Add backup.d.o

diff --git a/input/howto/backup.creole b/input/howto/backup.creole
new file mode 100644 (file)
index 0000000..a6aabd9
--- /dev/null
+++ b/input/howto/backup.creole
@@ -0,0 +1,82 @@
+= Debian backup =
+
+bartok.debian.org alias backup.debian.org is Debian's backup machine.
+
+== Backup organisation ==
+
+{{{/org/backup.debian.org}}} contains two directories, {{{staging}}} and
+{{{backup}}}.  The latter contains the backup and is organised in directories
+with date directories that contain all the files from that particular day.  The
+number of kept copies is configured in files in {{{/etc/da-backup-manager/}}}.
+
+The {{{/staging/}}} directory is used by the clients, i.e. the .debian.org
+hosts that have something valuable to backup.  The contents of the particular
+directories is pushed from root to root@backup.debian.org via rsync via a
+restricted SSH session based on key-authentication.
+
+Directories:
+
+{{{
+  /org/backup.debian.org/staging/
+                                 wiki.debian.org
+                                 cvs.debian.org
+                                 ...
+
+  /org/backup.debian.org/backup/
+                               wiki.debian.org/
+                                               20050909
+                                               20050910
+                                               20050911
+                                               ...
+                               cvs.debian.org/
+                                              20050909
+                                              20050910
+                                              20050911
+                                              ...
+                                 ...
+}}}
+
+== Adding new backup directories ==
+
+* install da-backup on the client
+* create a crontab that runs da-backup daily at some convenient time
+* configure the directories in {{{/etc/da-backup}}}
+* create a new SSH key pair for each configuration file foo in
+  {{{/etc/da-backup/}}} with {{{ssh-keygen -t rsa -f /root/.ssh/da_foo"}}}:
+
+{{{
+       cd /etc/da-backup &&
+       [ -r /root/.ssh ] &&
+       for i in *; do
+         echo $i &&
+         if [ -e "/root/.ssh/da_$i" ]; then continue; fi &&
+         sudo ssh-keygen -t rsa -f /root/.ssh/da_$i -N '' -C "da-backup for $i on `hostname -f`";
+       done
+
+       echo "#" &&
+       echo "# `hostname -f`" &&
+       echo "#" &&
+       myip=`host $(hostname -f) | \
+               grep has\ address | \
+               sed -e 's/.*address //'` &&
+       cd /etc/da-backup &&
+       for i in *; do
+         echo "command=\"rsync --server -vlHogDtprz --delete --delete-after --ignore-errors . /org/backup.debian.org/staging/`hostname -f`/$i\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from=\"::ffff:$myip,$myip\" `cat /root/.ssh/da_$i.pub`"
+       done && echo
+}}}
+
+* (why is this here?  It shouldn't be necessary, --weasel) ((run {{{ssh -o 'StrictHostKeyChecking no' backup.debian.org}}} and abort)))
+* install the public components of the key with the proper command in
+  {{{/root/.ssh/authorized_keys}} on bartok, start a new section for each host.
+* configure how many copies of the directory should be kept in
+  {{{/etc/da-backup-manager/}}}
+* mkdir the target directories
+* run {{{da-backup -v}}} on the client to see if it all works.
+
+
+* Backup items should either be called {{{<host>/<directory>}}} or
+  {{{services/<servicename>}}}, i.e. always use a two-level directory layout.
+
+== Consistency checks ==
+
+* Run {{{sudo -u nagios /usr/lib/nagios/plugins/dsa-check-dabackup-server}}}