You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
484 lines
15 KiB
484 lines
15 KiB
\input texinfo @c -*-texinfo-*- |
|
@c %**start of header |
|
@setfilename backup-generic.info |
|
@documentencoding UTF-8 |
|
@include version.texi |
|
@include variables.texi |
|
@set AUTHOR Marc Wäckerlin |
|
@set TITLE @value{PACKAGE} - differential rsync backups |
|
@settitle @value{TITLE} @value{VERSION} |
|
@c %**end of header |
|
|
|
@copying |
|
Copyright @copyright{} 2012 @verbatiminclude @top_srcdir@/AUTHORS |
|
@end copying |
|
|
|
@titlepage |
|
@title @value{TITLE} |
|
@author @value{AUTHOR} |
|
@page |
|
@vskip 0pt plus 1filll |
|
@insertcopying |
|
@end titlepage |
|
|
|
@c So the toc is printed at the start. |
|
@contents |
|
|
|
@ifnottex |
|
@node Top |
|
@top @value{TITLE} |
|
|
|
This manual is for @value{PACKAGE}, version @value{VERSION}. |
|
@end ifnottex |
|
|
|
@menu |
|
* Introduction:: Introducion, what's all about? |
|
* Installation:: Installation |
|
* Naming:: Naming used in this manual |
|
* Configuration:: Configuration of the backup server |
|
* Setup Host:: Setup a host to be backed up |
|
* Monitoring:: Monitoring the backup server |
|
* Internals:: What happens behind the scenes |
|
|
|
* Copying:: Your rights and freedoms. |
|
* Index:: Index |
|
@end menu |
|
|
|
|
|
|
|
@node Introduction |
|
@chapter Introduction |
|
@include @top_srcdir@/README |
|
|
|
|
|
|
|
@node Installation |
|
@chapter Installation Of Package @value{PACKAGE} |
|
@cindex installation |
|
|
|
@section Install From Ubuntu/Debian Repository |
|
@cindex ubuntu repository |
|
@cindex debian repository |
|
@cindex debian package |
|
@cindex dpkg |
|
|
|
If you use Ubuntu or Debian, installation can be done directly out of |
|
a repository. Configure apt to use the author's repository: |
|
|
|
@verbatim |
|
wget -O- http://dev.marc.waeckerlin.org/repo/PublicKey | sudo apt-key add - |
|
sudo apt-get install python-software-properties |
|
sudo apt-add-repository http://dev.marc.waeckerlin.org/repo |
|
sudo apt-get update |
|
@end verbatim |
|
|
|
Then install the package from the repository: |
|
|
|
@verbatim |
|
sudo apt-get install generic-backup |
|
@end verbatim |
|
|
|
@section Install From Sources |
|
@cindex configure |
|
@cindex make |
|
@cindex build |
|
@cindex sources |
|
|
|
Download the latest archive, untar, configure, build and install: |
|
|
|
@example |
|
wget http://dev.marc.waeckerlin.org/repo/sources/@value{PACKAGE}-@value{VERSION}.tar.bz2 |
|
tar xjf @value{PACKAGE}-@value{VERSION}.tar.bz2 |
|
cd @value{PACKAGE}-@value{VERSION} |
|
./bootstrap.sh |
|
./configure |
|
make |
|
sudo make install |
|
@end example |
|
|
|
|
|
@node Naming |
|
@chapter Naming Used In This Manual |
|
@cindex naming conventions |
|
@cindex setup |
|
@cindex installation |
|
|
|
In this manual, we use the following naming: |
|
|
|
@table @dfn |
|
@item server |
|
is the @dfn{backup server} where these backup scripts run |
|
@cindex server, backup |
|
@cindex backup server |
|
@item host |
|
is a @dfn{host} in the network that will be backuped onto the backup server |
|
@cindex host |
|
@end table |
|
|
|
Moreover, in all examples, the example hostname will be |
|
@samp{host.company-name.com} and your username is @samp{user}. You |
|
will have to replace these placeholders with the name of your hosts |
|
and with your username. |
|
|
|
|
|
|
|
@node Configuration |
|
@chapter Configuration |
|
@cindex configuration files |
|
|
|
@section The Configuration Files |
|
|
|
The backup scripts can be configured globally, per user and per host |
|
in the following way: |
|
|
|
@table @file |
|
|
|
@item /etc/backup.conf |
|
@cindex /etc/backup.conf |
|
|
|
This is the global configuration file and the default for all |
|
hosts. This file should be prefered for your configuration. |
|
|
|
@item ~/.backup |
|
@cindex ~/.backup |
|
|
|
This is the local configuration file for all hosts of the user that |
|
runs the backup script (normally @samp{root}). It overwrites |
|
configurations from the global configuratin file. |
|
|
|
@item /etc/backup-host.company-name.com.conf |
|
@cindex /etc/backup-@samp{host.company-name.com}.conf |
|
|
|
This is a global configuration file that is only evaluated when |
|
backing up host @samp{host.company-name.com}. |
|
|
|
@item ~/.backup-host.company-name.com |
|
@cindex ~/.backup-@samp{host.company-name.com} |
|
|
|
This is a local user's configuration file that is only evaluated when |
|
backing up host @samp{host.company-name.com}. |
|
|
|
@end table |
|
|
|
Configuration files on top of this list are evaluated first that |
|
means, the files below overwrite variables of the files above. So |
|
these files can be combined, any or none of the files can be |
|
given. There are also good default values in case no configuration is |
|
given at all. |
|
|
|
@section Variables In The Configuration files |
|
|
|
@subsection Common Variables |
|
|
|
These are the variables you probably want to change: |
|
|
|
@table @var |
|
|
|
@item DISABLE |
|
|
|
A path to a file to temporarily stop execution of backups (examply used when you want to start restauration). If the file exists, no new backup will be started. Create the file to stop all backups, delete it to continue with backups. Default: @file{/var/run/nobackup} |
|
|
|
@item EMAIL |
|
|
|
The email address to send error reports to. If empty, no emails are |
|
sent. It requires a command line @command{mail} client. Default: empty |
|
|
|
@item NUM |
|
|
|
Number of backups to keep per type. If NUM is e.g. 5, then 5 daily backups will bee kept, 5 weekly backups and 5 monthly backups. Default: @code{5} |
|
|
|
@item TARGET |
|
|
|
The path where backups should go to. Make shure this is on a huge harddisk. Default: @file{/var/backup} |
|
|
|
@item |
|
|
|
@end table |
|
|
|
@subsection Special Variables |
|
|
|
These are the variables that come with good default values and should |
|
normally not be changed: |
|
|
|
@table @var |
|
|
|
@item HOST |
|
|
|
Name of the host to backup. The special keyword @code{generic} stands for the local host (without @command{ssh} network access). This is where the name @command{backup-generic} comes from. Default: detect automatically from file name |
|
|
|
@item SOURCES |
|
|
|
The source paths to backup. This is hosts specific. Since normally the backup uses @command{rsync} option @code{--one-file-system} (or @code{-x}), @var{SOURCES} must contain a list of all mounted filesystems. These are automaticall detected by using command @command{mount} on the host @var{HOST} and filtering the mountpoint of the backup target @var{TARGET}. Default: setect automatically by calling @command{mount} |
|
|
|
@item MORE_ARGS |
|
|
|
Additional arguments you want to pass to @command{rsync}, such as @option{--exclude=/some/path}. Use @var{MORE_ARGS} instead of @var{ARGS}. Default: empty |
|
|
|
@item ARGS |
|
|
|
The standard arguments that are passed to @command{rsync}. Dont't overwrite unless you know exactly what you do. Use @var{MORE_ARGS} instead of @var{ARGS} to add additional arguments. Default: @option{-aqx --delete} |
|
|
|
@item LOGFILE |
|
|
|
The file where details of the backups are logged to. Default: @file{/var/log/backup.log} |
|
|
|
@item LOCK |
|
|
|
Lockfile to prevent two backups of the same host at the same time. Default: @code{$@{TARGET@}/$@{HOST@}.lock} |
|
|
|
@item TMPFILE |
|
|
|
Temporary file to store log information of the just running backup. This file will be removed after backup. If there is any error while backing up, this file is sent per email to help finding the problem. Default: @code{/tmp/$@{0##*/@}.$$} |
|
|
|
@item RSYNC_CMD |
|
|
|
The @code{rsync} command. Default: @code{nice -n 19 ionice -c 2 -n 7 rsync} |
|
|
|
@item LOCAL_RSYNC_CMD |
|
|
|
The local @code{rsync} command. use thios variable, if it is different from the remote @code{rsync} command. Default: @code{$@{RSYNC_CMD@}} |
|
|
|
@item REMOTE_RSYNC_CMD |
|
|
|
The remote @code{rsync} command. use thios variable, if it is different from the local @code{rsync} command. Default: @code{$@{RSYNC_CMD@}} |
|
|
|
@end table |
|
|
|
@section Configuration File Syntax |
|
@cindex configuration file syntax |
|
@cindex syntax, configuration file |
|
|
|
The configuration files are in @command{bash} format and declare |
|
variables that are used during the backup. Any @command{bash} syntax |
|
is possible in the configuration files. So normally, a configuration |
|
file is just a list of variable definitions, but it can also contain |
|
more complex statements: |
|
|
|
@subsection Example Configuration File |
|
|
|
@verbatim |
|
EMAIL=me@somewhere.com |
|
NUM=12 |
|
TARGET="/var/backup" |
|
MORE_ARGS="--exclude /media --exclude /var/backup" |
|
SOURCES=$(ssh $HOST mount \ |
|
| awk '$2=="on" {print $3}' \ |
|
| sed '/\/\(run\|proc\|sys\|dev\|var\|lib\)\|'"${TARGET//\//\\/}"'$/d') |
|
@end verbatim |
|
|
|
|
|
|
|
@node Setup Host |
|
@chapter Setup Host |
|
|
|
@section Setup Host Key Exchange |
|
|
|
@cindex ssh |
|
@cindex key exchange |
|
@cindex setup password less login |
|
@cindex preparations |
|
|
|
Before you can backup a host, you must make sure that the @code{root} |
|
user of the backup server has SSH login access to the @code{root} of |
|
the host. This outside of the scope of this backup toolset. It can be |
|
done using the tools from OpenSSH client package, namely |
|
@command{ssh-keygen} and @command{ssh-copyid}. This means, before you |
|
can setup a backup for a specific host, you need to exchange the SSH |
|
login keys for root manually to gain password less @command{ssh} |
|
login. To backup for example a host named |
|
@samp{host.company-name.com}, follow these steps: |
|
|
|
@enumerate |
|
|
|
@item First create a SSH key for root (if not already done, to be done |
|
only once): |
|
|
|
@cindex ssh-keygen |
|
@example |
|
sudo -H ssh-keygen |
|
@end example |
|
|
|
This generates the two files @file{/root/.ssh/id_rsa} and |
|
@file{/root/.ssh/id_rsa.pub}, which are then the backup server's |
|
private and public key. |
|
|
|
@item For each host that should be backed up, repeat the following step: |
|
|
|
@enumerate |
|
|
|
@item Append the backup server's public key @file{/root/.ssh/id_rsa.pub} |
|
to the the host's @file{/root/.ssh/authorized_keys}. The easiest way |
|
to achieve this is to use @command{ssh-copyid}. In this example, we |
|
want to backup host @samp{host.company-name.com}, replace it with the |
|
name of the host you want to backup: |
|
|
|
@cindex ssh-copyid |
|
@verbatim |
|
sudo -H ssh-copy-id root@host.company-name.com |
|
@end verbatim |
|
|
|
@item After you have done this, you should test, if you can login to |
|
@samp{host.company-name.com} without being asked for a password (with |
|
no user interaction): |
|
|
|
@verbatim |
|
sudo -H ssh root@host.company-name.com |
|
@end verbatim |
|
|
|
If you get to the console of @samp{host.company-name.com} without |
|
having to type a password, then your backup is prepared and should |
|
work. |
|
|
|
You could be asked for the @command{sudo} password, but you must not be prompted for the host's password: |
|
|
|
@itemize |
|
@item This is ok (in this example, your login name is @samp{user}): |
|
@verbatim |
|
[sudo] password for user: |
|
@end verbatim |
|
@item This should not happen: |
|
@verbatim |
|
root@host.company-name.com's password: |
|
@end verbatim |
|
@end itemize |
|
|
|
@end enumerate |
|
@end enumerate |
|
|
|
@section Setup Hosts to Backup |
|
|
|
@cindex add host to backup |
|
@cindex backup host |
|
When you have setup the password less login to the host as specified |
|
in the previous section, it is then easy to setup the backup mechanism |
|
for your hosts. Simply call the script @command{setup-backup} with a |
|
list of hosts to backup as arguments, e.g. to backup host |
|
@samp{host.company-name.com}, call: |
|
|
|
@verbatim |
|
sudo setup-backup host.company-name.com |
|
@end verbatim |
|
|
|
|
|
|
|
@node Monitoring |
|
@chapter Icinga Monitoring |
|
@cindex icinga |
|
@cindex nagios |
|
@cindex monitoring |
|
|
|
@section Setup NRPE On Backup Server |
|
@cindex nrpe |
|
|
|
Icinga (former Nagios) can be used to monitor the backup activities. For this purpose, simply install the @code{nagios-nrpe-server} package of your distribution on the backup server. Then enable passing arguments to nrpe and add your Icinga server's IP adress to the list of allowed hosts. Provided the IP address of your Nagios server is @samp{172.17.0.1}, change the following two lines in @file{/etc/nagios/nrpe.cfg}: |
|
|
|
@verbatim |
|
allowed_hosts=127.0.0.1,172.17.0.1 |
|
dont_blame_nrpe=1 |
|
@end verbatim |
|
|
|
Of course, yu could setup Icinga differentely, i.e. without nrpe or |
|
without having to specify arguments. But this is out of scope of these |
|
instructions. |
|
|
|
@section Setup Backup Checks On Nagios Server |
|
@cindex nagios server |
|
|
|
@image{icinga-monitoring,12cm} |
|
On the server where you run Nagios, add the following configuration, e.g. in @file{/etc/icinga/objects/backups.cfg}: |
|
@verbatim |
|
define service{ |
|
use generic-service |
|
host_name host.company-name.com |
|
service_description Daily Backup host.company-name.com |
|
check_command check_nrpe!check_backup!host.company-name.com daily |
|
} |
|
|
|
define service{ |
|
use generic-service |
|
host_name host.company-name.com |
|
service_description Weekly Backup host.company-name.com |
|
check_command check_nrpe!check_backup!host.company-name.com weekly |
|
} |
|
|
|
define service{ |
|
use generic-service |
|
host_name host.company-name.com |
|
service_description Monthly Backup host.company-name.com |
|
check_command check_nrpe!check_backup!host.company-name.com monthly |
|
} |
|
@end verbatim |
|
|
|
|
|
|
|
@node Internals |
|
@chapter Behind The Scenes |
|
@cindex cron |
|
|
|
@section Backup Host Configuration |
|
@cindex setup-backup |
|
@cindex backup-generic |
|
@cindex /etc/cron.daily/backup-host_company-name_com |
|
@cindex /etc/cron.weekly/backup-host_company-name_com |
|
@cindex /etc/cron.monthly/backup-host_company-name_com |
|
@cindex /etc/cron.daily |
|
@cindex /etc/cron.weekly |
|
@cindex /etc/cron.monthly |
|
|
|
The script @command{setup-backup} links for all hosts and all backup |
|
timings to the script @command{backup-generic}. Dots in the hostname |
|
are replaced by underscores, because there must not be dots in cron |
|
files (this is a limitation of @command{run-parts}). That means, for |
|
each host, which is e.g. @samp{host.company-name.com}, it creates |
|
three links to @command{backup-generic}: |
|
@itemize |
|
@item @file{/etc/cron.daily/backup-host_company-name_com} |
|
@item @file{/etc/cron.weekly/backup-host_company-name_com} |
|
@item @file{/etc/cron.monthly/backup-host_company-name_com} |
|
@end itemize |
|
|
|
The script @command{backup-generic} is then called as |
|
@command{/etc/cron.daily/backup-host_company-name_com} once every |
|
day. From the filename, the script detects the period (here |
|
@samp{daily}) and the hostname to backup (here |
|
@samp{host.company-name.com}). |
|
|
|
If any older backup exists, either from the same host, or from another |
|
host, @command{backup-generic} tries to hardlink as many files as |
|
possible to a previous backup using the @command{rsync}'s |
|
@option{--link-dest} feature. This way, only files that don't already |
|
and files that have been changed are copied over the network. This |
|
saves time, bandwidth and disk storage. |
|
|
|
Removing a host from the backup is then done by removing all three |
|
@file{backup-host_company-name_com} links in @file{/etc/cron.daily}, |
|
@file{/etc/cron.weekly} and @file{/etc/cron.hourly}. If you purge the |
|
package (@command{sudo apt-get purge backup-generic}), then all links |
|
are cleaned up. |
|
|
|
@section Backup Escalation |
|
@cindex /etc/cron.hourly |
|
@cindex setup-backup |
|
|
|
The script @command{setup-backup} also links @command{escalate-backup} |
|
to @file{/etc/cron.hourly}. This script looks for @file{backup-*} |
|
files in @file{/etc/cron.hourly}, @file{/etc/cron.daily}, |
|
@file{/etc/cron.weekly} and @file{/etc/cron.monthly}. For all backups |
|
that have been setup, it looks in the backup target, whether there is |
|
an actual backup or not. This is done by calling the Icinga check |
|
script @command{check_backup} with hostname and backup period als |
|
parameter. In case of an error, the backup is executed immediately. |
|
|
|
|
|
|
|
@node Copying |
|
@chapter Copying |
|
@cindex copying |
|
@cindex license |
|
@verbatiminclude @top_srcdir@/COPYING |
|
@node Index |
|
@unnumbered Index |
|
|
|
@printindex cp |
|
|
|
@bye
|
|
|