===== Backupninja with unattended rdiff-backup =====
> Backupninja provides a centralized way to configure and schedule many different backup utilities. It allows for secure, remote, incremental filesytem backup (via rdiff-backup), compressed incremental data, backup system and hardware info, encrypted remote backups (via duplicity), safe backup of MySQL/PostgreSQL databases, subversion or trac repositories, burn CD/DVDs or create ISOs, incremental rsync with hardlinking.
This walkthrough will describe how to setup [[https://labs.riseup.net/code/projects/show/backupninja/|Backupninja]] together with [[http://rdiff-backup.nongnu.org/|rdiff-backup]] in unattended mode.
The two partners in this setup are **//server.example.net//** and **//backup.example.net//**. The former should backup its data nightly to the latter. The user **//service//** will be the backup system account using password-less ssh access. The target directory is **///data/backup//**, so the complete backup target address in ssh notation is **//service@backup.example.net:/data/backup//**.
+----------------------+ +----------------------+
| server.example.net |-=------------------------->| backup.example.net |
+-------+--------------+ +--------------+-------+
| ^
v |
/-------+-------\ /--------------\ /-----+ /-----+ /------+-------\
| backupninja |->| rdiff backup |->| ssh |------>| ssh |->| rdiff backup |
\---------------/ \--------------/ +-----/ +-----/ \--------------/
==== Setup: Once ====
=== target: create system user ===
backup.example.net:~$ useradd -m service
backup.example.net:~$ passwd service
# ^^ only required for copying over ssh public identities; can be disabled later:
backup.example.net:~$ passwd --lock service
=== target: install backup software ===
''rdiff-backup'' requires pyxattr >=0.4 (looks like)
* On debian lenny, ''python-pyxattr'' has ''Version: 0.4.0-1'', while ''python-xattr'' has ''Version: 0.4-4''
backup.example.net:~$ aptitude install backupninja rdiff-backup python-pyxattr
* On debian etch, ''python-pyxattr'' has ''Version: 0.2.1-1.1'', so use ''python-xattr 0.4-4~bpo40+1'' from ''etch-backports'':
backup.example.net:~$ aptitude install python-xattr -t etch-backports
==== Setup: For each backup pair ====
=== target: setup backup destination ===
backup.example.net:~$ mkdir -p /data/backup/{customer}/server.example.net/rdiff
backup.example.net:~$ chown -R service:service /data/backup/{customer}/server.example.net/rdiff
=== source: setup backup source ===
* setup backup tools
server.example.net:~$ aptitude install backupninja rdiff-backup python-pyxattr debconf-utils hwinfo
pyxattr >=0.4 required (so on debian etch):
(see above "target: install backup software")
server.example.net:~$ aptitude install python-xattr -t etch-backports
* create user **//service//** and its keypair, copy public key over to backup target
server.example.net:~$ useradd -m service
server.example.net:~$ su - service
service@server.example.net:~$ ssh-keygen
service@server.example.net:~$ ssh-copy-id service@backup.example.net
service@server.example.net:~$ logout
* backupninja: base configuration
reportemail = root@example.net
when = everyday at 00:45
Just the hour-part of "when" is actually used, so this will run at **00:00**!
This is due to a limitation (bug?) in backupninja.
* backupninja: handler setup
server.example.net:~$ cp /usr/share/doc/backupninja/examples/example.sys /etc/backup.d/10.sys
server.example.net:~$ cp /usr/share/doc/backupninja/examples/example.mysql /etc/backup.d/20.mysql
server.example.net:~$ cp /usr/share/doc/backupninja/examples/example.ldap /etc/backup.d/30.ldap
server.example.net:~$ cp /usr/share/doc/backupninja/examples/example.rdiff /etc/backup.d/90.rdiff
server.example.net:~$ chmod go-r /etc/backup.d/*
Properly configure each handler!
TODO: Write more e.g. about using ''slapcat'' for LDAP.
* backupninja: unattended backup-rdiff
...
options = --force --remote-schema 'ssh -i /home/service/.ssh/id_rsa -C %s rdiff-backup --server'
...
#label = thishostname
...
include = /var/mail
...
[dest]
directory = /data/backup/{customer}/server.example.net/rdiff
host = backup.example.net
user = service
sshoptions = -i /home/service/.ssh/id_rsa
* backupninja: force testrun
server.example.net:~$ backupninja --test --now
server.example.net:~$ screen -S backup
server.example.net:~$ backupninja --debug --now
detach from ''screen'': Ctrl-a, D
==== Prerequisites ====
=== target: prepare backup partition (optional) ===
//hypervisor// is the machine //backup.example.net// is running on. We'll mount another partition with plenty of backup space. Here's how (LVM + Xen):
+-----------------------+ +------+
|+--------------------+ | |{s} |
|| backup.example.net |-|----+ 250G |
|+--------------------+ | | | /dev/vg0/backup-data
| hypervisor | +------+
+-----------------------+
hypervisor:~$ lvcreate -L 250G vg0 -n backup-data
hypervisor:~$ mkfs.ext3 /dev/vg0/backup-data
hypervisor:~$ nano /etc/xen/backup.example.net.cfg
...
disk = [
...
'phy:vg0/backup-data,sda6,w',
]
...
backup.example.net:~$ mkdir /data
backup.example.net:~$ nano /etc/fstab
...
/dev/sda6 /data ext3 noatime,nodiratime,errors=remount-ro 0 1
backup.example.net:~$ halt
hypervisor:~$ xm create /etc/xen/backup.example.net.cfg
=== target: configure backup directory ===
Exclude backup path from being scanned by "locate" & Co.:
backup.example.net:~$ nano /etc/updatedb.findutils.cron.local
PRUNEPATHS="/data/backup"
{{tag>backup backupninja rdiff-backup}}