srv/dev-disk-by-label-Backup/Borg/'

    Remote: Starting repository check

    Remote: Starting repository index check

    Remote: Index object count match.

    Remote: Completed repository check, no problems found.


    I see you are doing it with root. I wonder if it only works if you connect as root. I will go check

  • I see you are doing it with root. I wonder if it only works if you connect as root. I will go check

    I just did that because they were new test systems and I didn't feel like setting up users too. I use borg on my production systems and the remote system is not using root.

    omv 5.5.13 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.2
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Hu interesting, only works if you use the root user to connect. Had to change my connection string to be


    root@backupnas:/srv/dev-disk-by-label-Backup/borg/

    Nope. I was able to create a repo on the remote back with a non-root username after I added the root public key to the user's authorized keys. The job runs as root in the plugin on the primary no matter what.

    omv 5.5.13 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.2
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Sorry if I inject the thread. I am evaluating my remote backup strategy which will be a NAS at my parent's hose.

    I've never used BorgBackup but ticks all the boxes and seems very promising


    What I am unsure is SSH configuration.


    Do you do expose SSH over the internet with some care (custom port, limit logins in X minutes and obviously disallow password logins) or have an always on VPN which routes only the backup target?

    OMV BUILD - MY NAS KILLER - OMV 5.x + omvextrasorg


    Core i3-8300 - ASRock H370M-ITX/ac - 8GB RAM - Sandisk Ultra Flair 32GB (OMV), 256GB NVME SSD (Docker), 3x4TB HDD (Data) - Fractal Design Node 304 - Be quiet! Pure Power 11 350W

  • In my case both devices are on the same network so I did not have that trouble.


    Both the solutions you are proposing would obvioulsy work. ssh would be the simplest to setup with a little port forwarding and care. If you are using certificates (which you would need to) and turn off password authentication then IMHO you should be safe enough for your use case. VPN would be more flexible if you want to run other services at the expense of the extra up front effort. However, now you have a process that is not directly started by Borg that needs to be reliable and needs investigating separately if you have any issue. That is the kind of complexity I try to avoid.


    Hope that helps

  • now you have a process that is not directly started by Borg that needs to be reliable and needs investigating separately

    That's what I want to avoid.
    Thanks for confirming the simple SSH scenario.

    OMV BUILD - MY NAS KILLER - OMV 5.x + omvextrasorg


    Core i3-8300 - ASRock H370M-ITX/ac - 8GB RAM - Sandisk Ultra Flair 32GB (OMV), 256GB NVME SSD (Docker), 3x4TB HDD (Data) - Fractal Design Node 304 - Be quiet! Pure Power 11 350W

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!