Backup » Historique » Version 22
Laurent GUERBY, 27/06/2017 11:00
1 | 3 | Laurent GUERBY | {{>toc}} |
---|---|---|---|
2 | 1 | Laurent GUERBY | |
3 | 1 | Laurent GUERBY | h1. Backup |
4 | 1 | Laurent GUERBY | |
5 | 1 | Laurent GUERBY | h2. Liens |
6 | 1 | Laurent GUERBY | |
7 | 1 | Laurent GUERBY | * [[Backup_infra]] |
8 | 1 | Laurent GUERBY | * [[Apt_Backports_TTNN]] borg debian packaging |
9 | 6 | Laurent GUERBY | * https://www.reddit.com/r/linux/comments/42feqz/i_asked_here_for_the_optimal_backup_solution_and/ |
10 | 1 | Laurent GUERBY | |
11 | 1 | Laurent GUERBY | h2. BackupPC |
12 | 1 | Laurent GUERBY | |
13 | 1 | Laurent GUERBY | * http://backuppc.sourceforge.net/ |
14 | 1 | Laurent GUERBY | |
15 | 1 | Laurent GUERBY | h2. Attic |
16 | 1 | Laurent GUERBY | |
17 | 1 | Laurent GUERBY | * https://attic-backup.org/ |
18 | 1 | Laurent GUERBY | * https://lists.tetaneutral.net/pipermail/technique/2015-September/001971.html |
19 | 1 | Laurent GUERBY | ** Logiciel de backup : choix de attic |
20 | 1 | Laurent GUERBY | |
21 | 1 | Laurent GUERBY | h2. Borg |
22 | 1 | Laurent GUERBY | |
23 | 1 | Laurent GUERBY | * https://github.com/borgbackup |
24 | 1 | Laurent GUERBY | * http://readthedocs.org/projects/borgbackup/ |
25 | 2 | Laurent GUERBY | * http://puppet.tetaneutral.net/pool/main/b/borgbackup/ |
26 | 2 | Laurent GUERBY | * http://puppet.tetaneutral.net/dists/ |
27 | 1 | Laurent GUERBY | |
28 | 20 | Nicolas BERTRAND | Pour un peu automatiser + cron, on peut utiliser borgmatic: |
29 | 20 | Nicolas BERTRAND | * https://github.com/witten/borgmatic |
30 | 21 | Laurent GUERBY | |
31 | 22 | Laurent GUERBY | h3. Borg tips |
32 | 21 | Laurent GUERBY | |
33 | 21 | Laurent GUERBY | * On debian systems to avoid backuping cache (apt & others) use borg --exclude-caches and do once : |
34 | 21 | Laurent GUERBY | <pre> |
35 | 21 | Laurent GUERBY | echo Signature: 8a477f597d28d172789f06886806bc55 > /var/cache/CACHEDIR.TAG |
36 | 21 | Laurent GUERBY | </pre> |
37 | 21 | Laurent GUERBY | |
38 | 21 | Laurent GUERBY | http://borgbackup.readthedocs.io/en/stable/usage.html#borg-create |
39 | 21 | Laurent GUERBY | http://www.brynosaurus.com/cachedir/spec.html |
40 | 21 | Laurent GUERBY | |
41 | 22 | Laurent GUERBY | h3. Borg script |
42 | 11 | Laurent GUERBY | |
43 | 18 | Laurent GUERBY | *Note 20160428* : le script est probablement inutile cf https://github.com/borgbackup/borg/issues/994 |
44 | 17 | Laurent GUERBY | |
45 | 11 | Laurent GUERBY | Pour une machine qui va etre eteinte et rallumée de maniere non controlable. |
46 | 11 | Laurent GUERBY | |
47 | 12 | Laurent GUERBY | Creation initiale avec un user normal capable de ssh sur MACHINE:PORT : |
48 | 12 | Laurent GUERBY | |
49 | 12 | Laurent GUERBY | <pre> |
50 | 12 | Laurent GUERBY | borg init --encryption keyfile ssh://USER@MACHINE:PORT/some/where/borg/NICK-repo |
51 | 12 | Laurent GUERBY | </pre> |
52 | 12 | Laurent GUERBY | |
53 | 19 | Nicolas BERTRAND | On A 2 types d'encryption keyfile et repokey |
54 | 19 | Nicolas BERTRAND | * en keyfile: la clef est stockée 'localement' est doit aussi être backupé. mode "passphrase + key" |
55 | 19 | Nicolas BERTRAND | * repokey : la clef est stocké dans le repo only: mode "passphrase only" |
56 | 19 | Nicolas BERTRAND | <pre> |
57 | 19 | Nicolas BERTRAND | 11.1026 < guerby> [09:39:25] zorun, tu as une ref dans la doc ? ce que j'ai trouvé http://borgbackup.readthedocs.io/en/stable/quickstart.html#encrypted-repos |
58 | 19 | Nicolas BERTRAND | 11.1026 < guerby> [09:39:38] "so you still have the key in case it gets corrupted or lost. Also keep your passphrase at a safe place." |
59 | 19 | Nicolas BERTRAND | 11.1026 < zorun> [09:50:10] guerby: cherche « repokey » dans https://borgbackup.readthedocs.io/en/stable/usage.html |
60 | 19 | Nicolas BERTRAND | 11.1026 < zorun> [09:50:19] # Local repository (default is to use encryption in repokey mode) |
61 | 19 | Nicolas BERTRAND | 11.1026 < zorun> [09:50:27] If you want “passphrase-only” security, use the repokey mode. The key will be stored inside the repository (in its “config” file). In above mentioned attack scenario, the attacker will have the key (but not the passphrase). |
62 | 19 | Nicolas BERTRAND | 11.1026 < zorun> [09:50:43] If you want “passphrase and having-the-key” security, use the keyfile mode. The key will be stored in your home directory (in .config/borg/keys). In the attack scenario, the attacker who has just access to your repo won’t have the key (and also not the passphrase). |
63 | 19 | Nicolas BERTRAND | 11.1026 < taziden> [09:51:21] et la méthode par défaut, c'est repokey |
64 | 19 | Nicolas BERTRAND | </pre> |
65 | 19 | Nicolas BERTRAND | |
66 | 19 | Nicolas BERTRAND | |
67 | 12 | Laurent GUERBY | Et setup cron + script : |
68 | 11 | Laurent GUERBY | <pre> |
69 | 11 | Laurent GUERBY | # crontab -l |
70 | 11 | Laurent GUERBY | @reboot /root/cron-borg.sh |
71 | 11 | Laurent GUERBY | |
72 | 11 | Laurent GUERBY | |
73 | 11 | Laurent GUERBY | |
74 | 11 | Laurent GUERBY | # cat /root/cron-borg.sh |
75 | 11 | Laurent GUERBY | #!/bin/bash |
76 | 11 | Laurent GUERBY | export LANG=en_US.UTF-8 |
77 | 11 | Laurent GUERBY | mkdir -p /root/borg >& /dev/null |
78 | 11 | Laurent GUERBY | |
79 | 11 | Laurent GUERBY | sleep 300 |
80 | 11 | Laurent GUERBY | echo === start === $(date) >> /root/borg/cron.log |
81 | 11 | Laurent GUERBY | |
82 | 11 | Laurent GUERBY | NICK=myhost |
83 | 11 | Laurent GUERBY | REPO=ssh://USER@MACHINE:PORT/some/where/borg/${NICK}-repo |
84 | 11 | Laurent GUERBY | export BORG_PASSPHRASE=lalalala |
85 | 11 | Laurent GUERBY | |
86 | 11 | Laurent GUERBY | if [ -f /root/borg/stamp ]; then |
87 | 11 | Laurent GUERBY | STAMP=$(cat /root/borg/stamp) |
88 | 11 | Laurent GUERBY | borg break-lock $REPO |
89 | 11 | Laurent GUERBY | else |
90 | 11 | Laurent GUERBY | STAMP=$(date '+%Y%m%dT%H%M%S') |
91 | 11 | Laurent GUERBY | if [ -f /root/borg/previous-stamp ]; then |
92 | 1 | Laurent GUERBY | PREVIOUS_STAMP=$(cat /root/borg/previous-stamp) |
93 | 14 | Laurent GUERBY | while [ "${STAMP%T*}" = "${PREVIOUS_STAMP%T*}" ]; do |
94 | 14 | Laurent GUERBY | STAMP=$(date '+%Y%m%dT%H%M%S') |
95 | 13 | Laurent GUERBY | echo === delay === $(date) >> /root/borg/cron.log |
96 | 14 | Laurent GUERBY | sleep 1h |
97 | 14 | Laurent GUERBY | done |
98 | 11 | Laurent GUERBY | fi |
99 | 11 | Laurent GUERBY | echo $STAMP > /root/borg/stamp |
100 | 11 | Laurent GUERBY | fi |
101 | 11 | Laurent GUERBY | |
102 | 11 | Laurent GUERBY | |
103 | 16 | Laurent GUERBY | borg create --compression lz4 --stats --verbose \ |
104 | 16 | Laurent GUERBY | --exclude /root/borg --exclude '/home/*/.cache' --exclude-caches --one-file-system \ |
105 | 16 | Laurent GUERBY | ${REPO}::${NICK}-$STAMP / >> /root/borg/log-$STAMP 2>> /root/borg/err-$STAMP |
106 | 1 | Laurent GUERBY | |
107 | 16 | Laurent GUERBY | res=$? |
108 | 16 | Laurent GUERBY | |
109 | 16 | Laurent GUERBY | if [ $res -eq 0 -o $res eq 1 ]; then |
110 | 11 | Laurent GUERBY | mv -f /root/borg/stamp /root/borg/previous-stamp >& /dev/null |
111 | 11 | Laurent GUERBY | rm -f /root/borg/stamp >& /dev/null |
112 | 1 | Laurent GUERBY | fi |
113 | 1 | Laurent GUERBY | |
114 | 1 | Laurent GUERBY | |
115 | 16 | Laurent GUERBY | echo === done === $res === $(date) >> /root/borg/cron.log |
116 | 14 | Laurent GUERBY | |
117 | 14 | Laurent GUERBY | exec "$0" |
118 | 11 | Laurent GUERBY | </pre> |
119 | 1 | Laurent GUERBY | |
120 | 1 | Laurent GUERBY | h2. Migration Attic vers Borg |
121 | 7 | Laurent GUERBY | |
122 | 4 | Mehdi Abaakouk | * https://github.com/borgbackup/borg/pull/231 |
123 | 4 | Mehdi Abaakouk | * old: https://chiliproject.tetaneutral.net/projects/git-tetaneutral-net/repository/puppet-backup |
124 | 1 | Laurent GUERBY | * new: https://chiliproject.tetaneutral.net/projects/git-tetaneutral-net/repository/puppetmaster/revisions/master/entry/modules/ttnn/manifests/backup.pp |
125 | 1 | Laurent GUERBY | ** git history BackupPC => Attic => Borg |
126 | 4 | Mehdi Abaakouk | |
127 | 5 | Laurent GUERBY | <pre> |
128 | 4 | Mehdi Abaakouk | # apt-get -t jessie-backports install borgbackup |
129 | 4 | Mehdi Abaakouk | $ cd /backup/attic/ |
130 | 4 | Mehdi Abaakouk | $ borg upgrade <repo> |
131 | 4 | Mehdi Abaakouk | $ borg check --repair <repo> |
132 | 4 | Mehdi Abaakouk | $ mv <repo> ../borg/ |
133 | 4 | Mehdi Abaakouk | $ chown -R backupinfra: /backup/borg/<repo> |
134 | 4 | Mehdi Abaakouk | </pre> |
135 | 8 | Laurent GUERBY | |
136 | 4 | Mehdi Abaakouk | Dans le module puppet, le changement le plus important est le parametre compression explicite pour correspondre au défaut de attic create : |
137 | 4 | Mehdi Abaakouk | |
138 | 8 | Laurent GUERBY | <pre> |
139 | 4 | Mehdi Abaakouk | attic create ... <repo> -> borg create --compression zlib,6 ... <repo> |
140 | 4 | Mehdi Abaakouk | </pre> |
141 | 4 | Mehdi Abaakouk | |
142 | 9 | Laurent GUERBY | Sinon le prochain backup sera non compressé, et aucun nouveau chucks ne correspondra aux anciens -> perte de la dedup. "zlib,6" étant le niveau de compression de attic. |
143 | 9 | Laurent GUERBY | |
144 | 10 | Laurent GUERBY | https://github.com/jborg/attic/issues/299 |
145 | 9 | Laurent GUERBY | http://borgbackup.readthedocs.org/en/stable/usage.html#environment-variables |
146 | 9 | Laurent GUERBY | <pre> |
147 | 9 | Laurent GUERBY | export ATTIC_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes |
148 | 1 | Laurent GUERBY | </pre> |