Submitted by admin on
Overview
/etc/sysbackup/ \-- sysbackup-nas.conf /home/sysbackup/ +-- .ssh/ | +-- known_hosts | +-- authorized_keys2 | +-- localexec.openssh | +-- localexec.openssh.pub | +-- filecopy.openssh | +-- filecopy.openssh.pub +-- test.azertech.net/ | +-- daily/ | +-- weekly/ | +-- monthly/ \-- temp/ /var/log/ \-- remote-exec.log |
The procedure for sending your backupsets to a remote storage server via SSH is similar to the procedure for setting-up SysBackup on your server or workstation. It consists mainly of installing SysBackup on the remote storage server. You will need two password-less SSH keys: one for using SCP to copy files and the other for calls to the localexec utility. localexec is designed to execute standard PHP filesystem functions and return results that can easily be scanned.
Note that the remote storage of backupsets is managed in exactly
the same way as local storage - hardlinks are used to save disk space
whenever possible between identical files and backupsets are pruned to
keep a limited number of daily, weekly and monthly backupsets in
rotation.
Let's get started
- Start by unpacking the SysBackup package. Again, for this example we will be keeping the SysBackup files in /opt/sysbackup/.
- Create a new user called sysbackup, ie: sudo useradd -m sysbackup.
- Create a temp storage folder such as
/home/sysbackup/temp.
Note that, in practice, the temporary files folder is not used very much by the SysBackup software and will probably never need much disk space - you should not have to worry about where you choose to put it.
- Create a storage folder for your daily backups. For this
example we will use
/home/sysbackup/test.azertech.net/daily.
Keep in mind that you will need enough disk space on the underlying partition to store all the backupsets in your daily rotation for this server.
- If you plan to keep weekly and monthly rotations you will need
to create folders for those also. For now we will assume
/home/sysbacup/test.azertech.net/weekly/ and
/home/sysbackup/test.azertech.net/monthly.
Again, the major consideration when setting-up the weekly and monthly backupset rotations will be disk space. It's important to carefully calculate the disk space you will need and make sure you have enough space available for the number of backupsets that you plan to keep in rotation.
- In ~sysbackup/.ssh/ create two ssh keys:
$ ssh-keygen -f localexec Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in localexec. Your public key has been saved in localexec.pub. The key fingerprint is: 1b:12:c3:01:1a:93:2b:42:43:a1:6a:db:64:98:45:78 sysbackup at nas.azertech.net The key's randomart image is: +--[ RSA 2048]----+ |.o=o... | |.+oE . . | |o +o + | |+ = o | |o= o . S | |. = . o | | . . . | | | | | +-----------------+ $ ssh-keygen -f filecopy Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in filecopy. Your public key has been saved in filecopy.pub. The key fingerprint is: b4:61:ed:2d:68:cb:87:1b:5f:ce:a1:5f:18:a1:f2:ef sysbackup at dev.azertech.net The key's randomart image is: +--[ RSA 2048]----+ | | | . | | + . . | | o = o . | | S + o | | o = . o | | = o + . | | = * o | | . ooE | +-----------------+
Note that, for general convenience, there are no passphrases used in the above example.
- Next, add the public keys to the authorized_keys2 file:
$ echo 'command="/opt/sysbackup/localexec $SSH_ORIGINAL_COMMAND" ' \ `cat localexec.pub` >> ~sysbackup/.ssh/authorized_keys2 $ cat filecopy.pub >> ~sysbackup/.ssh/authorized_keys2
Note that the localexec key triggers the localexec utility. The SysBackup code will not work unless this is done. Check the documentation for OpenSSH for additional information about keys and local commands. Google for help with setting-up chrooted OpenSSH user accounts.
- Copy the private keys to the /etc/sysbackup/keys/ folder on test.azertech.net.
- Next you will need to configure SysBackup. The configuration
information is not actually used by the localexec utility
- it is loaded into the server which is executing the backup
(test.azertech.net in this example.) Edit the file
/etc/sysbackup-nas.conf on each new sshremote server. The
file should contain the following information:
path_temp=/home/sysbackup/temp/ path_daily=/home/sysbackup/%HOST%/daily/ path_weekly=/home/sysbackup/%HOST%/daily/ path_monthly=/home/sysbackup/%HOST%/daily/
Remember to change the /home/sysbackup path to reflect the path that you are really using on your sshremote server. The SysBackup utility will replace the %HOST% token with the host name of the server being backed-up.
- localexec has the ability to log all activity. To enable
the log simply create it and localexec will see it and write
to it each time it is called:
$ sudo touch /var/log/remote-exec.log $ sudo chmod 666 /var/log/remote-exec.log
The chmod command above is only necessary if you plan on running localexec without root permissions.
At the time of this writing there is no configuration option for changing the location of the log file - you will have to edit the code for now if you need to change the log file location.
- Verify the setup of the sshremote server by using the
remexec test utility on test.azertech.net. The
command below will read the /etc/sysbackup-nas.conf file
on the remote storage server and display it to the console. The
result should look something like this:
$ /opt/sysbackup/remexec /etc/sysbackup/keys/localexec \ sysbackup[at]nas.azertech.net \ readfile /etc/sysbackup-nas.conf path_temp=/home/sysbackup/temp/ path_daily=/home/sysbackup/%HOST%/daily/ path_weekly=/home/sysbackup/%HOST%/daily/ path_monthly=/home/sysbackup/%HOST%/daily/
- Edit /etc/sysbackup/sysbackup.conf on
test.azertech.net to include the new sshremote server.
$this->add_sshremote( "nas", array( "enabled" => true, "remote_server" => "nas.azertech.net", "remconf_file" => "/etc/sysbackup-nas.conf", "usehardlinks" => true, "ssh_localexec_keypath" => "/etc/sysbackup/keys/localexec", "ssh_localexec_userid" => "sysbackup", "scp_filecopy_keypath" => "/etc/sysbackup/keys/filecopy", "scp_filecopy_userid" => "sysbackup", "rotation_enabled" => true, "rotation_dayofweek" => 0, // day of week (0=sunday, 1=monday...) for weekly rotation "rotation_dayofmonth" => 1, // day of month for monthly rotation "rotation_total_daily" => 7, // total number of daily backups to keep "rotation_total_weekly" => 4, // total number of weekly backups to keep "rotation_total_monthly"=> 4, // total number of monthly backups to keep ));
Finally, (again on the server that you want to backup - in this example it's test.azertech.net,) run SysBackup with the --dump-config option to see if you've done everything correctly. If everything is okay you will get a nice dump that will look similar to the following:
$ sudo /opt/sysbackup/sysbackup --dump-config System Backups 3.01(alpha) Basic Application Settings: req app_title "System Backups" req app_version "3.01(alpha)" req app_conffile "/etc/sysbackup/sysbackup.conf" req app_confdir "/etc/sysbackup/conf.d/" req app_plugindir "/etc/sysbackup/plugin.d/" req admin_email "sysbackup[at]azertech.net" ... Local Fileio VFS Plugin req hostname "test.azertech.net" req keeplocal bool(true) req path_temp "/home/sysbackup/temp/" req path_backup "/home/sysbackup/test.azertech.net/daily/" req path_rotation "/home/sysbackup/test.azertech.net/" SSH Remote Fileio VFS Plugin req hostname "nas.azertech.net" req keeplocal bool(true) req path_temp "/home/sysbackup/temp/" req path_backup "/home/sysbackup/test.azertech.net/daily/" req path_rotation "/home/sysbackup/test.azertech.net/" req enabled bool(true) req usehardlinks bool(true) req remconf_file "/etc/sysbackup-nas.conf" def ssh_binary "/usr/bin/ssh" int ssh_localexec_keypath "/etc/sysbackup/keys/localexec" opt ssh_localexec_options string(blank) int ssh_localexec_userid "sysbackup" def scp_binary "/usr/bin/scp" int scp_filecopy_keypath "/etc/sysbackup/keys/filecopy" opt scp_filecopy_options "-B -p -q" int scp_filecopy_userid "sysbackup" int remote_server "nas.azertech.net" ...
At this point your remote server is ready for action. You will want to repeat the above steps for any other remote server you need. If you are backing-up a Virtual Machine you will want to backup the VM to the physical host and at least one onsite or offsite remote host.)