Backblaze B2 Setup for PostgreSQL Backups
Backblaze B2 Setup for PostgreSQL Backups
Section titled “Backblaze B2 Setup for PostgreSQL Backups”This guide configures Backblaze B2 cloud storage for automated PostgreSQL backups using pgBackRest.
Overview
Section titled “Overview”pgBackRest will automatically backup your PostgreSQL database to Backblaze B2:
- Full backups: Weekly (retained for 2 weeks)
- Differential backups: Daily (retained for 1 week)
- WAL archives: Continuous (retained for 2 weeks)
- Point-in-time recovery: Restore to any second within retention period
B2 Account Setup
Section titled “B2 Account Setup”1. Create Backblaze Account
Section titled “1. Create Backblaze Account”- Go to Backblaze B2
- Sign up for an account
- Navigate to B2 Cloud Storage
2. Create Application Key
Section titled “2. Create Application Key”- Go to App Keys in the B2 dashboard
- Click Add a New Application Key
- Configure the key:
Key Name: ariane-postgres-backupsAllow access to: Allow access to a single bucketBucket: (create bucket first - see step 3)Capabilities: ✓ listBuckets ✓ listFiles ✓ readFiles ✓ shareFiles ✓ writeFiles ✓ deleteFiles3. Create Bucket
Section titled “3. Create Bucket”- Go to Buckets in B2 dashboard
- Click Create a Bucket
- Configure:
Bucket Name: ariane-postgres-backupsFiles in Bucket are: PrivateDefault Encryption: Disable (pgBackRest handles encryption)Object Lock: DisableLifecycle Settings: (leave default - 1 day hide/delete)4. Get Credentials
Section titled “4. Get Credentials”After creating the application key, you’ll receive:
- keyID:
004ab1c2d3e4f5a6b7c8d9e0 - applicationKey:
K004ab1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8 - Endpoint:
s3.us-west-004.backblazeb2.com
Configuration
Section titled “Configuration”Update Secrets
Section titled “Update Secrets”Add B2 credentials to your encrypted secrets:
cd infrastructure/ansiblesops secrets/cell-v0.ymlAdd these values:
# Backup Configurationpgbackrest_s3_key: "004ab1c2d3e4f5a6b7c8d9e0"pgbackrest_s3_key_secret: "K004ab1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8"pgbackrest_s3_bucket: "ariane-postgres-backups"pgbackrest_s3_region: "us-west-004"pgbackrest_s3_endpoint: "s3.us-west-004.backblazeb2.com"Test Configuration
Section titled “Test Configuration”After deployment, verify backups work:
# SSH to PostgreSQL VMssh ubuntu@db-vm-ip
# Test B2 connectivitysudo -u postgres pgbackrest info --stanza=main
# Run manual backupsudo -u postgres pgbackrest backup --stanza=main --type=full
# Verify backup existssudo -u postgres pgbackrest info --stanza=mainBackup Schedule
Section titled “Backup Schedule”The PostgreSQL role automatically configures these cron jobs:
# Full backup - Sunday 2 AM0 2 * * 0 postgres pgbackrest backup --stanza=main --type=full
# Differential backup - Monday-Saturday 2 AM0 2 * * 1-6 postgres pgbackrest backup --stanza=main --type=diff
# Archive check - Every hour0 * * * * postgres pgbackrest check --stanza=mainMonitoring
Section titled “Monitoring”Check Backup Status
Section titled “Check Backup Status”# View backup informationsudo -u postgres pgbackrest info --stanza=main
# Check recent backupssudo -u postgres pgbackrest info --stanza=main --output=json | jq .
# View backup logssudo tail -f /var/log/pgbackrest/main-backup.logGrafana Dashboard
Section titled “Grafana Dashboard”The deployment includes a PostgreSQL backup dashboard showing:
- Backup success/failure rates
- Backup duration trends
- Storage usage
- Recovery time objectives
Recovery Procedures
Section titled “Recovery Procedures”Point-in-Time Recovery
Section titled “Point-in-Time Recovery”# Stop PostgreSQLsudo systemctl stop postgresql
# Restore to latest backupsudo -u postgres pgbackrest restore --stanza=main --delta
# Restore to specific point in timesudo -u postgres pgbackrest restore --stanza=main \ --type=time --target="2024-01-15 14:30:00" --delta
# Start PostgreSQLsudo systemctl start postgresqlClone Database
Section titled “Clone Database”# Create test database from backupsudo -u postgres pgbackrest restore --stanza=main \ --pg1-path=/var/lib/postgresql/test --deltaCost Optimization
Section titled “Cost Optimization”B2 Pricing (as of 2024)
Section titled “B2 Pricing (as of 2024)”- Storage: $0.005/GB/month
- Download: $0.01/GB
- API calls: First 2,500 daily free, then $0.004/10k
Estimated Costs
Section titled “Estimated Costs”For a typical Zitadel database:
- Database size: ~5GB
- Daily differential: ~100MB
- Weekly full: ~5GB
- Monthly storage: ~25GB = $0.125/month
- Annual cost: ~$1.50/year
Retention Optimization
Section titled “Retention Optimization”Adjust retention in group_vars/all/main.yml:
pgbackrest_retention_full: 2 # Keep 2 full backupspgbackrest_retention_diff: 7 # Keep 7 differential backupspgbackrest_retention_archive: 14 # Keep 14 days of WALSecurity
Section titled “Security”Encryption
Section titled “Encryption”pgBackRest encrypts all backups using AES-256:
- Encryption key: Auto-generated and stored in PostgreSQL VM
- At-rest: All files encrypted in B2
- In-transit: TLS encryption to B2
Access Control
Section titled “Access Control”- B2 application key limited to single bucket
- No access to other B2 buckets or account settings
- PostgreSQL system user owns all backup operations
- Network-level restriction to PostgreSQL VM only
Troubleshooting
Section titled “Troubleshooting”Common Issues
Section titled “Common Issues”Backup fails with S3 error:
# Check B2 credentialssudo -u postgres pgbackrest check --stanza=main
# Test S3 connectivity manuallyaws s3 ls s3://ariane-postgres-backups \ --endpoint-url=https://s3.us-west-004.backblazeb2.comHigh backup costs:
- Check retention settings
- Monitor differential backup sizes
- Consider compression settings
Recovery failures:
- Verify backup integrity:
pgbackrest check --stanza=main - Check PostgreSQL logs:
/var/log/postgresql/ - Ensure sufficient disk space for restore
Monitoring Alerts
Section titled “Monitoring Alerts”Set up alerts for:
- Backup failure (no backup in 25 hours)
- High backup duration (>2 hours)
- Storage quota exceeded
- B2 API errors
This ensures reliable, automated backups with point-in-time recovery capabilities for your Zitadel database.