input/howto/backup.creole

   1 = Debian backup =
   2
   3 bartok.debian.org alias backup.debian.org is Debian's backup machine.
   4
   5 == Backup organisation ==
   6
   7 {{{/org/backup.debian.org}}} contains two directories, {{{staging}}} and
   8 {{{backup}}}.  The latter contains the backup and is organised in directories
   9 with date directories that contain all the files from that particular day.  The
  10 number of kept copies is configured in files in {{{/etc/da-backup-manager/}}}.
  11
  12 The {{{/staging/}}} directory is used by the clients, i.e. the .debian.org
  13 hosts that have something valuable to backup.  The contents of the particular
  14 directories is pushed from root to root@backup.debian.org via rsync via a
  15 restricted SSH session based on key-authentication.
  16
  17 Directories:
  18
  19 {{{
  20   /org/backup.debian.org/staging/
  21                                  wiki.debian.org
  22                                  cvs.debian.org
  23                                  ...
  24
  25   /org/backup.debian.org/backup/
  26                                wiki.debian.org/
  27                                                20050909
  28                                                20050910
  29                                                20050911
  30                                                ...
  31                                cvs.debian.org/
  32                                               20050909
  33                                               20050910
  34                                               20050911
  35                                               ...
  36                                  ...
  37 }}}
  38
  39 == Adding new backup directories ==
  40
  41 * install da-backup on the client
  42 * create a crontab that runs da-backup daily at some convenient time
  43 * configure the directories in {{{/etc/da-backup}}}
  44 * create a new SSH key pair for each configuration file foo in
  45   {{{/etc/da-backup/}}} with {{{ssh-keygen -t rsa -f /root/.ssh/da_foo"}}}:
  46
  47 {{{
  48        cd /etc/da-backup &&
  49        [ -r /root/.ssh ] &&
  50        for i in *; do
  51          echo $i &&
  52          if [ -e "/root/.ssh/da_$i" ]; then continue; fi &&
  53          sudo ssh-keygen -t rsa -f /root/.ssh/da_$i -N '' -C "da-backup for $i on `hostname -f`";
  54        done
  55
  56        echo "#" &&
  57        echo "# `hostname -f`" &&
  58        echo "#" &&
  59        myip=`host $(hostname -f) | \
  60                grep has\ address | \
  61                sed -e 's/.*address //'` &&
  62        cd /etc/da-backup &&
  63        for i in *; do
  64          echo "command=\"rsync --server -vlHogDtprz --delete --delete-after --ignore-errors . /org/backup.debian.org/staging/`hostname -f`/$i\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from=\"::ffff:$myip,$myip\" `cat /root/.ssh/da_$i.pub`"
  65        done && echo
  66 }}}
  67
  68 * install the public components of the key with the proper command in
  69   puppet {{{modules/ssh/templates/authorized_keys.erb}}} for bartok, start a new section for each host.  Do a puppetrun on bartok.
  70 * configure how many copies of the directory should be kept in
  71   {{{/etc/da-backup-manager/}}}
  72 * mkdir the target directories (at least the first level dir is required.  the last directory in the path rsync will create itself).
  73 * run {{{da-backup -v}}} on the client to see if it all works.
  74
  75
  76 * Backup items should either be called {{{<host>/<directory>}}} or
  77   {{{services/<servicename>}}}, i.e. always use a two-level directory layout.
  78
  79 == Consistency checks ==
  80
  81 * Run {{{sudo -u nagios /usr/lib/nagios/plugins/dsa-check-dabackup-server}}}