HowtoForge - Linux Howtos in English English|HowtoForge.de - Linux-Howtos auf Deutsch Deutsch

Automated Backups With rdiff-backup - Page 2

Submitted by falko (Contact Author) (Forums) on Thu, 2005-10-13 14:43. ::

Step 3: Edit The Public Key On server1.example.com

Log in as root on server1.example.com and have a look at /root/.ssh/authorized_keys. It should look similar to this:

ssh-rsa AAAAB3Nza[...]W1go9M= rdiff-backup@backup

Now prepend the following string to /root/.ssh/authorized_keys:

command="rdiff-backup --server --restrict-read-only /",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty

It must be in one line(!) with the key, only seperated by a space:

command="rdiff-backup --server --restrict-read-only /",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3Nza[...]W1go9M= rdiff-backup@backup

This will run the command rdiff-backup --server --restrict-read-only / when the user rdiff-backup fom backup.example.com connects to server1.example.com over SSH. --restrict-read-only / makes sure that rdiff-backup has only read access on server1.example.com. It depends on your rdiff-backup version if this works. If this does not work for you you can leave out --restrict-read-only / so that it reads

command="rdiff-backup --server",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty

In from="backup.example.com" you should use the hostname that a reverse lookup of backup.example.com's IP address returns. For example, if backup.example.com's IP address is 1.2.3.4, and

dig -x 1.2.3.4

returns

rdiff-backup@backup:~$ dig -x 1.2.3.4

; <> DiG 9.2.4 <> -x 1.2.3.4
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38020
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;4.3.2.1.in-addr.arpa.      IN      PTR

;; ANSWER SECTION:
4.3.2.1.in-addr.arpa. 43200 IN      PTR     server3245.somehoster.com.

;; Query time: 118 msec
;; SERVER: 145.253.2.75#53(145.253.2.75)
;; WHEN: Thu Oct 13 14:56:03 2005
;; MSG SIZE  rcvd: 83

rdiff-backup@backup:~$

then you should use server3245.somehoster.com:

command="rdiff-backup --server --restrict-read-only /",from="server3245.somehoster.com",no-port-forwarding,no-X11-forwarding,no-pty

You can as well use backup.example.com's IP address:

command="rdiff-backup --server --restrict-read-only /",from="1.2.3.4",no-port-forwarding,no-X11-forwarding,no-pty

Next run

chmod -R go-rwx /root/.ssh

Then have a look at /etc/ssh/sshd_config. It should contain the lines

RSAAuthentication yes
PubkeyAuthentication yes

Restart ssh if you had to change /etc/ssh/sshd_config:

/etc/init.d/ssh restart

Step 4: Test rdiff-backup On backup.example.com

Back on backup.example.com, again as the user rdiff-backup, we test the backup:

cd /backup
rdiff-backup server1_backup::/boot boot

In the second command you see the string server1_backup. That is the string we used in /backup/.ssh/config after host. With this second command, the user rdiff-backup will connect to server1.example.com as the root user and save the directory /boot of server1.example.com to the directory /backup/boot on backup.example.com. If you see that it is working and you do not have to type in a password, then - congratulations! You did it!

Now all there is left to do is to create a cron job. Still as user rdiff-backup, run

crontab -e

and create a cron job like this:

40 2 * * * /usr/bin/rdiff-backup --exclude /tmp --exclude /mnt --exclude /proc --exclude /dev --exclude /cdrom --exclude /floppy server1_backup::/ /backup/server1

This runs the backup every night at 2.40h, saving the directory / with all subdirectories (excluding /tmp, /mnt, /proc, /dev, /cdrom, /floppy) of server1.example.com in /backup/server1 on backup.example.com.

(Note (a little off-topic): on Debian Sarge crontab -e will automatically open the editor nano. If you are used to working with the editor vi (like me), run the following commands:

rm -f /etc/alternatives/editor
ln -s /usr/bin/vi /etc/alternatives/editor

Afterwards, run crontab -e, and vi will come up.)


To find out more rdiff-backup commands (especially how to restore a backup), run

man rdiff-backup

and have a look at http://www.nongnu.org/rdiff-backup/examples.html.


Links

rdiff-backup Homepage: http://www.nongnu.org/rdiff-backup/index.html

rdiff-backup Examples: http://www.nongnu.org/rdiff-backup/examples.html

up

Copyright © 2005 Falko Timme
All Rights Reserved.
print: this | all page(s) | login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Please do not use the comment function to ask for help! If you need help, please use our forum: http://www.howtoforge.com/forums
Comments will be published after administrator approval.
Ubuntu - Good Guide
Submitted by Anonymous (Contact Author) (Forums) on Tue, 2006-08-22 17:38.
ssh-keygen -t rsa
# hit return three times

ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host
# enter your password for username on remote_host

cat > /etc/cron.daily/remote_backup
#!/bin/sh
rsync -e 'ssh -p 22' -avzp /some/dir remote_host:/var/backups/some_host
^D

chmod +x /etc/cron.daily/remote_backup

ssh username@remote_host mkdir /var/backups/some_host

http://www.ubuntuforums.org/showthread.php?t=238672

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
crontab & vi
Submitted by Anonymous (Contact Author) (Forums) on Fri, 2006-07-21 14:24.

rm -f /etc/alternatives/editor
ln -s /usr/bin/vi /etc/alternatives/editor

 this broke my crontab

 fixed with:  export EDITOR=vi && crontab -e

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
I'm working on a start
Submitted by Norman (Contact Author) (Forums) on Mon, 2008-02-18 14:55.

I'm working on a start script which can be run in the crontab fields for rdiff-backup. It will initiate the backup and send an email with result to a pre-defined person.

I would also suggest that anyone who run rdiff-backup also add --exclude /sys to their crontabs/rdiff-backup commands as sysfs is often mounted on /sys and has no point to be backed-up. Takes a lot of extra time to process files which are changed during runtime.

There are more of these directories and files which you can block out to improve performance. But it's the same reason why you dont backup /proc for all of them. 

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf