Backup
Backup-serveren er freebeast.nuug.no. Programvaren som brukes er rdiff-backup, samt noen egne scripts.
Backup starter 01:00 hver natt, og kjører foreløpig mot to hosts om gangen.
Installasjon av software gjort for formålet:
root@freebeast:~ # pkg install py39-rdiff-backup py39-yaml sudo bind-tools
Klargjøring av disk/zfs:
root@freebeast:~ # zfs create -o compression=lz4 data/backup # Skru på compression, så rdiff-backup slipper
Sudo-rettigheter for rdfbck:
[root@freebeast ~]# cat /usr/local/etc/sudoers.d/rdfbck # Allow the rdfbck user to run necessary commands as root, without password. # Rdiff-backup itself must run as root to allow backed up files to have their # original UID/GIDs when stored in the backup repository. The zfs commands are # used in the add-new-host script. rdfbck ALL=(ALL:ALL) NOPASSWD: /usr/local/bin/rdiff-backup, /sbin/zfs create *, /sbin/zfs list *
Oppsett/konfigurasjon for ny host å ta backup av
Alt dette oppsettet skal inn i ansible på sikt.
På freebeast
root@freebeast:~ # su - rdfbck [rdfbck@freebeast ~]$ bin/add-new-host <fqdn for ny host> # Gjør evt. justeringer i filelist_<fqdn> slik at innholdet i backupen blir riktig.
På hosten du skal ta backup av
- Installer rdiff-backup 2.x fra pakke-repo eller andre måter
# Legg til gruppe/bruker rdfbck
root# adduser --system --shell /bin/bash --group rdfbck
root# mkdir /home/rdfbck/.ssh
root# vim /home/rdfbck/.ssh/authorized_keys
# Innhold:
command="sudo /usr/local/sbin/snapback",from="158.36.191.154",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/QHCeEKUfpzhVHJTEbVUFxf4npnXmF+/0bLAaYprpmHACzIBEto+k2/QT+amDatN12eTANVrcmycaWjfjrAXRNP9pyAWPrvBu7eRScXmrwaOkD3beenuyOu5MrZ+0OhUKW8UQp0bPxd+f4wrIdwZniYPVc88HnbzULyypACkIww/X5xRNwtZ2bLVn4h4MMfv6oE2Mp9lspLm4Lt7kZsTMSAnTc03GWFB9emru9lvlp4hBD4OEQrWU1lXCm3Rt7PID/5FGwkYjR9r17X5Vm36ybFwywUIIf31NVEqXp1jaLtYVsudEEK6codHybarqgAGqAoGwsC8SeOX6suuUI8rEX404b6MSkH6syBiin5Nd5S3gqdi3dIpvcJFvgluJUyvxk2rMtG1dM49j1MswdlBthY6q9G8UGNd1bhIwd+bqqnvC+f3qkyr3c42CMexEEz5jasNVpOddmDeN4nX7gUPmQBRA3zdkINHljRaWno5bKh2+N/U2tNLPMa1+RJxaaMU= rdfbck@freebeast.nuug.no (rdiff-backup)
root# chown rdfbck:rdfbck /home/rdfbck/.ssh{,/authorized_keys}
root# visudo -f /etc/sudoers.d/rdiff-backup-client
# Innhold:
# Allow the backup user to run the backup script as root without password.
rdfbck ALL = NOPASSWD: NOLOG_INPUT: NOLOG_OUTPUT: /usr/local/sbin/snapbackBackup-scriptene:
root@git:~# cat /usr/local/sbin/snapback
#!/bin/bash
export PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin
logfile="/var/log/snapback.log"
# Function that takes an argument of number of seconds, and prints the time
# in the format HHh:MMm:SSs. You can use this to print e.g. runtime for a
# script.
# Usage: seconds_to_hms [SECONDS]
# If the argument is missing, or it is not an integer >0, 'NaN' is printed.
function seconds_to_hms() {
local S_TIME HMS_TIME
if [ -z "${1}" ]; then
S_TIME="NaN"
else
S_TIME=${1}
fi
if [ ${S_TIME} -ge 0 ] 2> /dev/null; then
HMS_TIME="$(printf '%02dh:%02dm:%02ds' $((S_TIME/3600)) $((S_TIME%3600/60)) $((S_TIME%60)))"
else
HMS_TIME="NaN"
fi
echo ${HMS_TIME}
}
# In case pre/post scripts don't exist, default value for their exit code
# variables is 0.
preexitcode=0
postexitcode=0
echo "$(date) Snapback started." >> ${logfile}
start=$(date +%s)
if [ -x "/usr/local/sbin/snapback.pre" ]; then
echo "$(date) Pre-script starting." >> ${logfile}
/usr/local/sbin/snapback.pre >> ${logfile} 2>&1
preexitcode=${?}
echo "$(date) Pre-script finished and returned with exit status ${preexitcode}." >> ${logfile}
fi
echo "$(date) Rdiff-backup started." >> ${logfile}
/usr/bin/rdiff-backup --server --restrict-read-only /
rdiffexitcode=${?}
echo "$(date) Rdiff-backup finished and returned with exit status ${rdiffexitcode}." >> ${logfile}
if [ -x "/usr/local/sbin/snapback.post" ]; then
echo "$(date) Post-script starting." >> ${logfile}
/usr/local/sbin/snapback.post >> ${logfile} 2>&1
postexitcode=${?}
echo "$(date) Post-script finished and returned with exit status ${postexitcode}." >> ${logfile}
fi
end=$(date +%s)
runtime=$((end-start))
echo "$(date) Snapback finished. Pre:${preexitcode}, Rdiff-backup:${rdiffexitcode}, Post:${postexitcode}. Duration: $(seconds_to_hms ${runtime}) (${runtime} seconds)." >> ${logfile}
# Exit with the sum of all exit codes from pre, rdiff-backup and post.
sumexitcode=$((preexitcode+rdiffexitcode+postexitcode))
exit ${sumexitcode}root@git:~# cat /usr/local/sbin/snapback.pre #!/bin/bash # This script runs as root # Do something useful here if you want. Dump databases, create LVM snapshots or whatever
root@git:~# cat /usr/local/sbin/snapback.post #!/bin/bash # This script runs as root # Do something useful here if you want, like delete the LVM snapshots from .pre