= Backup = Backup-serveren er freebeast.nuug.no. Programvaren som brukes er [[https://rdiff-backup.net/|rdiff-backup]], samt noen egne scripts. Backup starter 01:00 hver natt, og kjører foreløpig mot to hosts om gangen. Installasjon av software gjort for formålet: {{{ root@freebeast:~ # pkg install py39-rdiff-backup py39-yaml sudo bind-tools }}} Klargjøring av disk/zfs: {{{ root@freebeast:~ # zfs create -o compression=lz4 data/backup # Skru på compression, så rdiff-backup slipper }}} Sudo-rettigheter for rdfbck: {{{ [root@freebeast ~]# cat /usr/local/etc/sudoers.d/rdfbck # Allow the rdfbck user to run necessary commands as root, without password. # Rdiff-backup itself must run as root to allow backed up files to have their # original UID/GIDs when stored in the backup repository. The zfs commands are # used in the add-new-host script. rdfbck ALL=(ALL:ALL) NOPASSWD: /usr/local/bin/rdiff-backup, /sbin/zfs create *, /sbin/zfs list * }}} == Oppsett/konfigurasjon for ny host å ta backup av == Alt dette oppsettet skal inn i ansible på sikt. === På freebeast === {{{ root@freebeast:~ # su - rdfbck [rdfbck@freebeast ~]$ bin/add-new-host # Gjør evt. justeringer i filelist_ slik at innholdet i backupen blir riktig. }}} === På hosten du skal ta backup av === * Installer rdiff-backup 2.x fra pakke-repo eller andre måter {{{ # Legg til gruppe/bruker rdfbck root# adduser --system --shell /bin/bash --group rdfbck root# mkdir /home/rdfbck/.ssh root# vim /home/rdfbck/.ssh/authorized_keys # Innhold: command="sudo /usr/local/sbin/snapback",from="158.36.191.154",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/QHCeEKUfpzhVHJTEbVUFxf4npnXmF+/0bLAaYprpmHACzIBEto+k2/QT+amDatN12eTANVrcmycaWjfjrAXRNP9pyAWPrvBu7eRScXmrwaOkD3beenuyOu5MrZ+0OhUKW8UQp0bPxd+f4wrIdwZniYPVc88HnbzULyypACkIww/X5xRNwtZ2bLVn4h4MMfv6oE2Mp9lspLm4Lt7kZsTMSAnTc03GWFB9emru9lvlp4hBD4OEQrWU1lXCm3Rt7PID/5FGwkYjR9r17X5Vm36ybFwywUIIf31NVEqXp1jaLtYVsudEEK6codHybarqgAGqAoGwsC8SeOX6suuUI8rEX404b6MSkH6syBiin5Nd5S3gqdi3dIpvcJFvgluJUyvxk2rMtG1dM49j1MswdlBthY6q9G8UGNd1bhIwd+bqqnvC+f3qkyr3c42CMexEEz5jasNVpOddmDeN4nX7gUPmQBRA3zdkINHljRaWno5bKh2+N/U2tNLPMa1+RJxaaMU= rdfbck@freebeast.nuug.no (rdiff-backup) root# chown rdfbck:rdfbck /home/rdfbck/.ssh{,/authorized_keys} root# visudo -f /etc/sudoers.d/rdiff-backup-client # Innhold: # Allow the backup user to run the backup script as root without password. rdfbck ALL = NOPASSWD: NOLOG_INPUT: NOLOG_OUTPUT: /usr/local/sbin/snapback }}} Backup-scriptene: {{{ root@git:~# cat /usr/local/sbin/snapback #!/bin/bash export PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin logfile="/var/log/snapback.log" # Function that takes an argument of number of seconds, and prints the time # in the format HHh:MMm:SSs. You can use this to print e.g. runtime for a # script. # Usage: seconds_to_hms [SECONDS] # If the argument is missing, or it is not an integer >0, 'NaN' is printed. function seconds_to_hms() { local S_TIME HMS_TIME if [ -z "${1}" ]; then S_TIME="NaN" else S_TIME=${1} fi if [ ${S_TIME} -ge 0 ] 2> /dev/null; then HMS_TIME="$(printf '%02dh:%02dm:%02ds' $((S_TIME/3600)) $((S_TIME%3600/60)) $((S_TIME%60)))" else HMS_TIME="NaN" fi echo ${HMS_TIME} } # In case pre/post scripts don't exist, default value for their exit code # variables is 0. preexitcode=0 postexitcode=0 echo "$(date) Snapback started." >> ${logfile} start=$(date +%s) if [ -x "/usr/local/sbin/snapback.pre" ]; then echo "$(date) Pre-script starting." >> ${logfile} /usr/local/sbin/snapback.pre >> ${logfile} 2>&1 preexitcode=${?} echo "$(date) Pre-script finished and returned with exit status ${preexitcode}." >> ${logfile} fi echo "$(date) Rdiff-backup started." >> ${logfile} /usr/bin/rdiff-backup --server --restrict-read-only / rdiffexitcode=${?} echo "$(date) Rdiff-backup finished and returned with exit status ${rdiffexitcode}." >> ${logfile} if [ -x "/usr/local/sbin/snapback.post" ]; then echo "$(date) Post-script starting." >> ${logfile} /usr/local/sbin/snapback.post >> ${logfile} 2>&1 postexitcode=${?} echo "$(date) Post-script finished and returned with exit status ${postexitcode}." >> ${logfile} fi end=$(date +%s) runtime=$((end-start)) echo "$(date) Snapback finished. Pre:${preexitcode}, Rdiff-backup:${rdiffexitcode}, Post:${postexitcode}. Duration: $(seconds_to_hms ${runtime}) (${runtime} seconds)." >> ${logfile} # Exit with the sum of all exit codes from pre, rdiff-backup and post. sumexitcode=$((preexitcode+rdiffexitcode+postexitcode)) exit ${sumexitcode} }}} {{{ root@git:~# cat /usr/local/sbin/snapback.pre #!/bin/bash # This script runs as root # Do something useful here if you want. Dump databases, create LVM snapshots or whatever }}} {{{ root@git:~# cat /usr/local/sbin/snapback.post #!/bin/bash # This script runs as root # Do something useful here if you want, like delete the LVM snapshots from .pre }}}