|
SysBackup SSH Remote Storage |
|
|
Thursday, 12 January 2012 |
Overview
/etc/sysbackup/
\-- sysbackup-nas.conf
/home/sysbackup/
+-- .ssh/
| +-- known_hosts
| +-- authorized_keys2
| +-- localexec.openssh
| +-- localexec.openssh.pub
| +-- filecopy.openssh
| +-- filecopy.openssh.pub
+-- test.azertech.net/
| +-- daily/
| +-- weekly/
| +-- monthly/
\-- temp/
/var/log/
\-- remote-exec.log
|
The procedure for sending your backupsets to a remote storage
server via SSH is similar to the procedure for setting-up SysBackup on
your server or workstation. It consists mainly of installing SysBackup
on the remote storage server. You will need two password-less SSH
keys: one for using SCP to copy files and the other for calls to the
localexec utility. localexec is designed to execute
standard PHP filesystem functions and return results that can easily
be scanned.
Note that the remote storage of backupsets is managed in exactly
the same way as local storage - hardlinks are used to save disk space
whenever possible between identical files and backupsets are pruned to
keep a limited number of daily, weekly and monthly backupsets in
rotation.
Let's get started
- Start by unpacking the SysBackup package. Again, for this
example we will be keeping the SysBackup files in
/opt/sysbackup/.
- Create a new user called sysbackup, ie: sudo useradd -m sysbackup.
- Create a temp storage folder such as
/home/sysbackup/temp.
Note that, in practice, the
temporary files folder is not used very much by the SysBackup
software and will probably never need much disk space - you should
not have to worry about where you choose to put it.
- Create a storage folder for your daily backups. For this
example we will use
/home/sysbackup/test.azertech.net/daily.
Keep in mind
that you will need enough disk space on the underlying partition
to store all the backupsets in your daily rotation for this
server.
- If you plan to keep weekly and monthly rotations you will need
to create folders for those also. For now we will assume
/home/sysbacup/test.azertech.net/weekly/ and
/home/sysbackup/test.azertech.net/monthly.
Again, the
major consideration when setting-up the weekly and monthly
backupset rotations will be disk space. It's important to
carefully calculate the disk space you will need and make sure you
have enough space available for the number of backupsets that you
plan to keep in rotation.
- In ~sysbackup/.ssh/ create two ssh keys:
$ ssh-keygen -f localexec
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in localexec.
Your public key has been saved in localexec.pub.
The key fingerprint is:
1b:12:c3:01:1a:93:2b:42:43:a1:6a:db:64:98:45:78 sysbackup at nas.azertech.net
The key's randomart image is:
+--[ RSA 2048]----+
|.o=o... |
|.+oE . . |
|o +o + |
|+ = o |
|o= o . S |
|. = . o |
| . . . |
| |
| |
+-----------------+
$ ssh-keygen -f filecopy
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in filecopy.
Your public key has been saved in filecopy.pub.
The key fingerprint is:
b4:61:ed:2d:68:cb:87:1b:5f:ce:a1:5f:18:a1:f2:ef sysbackup at dev.azertech.net
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| + . . |
| o = o . |
| S + o |
| o = . o |
| = o + . |
| = * o |
| . ooE |
+-----------------+
Note that, for general convenience, there are no passphrases used in the above example.
- Next, add the public keys to the authorized_keys2 file:
$ echo 'command="/opt/sysbackup/localexec $SSH_ORIGINAL_COMMAND" ' \
`cat localexec.pub` >> ~sysbackup/.ssh/authorized_keys2
$ cat filecopy.pub >> ~sysbackup/.ssh/authorized_keys2
Note that the localexec key triggers the localexec utility. The
SysBackup code will not work unless this is done. Check the
documentation for OpenSSH for additional information about keys and
local commands. Google for help with setting-up chrooted
OpenSSH user accounts.
- Copy the private keys to the /etc/sysbackup/keys/ folder on test.azertech.net.
- Next you will need to configure SysBackup. The configuration
information is not actually used by the localexec utility
- it is loaded into the server which is executing the backup
(test.azertech.net in this example.) Edit the file
/etc/sysbackup-nas.conf on each new sshremote server. The
file should contain the following information:
path_temp=/home/sysbackup/temp/
path_daily=/home/sysbackup/%HOST%/daily/
path_weekly=/home/sysbackup/%HOST%/daily/
path_monthly=/home/sysbackup/%HOST%/daily/
Remember to change the /home/sysbackup path to reflect the
path that you are really using on your sshremote server. The SysBackup
utility will replace the %HOST% token with the host name of
the server being backed-up.
- localexec has the ability to log all activity. To enable
the log simply create it and localexec will see it and write
to it each time it is called:
$ sudo touch /var/log/remote-exec.log
$ sudo chmod 666 /var/log/remote-exec.log
The chmod command above is only necessary if you plan on
running localexec without root permissions.
At the time of this writing there is no configuration option for
changing the location of the log file - you will have to edit the code
for now if you need to change the log file location.
- Verify the setup of the sshremote server by using the
remexec test utility on test.azertech.net. The
command below will read the /etc/sysbackup-nas.conf file
on the remote storage server and display it to the console. The
result should look something like this:
$ /opt/sysbackup/remexec /etc/sysbackup/keys/localexec \
sysbackup[at]nas.azertech.net \
readfile /etc/sysbackup-nas.conf
path_temp=/home/sysbackup/temp/
path_daily=/home/sysbackup/%HOST%/daily/
path_weekly=/home/sysbackup/%HOST%/daily/
path_monthly=/home/sysbackup/%HOST%/daily/
- Edit /etc/sysbackup/sysbackup.conf on
test.azertech.net to include the new sshremote server.
$this->add_sshremote( "nas", array(
"enabled" => true,
"remote_server" => "nas.azertech.net",
"remconf_file" => "/etc/sysbackup-nas.conf",
"usehardlinks" => true,
"ssh_localexec_keypath" => "/etc/sysbackup/keys/localexec",
"ssh_localexec_userid" => "sysbackup",
"scp_filecopy_keypath" => "/etc/sysbackup/keys/filecopy",
"scp_filecopy_userid" => "sysbackup",
"rotation_enabled" => true,
"rotation_dayofweek" => 0, // day of week (0=sunday, 1=monday...) for weekly rotation
"rotation_dayofmonth" => 1, // day of month for monthly rotation
"rotation_total_daily" => 7, // total number of daily backups to keep
"rotation_total_weekly" => 4, // total number of weekly backups to keep
"rotation_total_monthly"=> 4, // total number of monthly backups to keep
));
Finally, (again on the server that you want to backup - in this
example it's test.azertech.net,) run SysBackup with the
--dump-config option to see if you've done everything
correctly. If everything is okay you will get a nice dump that will
look similar to the following:
$ sudo /opt/sysbackup/sysbackup --dump-config
System Backups 3.01(alpha)
Basic Application Settings:
req app_title "System Backups"
req app_version "3.01(alpha)"
req app_conffile "/etc/sysbackup/sysbackup.conf"
req app_confdir "/etc/sysbackup/conf.d/"
req app_plugindir "/etc/sysbackup/plugin.d/"
req admin_email "sysbackup[at]azertech.net"
...
Local Fileio VFS Plugin
req hostname "test.azertech.net"
req keeplocal bool(true)
req path_temp "/home/sysbackup/temp/"
req path_backup "/home/sysbackup/test.azertech.net/daily/"
req path_rotation "/home/sysbackup/test.azertech.net/"
SSH Remote Fileio VFS Plugin
req hostname "nas.azertech.net"
req keeplocal bool(true)
req path_temp "/home/sysbackup/temp/"
req path_backup "/home/sysbackup/test.azertech.net/daily/"
req path_rotation "/home/sysbackup/test.azertech.net/"
req enabled bool(true)
req usehardlinks bool(true)
req remconf_file "/etc/sysbackup-nas.conf"
def ssh_binary "/usr/bin/ssh"
int ssh_localexec_keypath "/etc/sysbackup/keys/localexec"
opt ssh_localexec_options string(blank)
int ssh_localexec_userid "sysbackup"
def scp_binary "/usr/bin/scp"
int scp_filecopy_keypath "/etc/sysbackup/keys/filecopy"
opt scp_filecopy_options "-B -p -q"
int scp_filecopy_userid "sysbackup"
int remote_server "nas.azertech.net"
...
At this point your remote server is ready for action. You will want
to repeat the above steps for any other remote server you need. If you
are backing-up a Virtual Machine you will want to backup the VM to the
physical host and at least one onsite or offsite remote host.)
|
|
|
