Backups

A well designed backup system is a must for any reliable system. Hardware failures, software bugs or human mistakes can let you with your system down or with missing files. Here will cover two strategies: local and remote backups. In both cases will make incremental daily backups using rdiff-backup. Incremental daily backups let us restore the state on a given date while storing only the differences within days.

Remote backups are always a more secure choice because of being in a differente computer. A hardware or software error doesn't affect the backups integrity and as backups are pulled from the backup server, a security compromise in the main server wouldn't affect neither the backups integrity, that's why backup server shouldn't run any aditional service. Having to servers backup each other is definitely a very bad idea as a compromise in one server means compromise the other.

Local backups

The easiest way to make backups is to have an aditional hard disk attached to the server. IDE disks are named /dev/hdx and serial interface (SCSI, SAS or USB) are named /dev/sdx. The first thing we have to do is to make a partition on the hard disk and create a file system on it.

The/proc/partitions file shows us attached hard disks and their partitions. In this example the disk we have just plugged in is /dev/sdb, in this case the disk doesn't have any partition.

% cat /proc/partitions
major minor  #blocks  name

   8        0  8388608 sda  <- our first sata disk
   8        1   248976 sda1 <- first partition on the sata disk
   8        2  8136922 sda2 <- second partition on the sata disk
   8       16  1048576 sdb  <- our secondary hard disk without partitions
 254        0  4194394 dm-0 <- lvm volume
 254        1   524288 dm-1 <- lvm volume
 254        2  2097152 dm-2 <- lvm volume

Now we are going to use cfdisk to create a new partition with the size of the hole disk:

1. Over the Free Space row we select [ New ] bottom menu entry.
2. Select [ Primary ] partition type.
3. Accept the default Size (in MB): which is the hole disk.

4. Save changes to the partition table with [ Write ] bottom menu entry.
5. Confirm changes with yes.
6. Terminate with [ Quit ] bottom menu entry.

We can see how now appears a new line with sdb1 in the name column:

% cat /proc/partitions
major minor  #blocks  name

   8        0  8388608 sda  <- our first sata disk
   8        1   248976 sda1 <- first partition on the sata disk
   8        2  8136922 sda2 <- second partition on the sata disk
   8       16  1048576 sdb  <- our secondary hard disk
   8       17  1044193 sdb1 <- the recently created partition
 254        0  4194394 dm-0 <- lvm volume
 254        1   524288 dm-1 <- lvm volume
 254        2  2097152 dm-2 <- lvm volume

It is time to create a file system on the new partition, be very careful because creating the file system on the wrong partition will delete all the contents in that partition. Here we have choosen ext3 with the dir_index option for better performance.

% mkfs.ext3 -O dir_index /dev/sdb1
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
65280 inodes, 261048 blocks
13052 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8160 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376

Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 31 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Let's create a mount point and mount the partition on it.

% mkdir /mnt/backup
% mount -t ext3 /dev/sdb1 /mnt/backup

Then we will create a directory for the backups, we can follow the schema hostname-backup:

% mkdir /mnt/backup/ebox-backup

Remote backups

TODO

#!/bin/sh -e

CONF=/mnt/backup
ROOT=/mnt/backup
HOSTS=$(cat $CONF/hosts)

for HOST in $HOSTS ; do
   mkdir -p $ROOT/$HOST
   MAXAGE=$(cat $CONF/$HOST-maxage)
   rdiff-backup --include-globbing-filelist $CONF/$HOST-filelist.inc --exclude-globbing-filelist $CONF/$HOST-filelist.exc root@$HOST::/ $ROOT/$HOST
   if [ $? -eq 0 ]; then
      rdiff-backup --remove-older-than $MAXAGE --force $ROOT/$HOST
   else
      echo $? > $ROOT/rdiff-backup.err
   fi
done

We add to .ssh/authorized_keys2:

command="rdiff-backup --server",from="your backup server ip address",no-port-forwarding,no-X11-forwarding,no-pty (+ your backup server public key)

so we get something like:

% cat /root/.ssh/authorized_keys2
command="rdiff-backup --server",from="192.168.9.1",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa HHHHB3NzaC1yc2EAAAABIwAAAQEAnlhQrJ+EQb80OJ4igk7FaJdHbycpmNtoVefA4CrTDG2mjS++nKQylWsC0RFcJhhfTZGXtr9DbFWmtpfeRo7Mc931Eguz5yV2MhQtoY7mUpYnPOf7oKOKZl3zPjwFTd1H5yz9GHAaLWPPC6b+8r93Z+rHwh+q5Gwhhg9uZY+TqGsQ4hf7uxUIOC6hB4g2LLyhPb8MaGjjSe2WdiVU0iobkKQ+G6UAb54qbiy5kmMrTrQRixhkyCIMk9I9BlSsaJsYF/+4iGCT494jyvCyBBlP3puXtxXrsXGFeHM5YKNal3FaEPSRpfu68gsE0N4vZ45P9OCS+dTIUsSQ1sko1F+j4Q== root@backupsrv