Project

General

Profile

Backup Setup

Overview

For a server to be backed up to Megaphone Tech's standards, all of the following must be true:

  • The backup must happen at least daily.
  • The backup must be tested (and testable) to ensure its validity.
  • The backup must be encrypted in transit and at rest. 
  • If the backup resides on a server outside of our control, the data must be encrypted such that those controlling the server can not read the data.
  • At least one copy of the backup must be in a separate geographical location from the original data.
  • Databases must be backed up using a database dump tool and stored in a backed-up area of the filesystem.
  • The backup should be monitored for both successes and failure.  Alerts should be generated for failed backups, and for backups that don't run.

To accomplish this, we use a modified copy of backupninja to manage the backups.  It reports into our centralized Icinga2 monitoring.
The preferred back-end for backups is borgbackup, which provides for validity testing and client-side encryption.

Ansible

  • Assign the server to a group with the backupninja role.

Step-by-step (manual) guide

Go to top