Automated Backups With rdiff-backup - Page 2

Step 3: Edit The Public Key On server1.example.com

Log in as root on server1.example.com and have a look at /root/.ssh/authorized_keys. It should look similar to this:

ssh-rsa AAAAB3Nza[...]W1go9M= [email protected]

Now prepend the following string to /root/.ssh/authorized_keys:

command="rdiff-backup --server --restrict-read-only /",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty

It must be in one line(!) with the key, only seperated by a space:

command="rdiff-backup --server --restrict-read-only /",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3Nza[...]W1go9M= [email protected]

This will run the command rdiff-backup --server --restrict-read-only / when the user rdiff-backup fom backup.example.com connects to server1.example.com over SSH. --restrict-read-only / makes sure that rdiff-backup has only read access on server1.example.com. It depends on your rdiff-backup version if this works. If this does not work for you you can leave out --restrict-read-only / so that it reads

command="rdiff-backup --server",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty

In from="backup.example.com" you should use the hostname that a reverse lookup of backup.example.com's IP address returns. For example, if backup.example.com's IP address is 1.2.3.4, and

dig -x 1.2.3.4

returns

[email protected]:~$ dig -x 1.2.3.4

; <> DiG 9.2.4 <> -x 1.2.3.4
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38020
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;4.3.2.1.in-addr.arpa.      IN      PTR

;; ANSWER SECTION:
4.3.2.1.in-addr.arpa. 43200 IN      PTR     server3245.somehoster.com.

;; Query time: 118 msec
;; SERVER: 145.253.2.75#53(145.253.2.75)
;; WHEN: Thu Oct 13 14:56:03 2005
;; MSG SIZE  rcvd: 83

[email protected]:~$

then you should use server3245.somehoster.com:

command="rdiff-backup --server --restrict-read-only /",from="server3245.somehoster.com",no-port-forwarding,no-X11-forwarding,no-pty

You can as well use backup.example.com's IP address:

command="rdiff-backup --server --restrict-read-only /",from="1.2.3.4",no-port-forwarding,no-X11-forwarding,no-pty

Next run

chmod -R go-rwx /root/.ssh

Then have a look at /etc/ssh/sshd_config. It should contain the lines

RSAAuthentication yes
PubkeyAuthentication yes

Restart ssh if you had to change /etc/ssh/sshd_config:

/etc/init.d/ssh restart

Step 4: Test rdiff-backup On backup.example.com

Back on backup.example.com, again as the user rdiff-backup, we test the backup:

cd /backup
rdiff-backup server1_backup::/boot boot

In the second command you see the string server1_backup. That is the string we used in /backup/.ssh/config after host. With this second command, the user rdiff-backup will connect to server1.example.com as the root user and save the directory /boot of server1.example.com to the directory /backup/boot on backup.example.com. If you see that it is working and you do not have to type in a password, then - congratulations! You did it!

Now all there is left to do is to create a cron job. Still as user rdiff-backup, run

crontab -e

and create a cron job like this:

40 2 * * * /usr/bin/rdiff-backup --exclude /tmp --exclude /mnt --exclude /proc --exclude /dev --exclude /cdrom --exclude /floppy server1_backup::/ /backup/server1

This runs the backup every night at 2.40h, saving the directory / with all subdirectories (excluding /tmp, /mnt, /proc, /dev, /cdrom, /floppy) of server1.example.com in /backup/server1 on backup.example.com.

(Note (a little off-topic): on Debian Sarge crontab -e will automatically open the editor nano. If you are used to working with the editor vi (like me), run the following commands:

rm -f /etc/alternatives/editor
ln -s /usr/bin/vi /etc/alternatives/editor

Afterwards, run crontab -e, and vi will come up.)


To find out more rdiff-backup commands (especially how to restore a backup), run

man rdiff-backup

and have a look at http://www.nongnu.org/rdiff-backup/examples.html.


Links

rdiff-backup Homepage: http://www.nongnu.org/rdiff-backup/index.html

rdiff-backup Examples: http://www.nongnu.org/rdiff-backup/examples.html

Share this page:

5 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous
Reply  

rm -f /etc/alternatives/editor
ln -s /usr/bin/vi /etc/alternatives/editor

 this broke my crontab

 fixed with:  export EDITOR=vi && crontab -e

By:
Reply  

I'm working on a start script which can be run in the crontab fields for rdiff-backup. It will initiate the backup and send an email with result to a pre-defined person.

I would also suggest that anyone who run rdiff-backup also add --exclude /sys to their crontabs/rdiff-backup commands as sysfs is often mounted on /sys and has no point to be backed-up. Takes a lot of extra time to process files which are changed during runtime.

There are more of these directories and files which you can block out to improve performance. But it's the same reason why you dont backup /proc for all of them. 

By: Anonymous
Reply  

ssh-keygen -t rsa
# hit return three times

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]_host
# enter your password for username on remote_host

cat > /etc/cron.daily/remote_backup
#!/bin/sh
rsync -e 'ssh -p 22' -avzp /some/dir remote_host:/var/backups/some_host
^D

chmod +x /etc/cron.daily/remote_backup

ssh [email protected]_host mkdir /var/backups/some_host

http://www.ubuntuforums.org/showthread.php?t=238672

By: Kim N. Lesmer
Reply  

When you use rdiff-backup to backup from a local machine to a remote host, rdiff-backup has to be installed on both systems, and it has to be the same version or at least no major changes most appear between the versions.

By:
Reply  

If your server1.example.com has sshd on different port than 22 eg. 1234 than You have to make additional changes on server backup.example.com:

Add extra line to /backup/.ssh/config: port 1234

You shoul also use ssh-copy-id -p 1234 -i ~/.ssh/id_rsa.pub [email protected] instead of ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

 Sometimes obove doesnt work, so You have to edit by root file ssh-copy-id (located /usr/bin/ssh-copy-id) around line 41:

 { eval "$GET_ID" ; } | ssh -p 1234 $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1