|
@@ -1,12 +1,11 @@ |
|
|
# Server Backup With Rsync |
|
|
# Server Backup With Rsync |
|
|
|
|
|
|
|
|
1. Make sure that rsync is installed on the server: |
|
|
|
|
|
|
|
|
First of all make sure that rsync is installed on the server: `apt install rsync` |
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
apt install rsync |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
1. Create a backup user, for example `backup1`: |
|
|
|
|
|
|
|
|
## 1. Create a backup user with ssh-key access |
|
|
|
|
|
|
|
|
|
|
|
1. Create a backup user, for example `backup1` (in ubuntu there is already a user named `backup`): |
|
|
|
|
|
|
|
|
``` |
|
|
``` |
|
|
useradd backup1 -m |
|
|
useradd backup1 -m |
|
@@ -59,6 +58,8 @@ |
|
|
ls -al test1 |
|
|
ls -al test1 |
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
## 2. Restrict the ssh key of the backup user for using only rsync |
|
|
|
|
|
|
|
|
1. Let's find out the command that the client is sending to the server through SSH. |
|
|
1. Let's find out the command that the client is sending to the server through SSH. |
|
|
Let's try the same rsync command again, with the added SSH switch `-v` (verbose): |
|
|
Let's try the same rsync command again, with the added SSH switch `-v` (verbose): |
|
|
|
|
|
|
|
@@ -105,7 +106,52 @@ |
|
|
ls -l test1 |
|
|
ls -l test1 |
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
1. For convenience, we can combine the command and the key in a bash script that looks like this: |
|
|
|
|
|
|
|
|
## 3. Create a read-only view of the parts of the filesystem that need to be backed up |
|
|
|
|
|
|
|
|
|
|
|
1. Install `bindfs`: |
|
|
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
apt list bindfs |
|
|
|
|
|
apt show bindfs |
|
|
|
|
|
apt install bindfs |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
2. Create mount directories: |
|
|
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
mkdir -p /mnt/backup-server/scripts |
|
|
|
|
|
mkdir -p /mnt/backup-server/apps |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
3. Add these lines to `/etc/fstab` for mounting directories read-only: |
|
|
|
|
|
|
|
|
|
|
|
```console |
|
|
|
|
|
/opt/docker-scripts /mnt/backup-server/scripts fuse.bindfs perms=0000:u=rD,force-user=backup1,force-group=nogroup 0 0 |
|
|
|
|
|
/var/ds /mnt/backup-server/apps fuse.bindfs perms=0000:u=rD,force-user=backup1,force-group=nogroup 0 0 |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
Since we are using **docker-scripts** for installing and managing apps, these two directories |
|
|
|
|
|
are what we need to backup: `/opt/docker-scripts` and `/var/ds`. |
|
|
|
|
|
|
|
|
|
|
|
4. Mount them: |
|
|
|
|
|
|
|
|
|
|
|
```console |
|
|
|
|
|
mount -a |
|
|
|
|
|
ls -al /mnt/backup-server/scripts |
|
|
|
|
|
ls -al /mnt/backup-server/apps |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
5. Test that they are read-only: |
|
|
|
|
|
|
|
|
|
|
|
```console |
|
|
|
|
|
sudo -u backup1 ls -al /mnt/backup-server/scripts |
|
|
|
|
|
sudo -u backup1 touch /mnt/backup-server/scripts/test1.txt |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
## 4. Create and use a backup script |
|
|
|
|
|
|
|
|
|
|
|
1. For convenience, we can combine the command and the key in a bash script named `backup-server.sh` |
|
|
|
|
|
that looks like this: |
|
|
|
|
|
|
|
|
``` |
|
|
``` |
|
|
#!/bin/bash |
|
|
#!/bin/bash |
|
@@ -113,6 +159,7 @@ |
|
|
server=127.0.0.1 |
|
|
server=127.0.0.1 |
|
|
port=22 |
|
|
port=22 |
|
|
|
|
|
|
|
|
|
|
|
cd $(dirname $0) |
|
|
rsync -a -e "ssh -p $port -i $0" backup1@${server}: . |
|
|
rsync -a -e "ssh -p $port -i $0" backup1@${server}: . |
|
|
|
|
|
|
|
|
exit 0 |
|
|
exit 0 |
|
@@ -127,18 +174,34 @@ |
|
|
Let's try it: |
|
|
Let's try it: |
|
|
|
|
|
|
|
|
``` |
|
|
``` |
|
|
chmod 700 backup1.sh |
|
|
|
|
|
|
|
|
chmod 700 backup-server.sh |
|
|
rm -rf test1/ |
|
|
rm -rf test1/ |
|
|
./backup1.sh |
|
|
|
|
|
|
|
|
./backup-server.sh |
|
|
ls -l test1/ |
|
|
ls -l test1/ |
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
1. Now we can move this script to the client (backup server), making sure to change |
|
|
|
|
|
the variable `server` with the IP of the server, and it should work. |
|
|
|
|
|
|
|
|
1. Now we can move this script to the client (backup server), making sure to set |
|
|
|
|
|
the proper values for the variables `server` and `port`, and it should work. |
|
|
|
|
|
|
|
|
1. To change the directory on the server that is being backed up, we should change it |
|
|
|
|
|
on `/home/backup1/.ssh/authorized_keys` (for example from `~/test1` to `/var/backup`, |
|
|
|
|
|
or anything else where the user `backup1` has read access). |
|
|
|
|
|
|
|
|
1. Let's also fix the directory on the server that is being backed up. We should edit |
|
|
|
|
|
`/home/backup1/.ssh/authorized_keys` and change `~/test1` to `/mnt/backup-server` |
|
|
|
|
|
|
|
|
1. To backup a second directory we can create a second SSH key, append it to |
|
|
|
|
|
`/home/backup1/.ssh/authorized_keys`, and create a second backup script. |
|
|
|
|
|
|
|
|
1. On the client (computer that is receiving the backup), let's place the script `backup-server.sh` |
|
|
|
|
|
on a directory like `/var/backup`: |
|
|
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
mkdir -p /var/backup |
|
|
|
|
|
mv backup-server.sh /var/backup/ |
|
|
|
|
|
|
|
|
|
|
|
cd /var/backup/ |
|
|
|
|
|
./backup-server.sh |
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
1. Let's also create a cron job that runs this script periodically each week: |
|
|
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
cat <<EOF > /etc/cron.d/backup-server |
|
|
|
|
|
# backup the server each tuesday |
|
|
|
|
|
0 0 * * TUE root /var/backup/backup-server.sh |
|
|
|
|
|
EOF |
|
|
|
|
|
``` |