= Debian backup =

bartok.debian.org alias backup.debian.org is Debian's backup machine.

== Backup organisation ==

{{{/org/backup.debian.org}}} contains two directories, {{{staging}}} and
{{{backup}}}.  The latter contains the backup and is organised in directories
with date directories that contain all the files from that particular day.  The
number of kept copies is configured in files in {{{/etc/da-backup-manager/}}}.

The {{{/staging/}}} directory is used by the clients, i.e. the .debian.org
hosts that have something valuable to backup.  The contents of the particular
directories is pushed from root to root@backup.debian.org via rsync via a
restricted SSH session based on key-authentication.

Directories:

{{{
  /org/backup.debian.org/staging/
                                 wiki.debian.org
                                 cvs.debian.org
                                 ...

  /org/backup.debian.org/backup/
                               wiki.debian.org/
                                               20050909
                                               20050910
                                               20050911
                                               ...
                               cvs.debian.org/
                                              20050909
                                              20050910
                                              20050911
                                              ...
                                 ...
}}}

== Adding new backup directories ==

* install da-backup on the client
* create a crontab that runs da-backup daily at some convenient time
* configure the directories in {{{/etc/da-backup}}}
* create a new SSH key pair for each configuration file foo in
  {{{/etc/da-backup/}}} with {{{ssh-keygen -t rsa -f /root/.ssh/da_foo"}}}:

{{{
       cd /etc/da-backup &&
       [ -r /root/.ssh ] &&
       for i in *; do
         echo $i &&
         if [ -e "/root/.ssh/da_$i" ]; then continue; fi &&
         sudo ssh-keygen -t rsa -f /root/.ssh/da_$i -N '' -C "da-backup for $i on `hostname -f`";
       done

       echo "#" &&
       echo "# `hostname -f`" &&
       echo "#" &&
       myip=`host $(hostname -f) | \
               grep has\ address | \
               sed -e 's/.*address //'` &&
       cd /etc/da-backup &&
       for i in *; do
         echo "command=\"rsync --server -vlHogDtprz --delete --delete-after --ignore-errors . /org/backup.debian.org/staging/`hostname -f`/$i\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from=\"::ffff:$myip,$myip\" `cat /root/.ssh/da_$i.pub`"
       done && echo
}}}

* (why is this here?  It shouldn't be necessary, --weasel) ((run {{{ssh -o 'StrictHostKeyChecking no' backup.debian.org}}} and abort)))
* install the public components of the key with the proper command in
  {{{/root/.ssh/authorized_keys}}} on bartok, start a new section for each host.
* configure how many copies of the directory should be kept in
  {{{/etc/da-backup-manager/}}}
* mkdir the target directories (at least the first level dir is required.  the last directory in the path rsync will create itself).
* run {{{da-backup -v}}} on the client to see if it all works.


* Backup items should either be called {{{<host>/<directory>}}} or
  {{{services/<servicename>}}}, i.e. always use a two-level directory layout.

== Consistency checks ==

* Run {{{sudo -u nagios /usr/lib/nagios/plugins/dsa-check-dabackup-server}}}