Backup Setup when we don't have root » History » Version 1
Jon Goldberg, 08/30/2021 06:35 PM
1 | 1 | Jon Goldberg | # Backup Setup when we don't have root |
---|---|---|---|
2 | |||
3 | We normally rely on a modified version `backupninja` for backup, which requires root access. When we don't have root access but we do have `borgbackup`, we have a modified procedure for backing up to rsync.net using borgbackup. |
||
4 | |||
5 | In the example below, `1234` should be your rsync.net user number, `yourrsyncserver.rsync.net` should be your rsync.net server (e.g. `usw-s008.rsync.net`). `clientname` and `servershortname` can be anything you want as long as they're consistent between `borg init` and the shell script. `server.longname.org` should be the name of the server as Icinga knows it. `/path/to/back/up` should be the path you want to back up. You can have more than one, separated by spaces. |
||
6 | |||
7 | Run all the following on a local computer that has its public key on the rsync.net server. |
||
8 | |||
9 | ```shell |
||
10 | # Get the public key for the SSH user who will be running the backup on the client's server. |
||
11 | # Add it to the rsync.net account: |
||
12 | echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1SlLpapSVuMm5O35LN/FWNa8DmRgxYRiaIhcrlFetmso3/+6s2ZGaMHtheTmfZuCm9VNHHp3YHXYqsDPPLuxFg4iKw7ccDc6nRRV32rl5doQE6708fZc6dMp4hFIGNLA1RBFvK/7bGBdQw+ryG/rKFuW7o1X2DrhWRYPVwavjqci2NiHEB5SwjLzetXKF6VLnoZxERZJcBG0d8uQ/EgbcMLN4xXbDDsNsofM4wok0aMULucogSvayHezu5HDt6Dta8iDaWbqQtJwtpcgWrqy+HTPZTxJ5PtZuOfG4KrVR0R+TQSdYe6CFFevGPp3TujO03h885zyXPiLqjEmrVLkt " | ssh 1234@yourrsyncserver.rsync.net 'dd of=.ssh/authorized_keys oflag=append conv=notrunc' |
||
13 | # Create a borg repo. |
||
14 | borg init 1234@yourrsyncserver.rsync.net:clientname-servershortname -e repokey --remote-path=/usr/local/bin/borg1/borg1 |
||
15 | ``` |
||
16 | |||
17 | Then, drop this script on the server (e.g. in `$HOME/bin`): |
||
18 | ```shell |
||
19 | #!/bin/bash |
||
20 | # borg backupninja backup script |
||
21 | REPOSITORY="1234@yourrsyncserver.rsync.net:clientname-servershortname" |
||
22 | export BORG_PASSPHRASE='StrongPassphrase' |
||
23 | # On rsync.net: Specify /usr/local/bin/borg/borg for borg 0.29; /usr/local/bin/borg1 for 1.x |
||
24 | REMOTE_PATH=/usr/local/bin/borg1/borg1 |
||
25 | |||
26 | ICINGA2_API_USER=backupninja |
||
27 | ICINGA2_SERVER_ADDRESS=icinga.megaphonetech.com |
||
28 | ICINGA2_API_PORT=5665 |
||
29 | ICINGA2_API_PASSWORD=<Icinga2 API password> |
||
30 | ICINGA2_HOSTNAME=server.longname.org |
||
31 | # Set level to 0, "OK", and we'll change it if anything goes wrong. |
||
32 | LEVEL=0 |
||
33 | # Run the backup. |
||
34 | OUTPUT=$( ( |
||
35 | /usr/bin/borg create --warning --filter=AME --stats --list --compression lz4 \ |
||
36 | --remote-path $REMOTE_PATH \ |
||
37 | $REPOSITORY::'{hostname}-{now:%Y-%m-%d}' \ |
||
38 | /path/to/back/up \ |
||
39 | --exclude '*/templates_c' |
||
40 | ) 2>&1) |
||
41 | if [ $? -ne 0 ] |
||
42 | then |
||
43 | LEVEL=2 |
||
44 | fi |
||
45 | |||
46 | # Remove old backups. |
||
47 | OUTPUT=${OUTPUT}\n$( ( |
||
48 | /usr/bin/borg prune -v $REPOSITORY --prefix '{hostname}-' --keep-daily=15 --keep-weekly=9 --keep-monthly=6 --remote-path $REMOTE_PATH |
||
49 | ) 2>&1) |
||
50 | if [ $? -ne 0 ] |
||
51 | then |
||
52 | LEVEL=2 |
||
53 | fi |
||
54 | |||
55 | # Check the integrity of the backup. |
||
56 | OUTPUT=${OUTPUT}\n$( ( |
||
57 | /usr/bin/borg check $REPOSITORY --remote-path $REMOTE_PATH |
||
58 | ) 2>&1) |
||
59 | if [ $? -ne 0 ] |
||
60 | then |
||
61 | LEVEL=2 |
||
62 | fi |
||
63 | unset BORG_PASSPHRASE |
||
64 | # Send to Icinga |
||
65 | /usr/bin/curl -k -s -u $ICINGA2_API_USER:$ICINGA2_API_PASSWORD -H 'Accept: application/json' -X POST "https://$ICINGA2_SERVER_ADDRESS:$ICINGA2_API_PORT/v1/actions/process-check-result?service=${ICINGA2_HOSTNAME}!backupninja" --data "{ \"exit_status\": $LEVEL, \"plugin_output\": $OUTPUT}" #> /dev/null |
||
66 | # Reschedule the next dummy backupninja check |
||
67 | RESCHEDULE_TIME=$(/bin/date -d "tomorrow 6am" "+%s") |
||
68 | /usr/bin/curl -k -s -u $ICINGA2_API_USER:$ICINGA2_API_PASSWORD -H 'Accept: application/json' -X POST "https://$ICINGA2_SERVER_ADDRESS:$ICINGA2_API_PORT/v1/actions/process-check-result?service=${ICINGA2_HOSTNAME}!backupninja" --data "{ \"next_check\": \"${RESCHEDULE_TIME}\"}" #> /dev/null |
||
69 | ``` |
||
70 | |||
71 | `chmod +x` this file, then add it to the user's `crontab`. |
||
72 | Add `vars.has_backupninja = true` to the server's Icinga config and restart Icinga. |