Graham Eddy

rsnapshot for domain clusters

Backup hosts, organised as clusters by domain. The backups appear as images of the client hosts at various times (snapshots). rsnapshot pulls files via rsync, utilising its efficiencies:

• only files that have changed;
• compression;
• storing using hard links to existing (unchanged) stored files to avoid multiple copies of identical (same inode) files within the backup.

2022-08-01 Ubuntu 21.10-22.04

Main characteristics of this domain-oriented implementation:

• Each domain has its own configuration file; they are backed up independently: /etc/rsnapshot/domain/rsnapshot.conf.
• Each domain has its own backup media; they are mounted or symlinked appropriately: /srv/backups/domain/.
• There are daily (for a week), weekly (for a month) and monthly (retain three) backups.
• Backups are scheduled via cron.

Installation

d /run/rsnapshot 755 root root
d /var/log/rsnapshot 755 root adm

Add domain for backing up

This example adds domain geddy.au for backing up, but no hosts within it as yet.

snapshot_root⇥··/srv/backup/geddy.au/

cmd_cp⇥·/bin/cp

cmd_rsync⇥······/usr/bin/rsync

cmd_ssh⇥/bin/cp

cmd_logger⇥·····/usr/bin/rsync

cmd_du⇥·/usr/bin/du

cmd_rsnapshot_diff⇥·····/usr/bin/rsnapshot-diff

retain⇥·daily⇥··7
retain⇥·weekly⇥·4
retain⇥·monthly⇥3

logfile⇥/var/log/rsnapshot/geddy.au.log

lockfile⇥·······/run/rsnapshot/geddy.au.pid

du_args⇥-csh

link_dest⇥······1

• Then delete file content after line '### BACKUP POINTS / SCRIPTS ###'.

• Arrange for this domain's backup media to appear as this directory. Simplest case is an external hard drive mounted onto /srv/backup and allow all domains to appear as subdirs.

# geddy.au backups
32 4 * * * rsnapshot -c /etc/rsnapshot/geddy.au/rsnapshot.conf daily
22 4 * * 6 rsnapshot -c /etc/rsnapshot/geddy.au/rsnapshot.conf weekly
12 4 1 * * rsnapshot -c /etc/rsnapshot/geddy.au/rsnapshot.conf monthly

• Adjust the backup schedule to requirements, but maintain the temporal sequencing i.e. if a monthly runs, it must be just before the weekly; if a weekly runs, it must be just before the daily.

Add client host to backed-up domain

The backup server must have keyed passwordless ssh access by root to client hosts's root account. Briefly, this usually means:

• A copy of backup server's /root/.ssh/id_rsa.pub file must be appended to the client hosts's /root/.ssh/authorized_keys file;
• Parameter PermitRootLogin must be yes in the client hosts's /etc/ssh/sshd_config file.

The example is based upon:

Domain name

geddy.au

Host

s0 – web server

Host

s1 – mail server

graham:~ cd /etc/rsnapshot/geddy.au graham:/etc/rsnapshot/geddy.au sudo vi rsnapshot.conf

# s0
backup⇥·s0.geddy.au:/etc/⇥······⇥·······s0/
backup⇥·s0.geddy.au:/home/⇥·····⇥·······s0/
backup⇥·s0.geddy.au:/root/⇥·····⇥·······s0/
backup⇥·s0.geddy.au:/srv/⇥······⇥·······s0/
backup⇥·s0.geddy.au:/usr/local/⇥⇥·······s0/
backup⇥·s0.geddy.au:/var/⇥······⇥·······s0/⇥····exclude_file=/etc/rsnapshot/geddy.au/s0-var.excl

# s1
backup⇥·s1.geddy.au:/etc/⇥······⇥·······s1/
backup⇥·s1.geddy.au:/home/⇥·····⇥·······s1/
backup⇥·s1.geddy.au:/root/⇥·····⇥·······s1/
backup⇥·s1.geddy.au:/srv/⇥······⇥·······s1/
backup⇥·s1.geddy.au:/usr/local/⇥⇥·······s1/
backup⇥·s1.geddy.au:/var/⇥······⇥·······s1/⇥····exclude_file=/etc/rsnapshot/geddy.au/s1-var.excl
backup_script⇥·/usr/local/sbin/pg_dumpall-s1.geddy.au⇥·····s1/dumps/

• This is deliberately not a full system backup, only of our data. The presumption is that everything else is re-installed or ephemeral. Adjust the inclusions (and exclusions) as required.
• In this example, the only subtree needing pruning for backup is /var, and the exclusions are listed in the specified files.
• The backup directive backs up binary copies of the files. This is not always appropriate e.g. an SQL database. The example shows backup_script calling a locally implemented script (see further below) that creates a suitable dump that is then configured to be placed alongside the backup tree.
graham:/etc/rsnapshot/geddy.au sudo vi s0-var.excl

/var/cache/apt
/var/cache/apt-xapian-index
/var/lib/apt
/var/lib/dpkg
/var/lib/mysql
/var/log
/var/spool/postfix
/var/tmp

graham:/etc/rsnapshot/geddy.au sudo cp s0-var.excl s1-var.excl
• In this case, s1's exclusions are identical to s0's.
graham:/etc/rsnapshot/geddy.au sudo vi /usr/local/sbin/pg_dumpall

#!/bin/bash
# dump all postgres databases on remote host.
# usage: pg_dumpall-HOSTNAME
#
# rsnapshot provides temp dir and moves files itself.
# run as root by rsnapshot so no command line args, and passwordless access
# by root@localhost to postgres@HOSTNAME is required.

# extract hostname, which trails last hyphen in script name
hostname=${0##*-}

# dump into current (temp) dir on localhost
umask 077
exec ssh postgres@"$hostname" \
    pg_dumpall --clean --if-exists --no-password > all.psql

graham:/etc/rsnapshot/geddy.au sudo chmod 554 /usr/local/sbin/pg_dumpall graham:/etc/rsnapshot/geddy.au sudo ln -s /usr/local/sbin/pg_dumpall /usr/local/sbin/pg_dumpall-s1.geddy.au
• Creates template postgres database dump script. rsnapshot backup_script takes no arguments so the remote hostname is embedded in filename (after trailing hyphen).
• Use template to create dumpall script for s1.geddy.au by symlinking with appropriate filename.
• This requires passwordless ssh access from root@localhost to postgres@s1.geddy.au (not shown here).

File restoration

Obviously restoration is highly contextual.

The following path is highly instructive on backup image locations: /srv/backup/geddy.au/daily.0/s0/etc/hosts – the most recent daily backup of s0.geddy.au's /etc/hosts file.