Qubes 4.0 backup vm to USB from dom0
cybe...@national.shitposting.agency
from dom0 the command:
sudo qvm-backup sys-usb:/mnt MyVm
returns the error:
The backup directory does not exist
how can i make a backup to USB when USB devices are not exposed to dom0?
Yuraeitha
I haven't seen that manner of command used for Qubes backup before. It looks like you're mixing together the qvm-block, qvm-usb, qvm-pci command attributes and options with the qvm-backup and qvm-backup-restore command attributes and options, which are different in this regard. See the commands below to see what I mean by different.
qvm-backup -d name-of-AppVM-to-handle-backup '/path-to-backup-location'
Also if you want to only include one or a few VM's, then;
qvm-backup -d name-of-AppVM '/path-to-backup-location' work vault personnel
Which will exclude everything else. But if you want everything, but exclude a few VM's, then you can type;
qvm-backup -d name-of-AppVM-to-handle-backup '/path-to-backup-location' -x sys-net -x sys-firewall -x sys-whonix -s fedora-26 -x work
I believe you can even mix both approaches, but I have never attempted this, nor read if it's possible. But logically it seems possible.
To restore again, qvm-backup-restore, just reverse the same as above, for example: qvm-backup-restore -d name-of-AppVM-to-handle-backup '/path-to-backup-location/backup-filename' Note here, unlike the above, you will include the backup file when restoring.
Furthermore, you can use the '--save-profile profile-name-of-choice' attribute to save frequent used backup patterns. Profiles are not important, but they are convenient and makes life easy. For example if you just need to do a quick backup of all your AppVM's but don't want to include the templates, then you can restore it with '--profile name-of-your-AppVM-profile'. This way you can make frequent smaller backups very quickly, but less frequent slow and large backups. The large backups are useful for situations you need to re-install but no security issues or desires to freshly clean anything, is needed. While the backup of your AppVM's, at least will save your work and data. So profiling makes it easy and very useful to quickly make backup's of the most important stuff on a frequent basis.
For example to save a profile, something like this
qvm-backup -d name-of-AppVM '/path-to-backup-location' work vault personnel --save-profile AppVMs
In order to quick restore a profile, but remember a dom0 re-install likely removes backup profiles, though this is normally no big deal anyway. To use;
qvm-backup-restore --profile AppVMs
I remain uncertain if backup profiles can easily be transferred to a new fresh Qubes install. I assume there is no security issue with it too, but it's also something unanswered. Perhaps the profile is saved within the backup itself, or instead in dom0 somewhere. Either way, this should get you started.
Yuraeitha
Correction, I must be still sleeping, but of course you can't mix the approachs as mentioned above, because they are polar opposite approaches to either include everything "except", or no VM's "besides only a few". My bad.
Also the python code which the new backup tool is based on, as python code's natural nature I believe, does not give easy to read error messages. So even a simple typo, like in the path, or forgetting '' marks in paths with space or special letters, etc. may give you a complete python error that does not give any hints as to what went wrong. So if it doesn't work, try look for typo's in the command, especially if you're sleepy in the early morning or late night.
Yuraeitha
and yes, this works for USB too. Just ensure the USB is mounted inside your AppVM, and then just throw the path to your USB which it is mounted on :-)
cybe...@national.shitposting.agency
qvm-backup --help
didnt display too much information, so i was mostly guessing at usage, thank you for your thorough answer
Tom Zander
problem.
I tried to make a backup a coupele of days ago. The GUI tool correctly
notices I have a sys-usb and I used it to browse to the directory there to
do the backup. All that worked fine.
Until I pressed the final button to start the backup, it just failed saying
it could not find the directory...
I ended up giving up on doing a backup.
--
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel
Yuraeitha
Glad it worked out for you:)
@Tom Zander
Yeah, it looks like the GUI Qubes-Backup and Qubes-Backup-Restore are broken, I've had similar issues, and seen others having too when using GUI. But it's only the GUI that's broken by the looks of it, it works perfectly fine in terminal in my experience. I've done multiple of backups back and forth on Qubes 4 already, I've yet to run into any problem when using the terminal approach, while the GUI approach always gives problems. So until the GUI is fixed, it's probably best to stick to the terminal for backup purposes.
I was a bit grumpy too after being forced to use the terminal for backup, especially as I was in a hurry the first time and it was just one big "meh". But it's not that bad now that I got used to it, it's pretty straight forward and easy to do. If you memorize the backup approaches, and use the profiles too, then it can actually be even easier than the GUI. In hindsight, that kind of surprised me.
It's also really nice to have this down if we're planning to use the adminVM features one day, to remotely backup Qubes from the intranet or internet. I still don't feel comfortable having the adminVM in dom0 exposed to the internet though, but I guess it might change if learning more about how it works, remains to be seen I guess.
cybe...@national.shitposting.agency
actually i am experiencing this bug with qvm-backup-restore:
https://groups.google.com/forum/#!topic/qubes-users/HZVBAqerLoI
Is there a way to manually trigger a refresh of the drop-down menu of available qubes? qvm-backup-restore does not reliably add qubes to the menu of available vm's and my only way to use them is by using qvm-run
to be specific, this bug is only happening when trying to restore fedora-25-dvm backed up from qubes 4.0-rc1, all other vm's restoration worked fine
Yuraeitha
Sorry for late reply, I missed your post until now.
Wait, you installed RC-1 and updated to RC-4? The developers explicitedly recommend not to do this, and reinstall between RC-1 and RC-2. You can find this info in the release cycles for RC-2. But it should be no problem to upgrade from RC-2 to RC-3 and RC-4, though as memory serves there are some bits of extra information to take notice of in the RC-4 upgrade. It could be you run into some of these issues because if updated up from RC-1.
There are some good quick approaches to get a list while you include and exclude backup VM's. The most straight forward is to simply execute the qvm backup command prematurely, which prints two lists in the terminal, which are all those included and all those excluded, right before asking Yes/No to proceed. If it doesn't look right, just press "N" for no, and return to adjust your qvm-backup/qvm-backup-restore command for whichever to exclude or include.
You can also open a second terminal window and run qvm-ls.
A third approach is to use the Qubes Manager, but I prefer not to use it. I listed these approaches in the order I prefer my self.
The first one I mentioned is my favorite as its straight forward. I only use qvm-ls if I have a lot of VM's to exclude or include. By executing it prematurely, you easily get two lists that makes it easy to get an overview.
- - - -
I'm not sure if the dvm you report as a bug is actually a bug, and not a feature? It might be Qubes adjusting and fixing old settings to current settings. dvm's, as far as I know anyway, being temporary VM's and all, hold no information on their own, so you can easily make new ones. I think it might be removed because dvm's has changed and been updated in Qubes 4 to allow any VM to have a dvm version, rather than just one like in Qubes 3.2. So it may just be Qubes autoadjusting itself. But I wouldn't know, it's guessing on my part at this point. But if dvm is all there is, then I wouldn't worry, though it would be nice with a more official explanation of course. For example if this could happen to a non dvm, then it gets a whole lot more scary all of a sudden, but at this point, it's hard to tell which it is for sure.
Yuraeitha
Apologies, I'm a bit exhausted/tired atm so I didn't read your post properly. You talked about backup from RC-1, and not updating from RC-1, so I definitely misunderstood. Though still, I'm only postulating, but it may also be a possible explanation as to why the dvm disappeared if it came from RC-1. But that's only guessing. Above all, none of the RC-x versions are production ready, so be careful if you put any important data on Qubes 4 early release cycles, before it becomes officially stable.