I’ve been using Kopia for a number of months now, connected to a repo hosted in Backblaze. I set things up using the b2 provider but have seen some things in threads suggesting s3 might be a better option and also s3 as better for ransomware protections. Is it mostly a subjective choice or is s3 objectively “better” and if so, is changing my config to use s3 something simple/straightforward to do or would I need to kind of start from scratch using s3 from the start?
B2 also has some protections against ransomware.
It’s not that S3 has better protections, but that Kopia’s native B2 protocol doesn’t support it(for now?).
However, if you create your B2 repo using S3 protocol, according to the documentation Repositories | Kopia you can use that feature as well.
Thanks, useful info. I’m guessing from how you phrased it that I can’t simply change the config to use s3 but would have to rebuild the repo as s3, is that accurate?
I’m not sure. I’ve never done that since I started using Kopia only recently too.
But that documentation states:
For B2
NOTE: Currently, object locking is supported for Backblaze B2 but only through Kopia’s S3-compatible storage
repository
and not through the Backblaze B2repository
option. However, Backblaze B2 is fully S3 compatible, so you can setup your Backblaze B2 account via Kopia’s S3repository
option.
For S3
NOTE: Some settings, such as object locking and actions, can only be enabled when you create a new
repository
using command-line (see next section). However, once you create therepository
via command-line, you can use therepository
as normal in Kopia GUI: just connect to therepository
as described above after you have created it in command-line.
I searched documentation and CLI’s help how to enable object locking but either I missed it or it’s not documented.
There’s also snapshot migrate | Kopia command, but the documentation is pretty sparse and I don’t know if it’ll let you migrate into object-locked repo or any other caveats and nuances to be aware of.
Actually I just found this article
Looks like it’s this part:
- Enable Object Lock extension
- Run:
kopia maintenance set --extend-object-locks true
- Note that the
full-interval
must be at least 1 day shorter than theretention-period
or Kopia will not allow you to enable Object Lock extension
- Note that the
- Run:
So then it looks like another documentation inconsistency. One place says it can be enabled only when you create a repository and what you pasted says it can be done with maintenance
command.
Unless they do different things.
Object Locks must be enabled when a bucket is created. If you already have backups in the cloud, you will need to create a new bucket with Object Locks turned on (NOTE: On Backblaze S3, object-lock can be enabled on existing buckets via
b2 update bucket
). Once a bucket has Object Lock enabled, it cannot be disabled.
I think this paragraph refers to the storage provider, not your Kopia repository. AWS S3 documentation states:
If you create a bucket with Object Lock enabled, you can’t disable Object Lock or suspend versioning for the bucket.