NUUGs wikisider:

Brukerverktøy

Nettstedverktøy

Spor: backup
drift:backup

Innholdsfortegnelse

Backup

Backup-serveren er freebeast.nuug.no. Programvaren som brukes er rdiff-backup, samt noen egne scripts.
Backup starter 01:00 hver natt, og kjører foreløpig mot to hosts om gangen.

Installasjon av software gjort for formålet: 

root@freebeast:~ # pkg install py39-rdiff-backup py39-yaml sudo bind-tools

Klargjøring av disk/zfs: 

root@freebeast:~ # zfs create -o compression=lz4 data/backup # Skru på compression, så rdiff-backup slipper

Sudo-rettigheter for rdfbck: 

[root@freebeast ~]# cat /usr/local/etc/sudoers.d/rdfbck
# Allow the rdfbck user to run necessary commands as root, without password.
# Rdiff-backup itself must run as root to allow backed up files to have their
# original UID/GIDs when stored in the backup repository.  The zfs commands are
# used in the add-new-host script.
rdfbck ALL=(ALL:ALL) NOPASSWD: /usr/local/bin/rdiff-backup, /sbin/zfs create *, /sbin/zfs list *

Oppsett/konfigurasjon for ny host å ta backup av

Alt dette oppsettet skal inn i ansible på sikt.

På freebeast

root@freebeast:~ # su - rdfbck
[rdfbck@freebeast ~]$ bin/add-new-host <fqdn for ny host>

# Gjør evt. justeringer i filelist_<fqdn> slik at innholdet i backupen blir riktig.

På hosten du skal ta backup av

  • Installer rdiff-backup 2.x fra pakke-repo eller andre måter 
# Legg til gruppe/bruker rdfbck
root# adduser --system --shell /bin/bash --group rdfbck

root# sudo -u rdfbck mkdir /home/rdfbck/.ssh
root# sudo -u rdfbck vim /home/rdfbck/.ssh/authorized_keys
# Innhold:
command="sudo /usr/local/sbin/snapback",from="158.36.191.154",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/QHCeEKUfpzhVHJTEbVUFxf4npnXmF+/0bLAaYprpmHACzIBEto+k2/QT+amDatN12eTANVrcmycaWjfjrAXRNP9pyAWPrvBu7eRScXmrwaOkD3beenuyOu5MrZ+0OhUKW8UQp0bPxd+f4wrIdwZniYPVc88HnbzULyypACkIww/X5xRNwtZ2bLVn4h4MMfv6oE2Mp9lspLm4Lt7kZsTMSAnTc03GWFB9emru9lvlp4hBD4OEQrWU1lXCm3Rt7PID/5FGwkYjR9r17X5Vm36ybFwywUIIf31NVEqXp1jaLtYVsudEEK6codHybarqgAGqAoGwsC8SeOX6suuUI8rEX404b6MSkH6syBiin5Nd5S3gqdi3dIpvcJFvgluJUyvxk2rMtG1dM49j1MswdlBthY6q9G8UGNd1bhIwd+bqqnvC+f3qkyr3c42CMexEEz5jasNVpOddmDeN4nX7gUPmQBRA3zdkINHljRaWno5bKh2+N/U2tNLPMa1+RJxaaMU= rdfbck@freebeast.nuug.no (rdiff-backup)

root# visudo -f /etc/sudoers.d/rdiff-backup-client
# Innhold:
# Allow the backup user to run the backup script as root without password.
rdfbck ALL = NOPASSWD: NOLOG_INPUT: NOLOG_OUTPUT: /usr/local/sbin/snapback

Backup-scriptene:

root@git:~# cat /usr/local/sbin/snapback 

#!/bin/bash

export PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin
logfile="/var/log/snapback.log"

# Function that takes an argument of number of seconds, and prints the time
# in the format HHh:MMm:SSs. You can use this to print e.g. runtime for a
# script.
# Usage: seconds_to_hms [SECONDS]
# If the argument is missing, or it is not an integer >0, 'NaN' is printed.
function seconds_to_hms() {
    local S_TIME HMS_TIME
    if [ -z "${1}" ]; then
        S_TIME="NaN"
    else
        S_TIME=${1}
    fi
    if [ ${S_TIME} -ge 0 ] 2> /dev/null; then
        HMS_TIME="$(printf '%02dh:%02dm:%02ds' $((S_TIME/3600)) $((S_TIME%3600/60)) $((S_TIME%60)))"
    else
        HMS_TIME="NaN"
    fi
    echo ${HMS_TIME}
}

# In case pre/post scripts don't exist, default value for their exit code
# variables is 0.
preexitcode=0
postexitcode=0

echo "$(date) Snapback started." >> ${logfile}
start=$(date +%s)

if [ -x "/usr/local/sbin/snapback.pre" ]; then
    echo "$(date) Pre-script starting." >> ${logfile}
    /usr/local/sbin/snapback.pre >> ${logfile} 2>&1
    preexitcode=${?}
    echo "$(date) Pre-script finished and returned with exit status ${preexitcode}." >> ${logfile}
fi

echo "$(date) Rdiff-backup started." >> ${logfile}
/usr/bin/rdiff-backup --server --restrict-read-only /
rdiffexitcode=${?}
echo "$(date) Rdiff-backup finished and returned with exit status ${rdiffexitcode}." >> ${logfile}

if [ -x "/usr/local/sbin/snapback.post" ]; then
    echo "$(date) Post-script starting." >> ${logfile}
    /usr/local/sbin/snapback.post >> ${logfile} 2>&1
    postexitcode=${?}
    echo "$(date) Post-script finished and returned with exit status ${postexitcode}." >> ${logfile}
fi

end=$(date +%s)
runtime=$((end-start))
echo "$(date) Snapback finished. Pre:${preexitcode}, Rdiff-backup:${rdiffexitcode}, Post:${postexitcode}. Duration: $(seconds_to_hms ${runtime}) (${runtime} seconds)." >> ${logfile}

# Exit with the sum of all exit codes from pre, rdiff-backup and post.
sumexitcode=$((preexitcode+rdiffexitcode+postexitcode))
exit ${sumexitcode}

root@git:~# cat /usr/local/sbin/snapback.pre 

#!/bin/bash

# This script runs as root

# Do something useful here if you want. Dump databases, create LVM snapshots or whatever

root@git:~# cat /usr/local/sbin/snapback.post 

#!/bin/bash

# This script runs as root

# Do something useful here if you want, like delete the LVM snapshots from .pre
drift/backup.txt · Sist endret: 2025/11/12 13:34 av solbu