rimball wiki

User Tools

Site Tools

Trace:
notes:backups

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
notes:backups [2021/08/26 22:42] – created davidnotes:backups [2024/08/31 23:29] (current) – [Prep backup server] david
Line 1: Line 1:
-How I backup servers locally and in the cloud using rsync, restricted-rsync, rsnapshot, restic, backblaze b2+How I backup servers locally and in the cloud using rsync, restricted-rsync, rsnapshot, restic, backblaze b2
 + 
 +Android phones have their photos backed up to a central backup server using syncthing, which is then backed up to the cloud using restic. 
 +Servers are backed up using rsync and restricted-rsync  pulling from a centralized backup server.
  
 Tools used Tools used
Line 5: Line 8:
   * restricted rsync   * restricted rsync
   * ssh, and ssh authorized keys   * ssh, and ssh authorized keys
-  * restic+  * [[ https://restic.net | restic ]] 
 +  * [[ https://syncthing.net/ |syncthing ]] 
 +  * [[ https://www.backblaze.com/b2/cloud-storage.html | Backblaze B2 ]] for remote cloud backups
  
 +====== restic ======
 +====== rsnapshot ======
 +create a new ed25519 key on the backup server, and copy the public
 Setup /root/.ssh/authorized_keys  Setup /root/.ssh/authorized_keys 
-command="/usr/bin/rrsync -ro /",restrict,from="192.0.2.2" ssh-ed25519 abc1234 +command="/usr/bin/rrsync -ro /",restrict,from="192.0.2.2" ssh-ed25519 abc1234PublicKey
  
 This will force the use of rrsync to the / directory as read-only, when logging in using the specified key, from 192.0.2.2 . This will force the use of rrsync to the / directory as read-only, when logging in using the specified key, from 192.0.2.2 .
 +
 +
 +make sure to use the "--inplace" option for rsync when using the setup for btrfs, from the rsync man page
 +"it can also help keep  a  copy-on-write  filesystem  snapshot from diverging the entire contents of a file that only has minor changes"
 +
 +===== rsnapshot and btrfs =====
 +In order to take advantage of btrfs subvolumes with rsnapshot the following options in the rsnapshot configuration will need to be modified according to (( https://web.archive.org/web/20140409045559/http://wwerther.de/2011/10/migrate-rsnapshot-based-backup-to-btrfs-snapshots/ ))
 +<code>
 +cmd_cp      /root/bin/rsnapshot_plug_cp_btrfs
 +cmd_rm      /root/bin/rsnapshot_plug_rm_btrfs
 +</code>
 +
 +snapshot_plug_cp_btrfs ((https://gist.githubusercontent.com/wwerther/1306185/raw/rsnapshot_plug_cp_btrfs))
 +<code bash rsnapshot_plug_cp_btrfs>
 +#!/bin/sh
 +# Arg 1: -al
 +# Arg 2: /testbtrfs/backups/hourly.0
 +# Arg 3: /testbtrfs/backups/hourly.1
 +btrfs subvolume snapshot $2 $3
 +</code>
 +
 +rsnapshot_plug_rm_btrfs
 +((https://gist.githubusercontent.com/wwerther/1306189/raw/rsnapshot_plug_rm_btrfs))
 +<code bash rsnapshot_plug_rm_btrfs>
 +#!/bin/sh
 +
 +# Arg 1: -rf
 +# Arg 2: /testbtrfs/backups/hourly.4/
 +
 +# echo 1: $1  2: $@
 +
 +# Try to delete the given path with btrfs subvolume delete first
 +# if this fails fall back to normal rm
 +if [  "$1" = "-rf"  -a  "$3" = ""  ]; then
 +        # "trying to delete with btrfs"
 +        btrfs subvolume delete $2
 +        error=$?
 +        if [ $error -eq 13 ]; then
 +                # EC 13 => The directory specified is no subvolume
 +                rm $@
 +        elif [ $error -ne 0 ]; then
 +                echo Error while deleting with btrfs $?
 +        fi
 +else
 +        rm $@
 +fi
 +</code>
 +https://web.archive.org/web/20140409045559/http://wwerther.de/2011/10/migrate-rsnapshot-based-backup-to-btrfs-snapshots/
 +
 +====== syncthing ======
 +
 +====== OpenWRT backup ======
 +===== Prep backup server =====
 +create a user and limit it to a predefined sftp only chroot.
 +<code>
 +useradd  -m -s /bin/false gatewaybackup
 +</code>
 +setup chroot
 +<code>
 +mkdir -p /chrootbackup/gatewaybackup/backups
 +chown gatewaybackup /chrootbackup/gatewaybackup/backups
 +</code>
 +
 +===== Setup openwrt box =====
 +nightly script using sysupgrade ((https://openwrt.org/docs/guide-user/troubleshooting/backup_restore))
 +<code>
 +#!/bin/sh
 +backupFile=/tmp/backup-${HOSTNAME}-$(date +%F).tar.gz
 +sysupgrade -b $backupFile
 +echo "put $backupFile backups/" |  sftp -i gatewaykey  -b - gatewaybackup@<backupserver>
 +rm -f "${backupFile}"
 +</code>
 +edit the /etc/sysupgrade.conf file on the openwrt machine with a list of files to backup
 +
 +update cron to run it nightly
 +/etc/crontabs/root
 +<code>
 +54 1 * * * /root/backup.sh
 +</code>
 +
 +create ssh key to login to backupserver
 +<code>
 +dropbearkey -t ed25519 -f gatewaykey
 +</code>
 +copy the public key to the backup server /home/gatewaybackups/.ssh/authorized_keys
 +<code>
 +dropbearkey -y -f gatewaykey
 +</code>
 +
 +
 +====== References ======
 +https://wiki.archlinux.org/title/SFTP_chroot
 +
 +
 +https://passingcuriosity.com/2014/openssh-restrict-to-sftp-chroot/
 +
 +https://web.archive.org/web/20140409045559/http://wwerther.de/2011/10/migrate-rsnapshot-based-backup-to-btrfs-snapshots/
 +
notes/backups.1630032168.txt.gz · Last modified: by david