Преглед на файлове

Update 'infrastructure/server-backup-with-rsync.md'

master
Dashamir Hoxha преди 4 години
родител
ревизия
cfe62da2dd
променени са 1 файла, в които са добавени 78 реда и са изтрити 15 реда
  1. +78
    -15
      infrastructure/server-backup-with-rsync.md

+ 78
- 15
infrastructure/server-backup-with-rsync.md Целия файл

@@ -1,12 +1,11 @@
# Server Backup With Rsync

1. Make sure that rsync is installed on the server:
First of all make sure that rsync is installed on the server: `apt install rsync`

```
apt install rsync
```

1. Create a backup user, for example `backup1`:
## 1. Create a backup user with ssh-key access

1. Create a backup user, for example `backup1` (in ubuntu there is already a user named `backup`):

```
useradd backup1 -m
@@ -59,6 +58,8 @@
ls -al test1
```

## 2. Restrict the ssh key of the backup user for using only rsync

1. Let's find out the command that the client is sending to the server through SSH.
Let's try the same rsync command again, with the added SSH switch `-v` (verbose):

@@ -105,7 +106,52 @@
ls -l test1
```

1. For convenience, we can combine the command and the key in a bash script that looks like this:
## 3. Create a read-only view of the parts of the filesystem that need to be backed up

1. Install `bindfs`:

```
apt list bindfs
apt show bindfs
apt install bindfs
```

2. Create mount directories:

```
mkdir -p /mnt/backup-server/scripts
mkdir -p /mnt/backup-server/apps
```

3. Add these lines to `/etc/fstab` for mounting directories read-only:

```console
/opt/docker-scripts /mnt/backup-server/scripts fuse.bindfs perms=0000:u=rD,force-user=backup1,force-group=nogroup 0 0
/var/ds /mnt/backup-server/apps fuse.bindfs perms=0000:u=rD,force-user=backup1,force-group=nogroup 0 0
```

Since we are using **docker-scripts** for installing and managing apps, these two directories
are what we need to backup: `/opt/docker-scripts` and `/var/ds`.

4. Mount them:

```console
mount -a
ls -al /mnt/backup-server/scripts
ls -al /mnt/backup-server/apps
```

5. Test that they are read-only:

```console
sudo -u backup1 ls -al /mnt/backup-server/scripts
sudo -u backup1 touch /mnt/backup-server/scripts/test1.txt
```

## 4. Create and use a backup script

1. For convenience, we can combine the command and the key in a bash script named `backup-server.sh`
that looks like this:

```
#!/bin/bash
@@ -113,6 +159,7 @@
server=127.0.0.1
port=22
cd $(dirname $0)
rsync -a -e "ssh -p $port -i $0" backup1@${server}: .
exit 0
@@ -127,18 +174,34 @@
Let's try it:

```
chmod 700 backup1.sh
chmod 700 backup-server.sh
rm -rf test1/
./backup1.sh
./backup-server.sh
ls -l test1/
```

1. Now we can move this script to the client (backup server), making sure to change
the variable `server` with the IP of the server, and it should work.
1. Now we can move this script to the client (backup server), making sure to set
the proper values for the variables `server` and `port`, and it should work.

1. To change the directory on the server that is being backed up, we should change it
on `/home/backup1/.ssh/authorized_keys` (for example from `~/test1` to `/var/backup`,
or anything else where the user `backup1` has read access).
1. Let's also fix the directory on the server that is being backed up. We should edit
`/home/backup1/.ssh/authorized_keys` and change `~/test1` to `/mnt/backup-server`

1. To backup a second directory we can create a second SSH key, append it to
`/home/backup1/.ssh/authorized_keys`, and create a second backup script.
1. On the client (computer that is receiving the backup), let's place the script `backup-server.sh`
on a directory like `/var/backup`:

```
mkdir -p /var/backup
mv backup-server.sh /var/backup/
cd /var/backup/
./backup-server.sh
```

1. Let's also create a cron job that runs this script periodically each week:

```
cat <<EOF > /etc/cron.d/backup-server
# backup the server each tuesday
0 0 * * TUE root /var/backup/backup-server.sh
EOF
```

Зареждане…
Отказ
Запис