Project

General

Profile

Actions

Backup Setup when we don't have root

We normally rely on a modified version backupninja for backup, which requires root access. When we don't have root access but we do have borgbackup, we have a modified procedure for backing up to rsync.net using borgbackup.

In the example below, 1234 should be your rsync.net user number, yourrsyncserver.rsync.net should be your rsync.net server (e.g. usw-s008.rsync.net). clientname and servershortname can be anything you want as long as they're consistent between borg init and the shell script. server.longname.org should be the name of the server as Icinga knows it. /path/to/back/up should be the path you want to back up. You can have more than one, separated by spaces.

Run the following on a local computer that has its public key on the rsync.net server.

#!/bin/bash # Get the public key for the SSH user who will be running the backup on the client's server. 
# This Add it to the rsync.net account: 
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1SlLpapSVuMm5O35LN/FWNa8DmRgxYRiaIhcrlFetmso3/+6s2ZGaMHtheTmfZuCm9VNHHp3YHXYqsDPPLuxFg4iKw7ccDc6nRRV32rl5doQE6708fZc6dMp4hFIGNLA1RBFvK/7bGBdQw+ryG/rKFuW7o1X2DrhWRYPVwavjqci2NiHEB5SwjLzetXKF6VLnoZxERZJcBG0d8uQ/EgbcMLN4xXbDDsNsofM4wok0aMULucogSvayHezu5HDt6Dta8iDaWbqQtJwtpcgWrqy+HTPZTxJ5PtZuOfG4KrVR0R+TQSdYe6CFFevGPp3TujO03h885zyXPiLqjEmrVLt " | ssh 1234@yourrsyncserver.rsync.net 'dd of=.ssh/authorized_keys oflag=append conv=notrunc' 
# Create a borg repo. 
borg init 1234@yourrsyncserver.rsync.net:clientname-servershortname -e repokey --remote-path=/usr/local/bin/borg1/borg1 
#!/bin/bash
# This script requires jq.  Bail if not found.  You can download a static binary from the jq homepage.
if ! command -v ./jq &> /dev/null
then
    echo "jq could not be found. Please install and try again"
    exit
fi

# borg backupninja backup script
REPOSITORY="1234@yourrsyncserver.rsync.net:clientname-servershortname"
export BORG_PASSPHRASE='StrongPassphrase'
# On rsync.net: Specify /usr/local/bin/borg/borg for borg 0.29; /usr/local/bin/borg1 for 1.x
REMOTE_PATH=/usr/local/bin/borg1/borg1

ICINGA2_API_USER=backupninja
ICINGA2_SERVER_ADDRESS=icinga.megaphonetech.com
ICINGA2_API_PORT=5665
ICINGA2_API_PASSWORD=<Icinga2 API password>
ICINGA2_HOSTNAME=server.longname.org
# Set level to 0, "OK", and we'll change it if anything goes wrong.
LEVEL=0
# Run the backup.
OUTPUT=$( (
/usr/bin/borg create --warning --filter=AME --stats --compression lz4         \
--remote-path $REMOTE_PATH \
$REPOSITORY::'{hostname}-{now:%Y-%m-%d}' \
/path/to/back/up \
--exclude '*/templates_c' \
--exclude '*/Maildir' \
--exclude '.config/borg' \
--exclude '*/civicrm/upload/cache'
) 2>&1)
if [ $? -ne 0 ]
then
  LEVEL=2
fi
# Remove old backups.
OUTPUT=${OUTPUT}\\n$( (
/usr/bin/borg prune -v $REPOSITORY --prefix '{hostname}-' --keep-daily=15 --keep-weekly=9 --keep-monthly=6 --remote-path $REMOTE_PATH
) 2>&1)
if [ $? -ne 0 ]
  then
  LEVEL=2
fi

# Check the integrity of the backup.
OUTPUT=${OUTPUT}\\n$( (
/usr/bin/borg check $REPOSITORY --remote-path $REMOTE_PATH
) 2>&1)
if [ $? -ne 0 ]
  then
  LEVEL=2
fi
unset BORG_PASSPHRASE
# Escape JSON characters
echo $OUTPUT
OUTPUT=$( echo $OUTPUT | ./jq --raw-input --slurp --ascii-output . )
echo "after jq"
echo $OUTPUT
# Send to Icinga
DATA="{ \"exit_status\": $LEVEL, \"plugin_output\": ${OUTPUT} }"
/usr/bin/curl -k -s -u $ICINGA2_API_USER:$ICINGA2_API_PASSWORD -H 'Accept: application/json' -X POST "https://$ICINGA2_SERVER_ADDRESS:$ICINGA2_API_PORT/v1/actions/process-check-result?service=${ICINGA2_HOSTNAME}!backupninja" --data "${DATA}" > /dev/null
# Reschedule the next dummy backupninja check
RESCHEDULE_TIME=$(/bin/date -d "tomorrow 6am" "+%s")
RESCHEDULE_JSON="{ \"next_check\": \"${RESCHEDULE_TIME}\" }"
/usr/bin/curl -k -s -u $ICINGA2_API_USER:$ICINGA2_API_PASSWORD -H 'Accept: application/json' -X POST "https://$ICINGA2_SERVER_ADDRESS:$ICINGA2_API_PORT/v1/actions/reschedule-check?service=${ICINGA2_HOSTNAME}!backupninja" --data "${RESCHEDULE_JSON}" > /dev/null

chmod +x this file, then add it to the user's crontab looking something like this:

0 2 * * * cd /home/members/example/sites/crm.example.org/users/example/bin && /home/members/example/sites/crm.example.org/users/example/bin/borgbackup.sh 

Add vars.has_backupninja = true to the server's Icinga config and restart Icinga.

Updated by Jon Goldberg 3 months ago · 5 revisions