Roadmap

From Proxmox Backup Server
Revision as of 15:41, 30 November 2023 by Tlamprecht (talk | contribs) (→‎Highlights)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Roadmap

  • Proxmox VE host backup
  • Backup to one (physical) datastore from multiple Proxmox VE clusters, avoiding backup naming conflicts (done)
  • GUI restore improvements (including VMs) (done)
  • Set manual protection (immutable) flag for backups (done)
  • Transforming the single prune configuration of a datastore to allowing multiple jobs, with namespace support (done)
  • Support (tape-like) syncing to S3/Object storage types
  • Importer for existing vzdump archives into Proxmox Backup Server
  • LDAP/AD Authentication (done)
  • Backup clients for other operating systems
  • ...

Release History

See also Announcement forum

Proxmox Backup Server 3.1

Released 30. November 2023

  • Based on Debian Bookworm (12.2)
  • Latest 6.5 Kernel as stable default
  • ZFS 2.2.0 with all important patches from the upcoming 2.2.2 release.

Highlights

  • Secure Boot support.
    Proxmox Backup Server now includes a signed shim bootloader trusted by most hardware's UEFI implementations. All necessary components of the boot chain are available in variants signed by Proxmox.
  • Local sync jobs for efficiently copying backup snapshots between local datastores.
    This is particularly useful for complex setups involving tiered datastores, for example, where a smaller, faster datastore is used for incoming backups, and a slower one for long-term archival.
  • Automatically upgrade HTTP connections to HTTPS.
  • Seamless upgrade from Proxmox Backup Server 2.4, see Upgrade from 2 to 3, which includes the addition of a pbs2to3 helper tool in the old stable release.

Changelog Overview

Enhancements in the web interface (GUI)

  • Improvements to the node summary panel:
    • The summary now indicates whether the node was booted in legacy (BIOS) mode, EFI mode, or EFI mode with Secure Boot enabled.
    • The currently running kernel is now reported more compactly by indicating only the version and the build date.
  • A new button in the datastore can now conveniently display connection information for connecting to that particular datastore from Proxmox Virtual Environment, another Proxmox Backup Server instance, or the backup client.
  • If no comment is set for a backup group, the web GUI now displays the note of the last snapshot instead (issue 4260).
  • Support wiping disks in the Storage/Disks menu, providing parity with the functionality in Proxmox VE (issue 3690).
  • Allow removing systemd mount units of unused mounted directories via GUI and CLI.
    This enables users to unmount the directory of a removed datastore, so that they can wipe and reuse the disk.
  • Right-clicking on a backup group or snapshot now opens a context menu for easier access to relevant actions.
  • Automatically redirect HTTP requests to HTTPS for convenience.
    This avoids "Connection reset" browser errors that can be confusing, especially after setting up Proxmox Backup Server the first time.
  • The ZFS creation window does not show a reset button anymore, as this button does not make sense for creation windows.
  • Update external links to proxmox.com that changed during the website redesign.
  • Improved translations, among others:
    • Croatian (NEW!)
    • Georgian (NEW!)
    • Arabic
    • Catalan
    • German
    • Italian
    • Polish
    • Simplified Chinese
    • Spanish
    • Traditional Chinese
    • Ukrainian
    • Several remaining occurrences of the GiB unit in the GUI can now be translated (issue 4551).

General backend improvements

  • Support for local sync jobs that pull contents of a local datastore to another local datastore.
    Previously, sync jobs could only pull datastores from remote Proxmox Backup Server instances over the network.
    Now, sync jobs can alternatively pull contents from a local datastore.
  • Creating a datastore with prune options now creates a corresponding prune job (issue 4374).
    Previously, the prune options given on datastore creation were ignored.
  • The backup task log now contains the IP address of the client initiating the backup, in order to simplify troubleshooting (issue 3777).
  • Fix an issue where garbage collection would fail with an error if a snapshot is deleted while the job is running. This situation is now handled gracefully without an error (issue 4823).
  • Fix an issue where scheduled garbage collection would not run if the task log of the previous garbage collection was missing, for example due to a host crash or power loss (issue 4895).
  • With the Proxmox repositories having support for fetching them directly the changelogs for new package versions shown in the UI are now all gathered with apt changelog.
  • Improve checks when setting up an offline subscription key.
  • Mails sent by Proxmox Backup Server now contain an Auto-Submitted header to avoid triggering automated replies (issue 4162).
  • Improve clarity of API parameter verification errors by showing a list of errors if there is more than one error.
  • Improve the proxmox-backup-debug tool output by including the chunk size and compression state of chunks.

Client improvements

  • Send HTTP Connection header when upgrading to HTTP 2, as mandated by the HTTP Semantics RFC 9910 (issue 4779).
    This improves compatibility with reverse proxies that strictly adhere to the RFC.
  • If a task started via the CLI fails, the CLI tool now also exits with a non-zero exit code indicating failure (issue 4343).
    This simplifies using the CLI tools in scripts.
    In case the task succeeds with warnings, the tool exits with exit code zero indicating success.
  • When making an API call via the client that is not expected to return any data, avoid printing an error "api returned no data".
  • Avoid potentially confusing output when successfully forgetting (deleting) a backup snapshot via the CLI (issue 4971).
  • Allow to configure whether restore should overwrite existing symlinks or hard links (issue 4761).
  • Fix an issue where the backup client would still try to access files even though they were excluded from the backup. If this access failed due to insufficient permissions, the backup would be aborted (issue 4380).
  • Add an option to ignore errors that occur during the extraction of device nodes.
  • Improvements to logging:
    • Log a warning during backup if the previous manifest contains no index for the requested archive, and clarify the wording of log messages in that case. Previously, an error was logged even though the backup succeeded (issue 4591).
    • Improve readability of log messages during encrypted backup.
  • Fix rare alignment issue during pxar archive extraction that occasionally caused files with many irregular zero-blocks to be larger after extracted.
  • File Restore: the minimal Linux VM image used by proxmox-file-restore was updated to use kernel 6.5 and ZFS 2.2.

Tape backup

  • Improve LTO 9 tape support by recognizing LTO 9 tape density codes.
  • Improve compatibility with tape libraries that do not support the DVCID bit for querying vendor/model of connected drives (e.g. Qualstar).
    Previously, querying the tape library status without DVCID support would fail with an error.
    Now, this case is handled more gracefully by ignoring missing DVCID support and making the missing vendor/model information optional.
  • The web GUI now marks media sets as incomplete if the expected number of tapes does not match the actual number of tapes.
  • Improvements to tape restore via GUI:
    • Fix an issue where selecting a target namespace for one datastore would cause datastores without a target namespace to be skipped.
    • Fix an issue where tape restore would skip everything if source and target datastores are named differently (issue 4977).

Access control

  • Improvements to Two-Factor Authentication (TFA):
    • Unlocking a user now also resets the TFA failure count.
    • Parsing of the TOTP algorithm is now case-insensitive to improve compatibility with manually edited TFA configurations.
  • The LDAP connection check now searches only the base of the base DN instead of the whole subtree.
    This fixes an issue where the connection check fails due to size limitations imposed by the LDAP server.

Installation ISO

  • The ISO is able to run on Secure Boot enabled machines.
  • The text-based UI got significant improvement based on the feedback received from the first release in Proxmox VE 8.0 and Proxmox Backup Server 3.0.
  • The current link-state of each network interface is now displayed in the network configuration view, helping in identifying the correct NIC for the management interface (issue 4869).
  • If provided by the DHCP server, the hostname field is already filled out with the information from the lease.
  • The correct meta-package of grub is now installed based on the boot mode (grub-pc or grub-efi-amd64). This ensures that the bootloader on disk gets updated when there is an upgrade for the grub package.
  • The text-based UI is now also available over a serial console, for headless systems with a serial port.
  • /var/lib/vz backing the local storage is now created as separate dataset for installations on ZFS (issue 1410).
  • The root dataset on ZFS installations now uses acltype=posixacl in line with upstream's recommendation.
  • Kernel parameters passed on the command line during install are now also set in the target system (issue 4747).
  • Fix the warning that is shown in case the address family (IPv4, IPv6) of the host IP and DNS server do not match.
  • The text-based UI now sets the correct disk-size for the selected disk, instead of limiting the installation to the size of the first disk in the list (issue 4856).
  • For better UX, the text-based UI now also displays a count-down before automatically rebooting.
  • The screensaver in the graphical installer is now disabled.
  • The graphical installer now displays the units used for disk-based options.
  • The kernel command line parameter vga788 is now set for both the graphical debug and all text-based UI installation options. This improves compatibility of the installer with certain hardware combinations.
  • The installer now installs zstd, to enable its use for initramfs compression.

Improved management of Proxmox Backup Server machines

  • Secure Boot support.
    Proxmox Backup Server now ships a shim bootloader signed by a CA trusted by most hardware's UEFI implementation. In addition, it ships variants of the GRUB bootloader, MOK utilities and kernel images signed by Proxmox and trusted by the shim bootloader.
    New installation will support Secure Boot out of the box if it is enabled.
    Existing installations can be adapted to Secure Boot by installing optional packages, and possibly reformatting and re-initializing the ESP(s), without the need for a complete reinstallation. See the reference documentation.
    How to use custom secure boot keys has been documented in the Secure Boot Setup wiki. For using DKMS modules with secure boot, see the reference documentation.
  • The kernel shipped by Proxmox is shared for all products. This is now reflected in the renaming from pve-kernel and pve-headers to proxmox-kernel and proxmox-headers respectively in all relevant packages.
  • The new proxmox-default-kernel and proxmox-default-headers meta-packages will depend on the currently recommended kernel-series.
  • Many edge-cases encountered during the upgrade from Proxmox Backup Server 2 to 3 by our user-base are now detected and warned about in the improved pbs2to3 checks:
    • Fix an issue where pbs2to3 would incorrectly detect the boot mode as legacy boot even if EFI mode was used.
    • Warn if DKMS modules are detected, as many of them do not upgrade smoothly to the newer kernel versions in PBS 3.
    • Warn if the PBS 3 system does not have the correct meta-package of grub installed ensures to actually upgrade the installed bootloader to the newest version.
  • Improve system report formatting and level of detail simplify troubleshooting for enterprise support via the Customer Portal.

Known Issues & Breaking Changes

Kernel

  • Some users with Intel Wi-Fi cards, like the AX201 model, reported that initialization of the card failed with Linux kernel 6.5.
    This is still being investigated. You should avoid booting into the new kernel if you have no physical access to your server and an Intel Wi-Fi device is used as its only connection. See the documentation for how to pin a kernel version.
  • Some SAS2008 controllers need a workaround to get detected since kernel 6.2, see the forum thread for details.

Proxmox Backup Server 3.0

Released 28. June 2023

  • Based on Debian Bookworm (12.0)
  • Latest 6.2 Kernel as stable default
  • ZFS 2.1.12

Highlights

  • New major release based on the great Debian Bookworm.
  • Increase the flexibility of sync-jobs with the new transfer-last option.
  • Add new text-based UI mode for the installation ISO, written in Rust using the Cursive TUI (Text User Interface) library.

Changelog Overview

Enhancements in the web interface (GUI)

  • Improved Dark color theme:
    The Dark color theme, introduced in Proxmox Backup Server 2.4, received a lot of positive feedback from our community, which resulted in further improvements.
  • Tape backup and restore tasks are now included in the task summary.
  • When labeling a tape in a changer, the default value cannot be overridden in the GUI anymore:
    Proxmox Backup Server relies on the label being identical to the barcode, so it is not advisable to change the label. If having a different label is required, then it is still possible to override this via the CLI.
  • Fixed an issue where the GUI would not immediately refresh the subscription information after uploading a subscription key.
  • Improved translations, among others:
    • Ukrainian (NEW)
    • Japanese
    • Simplified Chinese
    • Traditional Chinese
    • The size units (Bytes, KB, MiB,...) are now passed through the translation framework as well, allowing localized variants (e.g., for French).
    • The language selection is now localized and displayed in the currently selected language

General backend improvements

  • Chunk store now handles specific edge cases during insertion more gracefully.
  • Updated the kernel of the image that proxmox-backup-restore-image uses to 6.2.16 and ZFS 2.1.12.
    This can be particularly useful when trying to restore from guests that used newer features of a filesystem that are only supported by newer kernel versions, for example with Btrfs or ZFS volumes.
  • In HTTP error responses, mention the requested path instead of the filesystem path, to avoid triggering automated security scanners.
  • When authenticating via PAM, pass the PAM_RHOST item. With this, it is possible to manually configure PAM such that certain users (for example root@pam) can only log in from certain hosts.

Client improvements

  • Increase the flexibility of sync-jobs with the new transfer-last option:
    Specifying this parameter will only transfer the newest n backups, instead of all backups.
  • Improved log output for sync jobs: In order to improve readability, the log now contains one opening line for every backup group.
  • proxmox-backup-manager user tfa now supports list and delete commands (issue #4734).
    These can be used to list all currently configured TFA tokens as well as delete them.
  • proxmox-file-restore now honors the environment variable PBS_QEMU_DEBUG.
  • Fix an issue where running the status command would fail with a traceback (issue #4638).
  • Improved error handling when zipping a directory fails, by exiting early if a fatal error occurs.

Tape backup

  • Improved reading attributes from tapes that use medium auxiliary memory (MAM).
  • Show a list of required tapes when restoring a single snapshot, like it has been the case for full restores already.
  • Added a fallback mode for tapes only supporting the 6 byte variant of the MODE SENSE or SELECT commands. This improves compatibility with some tape drives and libraries, for example the StarWind VTL.
  • When restoring backups, instead of aborting when a tape is missing in the changer, the task now waits for the correct tape to be inserted (issue #4719).
  • Fixed an issue with media-sets that have multiple datastores, where trying to restore a single datastore via the GUI would inadvertently restore all datastores.

Access control

  • Add TFA/TOTP lockout to protect against an attacker who has obtained the user password and attempts to guess the second factor:
    If TFA fails too many times in a row, this user account is locked out of TFA for an hour. If TOTP fails too many times in a row, TOTP is disabled for the user account. Using a recovery key will unlock a user account.
  • The configuration for LDAP realms is now actively tested by attempting to connect before adding such a realm to the configuration.
  • Surround user filter expressions with parentheses if they are not already present, similarly to Proxmox VE.
  • Remove support for unauthenticated LDAP binds (where no password is given), which are not supported in Proxmox VE either.

Installation ISO

  • Add new text-based UI mode for the installation ISO, written in Rust using the Cursive TUI (Text User Interface) library:
    You can use the new TUI mode to work around issues with launching the GTK based graphical installer, sometimes observed on both very new and rather old hardware.
    The new text mode executes the same code for the actual installation as the existing graphical mode.
  • The version of BusyBox shipped with the ISO was updated to version 1.36.1.
  • Detection of unreasonable system time.
If the system time is older than the time the installer was created, the system notifies the user with a warning.
  • ethtool is now shipped with the ISO and installed on all systems.
  • systemd-boot is provided by its own package instead of systemd in Debian Bookworm and is installed with the new ISO.

Notable bug fixes

  • Fixed an issue where certain prune job tasks did not show up in the task summary.
  • Fixed an issue where garbage collection would incorrectly show warnings when namespaces were used by a datastore (issue #4357).
  • Fixed a bug that prevented entering netmasks for networks with CIDR prefix length smaller than /8 in the network interface configuration (issue #4722).
  • Restoring files from a ZFS snapshot directory now works with proxmox-file-restore (issue #4477).

Known Issues & Breaking Changes

  • User accounts will now be locked after too many attempts to authenticate with a second factor. This is intended to protect against an attacker who has obtained the user password and attempts to guess the second factor. Unlocking requires either a successful login with a recovery key or a manual unlock by an administrator.
  • Systems booting via UEFI from a ZFS on root setup should install the systemd-boot package after the upgrade.
    The systemd-boot was split out from the systemd package for Debian Bookworm based releases. It won't get installed automatically upon upgrade from Proxmox VE 7.4 as it can cause trouble on systems not booting from UEFI with ZFS on root setup by the Proxmox VE installer.
    Systems which have ZFS on root and boot in UEFI mode will need to manually install it if they need to initialize a new ESP (see the output of proxmox-boot-tool status and the relevant documentation).
    Note that the system remains bootable even without the package installed (the boot-loader that was copied to the ESPs during intialization remains untouched), so you can also install it after the upgrade was finished.
    It is not recommended installing systemd-boot on systems which don't need it, as it would replace grub as bootloader in its postinst script.

Proxmox Backup Server 2.4

Released 29. March 2023

  • Based on Debian Bullseye (11.6)
  • Latest 5.15.102 Kernel as stable default
  • Newer 6.2.6 kernel as opt-in
  • ZFS 2.1.9

Highlights

  • Proxmox Backup Server now provides a dark theme for the web interface & the documentation.
  • Add LDAP as a new user authentication realm.
  • Add initial support for WORM (write once, read many) tapes.

Changelog Overview

Enhancements in the web interface (GUI)

  • Add a fully-integrated "Proxmox Dark" theme variant of the long-time Crisp light theme.
By default, the prefers-color-scheme media query from the Browser/OS will be used to decide the default color scheme.
Users can override the theme via a newly added Color Theme menu in the user menu.
  • Task logs can now be downloaded directly as text files for further inspection.
  • The Add User dialog has now a realm field, making it possible to add users to an LDAP or OpenID Connect realm manually.
  • Improve the UI for verification jobs, showing the namespace and max-depth columns and allowing one to edit those fields in the edit job window (#4448).
While the API supported limiting a verification job to a specific namespace or depth since 2.2, such settings weren't editable nor visible in the web interface.
  • The 'Services' panel of the 'Administration' section now marks optional services that are not installed as not installed instead of marking them as dead.
  • In order to make it more obvious how to disable scheduled Garbage Collection (GC), the 'GC Schedule' window now shows an X button that resets the schedule to none.
  • For prune jobs, rename 'Store' to 'Datastore' for consistency reasons.
  • Fixed the default value for pruning mail notification settings in the datastore options.
  • Fixed rendering the 'Enabled' column for the 'Metric Server' view.
  • Improved translations, among others:
    • Arabic
    • French
    • German
    • Italian
    • Japanese
    • Russian
    • Slovenian
    • Simplified Chinese
    • Traditional Chinese

General Backend Improvements

  • Add LDAP realm authentication and user synchronization
This allows user authentication against an external LDAP server. In order to be able to log in, users in LDAP realms must be added manually. Alternatively, users can be synced automatically from the LDAP server.

Client Improvements

  • Suppress harmless but confusing "storing login ticket failed" errors when backing up to Proxmox Backup Server.
  • The proxmox-backup-manager CLI tool can now be used to trigger an existing prune, verification, or sync job manually.
  • The output of the proxmox-backup-debug diff archive command was improved.
The command now shows file attributes, highlights changes and has colored output.
  • Provide higher runtime control for logging in the pxar CLI tool (#4578).
Users can now decide themselves which messages, log sources or log levels are interesting for a particular use case through the PBS_LOG environment variable.
  • Various improvements for error handling and reported messages to improve user experience.

Tape backup

  • Add initial support for WORM (write once, read many) tapes
  • Skip unassigned tapes when updating the inventory
Tapes that are assigned to a pool but not yet in a media set belong to the special all-zero media set. Since there will never be a catalog on these tapes, trying to restore a catalog will always fail, so leave them out.

Installation ISO

  • the version of BusyBox shipped with the ISO was updated to version 1.36.0.
  • The EFI System Partition (ESP) defaults to 1 GiB of size if the root disk partition (hdsize) is bigger than 100 GB.
  • UTC can now be selected as timezone during installation.

Documentation

  • Expand the documentation for maintenance, focusing specifically on Garbage Collection (GC).
  • Link screenshots in the documentation to their image files.
  • Implement dark mode that honors the prefers-color-scheme media query automatically.
  • Add dark mode support to the API viewer widget.

Notable bug fixes

  • Don't interrupt tasks when pressing Ctrl + C when viewing task logs via proxmox-backup-manager task log or proxmox-backup-client task log (#4483).
  • proxmox-backup-client now prints task logs to stdout instead of stderr (#4387).
  • Removal of all associated prune jobs and ACL entries when their data store is deleted (#4256).
  • Fixed a bug where snapshots were not listed in a tape media set (#4466).
  • Warn if a login ticket could not be stored (e.g. due to $XDG_RUNTIME_DIR not being set, which can happen if invoked via sudo) (#4346).
  • Reduce lock contention of the verify-after-complete feature with periodic syncs (#4523).

Known Issues & Breaking Changes

None.

Proxmox Backup Server 2.3

Released 29. November 2022

  • Based on Debian Bullseye (11.5)
  • Latest 5.15 Kernel as stable default (5.15.74)
  • Newer 5.19 Kernel as opt-in
  • ZFS 2.1.6

Changelog Overview

  • Enhancements in the Web Interface (GUI):
    • Datastore permissions: Allow editing the ACL path and query the available namespaces and add them as ACL path to the pre-defined selections for convenience
    • Datastore content: Only mask the inner view of the content tree on error, to allow a user to trigger a manual reload using the reload button in the top bar
    • Improve navigating the whole Proxmox Backup Server web UI when a user only has limited permissions on a specific (sub-)namespace
    • Show block device partition tree on the web UI
    • Improve the prune-simulator, among other things allow setting a custom simulation "now" date/time
    • Improved certificate view - for example for certificates with many SANs
    • Improved translations, among others:
      • Arabic
      • Dutch
      • German
      • Italian
      • Polish
      • Traditional Chinese
      • Turkish
  • Add Namespace Aware Prune Jobs
    • Expand the single-schedule per datastore to a flexible, namespace aware prune job system
    • Allow fine-grained control over when and how deep a specific namespace get pruned
    • In addition to above, the manual prune action also became more powerful w.r.t. namespace and prune-depth selection
    • Implement email notifications for prune jobs
    • Rework the task log outputs for prune job workers
  • Native Support for Sending Periodic Metrics to InfluxDB
    • Support for HTTP(S) and UDP endpoints
    • Optionally TLS certificate validation can be disabled for HTTPS endpoints
    • Metric data is aligned as good as possible to the stats sent from a Proxmox VE node.
    • Metrics include:
      • CPU load averages, IOwait
      • Memory used/total, Swap used/total
      • NIC traffic statistics
      • Filesystem usage for datastores
      • Blockdevice IOPS and bytes read/written for datastores
  • Support Proxmox Offline Mirroring & Subscription Handling
    • Proxmox Offline Mirror: The tool supports subscriptions and repository mirrors for air-gapped systems. Newly added proxmox-offline-mirror utility can now be used to keep Proxmox Backup Server hosts, without access to the public internet up-to-date and running with a valid subscription.
  • Tape Backup Improvements
    • Improve behavior for vanishing snapshots, only log the event but do not fail the tasks
    • Make total/throughput reporting use human-readable units on tape restore
    • Include used tapes in job notification e-mails
    • Optionally try to restore missing catalogs during inventory
    In a disaster recovery case, in addition to re-inventorizing the labels and media-sets, trying to recover the catalogs from the tape, so that one knows what's actually on them, helps in getting an overview.
  • General Client Improvements
    • Proxmox-backup-client: Added ignore-acls, ignore-xattrs, ignore-ownership, ignore-permissions and overwrite parameters to the restore command: If any of the ignore parameters is set the corresponding metadata is not restored - e.g. there is no chown call if ignore-ownership is set. The overwrite parameter causes the restore to overwrite a file if it is already present instead of failing.
    • File-restore: Add 'format' and 'zstd' parameters to 'extract' CLI command.
    • Add the diff sub-command to proxmox-backup-debug, allowing one to compare pxar archives for two arbitrary snapshots, outputting a list of added/modified/deleted files.
    • Support http proxies through the ALL_PROXY environment variable for proxmox-backup-client. Note that using a general tunnel for all traffic, for example wireguard to shield traffic is preferred.
    • Fix an issue with the mount subcommand, where reading large files could yield corrupt data.
  • General Backend Improvements
    • New mail-forwarding binary proxmox-mail-forward: It unifies the configuration for sending the system-generated mails to the email address configured for root@pam, with Proxmox VE.
    • Implement sync-level option for datastores, allowing one to configure how backup data is synced to disk to match their respective setup and needs.
    • Improve error handling when removing status files and locks from jobs that were never executed
    • Datastore list and datastore status: Avoid opening datastore and possibly iterating over namespace (for lesser privileged users), but rather use the in-memory ACL tree directly to check if there's access to any namespace below.
    • More robust handling of refreshing datastore states periodically and on config change - previously a lock was dropped, causing inconsistencies between long-running backup jobs and garbage collection tasks
    • Datastore: Swap dirtying the internal datastore cache every 60s by just using the available config digest to detect any changes accurately when they actually happen, reducing periodic IO.
    • Restore-daemon: Make file listing "streaming" for better interactivity on initial response
    • API daemon: startup scheduling tasks faster by improving aligning the trigger-time to the minute boundary
    • SMART: Add raw field, for compatibility with the Proxmox VE API - it contains the same data as value, which for now is kept for backwards compatibility
    • SMART: Don't treat certain non-zero exit codes of smartctl as error (if bit 2 of the exit-code is set the returned data is still parseable) - aligns with the implementation in Proxmox VE
    • Improve file-system compatibility for various edge cases: For example take the reservation for root for EXT4 into consideration
    • ACME/Let's Encrypt: Send emails on certificate renewal failure
    • Optimize filtered snapshot listing
    • Move some blocking parts off to their own (reused) thread to reduce the chance of sometimes blocking the tokio reactor thread handling things like new incoming connections
    • Periodically trigger unparking a tokio thread to ensure all newly incoming requests are handled in a timely manner
    • The proxmox-backup-manager pull subcommand now handles a missing namespace parameter by pulling to the root namespace

Known Issues & Notable Changes

  • The upgrade will check if the owner of the lock file /etc/proxmox-backup/.datastore.lck is backup, and if it is not, it will try to correct the owner.
If the automatic owner correction fails, the update process issues a warning and suggests how to try again manually.
Note that this should only affect some older 1.x installations that had no need for locks outside the privileged API daemon and might have created the file with root as owner.

Proxmox Backup Server 2.2

Released 18. May 2022

  • Based on Debian Bullseye (11.3)
  • Kernel 5.15
  • ZFS 2.1.4

Changelog Overview

  • Enhancements in the web interface (GUI):
    • Add "Group Filter" tab to the "Add" and "Edit" windows of sync and tape-backup jobs
    • Allow configuration of the default language used in the web interface
    • Add Markdown aware panel for recording structured notes, and support multi-line comments in the node configuration file.
    • Hide RRD chart for IO delay, if no `io_ticks` are returned
    • Improved translations, among others:
      • Arabic
      • French
      • German
      • Japan
      • Polish
      • Turkish
  • Datastore Backup Namespaces:
    • Implement backup namespaces for datastores.
    Namespaces allow for the reuse of a single chunk store deduplication domain for multiple sources, while avoiding naming conflicts and enabling more fine-grained access control.
    • Add support for syncing a source namespace into any target namespace.
    With the max-depth setting, you can control how deep the recursion on finding groups to sync should go.
    • Add support for namespaces in current Proxmox VE 7.2, the following versions form the baseline:
    pve-manager >= 7.2-4, libpve-storage-perl >= 7.2-4, pve-container >= 4.2-1, qemu-server >= 7.2-3, pve-qemu-kvm >= 6.2.0-7
  • Maintenance Mode and Active Operations Tracking:
    • Implement read-only and offline maintenance modes for a datastore.
    Track whether each datastore access is a write or read operation, so that Proxmox Backup Server can gracefully enter the respective mode, by allowing conflicting operations that started before the maintenance mode to finish.
    Once enabled, depending on the mode, new reads and/or writes to the datastore are blocked, allowing an administrator to safely execute maintenance tasks, for example, on the underlying storage.
  • General backend improvements:
    • Improve memory footprint
      • Improve interaction with the glibc system allocator to dramatically decrease peak and overall RSS memory usage
      The glibc allocator has a misguided heuristic to detect transient allocations, which will only start to use mmap in allocation sizes above 32 MiB.
      This means that relatively large allocations end up on the heap, where cleanup and returning memory to the OS is harder to do and easier to be blocked by small, long-living allocations at the top (end) of the heap.
      By reducing the threshold for switching from the cached heap to the kernel provided mmap to 128 KiB, we can lower peak RSS usage by a factor of 10, or even 20 in some scenarios.
      See the git commit for more details.
      • Optimize LRU caches
    • Add streaming interfaces for some API endpoints, such as the task-log list or snapshot list.
      This can remove the need to collect large lists into intermediate memory buffers.
    • Transform all access to group or snapshot lists to efficient, lazy iterators.
    • Improve IO access pattern for some scenarios, like TFA with high user and login count.
    • Disable SSL/TLS renegotiation in the API daemon.
    • For zpools created via the API, set the `relatime=on` flag by default.
    • Allow for the disabling of inode-sorting for chunk iteration.
    While inode-sorting benefits read performance on block devices with higher latency (for example, spinning disks), it also requires extra work to get the metadata needed for sorting, so it's a trade-off. For setups that have either very slow or very fast metadata IO, the benefits may turn into a net cost.
    • Add dry-run option for the proxmox-backup-client backup CLI command.
    • Verify: Allow one to enforce verification when manually verifying a datastore or namespace through the web interface
    • Improve reload behavior of the proxmox-backup-proxy API daemon
    Close acceptor for new incoming connections immediately on shutdown to avoid connection resets during the wait for running tasks to finish.
  • Improvements on file restore
    • Add support for zstd-compressed tar archive download, in addition to the existing zip download option.
    The tar archive supports more file types (for example, hard links and device nodes), and zstd allows for fast, efficient, and effective compression.
    • Add language encoding flag (EFS) to files when creating a zip archive, if an entry is valid UTF-8.
    This improves the handling of non-ASCII code point extraction under Windows.
    • Allow up to 25s for the file-restore VM to have scanned all possible filesystems in a backup.
    • Improve IO access in the file-restore-for-block-backup VM's internal driver, and start disk initialization in parallel to staring the API listening task.
    On average the restore-tool should be waiting more compared to the previous 12s "worst" case wait time.
    • Avoid automatically pre-mounting ZFS pools.
    The upfront time-cost can be too large to pay initially, for example, if there are many subvolumes present. Thus, only mount on demand.

Proxmox Backup Server 2.1

Released 23. November 2021

  • Based on Debian Bullseye (11.1)
  • Kernel 5.13
  • ZFS 2.1

Changelog Overview

  • Enhancements in the web interface (GUI):
    • Add traffic control management panel in the web interface.
    • Load and usage graphs now have much higher resolution.
    • Display the next media label for a tape backup job.
    • Improved translations, among others:
      • Arabic
      • Basque
      • Brazilian Portuguese
      • French
      • German
      • Simplified Chinese
      • Traditional Chinese
      • Turkish
  • Enhancements in Backup Management
    • Support flexible traffic-control bandwidth limits:
    Implement a token bucket filter (TBF) for limiting incoming (for example, backup) and outgoing (for example, restore) traffic from a set of networks.
    Limits can be configured such that they get applied only during specific time-frames.
    • Support for protected backups, which will not be pruned and cannot be removed manually, without first removing the protected flag.
    • Support group-filter for sync jobs and tape-backup jobs:
    For such a job, you can specify if you want to process only a specific type (ct, vm, host), a specific group or a regex that matches the group-ID.
    Multiple such filters can be applied per job. They act cumulatively.
  • Enhance existing OpenID Connect (OIDC) support:
    • Add support for configuring an arbitrary username claim.
    • Allow setting the requested scopes for user information requests. The default remains the same (profile and email).
    • The prompt behavior is now unset (previously hard-coded to login) and can be configured to the OIDC specification defined variants or an arbitrary extension.
    • You can now configure Authentication Context Class Reference (ACR) values to be requested on any authentication request.
  • Improved Round Robin Database implementation
    • Uses a journal to avoid data loss;
    • Uses much higher resolution:
      • per-day: 1 min (previously 30 min)
      • per-month: 30 min (previously 12 hours)
      • per-year: 6 h (previously 1 week)
      • per-decade: 1 week (previously none)
    • Stores data for last 10 years;
  • Backend
    • New debugging tool proxmox-backup-debug
    • Improved support for various tape drives and changers

Proxmox Backup Server 2.0

Released 13. July 2021

  • Based on Debian Bullseye (11)
  • Kernel 5.11
  • ZFS 2.0

Changelog Overview

  • Tape Backup:
    • Matured from technology preview to the first stable release
    • Improve restore flexibility, allowing you to select multiple snapshots for one restore job
    • Read chunks sorted by inode on backup, to leverage improved read speed on slow spinning disks with increased sequential access
  • Backend:
    • Support for Single-Sign-On (SSO) with the new OpenID Connect access realm type
      You can integrate external authorization servers, either using existing public services or your own identity and access management solution, for example, Keycloak or LemonLDAP::NG.
    • ACME/Let's Encrypt integration with stand-alone and DNS Plugins, for easy deployment of trusted certificates
    • Improved caching for proxmox-backup-client map
    • Single file-restore support for VMs that use ZFS or LVM internally
    • Support setting an HTTP proxy for package updates and subscription check requests
  • Enhancements in the web interface (GUI):
    • Make dashboard status panel more detailed, showing, among other things, uptime, Kernel version, CPU info and a high level repository status overview.
    • New Repository management panel in the Administration tab shows an in-depth status and a list of all configured repositories.
      Basic repository management, for example, activating or deactivating a repository, is also supported.
    • ACME/Let's Encrypt GUI integration
    • Support setting comments on a backup group
    • Updated ExtJS JavaScript framework to latest GPL release 7.0
    • Improved translations, including:
      • Arabic
      • French
      • German
      • Japanese
      • Polish
      • Turkish
  • Installer:
    • Rework the installer environment to use switch_root instead of chroot, when transitioning from initrd to the actual installer.
      This improves module and firmware loading, and slightly reduces memory usage during installation.
    • Automatically detect HiDPI screens, and increase console font and GUI scaling accordingly. This improves UX for workstations with Proxmox VE (for example, for passthrough).
    • Improve ISO detection:
      • Support ISOs backed by devices using USB Attached SCSI (UAS), which modern USB3 flash drives often do.
      • Linearly increase the delay of subsequent scans for a device with an ISO image, bringing the total check time from 20s to 45s. This allows for the detection of very slow devices, while continuing faster in general.
    • Use zstd compression for the initrd image and the squashfs images.
    • Update to busybox 1.33.1 as the core-utils provider.

Known Issues

  • Network: Due to the updated systemd version, and for most upgrades, the newer kernel version (5.4 to 5.11), some network interfaces might change upon reboot:
    • Some may change their name. For example, due to newly supported functions, a change from enp33s0f0 to enp33s0f0np0 could occur.
      We observed such changes with high-speed Mellanox models.
    • Bridge MAC address selection has changed in Debian Bullseye - it is now generated based on the interface name and the machine-id (5) of the system.
      Note that by default, Proxmox Backup Server does not uses a Linux Bridge for networking, so most setups are unaffected.

Upgrade from 1.1

See Upgrade from 1.1 to 2.x

Proxmox Backup Server 1.1

Released 15. April 2021

  • Based on Debian Buster (10.9)
  • Kernel 5.4.106
  • ZFS 2.0
  • Tape Backup (Technology Preview)
    • Tape technology has stood the test of time, when it comes to highly reliable, economic and flexible long-term storage of large amounts of data. Key advantages being:
      • the inherent offline nature of the stored data - mitigating crypto-locker attacks;
      • the portability of the tapes - making them ideal for off-site archiving;
      • the existence of WORM (write once read many) tapes - a key requirement for compliance with data integrity regulations in certain environments;
      • the low cost per storage unit;
    • Tape backup jobs back up datastores to a media pool, and multiple datastores can be backed up to the same media pool. Choose to write all snapshots of a datastore or only the latest snapshot per group to the media set.
    • Tape restore jobs restore the content of a media set to one or more datastores - this enables operators to restore multiple datastores from a media set, even if the system does not have the free disk space required in a single datastore (potentially multiple 100 TB).
    • Flexible retention policies (e.g., always recycle tapes, never recycle tapes, recycle tapes after a particular calendar event).
    • New user space tape driver written in Rust.
    • Support for tape encryption using the hardware encryption feature of the LTO tape drive.
    • Support for tape autoloaders - by rewriting the mtx tool in Rust (now pmtx), most autoloaders supported by other tape-backup solutions available on Linux will work with Proxmox Backup Server.
    • For stand-alone tape drives without an attached changer, users are notified via e-mail about necessary (load/unload) operations.
    • The configuration of all necessary components, jobs, and schedules can be carried out comfortably via the web interface.
    • The Proxmox LTO Barcode Label Generator, a small web-app, can be used to generate and print barcode labels for the tapes on standard adhesive label sheets. These help to identify the tapes in an autoloader.
  • Two-factor authentication (TFA) for the web interface
    • The web interface can now be configured to use TFA with one or more of the following implementations:
      • Time-base One-Time Password (TOTP), for clients like FreeOTP, Google Authenticator, etc.
      • WebAuthn, a general standard for authentication. This is implemented by various security devices, like hardware keys or by the trusted platform modules (TPM) of a computer or smartphone.
      • Recovery keys for single use (as backup, should you lose your authenticators).
    • The activation and configuration of TFA can be done by the users themselves or by an administrator.
    • TFA is complemented by the existing, token-based authentication for granting automated access to Proxmox Backup Server resources, for example, when configuring a Proxmox Backup Server storage in a Proxmox VE setup.
  • HTTP compression via Content-Encoding
    • Responses from the Proxmox Backup Server API can get quite large, but in general can be compressed well. By adding support for deflate Content-Encoding, bandwidth is saved and response times are improved, especially over bandwidth constricted links.
  • Compression of file-level ZIP archive downloads
    • Downloading a directory from a file-level backup will now produce a compressed ZIP archive, reducing bandwidth and local space required.
  • Notable enhancements and bug fixes
    • Improved handling of POSIX ACL entries on files.
    • Improved hand-over to new process when upgrading the Proxmox Backup Server packages.
    • Use the local filesystem to handle synchronization, in order to avoid issues with locking on remote filesystems (CIFS/NFS).
    • Changed HTTP timeouts to work more robustly, even over high latency and low bandwidth links, which are not uncommon for remote backup sites.
    • Better error-handling during garbage-collection, coping with the case when there's no space left on a datastore filesystem.
    • Improved UX when using a GPG master key.
    • Verification: Sort chunks by their inode to speed-up access on a storage with slow random-IO, for example, spinning disks.

Proxmox Backup Server 1.0

Released 11. November 2020

  • Based on Debian Buster (10.6)
  • Kernel 5.4 LTS
  • ZFS 0.8.4
  • Backup & Restore (core functionality):
    • Deduplication
      Periodic backups produce large amounts of duplicate data. The deduplication layer avoids redundancy and minimizes the used storage space. Deduplication is performed per datastore.
    • Incremental backups
      Changes between backups are typically small. Reading and sending only the delta reduces the storage and network impact of backups.
    • Data Integrity
      The built in SHA-256 checksum algorithm ensures the accuracy and consistency of your backups.
    • Compression
      The ultra-fast Zstandard compression is able to compress several gigabytes of data per second.
    • Encryption
      Backups can be encrypted on the client-side using AES-256 in Galois/Counter mode. This authenticated encryption mode provides very high performance on modern hardware.
    • Verification
      Backups on disk can be verified with the stored SHA-256 checksums to protect against corruption and bitrot. This can be scheduled periodically including regular re-verification.
    • Remote Sync
      It is possible to efficiently synchronize data from remote sites. Only deltas containing new data are transferred. Optimized and tested for high-latency links.
    • Performance
      The whole software stack is written in Rust, to provide high speed and memory efficiency.
    • Open Source
      Proxmox Backup Server is free and open-source software. The source code is licensed under GNU AGPL, v3.
    • And of course - Backups can be restored comfortably!
  • Proxmox VE Integration
    • Support for incremental, deduplicated backups of qemu virtual machines (supporting QEMU dirty bitmaps) and containers.
    • Simply configurable as a Storage Backend on Proxmox VE
    • Granular restore:
      • Mapping for QEMU virtual disks to loop back block devices
      • File-level restore of container backups
    • Current backup state is preserved across migrations inside Proxmox VE
  • Enterprise support
    With the release of version 1.0, support subscriptions for Proxmox Backup Server are available, providing access to the stable Enterprise Repository (recommended for production use) and to technical support from the Proxmox team.
  • Web interface
    Manage Proxmox backups with the integrated, web-based user interface.
    • Start operations from within the views in which they are relevant
    • Widgets in the GUI provide useful popups when you hoover over (e.g., individual states in the task summary, on the dashboard)
    • Improved and mature user experience in the GUI - many features known from other Proxmox products were ported to the new Rust code-base to provide the same level of comfort during daily work:
      • Online reference documentation for the current version, available in the GUI via the Help button
      • System console via xterm.js
      • System updates and changelogs
      • Display of the system's journal
  • Scheduling
    • Management and scheduling of maintenance tasks provides all the settings necessary to just configure it once and not have to think about it
    • Scheduling based on the flexible systemd-time specification
  • E-mail notifications for scheduled background tasks (verification, pruning, garbage collection, sync jobs).
  • Vastly improved user interface
  • Sensible encryption-key handling
    • Proxmox Backup Server encryption keys are stored as simple json files, and can be easily stored off-site for disaster recover purposes
    • They can also be exported as QR-codes for printing on paper and storing off-line
  • Flexible Access Control:
    • Support for fine-grained ACLs for separate users on different objects (datastores, remotes, system configuration)
    • Token based authentication with reduced privileges:
      A user can create tokens with a subset of their privileges, instead of having to store their password on a client

Proxmox Backup Server Beta (2nd ISO release)

Released 5. October 2020

  • Beta Release
  • Update to recent package versions with many fixes and feature additions
  • Based on Debian 10.6 Buster
  • Updated kernel (5.4) and include latest security fixes

Proxmox Backup Server Beta

Released 10. July 2020

  • First public beta release
  • Based on Debian Buster (10.4)
  • Kernel 5.4 LTS with ZFS 0.8.4