Project

General

Profile

Backup Setup when we don't have root » History » Version 1

Jon Goldberg, 08/30/2021 06:35 PM

1 1 Jon Goldberg
# Backup Setup when we don't have root
2
3
We normally rely on a modified version `backupninja` for backup, which requires root access.  When we don't have root access but we do have `borgbackup`, we have a modified procedure for backing up to rsync.net using borgbackup.
4
5
In the example below, `1234` should be your rsync.net user number, `yourrsyncserver.rsync.net` should be your rsync.net server (e.g. `usw-s008.rsync.net`). `clientname` and `servershortname` can be anything you want as long as they're consistent between `borg init` and the shell script. `server.longname.org` should be the name of the server as Icinga knows it. `/path/to/back/up` should be the path you want to back up.  You can have more than one, separated by spaces.
6
7
Run all the following on a local computer that has its public key on the rsync.net server.
8
9
```shell
10
# Get the public key for the SSH user who will be running the backup on the client's server.
11
# Add it to the rsync.net account:
12
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1SlLpapSVuMm5O35LN/FWNa8DmRgxYRiaIhcrlFetmso3/+6s2ZGaMHtheTmfZuCm9VNHHp3YHXYqsDPPLuxFg4iKw7ccDc6nRRV32rl5doQE6708fZc6dMp4hFIGNLA1RBFvK/7bGBdQw+ryG/rKFuW7o1X2DrhWRYPVwavjqci2NiHEB5SwjLzetXKF6VLnoZxERZJcBG0d8uQ/EgbcMLN4xXbDDsNsofM4wok0aMULucogSvayHezu5HDt6Dta8iDaWbqQtJwtpcgWrqy+HTPZTxJ5PtZuOfG4KrVR0R+TQSdYe6CFFevGPp3TujO03h885zyXPiLqjEmrVLkt " | ssh 1234@yourrsyncserver.rsync.net 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
13
# Create a borg repo.
14
borg init 1234@yourrsyncserver.rsync.net:clientname-servershortname -e repokey --remote-path=/usr/local/bin/borg1/borg1
15
```
16
17
Then, drop this script on the server (e.g. in `$HOME/bin`):
18
```shell
19
#!/bin/bash
20
# borg backupninja backup script
21
REPOSITORY="1234@yourrsyncserver.rsync.net:clientname-servershortname"
22
export BORG_PASSPHRASE='StrongPassphrase'
23
# On rsync.net: Specify /usr/local/bin/borg/borg for borg 0.29; /usr/local/bin/borg1 for 1.x
24
REMOTE_PATH=/usr/local/bin/borg1/borg1
25
26
ICINGA2_API_USER=backupninja
27
ICINGA2_SERVER_ADDRESS=icinga.megaphonetech.com
28
ICINGA2_API_PORT=5665
29
ICINGA2_API_PASSWORD=<Icinga2 API password>
30
ICINGA2_HOSTNAME=server.longname.org
31
# Set level to 0, "OK", and we'll change it if anything goes wrong.
32
LEVEL=0
33
# Run the backup.
34
OUTPUT=$( (
35
/usr/bin/borg create --warning --filter=AME --stats  --list --compression lz4         \
36
--remote-path $REMOTE_PATH \
37
$REPOSITORY::'{hostname}-{now:%Y-%m-%d}' \
38
/path/to/back/up \
39
--exclude '*/templates_c'
40
) 2>&1)
41
if [ $? -ne 0 ]
42
then
43
  LEVEL=2
44
fi
45
46
# Remove old backups.
47
OUTPUT=${OUTPUT}\n$( (
48
/usr/bin/borg prune -v $REPOSITORY --prefix '{hostname}-' --keep-daily=15 --keep-weekly=9 --keep-monthly=6 --remote-path $REMOTE_PATH
49
) 2>&1)
50
if [ $? -ne 0 ]
51
  then
52
  LEVEL=2
53
fi
54
55
# Check the integrity of the backup.
56
OUTPUT=${OUTPUT}\n$( (
57
/usr/bin/borg check $REPOSITORY --remote-path $REMOTE_PATH
58
) 2>&1)
59
if [ $? -ne 0 ]
60
  then
61
  LEVEL=2
62
fi
63
unset BORG_PASSPHRASE
64
# Send to Icinga
65
/usr/bin/curl -k -s -u $ICINGA2_API_USER:$ICINGA2_API_PASSWORD -H 'Accept: application/json' -X POST "https://$ICINGA2_SERVER_ADDRESS:$ICINGA2_API_PORT/v1/actions/process-check-result?service=${ICINGA2_HOSTNAME}!backupninja" --data "{ \"exit_status\": $LEVEL, \"plugin_output\": $OUTPUT}" #> /dev/null
66
# Reschedule the next dummy backupninja check
67
RESCHEDULE_TIME=$(/bin/date -d "tomorrow 6am" "+%s")
68
/usr/bin/curl -k -s -u $ICINGA2_API_USER:$ICINGA2_API_PASSWORD -H 'Accept: application/json' -X POST "https://$ICINGA2_SERVER_ADDRESS:$ICINGA2_API_PORT/v1/actions/process-check-result?service=${ICINGA2_HOSTNAME}!backupninja" --data "{ \"next_check\": \"${RESCHEDULE_TIME}\"}" #> /dev/null
69
```
70
71
`chmod +x` this file, then add it to the user's `crontab`.
72
Add `vars.has_backupninja = true` to the server's Icinga config and restart Icinga.