--- /dev/null
+= Debian backup =
+
+bartok.debian.org alias backup.debian.org is Debian's backup machine.
+
+== Backup organisation ==
+
+{{{/org/backup.debian.org}}} contains two directories, {{{staging}}} and
+{{{backup}}}. The latter contains the backup and is organised in directories
+with date directories that contain all the files from that particular day. The
+number of kept copies is configured in files in {{{/etc/da-backup-manager/}}}.
+
+The {{{/staging/}}} directory is used by the clients, i.e. the .debian.org
+hosts that have something valuable to backup. The contents of the particular
+directories is pushed from root to root@backup.debian.org via rsync via a
+restricted SSH session based on key-authentication.
+
+Directories:
+
+{{{
+ /org/backup.debian.org/staging/
+ wiki.debian.org
+ cvs.debian.org
+ ...
+
+ /org/backup.debian.org/backup/
+ wiki.debian.org/
+ 20050909
+ 20050910
+ 20050911
+ ...
+ cvs.debian.org/
+ 20050909
+ 20050910
+ 20050911
+ ...
+ ...
+}}}
+
+== Adding new backup directories ==
+
+* install da-backup on the client
+* create a crontab that runs da-backup daily at some convenient time
+* configure the directories in {{{/etc/da-backup}}}
+* create a new SSH key pair for each configuration file foo in
+ {{{/etc/da-backup/}}} with {{{ssh-keygen -t rsa -f /root/.ssh/da_foo"}}}:
+
+{{{
+ cd /etc/da-backup &&
+ [ -r /root/.ssh ] &&
+ for i in *; do
+ echo $i &&
+ if [ -e "/root/.ssh/da_$i" ]; then continue; fi &&
+ sudo ssh-keygen -t rsa -f /root/.ssh/da_$i -N '' -C "da-backup for $i on `hostname -f`";
+ done
+
+ echo "#" &&
+ echo "# `hostname -f`" &&
+ echo "#" &&
+ myip=`host $(hostname -f) | \
+ grep has\ address | \
+ sed -e 's/.*address //'` &&
+ cd /etc/da-backup &&
+ for i in *; do
+ echo "command=\"rsync --server -vlHogDtprz --delete --delete-after --ignore-errors . /org/backup.debian.org/staging/`hostname -f`/$i\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from=\"::ffff:$myip,$myip\" `cat /root/.ssh/da_$i.pub`"
+ done && echo
+}}}
+
+* (why is this here? It shouldn't be necessary, --weasel) ((run {{{ssh -o 'StrictHostKeyChecking no' backup.debian.org}}} and abort)))
+* install the public components of the key with the proper command in
+ {{{/root/.ssh/authorized_keys}} on bartok, start a new section for each host.
+* configure how many copies of the directory should be kept in
+ {{{/etc/da-backup-manager/}}}
+* mkdir the target directories
+* run {{{da-backup -v}}} on the client to see if it all works.
+
+
+* Backup items should either be called {{{<host>/<directory>}}} or
+ {{{services/<servicename>}}}, i.e. always use a two-level directory layout.
+
+== Consistency checks ==
+
+* Run {{{sudo -u nagios /usr/lib/nagios/plugins/dsa-check-dabackup-server}}}