I’d like to test a restore, just to understand what would happen if my SSD dies - can I try to use another Pi with a fresh SSD to test the restore while my main server is running - would it cause problems? Or I should shut down the main server first?
Also, a feature request - I’d like to be able to set up a reserve Umbrel, fully sync, then shut down my main server and switch over to the reserve one by restoring the seed of the main server. Then the main becomes the reserve and I have redundancy.
SHTF scenarios with LND are quite hard to implement.
What could be interesting to test is to stop Umbrel services, make a full copy of the Umbrel docker containers data (not including the blockchain data).
Then try to use that data into a new machine with or without blockchain data (meanwhile the old node is shutdown).
This could be an interesting SHTF test to see how it works.
We are still in early phase… I am also still testing Umbrel and not use it as a “production” node. In the past I had a C-Lightning node and a BTCpay server, just for testing and learning purposes.
With C-Lightning there’s a way to make copies periodically to cln folder and restore them back in case of SHTF. It worked for me once. All channels restored nicely with no need for closing.
But with LND is different. Losing channels after you were taking care of them it really sucks…
In case of SHTF (loss of SSD) how do I recover my channels backup? It should be available from the Umbrel online (https://github.com/getumbrel/umbrel/blob/master/scripts/backup/README.md) but I’m not sure how I would get the file from Umbrel - anybody can tell me?
So if I restore with seed, I will be able to download the last backup, right? I think this step is missing from the FAQ, they say “use the backup from your computer” but you might’ve not done any backups or they are obsolete - so downloading step is necessary.
I don’t know how is the procedure to recover from cloud uploaded backup. That question I think @aarondewes or @louneskmt can answer better.
But as a general rule: I don’t count 100% on cloud backups, I always make my own backups and keep them safe.
Now I’m confused. If I understood the above correctly, in case my SSD dies:
If I never store my backup off the umbrel node, I’m screwed. Though I have the seed, my “random ID” is lost along with the logfile, and my offchain balances are lost.
If I download the backup periodically, but it is not the latest one, I might be punished by a watchtower while recovering if the peer has a newer transaction.
So, I have to backup my umbrel continuously to my own backup drive and cannot rely on the Umbrel’s automatic backup? What is the point of Umbrel’s automatic backup if I would need something that is stored in the logfile (which I assume is lost if the SSD dies) to recover?
And, the backup readme on Umbrel says
Due to the key/id being deterministically derived from the Umbrel seed, all that’s needed to fully recover an Umbrel is the mnemonic seed phrase. Upon recovery the device can automatically regenerate the same backup id/encryption key, request the latest backup from the backup server, decrypt it, and restore the user’s settings and Lightning network channel data.
Is this ^^^ true? Would I need to follow Troubleshooting - UmbrelInfo or my channels would be automatically restored?
What I do normally:
- keep safe the seed
- every time I open/close a channel I make a backup of the file into a safe place
I didn’t look into watchtowers in details but is an option. But keep in mind, a WT will not help you to recover your money, will just keep the rules to be fair for everybody (aka not cheating)
So, you opened a channel, made a backup. Then you made a payment (or routed a payment) via that channel. Then your SSD went belly up. You took your backup and started closing the channels. When you tried to close the one we just mentioned, the peer or a random watchtower detected you as a cheater (because your backup does not contain the last transaction) and punished by giving all your balance in that channel to your peer. Is this a realistic scenario?
No, but this is how LND works right now.
Or … use watchtowers and don’t tell to peers. so they get rekt by themselves