Efter lidt tid med servere rundt omkring i verden, har jeg tænkt lidt over at jeg rent faktisk ville være pænt fucked hvis de gik ned, jeg begyndte derfor at undersøge muligheden for backup til serveren herhjemme, jeg fandt frem til rsync + shh, det skulle være sikkert og fungere, så det ville jeg da prøve 😉
Jeg har nu fået det til at virke, jeg skrive en lille opfølgning på hvordan jeg gjorder det, det er mest skrevet som en note til mig selv, derfor kan der mangler forklaringer 🙂
Backup server
$ ssh-keygen -t dsa -b 1024 -f /home/thisuser/cron/thishost-rsync-key
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): [press enter here]
Enter same passphrase again: [press enter here]
Your identification has been saved in /home/thisuser/cron/thishost-rsync-key.
Your public key has been saved in /home/thisuser/cron/thishost-rsync-key.pub.
The key fingerprint is:
2e:28:d9:ec:85:21:e7:ff:73:df:2e:07:78:f0:d0:a0 thisuser@thishost
Kopier ssh pub til remoteserver
$ scp /home/thisuser/cron/thishost-rsync-key.pub \
remoteuser@remotehost:/home/remoteuser/
Remote Server
$ if [ ! -d .ssh ]; then mkdir .ssh ; chmod 700 .ssh ; fi
$ mv thishost-rsync-key.pub .ssh/
$ cd .ssh/
$ if [ ! -f authorized_keys ]; then touch authorized_keys ;\
chmod 600 authorized_keys ; fi
$ cat thishost-rsync-key.pub >> authorized_keys
NB: Husk at være i ~ (home) !
Opdatere authorized_keys så den tjekker at vi kun er kommet for at kører rsync.
command=”/home/remoteuser/cron/validate-rsync” ssh-dss AAAAB3Nza
C1kc3MAAAEBAKYJenaYvMG3nHwWxKwlWLjHb77CT2hXwmC8Ap+fG8wj
laY/9t4uA+2qx9JNorgdrWKhHSKHokFFlWRj+qk3q+lGHS+hsXuvta44W0
yD0y0sW62wrEVegz+JVmntxeYc0nDz5tVGfZe6ydlgomzj1bhfdpYe+BAw
op8L+EMqKLS4iSacNjoPlHsmqHMnbibn3tBqJEq2QJjEPaiYj1iP5IaCuYBhuT
KQGa+oyH3mXEif5CKdsIKBj46B0tCy0/GC7oWcUN92QdLrUyTeRJZsTWsx
KpRbMliD2pBh4oyX/aXEf8+HZBrO5vQjDBCfTFQA+35Xrd3eTVEjkGkncI0S
AeUAAAAVAMZSASmQ9Pi38mdm6oiVXD55Kk2rAAABAE/bA402VuCsOLg9
YS0NKxugT+o4UuIjyl6b2/cMmBVWO39lWAjcsKK/zEdJbrOdt/sKsxIK1/ZIvtl
92DLlMhci5c4tBjCODey4yjLhApjWgvX9D5OPp89qhah4zu509uNX7uH58Z
w/+m6ZOLHN28mV5KLUl7FTL2KZ583KrcWkUA0Id4ptUa9CAkcqn/gWkHM
ptgVwaZKlqZ+QtEa0V2IwUDWS097p3SlLvozw46+ucWxwTJttCHLzUmNN
7w1cIv0w/OHh5IGh+wWjV9pbO0VT3/r2jxkzqksKOYAb5CYzSNRyEwp+NIK
rY+aJz7myu4Unn9de4cYsuXoAB6FQ5I8AAAEBAJSmDndXJCm7G66qdu3Els
LT0Jlz/es9F27r+xrg5pZ5GjfBCRvHNo2DF4YW9MKdUQiv+ILMY8OISduTeu3
2nyA7dwx7z5M8b+DtasRAa1U03EfpvRQps6ovu79mbt1OE8LS9ql8trx8qyI
pYmJxmzIdBQ+kzkY+9ZlaXsaU0Ssuda7xPrX4405CbnKcpvM6q6okMP86Ejj
n75Cfzhv65hJkCjbiF7FZxosCRIuYbhEEKu2Z9Dgh+ZbsZ+9FETZVzKBs4fyS
A6dIw6zmGINd+KY6umMWyJNej2Sia70fu3XLHj2yBgN5cy8arlZ80q1Mcy76
3RjYGkR/FkLJ611HWIA= thisuser@thishost
/home/remoteuser/cron/validate-rsync
#!/bin/sh
case “$SSH_ORIGINAL_COMMAND” in
*\&*)
echo “Rejected”
;;
*\(*)
echo “Rejected”
;;
*\{*)
echo “Rejected”
;;
*\;*)
echo “Rejected”
;;
*\<*)
echo “Rejected”
;;
*\`*)
echo “Rejected”
;;
rsync\ –server*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo “Rejected”
;;
esac
/etc/rsyncd.conf
hosts allow = backupserver
hosts deny = *
log file = /var/log/rsync.log
[root]
path = /
uid = 0
gid = 0
read only = yes
list = yes
auth users = thisuser
Cronjob script
#!/bin/bash
DATE=$(date +%F)
LOG=/var/log/rsync-backup
REMOTE=”remoteserver”
SSHKEY=”/home/thisuser/cron/thishost-rsync-key”
RUSER=”thisuser”
RDIR=”/home/remote/dir”
BDIR=”/home/backupserver/current/”
TDIR=”/home/backupserver/”
EXCLUDE=”/dev /proc /var/run /var/lock /sys”
echo “” > /tmp/rsync-backup
for i in $EXCLUDE
do
echo $i >> /tmp/rsync-backup
done
echo “————————————————————” >> $LOG
echo “Starting backup of $REMOTE …” >> $LOG
echo “Date: $DATE” >> $LOG
echo “rsync log:” >> $LOG
rsync -avz –exclude-from=/tmp/rsync-backup -e “ssh -i $SSHKEY” \
–delete $RUSER@$REMOTE:$RDIR $BDIR >> $LOG
echo “tar log:” >> $LOG
tar jcfps $TDIR$DATE.tar.bz2 $BDIR >> $LOG
echo $TDIR$DATE.tar.bz2 >> $LOG
echo “Backup of $REMOTE done.” >> $LOG
echo “————————————————————” >> $LOG
echo “” >> $LOG
Hvis man benytter sig af Ubuntu så kan man blot lave et symlink til /etc/cron.daily/ for at scriptet gennemføres en gang om dagen.
Ref: http://troy.jdmz.net/rsync/index.html http://www.hmug.org/man/1/rsync.php