Welcome to the new location of Alien's Wiki, sharing a single dokuwiki install with the SlackDocs Wiki.
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
Previous revisionLast revision | |||
— | linux:rsnapshot [2008/11/24 22:19] – Add 'testing remote login' alien | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ===== The rsnapshot backup solution ===== | ||
+ | ----------------------------------------- | ||
+ | |||
+ | Rsnapshot is a filesystem snapshot utility for making backups of local and remote systems. Using rsync and hard links, it is possible to keep multiple, full backups instantly available. The disk space required is just a little more than the space of one full backup, plus incrementals. See the [[http:// | ||
+ | A good read is the [[http:// | ||
+ | |||
+ | |||
+ | ==== Getting the software ==== | ||
+ | |||
+ | I have created a Slackware package for rsnapshot that you can download from my [[http:// | ||
+ | |||
+ | |||
+ | ==== Installing rsnapshot ==== | ||
+ | |||
+ | These are my notes on setting up " | ||
+ | |||
+ | - Make sure the backupserver can login to the target servers using ssh, without requiring a password. We will achieve this by configuring the targets for "// | ||
+ | - On the target servers, do **not** run as the root account, but use a dedicated non-privileged account (called for instance | ||
+ | |||
+ | Good example docs about how to set this up are:\\ | ||
+ | http:// | ||
+ | |||
+ | and it's follow-up article:\\ | ||
+ | http:// | ||
+ | |||
+ | as well as some improvements to this:\\ | ||
+ | http:// | ||
+ | |||
+ | |||
+ | Now, some detailed instructions compiled from the above sources: | ||
+ | ---------------------------------------------------------------- | ||
+ | |||
+ | |||
+ | === Configuring the backup server === | ||
+ | |||
+ | * Determine what user account will run rsnapshot. I suggest using " | ||
+ | * Create a private/ | ||
+ | local# ssh-keygen -t rsa | ||
+ | local# scp id_rsa.pub rbackup@remote-server: | ||
+ | local# ssh remote-server | ||
+ | ; you might have to create the directory ~/.ssh if it doesnt exist: | ||
+ | ; "chmod 700 ~/.ssh ; chown rbackup ~/ | ||
+ | ; if you don't get the permissions on ~/.ssh and ~/ | ||
+ | ; passwordless login will FAIL! | ||
+ | remote# cat id_rsa_rsnapshot.pub >> ~/ | ||
+ | remote# chmod 600 ~/ | ||
+ | remote# chown rbackup ~/ | ||
+ | </ | ||
+ | * Make sure that the ''/ | ||
+ | --rsync-path=rsync_wrapper.sh</ | ||
+ | This is a sample last line in our ''/ | ||
+ | backup< | ||
+ | </ | ||
+ | 0 */4 * * * / | ||
+ | 30 23 * * * / | ||
+ | 15 22 * * * / | ||
+ | </ | ||
+ | |||
+ | |||
+ | === Configuring the remote server(s) === | ||
+ | |||
+ | * Create a user "// | ||
+ | * Append the // | ||
+ | from=" | ||
+ | AAAAB3NzaC1yc2EAAAAB.......0i9yTN7QTrcqKU9ugIesi3+EZnw5ES5wbpo8= | ||
+ | rbackup@TheVault | ||
+ | </ | ||
+ | * Create the ''/ | ||
+ | #!/bin/sh | ||
+ | case " | ||
+ | *\&*) | ||
+ | echo " | ||
+ | ;; | ||
+ | *\;*) | ||
+ | echo " | ||
+ | ;; | ||
+ | rsync*) | ||
+ | $SSH_ORIGINAL_COMMAND | ||
+ | ;; | ||
+ | *true*) | ||
+ | echo $SSH_ORIGINAL_COMMAND | ||
+ | ;; | ||
+ | *) | ||
+ | echo " | ||
+ | ;; | ||
+ | esac | ||
+ | </ | ||
+ | chown rbackup / | ||
+ | chmod 754 / | ||
+ | </ | ||
+ | * Create a wrapper script for rsync (which uses sudo) in ''/ | ||
+ | / | ||
+ | </ | ||
+ | * Add this line to ''/ | ||
+ | |||
+ | === Testing remote login === | ||
+ | |||
+ | When all configuration is complete, and before your scheduled cron jobs start, you should test whether the non-interactive passwordless login from the rsnapshot server to the remote //rbackup// account is functional.\\ You need to make a ssh connection at least once, to add the public key of the remote machine to your root account' | ||
+ | # ssh rbackup@client.my.lan | ||
+ | Rejected 3 | ||
+ | Connection to client.my.lan closed. | ||
+ | </ | ||