From: Peter Palfrader Date: Sun, 15 Mar 2009 20:07:49 +0000 (+0100) Subject: Add backup.d.o X-Git-Url: https://wiki.adam-barratt.org.uk/gitweb/?a=commitdiff_plain;h=6196654c6a79ed11bd01fed2d32e56af28083c6b;p=mirror%2Fdsa-wiki.git Add backup.d.o --- diff --git a/input/howto/backup.creole b/input/howto/backup.creole new file mode 100644 index 0000000..a6aabd9 --- /dev/null +++ b/input/howto/backup.creole @@ -0,0 +1,82 @@ += Debian backup = + +bartok.debian.org alias backup.debian.org is Debian's backup machine. + +== Backup organisation == + +{{{/org/backup.debian.org}}} contains two directories, {{{staging}}} and +{{{backup}}}. The latter contains the backup and is organised in directories +with date directories that contain all the files from that particular day. The +number of kept copies is configured in files in {{{/etc/da-backup-manager/}}}. + +The {{{/staging/}}} directory is used by the clients, i.e. the .debian.org +hosts that have something valuable to backup. The contents of the particular +directories is pushed from root to root@backup.debian.org via rsync via a +restricted SSH session based on key-authentication. + +Directories: + +{{{ + /org/backup.debian.org/staging/ + wiki.debian.org + cvs.debian.org + ... + + /org/backup.debian.org/backup/ + wiki.debian.org/ + 20050909 + 20050910 + 20050911 + ... + cvs.debian.org/ + 20050909 + 20050910 + 20050911 + ... + ... +}}} + +== Adding new backup directories == + +* install da-backup on the client +* create a crontab that runs da-backup daily at some convenient time +* configure the directories in {{{/etc/da-backup}}} +* create a new SSH key pair for each configuration file foo in + {{{/etc/da-backup/}}} with {{{ssh-keygen -t rsa -f /root/.ssh/da_foo"}}}: + +{{{ + cd /etc/da-backup && + [ -r /root/.ssh ] && + for i in *; do + echo $i && + if [ -e "/root/.ssh/da_$i" ]; then continue; fi && + sudo ssh-keygen -t rsa -f /root/.ssh/da_$i -N '' -C "da-backup for $i on `hostname -f`"; + done + + echo "#" && + echo "# `hostname -f`" && + echo "#" && + myip=`host $(hostname -f) | \ + grep has\ address | \ + sed -e 's/.*address //'` && + cd /etc/da-backup && + for i in *; do + echo "command=\"rsync --server -vlHogDtprz --delete --delete-after --ignore-errors . /org/backup.debian.org/staging/`hostname -f`/$i\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from=\"::ffff:$myip,$myip\" `cat /root/.ssh/da_$i.pub`" + done && echo +}}} + +* (why is this here? It shouldn't be necessary, --weasel) ((run {{{ssh -o 'StrictHostKeyChecking no' backup.debian.org}}} and abort))) +* install the public components of the key with the proper command in + {{{/root/.ssh/authorized_keys}} on bartok, start a new section for each host. +* configure how many copies of the directory should be kept in + {{{/etc/da-backup-manager/}}} +* mkdir the target directories +* run {{{da-backup -v}}} on the client to see if it all works. + + +* Backup items should either be called {{{/}}} or + {{{services/}}}, i.e. always use a two-level directory layout. + +== Consistency checks == + +* Run {{{sudo -u nagios /usr/lib/nagios/plugins/dsa-check-dabackup-server}}}