Backup Setup when we don't have root¶
We normally rely on a modified version backupninja
for backup, which requires root access. When we don't have root access but we do have borgbackup
, we have a modified procedure for backing up to rsync.net using borgbackup.
In the example below, 1234
should be your rsync.net user number, yourrsyncserver.rsync.net
should be your rsync.net server (e.g. usw-s008.rsync.net
). clientname
and servershortname
can be anything you want as long as they're consistent between borg init
and the shell script. server.longname.org
should be the name of the server as Icinga knows it. /path/to/back/up
should be the path you want to back up. You can have more than one, separated by spaces.
Run the following on a local computer that has its public key on the rsync.net server.
#!/bin/bash # Get the public key for the SSH user who will be running the backup on the client's server.
# This Add it to the rsync.net account:
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1SlLpapSVuMm5O35LN/FWNa8DmRgxYRiaIhcrlFetmso3/+6s2ZGaMHtheTmfZuCm9VNHHp3YHXYqsDPPLuxFg4iKw7ccDc6nRRV32rl5doQE6708fZc6dMp4hFIGNLA1RBFvK/7bGBdQw+ryG/rKFuW7o1X2DrhWRYPVwavjqci2NiHEB5SwjLzetXKF6VLnoZxERZJcBG0d8uQ/EgbcMLN4xXbDDsNsofM4wok0aMULucogSvayHezu5HDt6Dta8iDaWbqQtJwtpcgWrqy+HTPZTxJ5PtZuOfG4KrVR0R+TQSdYe6CFFevGPp3TujO03h885zyXPiLqjEmrVLt " | ssh 1234@yourrsyncserver.rsync.net 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
# Create a borg repo.
borg init 1234@yourrsyncserver.rsync.net:clientname-servershortname -e repokey --remote-path=/usr/local/bin/borg1/borg1
#!/bin/bash
# This script requires jq. Bail if not found. You can download a static binary from the jq homepage.
if ! command -v ./jq &> /dev/null
then
echo "jq could not be found. Please install and try again"
exit
fi
# borg backupninja backup script
REPOSITORY="1234@yourrsyncserver.rsync.net:clientname-servershortname"
export BORG_PASSPHRASE='StrongPassphrase'
# On rsync.net: Specify /usr/local/bin/borg/borg for borg 0.29; /usr/local/bin/borg1 for 1.x
REMOTE_PATH=/usr/local/bin/borg1/borg1
ICINGA2_API_USER=backupninja
ICINGA2_SERVER_ADDRESS=icinga.megaphonetech.com
ICINGA2_API_PORT=5665
ICINGA2_API_PASSWORD=<Icinga2 API password>
ICINGA2_HOSTNAME=server.longname.org
# Set level to 0, "OK", and we'll change it if anything goes wrong.
LEVEL=0
# Run the backup.
OUTPUT=$( (
/usr/bin/borg create --warning --filter=AME --stats --compression lz4 \
--remote-path $REMOTE_PATH \
$REPOSITORY::'{hostname}-{now:%Y-%m-%d}' \
/path/to/back/up \
--exclude '*/templates_c' \
--exclude '*/Maildir' \
--exclude '.config/borg' \
--exclude '*/civicrm/upload/cache'
) 2>&1)
if [ $? -ne 0 ]
then
LEVEL=2
fi
# Remove old backups.
OUTPUT=${OUTPUT}\\n$( (
/usr/bin/borg prune -v $REPOSITORY --prefix '{hostname}-' --keep-daily=15 --keep-weekly=9 --keep-monthly=6 --remote-path $REMOTE_PATH
) 2>&1)
if [ $? -ne 0 ]
then
LEVEL=2
fi
# Check the integrity of the backup.
OUTPUT=${OUTPUT}\\n$( (
/usr/bin/borg check $REPOSITORY --remote-path $REMOTE_PATH
) 2>&1)
if [ $? -ne 0 ]
then
LEVEL=2
fi
unset BORG_PASSPHRASE
# Escape JSON characters
echo $OUTPUT
OUTPUT=$( echo $OUTPUT | ./jq --raw-input --slurp --ascii-output . )
echo "after jq"
echo $OUTPUT
# Send to Icinga
DATA="{ \"exit_status\": $LEVEL, \"plugin_output\": ${OUTPUT} }"
/usr/bin/curl -k -s -u $ICINGA2_API_USER:$ICINGA2_API_PASSWORD -H 'Accept: application/json' -X POST "https://$ICINGA2_SERVER_ADDRESS:$ICINGA2_API_PORT/v1/actions/process-check-result?service=${ICINGA2_HOSTNAME}!backupninja" --data "${DATA}" > /dev/null
# Reschedule the next dummy backupninja check
RESCHEDULE_TIME=$(/bin/date -d "tomorrow 6am" "+%s")
RESCHEDULE_JSON="{ \"next_check\": \"${RESCHEDULE_TIME}\" }"
/usr/bin/curl -k -s -u $ICINGA2_API_USER:$ICINGA2_API_PASSWORD -H 'Accept: application/json' -X POST "https://$ICINGA2_SERVER_ADDRESS:$ICINGA2_API_PORT/v1/actions/reschedule-check?service=${ICINGA2_HOSTNAME}!backupninja" --data "${RESCHEDULE_JSON}" > /dev/null
chmod +x
this file, then add it to the user's crontab
looking something like this:
0 2 * * * cd /home/members/example/sites/crm.example.org/users/example/bin && /home/members/example/sites/crm.example.org/users/example/bin/borgbackup.sh
Add vars.has_backupninja = true
to the server's Icinga config and restart Icinga.
Updated by Jon Goldberg over 3 years ago · 5 revisions