#952 Issue closed: Incremental encrypted Restore not possible¶

Labels: bug, fixed / solved / done

dcz01 opened issue at 2016-08-04 06:13:¶

Incremental encrypted Restore not possible¶

My environment:

• rear version (/usr/sbin/rear -V): Relax-and-Recover 1.17.2 / Git
• OS version (cat /etc/rear/os.conf or lsb_release -a): OS_VENDOR=RedHatEnterpriseServer OS_VERSION=6
• rear configuration files (cat /etc/rear/site.conf or cat /etc/rear/local.conf):

OUTPUT=ISO
#OUTPUT_URL=file://
BACKUP=NETFS
BACKUP_PROG=tar
BACKUP_PROG_CRYPT_ENABLED=1
BACKUP_PROG_CRYPT_KEY=brpbackup123
BACKUP_PROG_CRYPT_OPTIONS="/usr/bin/openssl aes256 -salt -k"
BACKUP_PROG_DECRYPT_OPTIONS="/usr/bin/openssl aes256 -d -k"
#BACKUP_URL=nfs://
BACKUP_URL=cifs://notesrechte/BRP-Backup
BACKUP_OPTIONS="cred=/etc/rear/cifs"
BACKUP_TYPE=incremental
FULLBACKUPDAY=Sat
BACKUP_PROG_EXCLUDE=( '/tmp/*' '/dev/shm/*' $VAR_DIR/output/\* '/mnt/*' '/media/*' '/var/lib/pgsql/9.3/data/base/*' '/var/lib/pgsql/9.3/data/global/*' '/var/lib/pgsql/9.3/data/pg*/*' )

Hello together,

i have an problem when i want to restore my system with rear.
i always do an full backup every saturday and the other days an normal incremental backup.
so when i boot from the recovery cd and start an automatic backup from an cifs share, it only shows and takes me an incremental backup for restore and not the last full.
is there an option for the config or an parameter for the rear restore command?

i use the recovery cd from the share from 01.08.2016 at 05:00.

gdha commented at 2016-08-09 13:10:¶

@dcz01 The reason why you get that error is because we remove the password from the configuration file - see script:

/usr/share/rear/build/default/96_remove_encryption_keys.sh:  sed -i -e 's/BACKUP_PROG_CRYPT_KEY=.*/BACKUP_PROG_CRYPT_KEY=""/' $configfile

That has been added by issue #568

dcz01 commented at 2016-08-09 13:21:¶

well i know that and understand why that must be done, but my problem is not that...
the restore command is taking the incremental backup of the share and not the full backup at first.
you can see it in the last picture by: Backup archive size is 32M.
in there is not the complete system, so the restore fails even if i give the script the key for encryption.

gdha commented at 2016-08-09 14:12:¶

@dcz01 Ok understood it now - the code was donated and I never tested a restore myself with incrementals in place. So, it means it is broken - perhaps you could try a recover with a -D flag is that we can see why it takes the wrong input files? I'll add a bug flag.

dcz01 commented at 2016-08-09 14:36:¶

@gdha Well when i start the restore it gets very fast the newest archive and i can't see of which variable it gets it from.

gdha commented at 2016-08-09 14:57:¶

@dcz01 And what do you see in the log file?

dcz01 commented at 2016-08-10 06:48:¶

@gdha In the log i only find something like that:

dcz01 commented at 2016-08-11 13:44:¶

@gdha I think i found the issue myself by testing something with different configurations.
i changed my config to this:

OUTPUT=ISO
OUTPUT_URL=file:///opt/brp/rear
BACKUP=NETFS
BACKUP_PROG=tar
#BACKUP_PROG_CRYPT_ENABLED=1
#BACKUP_PROG_CRYPT_KEY=brpbackup123
#BACKUP_PROG_CRYPT_OPTIONS="/usr/bin/openssl aes256 -salt -k"
#BACKUP_PROG_DECRYPT_OPTIONS="/usr/bin/openssl aes256 -d -k"
#BACKUP_URL=nfs://
BACKUP_URL=cifs://notesrechte/BRP-Backup
BACKUP_OPTIONS="cred=/etc/rear/cifs"
BACKUP_TYPE=incremental
FULLBACKUPDAY="Sat"
BACKUP_PROG_EXCLUDE=( '/tmp/*' '/dev/shm/*' $VAR_DIR/output/\* '/mnt/*' '/media/*' '/var/lib/pgsql/9.3/data/base/*' '/var/lib/pgsql/9.3/data/global/*' '/var/lib/pgsql/9.3/data/pg*/*' )

and then the backup and the restore works without failure. the issue is the encryption of the data archives (.tar.gz files).
could you look for why the restore is failing when i use encryption of the data and incremental backups?

gdha commented at 2016-08-11 17:46:¶

Hum, interesting - dd if=archives/client/2016-08-11-1700-I.tar.gz | /usr/bin/openssl aes256 -d -k brpbackup123 | tar ztf - seemed to work - will do a full cycle tomorrow.

dcz01 commented at 2016-08-12 09:35:¶

@gdha I think i found a little bit more for you to debug or to solve the problem:
command was: rear recover -d

Update: I found the positions in the log where gzip has an problem with the encrypted tar archives.

2016-08-12 11:10:04.628808202 Disk layout created.
2016-08-12 11:10:04.631664214 Including layout/recreate/default/25_verify_mount.sh
2016-08-12 11:10:04.635794101 Finished running 'layout/recreate' stage in 27 seconds
2016-08-12 11:10:04.637609954 Running 'restore' stage
2016-08-12 11:10:04.643375750 Including restore/Fedora/05_copy_dev_files.sh
2016-08-12 11:10:04.662715540 Including restore/NETFS/default/10_mount_NETFS_path.sh
mkdir: created directory `/tmp/rear.J5wEkxMiEk14B67/outputfs'
2016-08-12 11:10:04.665218134 Added 'rmdir -v /tmp/rear.J5wEkxMiEk14B67/outputfs >&2' as an exit task
2016-08-12 11:10:04.671524169 Mounting with 'mount -v -t nfs -o ro 192.168.197.228:/mnt/FreeNAS/backup2 /tmp/rear.J5wEkxMiEk14B67/outputfs'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying 192.168.197.228 prog 100003 vers 3 prot TCP port 2049
mount.nfs: trying 192.168.197.228 prog 100005 vers 3 prot UDP port 851
mount.nfs: timeout set for Fri Aug 12 11:12:04 2016
mount.nfs: trying text-based options 'vers=4,addr=192.168.197.228,clientaddr=192.168.197.235'
mount.nfs: trying text-based options 'addr=192.168.197.228'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: prog 100005, trying vers=3, prot=17
192.168.197.228:/mnt/FreeNAS/backup2 on /tmp/rear.J5wEkxMiEk14B67/outputfs type nfs (ro)
2016-08-12 11:10:04.687562307 Added 'umount -f -v '/tmp/rear.J5wEkxMiEk14B67/outputfs' >&2' as an exit task
2016-08-12 11:10:04.689221887 Including restore/NETFS/default/38_prepare_multiple_isos.sh
2016-08-12 11:10:04.695154757 Including restore/NETFS/default/40_restore_backup.sh
2016-08-12 11:10:04.701501134 Decrypting archive with key defined in variable $BACKUP_PROG_CRYPT_KEY
2016-08-12 11:10:04.703013184 Restoring tar archive '/tmp/rear.J5wEkxMiEk14B67/outputfs/brp-server/2016-08-12-0934-I.tar.gz'

gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now
2016-08-12 11:10:04.711821025 dd if=/tmp/rear.J5wEkxMiEk14B67/outputfs/brp-server/ | /usr/bin/openssl aes256 -d -k brpbackup123 | tar --block-number --totals --verbose --anchored --gzip -C /mnt/local/ -x -f -
dd: reading `/tmp/rear.J5wEkxMiEk14B67/outputfs/brp-server/': Is a directory
0+0 records in
0+0 records out
0 bytes (0 B) copied, 5.6581e-05 s, 0.0 kB/s
WARNING: can't open config file: /etc/pki/tls/openssl.cnf
error reading input file

gzip: stdin: unexpected end of file
tar: Child returned status 1
tar: Error is not recoverable: exiting now
2016-08-12 11:10:04.718561099 dd if=/tmp/rear.J5wEkxMiEk14B67/outputfs/brp-server/2016-08-12-0934-I.tar.gz | /usr/bin/openssl aes256 -d -k brpbackup123 | tar --block-number --totals --verbose --anchored --gzip -C /mnt/local/ -x -f -
WARNING: can't open config file: /etc/pki/tls/openssl.cnf
4336+1 records in
4336+1 records out
2220512 bytes (2.2 MB) copied, 0.144185 s, 15.4 MB/s
Total bytes read: 14970880 (15MiB, 20MiB/s)
2016-08-12 11:10:07.711973660 Including restore/NETFS/default/50_selinux_autorelabel.sh
2016-08-12 11:10:07.718230548 Created /.autorelabel file : after reboot SELinux will relabel all files
2016-08-12 11:10:07.719841844 Including restore/default/50_selinux_autorelabel.sh
2016-08-12 11:10:07.722139036 Created /.autorelabel file : after reboot SELinux will relabel all files
2016-08-12 11:10:07.723701576 Including restore/NETFS/Linux-i386/51_selinux_fixfiles_exclude_dirs.sh
2016-08-12 11:10:07.725319685 Including restore/NETFS/default/51_set_capabilities.sh
2016-08-12 11:10:07.726985264 Including restore/default/90_create_missing_directories.sh
2016-08-12 11:10:07.728639014 Restore the Mountpoints (with permissions) from /var/lib/rear/recovery/mountpoint_permissions
2016-08-12 11:10:07.740770825 Including restore/NETFS/default/98_umount_NETFS_dir.sh
2016-08-12 11:10:07.743900906 Unmounting '/tmp/rear.J5wEkxMiEk14B67/outputfs'
Legacy NFS mount point detected
192.168.197.228:/mnt/FreeNAS/backup2 umounted
2016-08-12 11:10:07.761155780 Removed 'umount -f -v '/tmp/rear.J5wEkxMiEk14B67/outputfs' >&2' from the list of exit tasks
rmdir: removing directory, `/tmp/rear.J5wEkxMiEk14B67/outputfs'
2016-08-12 11:10:07.763466205 Removed 'rmdir -v /tmp/rear.J5wEkxMiEk14B67/outputfs >&2' from the list of exit tasks
2016-08-12 11:10:07.765131408 Including restore/default/99_move_away_restored_files.sh
2016-08-12 11:10:07.767114525 Finished running 'restore' stage in 3 seconds
2016-08-12 11:10:07.768553788 Running 'finalize' stage
2016-08-12 11:10:07.773728582 Including finalize/default/01_prepare_checks.sh
2016-08-12 11:10:07.776477422 Including finalize/default/10_populate_dev.sh
2016-08-12 11:10:07.800680419 Including finalize/GNU/Linux/15_migrate_disk_devices_layout.sh
2016-08-12 11:10:07.813257246 Including finalize/GNU/Linux/15_migrate_uuid_tags.sh
2016-08-12 11:10:07.814901428 Including finalize/GNU/Linux/16_rename_diskbyid.sh
2016-08-12 11:10:07.832046975 Including finalize/Fedora/i386/17_rebuild_initramfs.sh
2016-08-12 11:10:07.837490058 Original OLD_INITRD_MODULES='sunrpc auth_rpcgss ipv6 dca hid-hyperv ptp mlx5_core mdio be2net cxgb4 cxgb3 mlx4_core mlx4_en cnic mspro_block memstick mmc_block sdhci sdhci-pci mmc_core i2c-algo-bit i2c-core video zram cdrom ubi mtdblock mtd_blkdevs rfd_ftl mtdblock_ro nftl ftl inftl ssfdc pata_amd pata_rz1000 pata_ninja32 pata_ali pata_it821x pata_sis pata_opti pata_via pata_atiixp pata_hpt3x3 pata_sch sata_sis pata_cs5530 pata_it8213 pata_sl82c105 sata_promise sata_via sata_uli sata_qstor pata_cs5520 sata_svw pata_pdc2027x pata_oldpiix pata_rdc pata_cmd640 pata_triflex pata_sil680 pata_efar pata_pdc202xx_old pata_hpt37x pata_radisys pata_cypress pata_marvell pata_jmicron pata_ns87415 pata_hpt3x2n pata_pcmcia sata_sil24 sata_sx4 pata_acpi sata_nv sata_mv pata_hpt366 ahci pdc_adma ata_piix pata_optidma pata_serverworks pata_cmd64x pata_ns87410 pata_atp867x pata_sc1200 sata_sil pata_artop sata_inic162x pata_netcell pata_mpiix sata_vsc ata_generic ib_cm ib_mad rdma_cm ib_ucm rdma_ucm ib_umad ib_sa ib_addr ib_uverbs ib_core iw_cm ib_qib ocrdma mlx5_ib iw_nes iw_cxgb4 iw_cxgb3 mlx4_ib ib_mthca ib_ipath ib_iser ib_srp ib_ipoib virtio_ring virtio virtio_pci pd6729 yenta_socket rsrc_nonstatic mptspi mptfc mptbase mptscsih mptsas dm-mod dm-log dm-crypt dm-thin-pool dm-service-time dm-log-userspace dm-bufio raid0 dm-multipath dm-era dm-flakey dm-persistent-data dm-cache-mq dm-delay dm-cache dm-raid dm-switch dm-bio-prison raid456 raid1 dm-queue-length dm-mirror linear dm-round-robin dm-memcache raid10 dm-snapshot dm-raid45 faulty dm-cache-smq dm-cache-cleaner dm-zero dm-region-hash uio xhci-hcd microtek ums-alauda ums-sddr55 ums-freecom usb-storage ums-onetouch ums-isd200 ums-datafab ums-usbat ums-cypress ums-jumpshot ums-sddr09 ums-karma sx8 mtip32xx xen-blkfront osdblk floppy cciss nvme rsxx pktcdvd virtio_blk aoe hyperv-keyboard padlock-sha padlock-aes qat_dh895xcc intel_qat hifn_795x hv_vmbus firewire-ohci firewire-core firewire-sbp2 radeon i915 drm_kms_helper ttm vmwgfx drm nouveau hyperv_fb output tcm_loop target_core_mod pps_core scsi_tgt scsi_transport_sas ppa mvsas scsi_transport_spi virtio_scsi mpt3sas mpt2sas 3w-xxxx scsi_transport_srp lpfc sym53c8xx scsi_debug pmcraid libfc hpsa bnx2fc bfa initio raid_class megaraid_sas megaraid_mm megaraid_mbox libsas osd libosd qla2xxx sd_mod qla4xxx arcmsr 3w-sas vmw_pvscsi aic94xx ips libfcoe fcoe hptiop scsi_wait_scan pm80xx stex aacraid sr_mod scsi_transport_fc dpt_i2o isci hv_storvsc BusLogic 3w-9xxx aic7xxx aic79xx fnic scsi_dh_emc scsi_dh_alua scsi_dh_rdac scsi_transport_iscsi libiscsi imm iscsi_boot_sysfs wmi mxm-wmi parport raid6_pq lzo_decompress lzo_compress crc-itu-t libcrc32c crc-t10dif zlib_deflate fcrypt lzo gcm tcrypt ghash-generic rmd320 ecb ccm gf128mul crypto_null vmac blowfish lrw tea twofish_common rmd256 serpent xor ctr cryptd cast5 tgr192 rmd128 seqiv cbc des_generic seed md4 arc4 anubis pcbc sha512_generic deflate cts authenc async_memcpy raid6test async_tx async_xor async_pq async_raid6_recov xts aes_generic michael_mic khazad zlib xcbc cast6 rmd160 drbg ansi_cprng camellia wp512 cramfs btrfs jbd ecryptfs autofs4 jffs2 nfs_layout_nfsv41_files nfs mbcache configfs fscache ext4 udf ext2 cifs jfs exportfs squashfs gfs2 nfs_acl xfs jbd2 fat msdos vfat ubifs lockd nfsd ext3 reiserfs nls_cp932 nls_cp950 nls_iso8859-3 nls_cp1250 nls_cp861 nls_iso8859-7 nls_iso8859-15 nls_cp862 nls_cp857 nls_cp775 nls_utf8 nls_cp869 nls_iso8859-13 nls_cp936 nls_cp874 nls_cp864 nls_iso8859-1 nls_cp1255 nls_koi8-ru nls_cp852 nls_cp865 nls_iso8859-2 nls_iso8859-4 nls_cp949 nls_cp860 nls_koi8-r nls_iso8859-9 nls_euc-jp nls_cp1251 nls_iso8859-6 nls_cp863 nls_koi8-u nls_iso8859-5 nls_iso8859-14 nls_cp866 nls_cp850 nls_cp855 nls_cp737 cachefiles fuse cuse dlm twofish-x86_64 aesni-intel ghash-clmulni-intel salsa20-x86_64 crc32c-intel ablk_helper aes-x86_64 glue_helper sha512-ssse3'
2016-08-12 11:10:07.846055340 New INITRD_MODULES='sunrpc auth_rpcgss ipv6 dca hid-hyperv ptp mlx5_core mdio be2net cxgb4 cxgb3 mlx4_core mlx4_en cnic mspro_block memstick mmc_block sdhci sdhci-pci mmc_core i2c-algo-bit i2c-core video zram cdrom ubi mtdblock mtd_blkdevs rfd_ftl mtdblock_ro nftl ftl inftl ssfdc pata_amd pata_rz1000 pata_ninja32 pata_ali pata_it821x pata_sis pata_opti pata_via pata_atiixp pata_hpt3x3 pata_sch sata_sis pata_cs5530 pata_it8213 pata_sl82c105 sata_promise sata_via sata_uli sata_qstor pata_cs5520 sata_svw pata_pdc2027x pata_oldpiix pata_rdc pata_cmd640 pata_triflex pata_sil680 pata_efar pata_pdc202xx_old pata_hpt37x pata_radisys pata_cypress pata_marvell pata_jmicron pata_ns87415 pata_hpt3x2n pata_pcmcia sata_sil24 sata_sx4 pata_acpi sata_nv sata_mv pata_hpt366 ahci pdc_adma ata_piix pata_optidma pata_serverworks pata_cmd64x pata_ns87410 pata_atp867x pata_sc1200 sata_sil pata_artop sata_inic162x pata_netcell pata_mpiix sata_vsc ata_generic ib_cm ib_mad rdma_cm ib_ucm rdma_ucm ib_umad ib_sa ib_addr ib_uverbs ib_core iw_cm ib_qib ocrdma mlx5_ib iw_nes iw_cxgb4 iw_cxgb3 mlx4_ib ib_mthca ib_ipath ib_iser ib_srp ib_ipoib virtio_ring virtio virtio_pci pd6729 yenta_socket rsrc_nonstatic mptspi mptfc mptbase mptscsih mptsas dm-mod dm-log dm-crypt dm-thin-pool dm-service-time dm-log-userspace dm-bufio raid0 dm-multipath dm-era dm-flakey dm-persistent-data dm-cache-mq dm-delay dm-cache dm-raid dm-switch dm-bio-prison raid456 raid1 dm-queue-length dm-mirror linear dm-round-robin dm-memcache raid10 dm-snapshot dm-raid45 faulty dm-cache-smq dm-cache-cleaner dm-zero dm-region-hash uio xhci-hcd microtek ums-alauda ums-sddr55 ums-freecom usb-storage ums-onetouch ums-isd200 ums-datafab ums-usbat ums-cypress ums-jumpshot ums-sddr09 ums-karma sx8 mtip32xx xen-blkfront osdblk floppy cciss nvme rsxx pktcdvd virtio_blk aoe hyperv-keyboard padlock-sha padlock-aes qat_dh895xcc intel_qat hifn_795x hv_vmbus firewire-ohci firewire-core firewire-sbp2 radeon i915 drm_kms_helper ttm vmwgfx drm nouveau hyperv_fb output tcm_loop target_core_mod pps_core scsi_tgt scsi_transport_sas ppa mvsas scsi_transport_spi virtio_scsi mpt3sas mpt2sas 3w-xxxx scsi_transport_srp lpfc sym53c8xx scsi_debug pmcraid libfc hpsa bnx2fc bfa initio raid_class megaraid_sas megaraid_mm megaraid_mbox libsas osd libosd qla2xxx sd_mod qla4xxx arcmsr 3w-sas vmw_pvscsi aic94xx ips libfcoe fcoe hptiop scsi_wait_scan pm80xx stex aacraid sr_mod scsi_transport_fc dpt_i2o isci hv_storvsc BusLogic 3w-9xxx aic7xxx aic79xx fnic scsi_dh_emc scsi_dh_alua scsi_dh_rdac scsi_transport_iscsi libiscsi imm iscsi_boot_sysfs wmi mxm-wmi parport raid6_pq lzo_decompress lzo_compress crc-itu-t libcrc32c crc-t10dif zlib_deflate fcrypt lzo gcm tcrypt ghash-generic rmd320 ecb ccm gf128mul crypto_null vmac blowfish lrw tea twofish_common rmd256 serpent xor ctr cryptd cast5 tgr192 rmd128 seqiv cbc des_generic seed md4 arc4 anubis pcbc sha512_generic deflate cts authenc async_memcpy raid6test async_tx async_xor async_pq async_raid6_recov xts aes_generic michael_mic khazad zlib xcbc cast6 rmd160 drbg ansi_cprng camellia wp512 cramfs btrfs jbd ecryptfs autofs4 jffs2 nfs_layout_nfsv41_files nfs mbcache configfs fscache ext4 udf ext2 cifs jfs exportfs squashfs gfs2 nfs_acl xfs jbd2 fat msdos vfat ubifs lockd nfsd ext3 reiserfs nls_cp932 nls_cp950 nls_iso8859-3 nls_cp1250 nls_cp861 nls_iso8859-7 nls_iso8859-15 nls_cp862 nls_cp857 nls_cp775 nls_utf8 nls_cp869 nls_iso8859-13 nls_cp936 nls_cp874 nls_cp864 nls_iso8859-1 nls_cp1255 nls_koi8-ru nls_cp852 nls_cp865 nls_iso8859-2 nls_iso8859-4 nls_cp949 nls_cp860 nls_koi8-r nls_iso8859-9 nls_euc-jp nls_cp1251 nls_iso8859-6 nls_cp863 nls_koi8-u nls_iso8859-5 nls_iso8859-14 nls_cp866 nls_cp850 nls_cp855 nls_cp737 cachefiles fuse cuse dlm twofish-x86_64 aesni-intel ghash-clmulni-intel salsa20-x86_64 crc32c-intel ablk_helper aes-x86_64 glue_helper sha512-ssse3 sg'
chroot: failed to run command `/bin/bash': No such file or directory
2016-08-12 11:10:07.861709298 WARNING !!!
initramfs creation for Kernel version 'bin' failed,
please check '/var/log/rear/rear-brp-server.log' to see the error messages in detail
and decide yourself, wether the system will boot or not.

chroot: failed to run command `/bin/bash': No such file or directory
2016-08-12 11:10:07.867833328 WARNING !!!
initramfs creation for Kernel version 'boot' failed,
please check '/var/log/rear/rear-brp-server.log' to see the error messages in detail
and decide yourself, wether the system will boot or not.

chroot: failed to run command `/bin/bash': No such file or directory
2016-08-12 11:10:07.874755588 WARNING !!!
initramfs creation for Kernel version 'cgroup' failed,
please check '/var/log/rear/rear-brp-server.log' to see the error messages in detail
and decide yourself, wether the system will boot or not.

dcz01 commented at 2016-08-12 10:07:¶

@gdha And to compare with the non encrypted tar archives:

2016-08-12 11:52:35.239544547 Disk layout created.
2016-08-12 11:52:35.241444517 Including layout/recreate/default/25_verify_mount.sh
2016-08-12 11:52:35.244978145 Finished running 'layout/recreate' stage in 28 seconds
2016-08-12 11:52:35.246506438 Running 'restore' stage
2016-08-12 11:52:35.252487814 Including restore/Fedora/05_copy_dev_files.sh
2016-08-12 11:52:35.316145694 Including restore/NETFS/default/10_mount_NETFS_path.sh
mkdir: created directory `/tmp/rear.luxcBBeY7cK4fps/outputfs'
2016-08-12 11:52:35.318601994 Added 'rmdir -v /tmp/rear.luxcBBeY7cK4fps/outputfs >&2' as an exit task
2016-08-12 11:52:35.324409621 Mounting with 'mount -v -t nfs -o ro 192.168.197.228:/mnt/FreeNAS/backup2 /tmp/rear.luxcBBeY7cK4fps/outputfs'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying 192.168.197.228 prog 100003 vers 3 prot TCP port 2049
mount.nfs: trying 192.168.197.228 prog 100005 vers 3 prot UDP port 851
mount.nfs: timeout set for Fri Aug 12 11:54:35 2016
mount.nfs: trying text-based options 'vers=4,addr=192.168.197.228,clientaddr=192.168.197.235'
mount.nfs: trying text-based options 'addr=192.168.197.228'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: prog 100005, trying vers=3, prot=17
192.168.197.228:/mnt/FreeNAS/backup2 on /tmp/rear.luxcBBeY7cK4fps/outputfs type nfs (ro)
2016-08-12 11:52:35.336875116 Added 'umount -f -v '/tmp/rear.luxcBBeY7cK4fps/outputfs' >&2' as an exit task
2016-08-12 11:52:35.338571574 Including restore/NETFS/default/38_prepare_multiple_isos.sh
2016-08-12 11:52:35.344143711 Including restore/NETFS/default/40_restore_backup.sh
2016-08-12 11:52:35.350271732 Decrypting disabled
2016-08-12 11:52:35.351941816 Restoring tar archive '/tmp/rear.luxcBBeY7cK4fps/outputfs/brp-server/2016-08-12-1150-I.tar.gz'
2016-08-12 11:52:35.363077621 dd if=/tmp/rear.luxcBBeY7cK4fps/outputfs/brp-server/2016-08-12-1146-F.tar.gz | cat | tar --block-number --totals --verbose --anchored --gzip -C /mnt/local/ -x -f -
1862203+1 records in
1862203+1 records out
953448339 bytes (953 MB) copied, 42.2297 s, 22.6 MB/s
Total bytes read: 2763499520 (2.6GiB, 63MiB/s)
2016-08-12 11:53:19.880634269 dd if=/tmp/rear.luxcBBeY7cK4fps/outputfs/brp-server/2016-08-12-1150-I.tar.gz | cat | tar --block-number --totals --verbose --anchored --gzip -C /mnt/local/ -x -f -
23933+1 records in
23933+1 records out
12253926 bytes (12 MB) copied, 0.418325 s, 29.3 MB/s
Total bytes read: 35246080 (34MiB, 37MiB/s)
2016-08-12 11:53:22.531639247 Restored 31 MiB in 46 seconds [avg 693 KiB/sec]
2016-08-12 11:53:22.533318160 Including restore/NETFS/default/50_selinux_autorelabel.sh
2016-08-12 11:53:22.548092761 Created /.autorelabel file : after reboot SELinux will relabel all files
2016-08-12 11:53:22.549598202 Including restore/default/50_selinux_autorelabel.sh
2016-08-12 11:53:22.551762521 Created /.autorelabel file : after reboot SELinux will relabel all files
2016-08-12 11:53:22.553186227 Including restore/NETFS/Linux-i386/51_selinux_fixfiles_exclude_dirs.sh
2016-08-12 11:53:22.554709808 Including restore/NETFS/default/51_set_capabilities.sh
2016-08-12 11:53:22.556318620 Including restore/default/90_create_missing_directories.sh
2016-08-12 11:53:22.557860263 Restore the Mountpoints (with permissions) from /var/lib/rear/recovery/mountpoint_permissions
2016-08-12 11:53:22.597478378 Including restore/NETFS/default/98_umount_NETFS_dir.sh
2016-08-12 11:53:22.600773233 Unmounting '/tmp/rear.luxcBBeY7cK4fps/outputfs'
Legacy NFS mount point detected
192.168.197.228:/mnt/FreeNAS/backup2 umounted
2016-08-12 11:53:22.650635774 Removed 'umount -f -v '/tmp/rear.luxcBBeY7cK4fps/outputfs' >&2' from the list of exit tasks
rmdir: removing directory, `/tmp/rear.luxcBBeY7cK4fps/outputfs'
2016-08-12 11:53:22.653117896 Removed 'rmdir -v /tmp/rear.luxcBBeY7cK4fps/outputfs >&2' from the list of exit tasks
2016-08-12 11:53:22.654878458 Including restore/default/99_move_away_restored_files.sh
2016-08-12 11:53:22.657001307 Finished running 'restore' stage in 47 seconds
2016-08-12 11:53:22.658654190 Running 'finalize' stage
2016-08-12 11:53:22.665077515 Including finalize/default/01_prepare_checks.sh
2016-08-12 11:53:22.668008796 Including finalize/default/10_populate_dev.sh
2016-08-12 11:53:22.748357413 Including finalize/GNU/Linux/15_migrate_disk_devices_layout.sh
2016-08-12 11:53:22.761141945 Patching '/mnt/local/boot/grub/grub.conf' instead of 'etc/grub.conf'
2016-08-12 11:53:22.789552817 Patching '/mnt/local/boot/grub/grub.conf' instead of 'boot/grub/menu.lst'
2016-08-12 11:53:22.891256599 Including finalize/GNU/Linux/15_migrate_uuid_tags.sh
2016-08-12 11:53:22.892935766 Including finalize/GNU/Linux/16_rename_diskbyid.sh
2016-08-12 11:53:23.091085070 Including finalize/Fedora/i386/17_rebuild_initramfs.sh

gdha commented at 2016-08-12 14:05:¶

@dcz01 Thank you for your valuable investigation - it help me to understand the issue - and I think I found the issue in script usr/share/rear/restore/NETFS/default/40_restore_backup.sh and more specific the piece of code:

        if [ "$BACKUP_TYPE" == "incremental" ]; then
            LAST="$restorearchive"
            BASE=$(dirname "$restorearchive")/$(tar --test-label -f "$restorearchive")

The variable BASE will not be successful if the archive is encrypted. We need to redesign this part a bit...
And, my assumptions we're correct as seen in your error report above:

dd: reading `/tmp/rear.J5wEkxMiEk14B67/outputfs/brp-server/': Is a directory

@jsmeix Interesting for you to know what happens here with encrypted incremental backups

jsmeix commented at 2016-08-12 14:39:¶

I never tried encrypted backups nor incremental backups and
accordingly I never ever tried encrypted incremental backups.

Before I get lost in the encrypted incremental backups world
I prefer to get some initial basic understanding about the
nowadays network device naming nightmare
cf. https://github.com/rear/rear/issues/951#issuecomment-239460372
because I assume more users may get issues
with nowadays network device naming mess
than with encrypted incremental backups.

dcz01 commented at 2016-08-12 15:03:¶

@gdha @jsmeix I found another little bug in the incremental solution of rear.
rear is actual working as/with differential backups based on the last full backup. so it needs only to restore the last full and the newest differential.
is this so intended?

because we are backing up every day an postgres database (which does an self full backup every day) so that the backup every day gets to large to transmit it from the client to the data center.

here i found some info about that if needed:
http://typesofbackup.com/incremental-vs-differential-vs-full-backup/
http://paulwhippconsulting.com/blog/using-tar-for-full-and-incremental-backups/

gdha commented at 2016-08-12 15:15:¶

Not quite ok I'm afraid:

# tar --test-label -f 2016-08-21-2010-F.tar.gz
2016-08-21-2010-F.tar.gz
# cat basebackup.txt
2016-08-21-2010-F.tar.gz
but still got an error:
Decrypting archive with key defined in variable $BACKUP_PROG_CRYPT_KEY
Restoring from '/tmp/rear.U1XrCDRFda0YEQa/outputfs/client/2016-08-12-1702-I.tar.gz'

dcz01 commented at 2016-08-22 07:15:¶

@gdha so the problem is not, that openssl is encrypting the header of the file too?
if so, we could use another program to encrypt the data: http://www.putorius.net/2015/04/how-to-create-enrcypted-password.html

gdha commented at 2016-08-22 07:21:¶

@dcz01 The header is also stored in basebackup.txt file so we should be able to use that instead, but my first attempt was not that successful.

dcz01 commented at 2016-08-22 13:37:¶

@gdha I tested your change from the master.zip and it works great. thanks.
could you put this change in the newest milestone or the upcoming version of rear please?

gdha commented at 2016-08-31 14:45:¶

Sure it will be part of 1.19

---

[Export of Github issue for rear/rear.]