From 6a3fd23d9152a90274fd11673e8834398a3d417f Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Sun, 18 Dec 2016 15:45:15 +0100 Subject: [PATCH] bkctl script for managing evobackup --- PLAN-SAUVEGARDES.template | 10 -- README_FR.md | 64 ++------ bkctl | 317 ++++++++++++++++++++++++++++++++++++++ chroot-ssh.sh | 192 ----------------------- etc/inc.tpl | 6 + etc/sshd_config | 3 +- evobackup | 34 ++-- evobackup-inc.sh | 24 --- evobackup-rm.sh | 42 ----- evobackup.conf | 13 ++ install.sh | 33 ++++ 11 files changed, 398 insertions(+), 340 deletions(-) delete mode 100644 PLAN-SAUVEGARDES.template create mode 100755 bkctl delete mode 100755 chroot-ssh.sh create mode 100644 etc/inc.tpl delete mode 100755 evobackup-inc.sh delete mode 100755 evobackup-rm.sh create mode 100644 evobackup.conf create mode 100755 install.sh diff --git a/PLAN-SAUVEGARDES.template b/PLAN-SAUVEGARDES.template deleted file mode 100644 index b4c05c8..0000000 --- a/PLAN-SAUVEGARDES.template +++ /dev/null @@ -1,10 +0,0 @@ -PLAN DES SAUVEGARDES -==================== - -PORT JAIL ETAT -------------------------------------------------------- -2222 Serveur 1 (IP) 1 -2223 Serveur 2 (IP) 1 -2224 Serveur 3 (IP) 0 -etc.... -....... diff --git a/README_FR.md b/README_FR.md index 2bbad20..0971ad5 100644 --- a/README_FR.md +++ b/README_FR.md @@ -52,26 +52,15 @@ On récupère les sources via https://forge.evolix.org/projects/evobackup/reposi ``` # git clone https://forge.evolix.org/evobackup.git # cd evobackup -# mkdir -m750 /etc/evobackup -# install -v -m700 evobackup /etc/init.d/ -# cd /etc/init.d/ && insserv evobackup +# ./install.sh ``` -− Mettre en place les scripts evobackup-inc.sh et evobackup-rm.sh dans /usr/share/scripts -``` -# install -v -m 700 evobackup-{rm,inc}.sh /usr/share/scripts/ -``` -− Activer la crontab suivante (ajuster éventuellement les heures) : -``` -29 10 * * * pkill evobackup-rm.sh && echo "Kill evobackup-rm.sh done" | mail -s "[warn] EvoBackup - purge incs interrupted" root -30 10 * * * /usr/share/scripts/evobackup-inc.sh && /usr/share/scripts/evobackup-rm.sh -``` > **Notes :** > - Si l'on veut plusieurs backups dans la journée (1 par heure maximum), - on pourra lancer `/usr/share/scripts/evobackup-inc.sh` à plusieurs reprises… + on pourra lancer `bkctl inc` à plusieurs reprises… Ce qui fonctionnera sous réserve qu'entre temps les données ont bien changés ! > - Si l'on ne veut **jamais** supprimer les backups incrémentaux, on pourra se contenter - de ne jamais lancer le script `evobackup-rm.sh`. + de ne jamais lancer la coomande `bkctl rm`. Si le noyau du serveur est patché avec *GRSEC*, on évitera pas mal de warnings en positionnant les paramètres Sysctl suivants : @@ -83,34 +72,25 @@ On récupère les sources via https://forge.evolix.org/projects/evobackup/reposi Créer une prison --- + Créer la prison : - − Exporter la variable `$JAIL` avec le nom d'hôte de la machine a sauvegarder : - - # export JAIL= + # bkctl init - − Se placer dans le répertoire racine de EvoBackup (attention, ne pas déplacer le script `chroot-ssh` car - il a besoin du répertoire etc/ !) puis exécuter : - - # bash chroot-ssh.sh -n /backup/jails/$JAIL -i -p -k + Changer le port d'écoute (defaut: 2222) : -> **Notes :** -> - Ignorer une éventuelle erreur avec `ld-linux-x86-64.so.2` (32bits) ou `ld-linux.so.2` (64bits). -> - `-i ` et `-p ` sont optionnels, vous pouvez ajuster `/backup/jails/$JAIL/etc/ssh/sshd_config`. -> - Si une prison a déjà été crée, `-p guess` vous permettra de deviner le prochain port disponible. -> - `-k ` est optionnel, vous pouvez ajouter la clé publique du client dans le fichier -`/backup/jails/$JAIL/root/.ssh/authorized_keys` déjà existant. + # bkctl port -− Lancer la prison : -``` -# mount -t proc proc-chroot /backup/jails/$JAIL/proc/ -# mount -t devtmpfs udev /backup/jails/$JAIL/dev/ -# mount -t devpts devpts /backup/jails/$JAIL/dev/pts -# chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null -``` + Autoriser une clé publique : -− Vérifier que tout est OK : + # bkctl key - # /etc/init.d/evobackup reload + Lancer la prison : + + # bkctl start + + Vérifier que tout est OK : + + # bkctl status − Gestion des sauvegardes incrémentales : @@ -144,7 +124,7 @@ toutes les 15 jours, le 1er janvier de chaque année, etc.) Attention, la création de ce fichier est **obligatoire** pour activer les copies incrémentales. Si l'on veut garder des copies *advitam aeternam* sans jamais les supprimer, on se contentera de ne pas lancer le script -`evobackup-rm.sh`. +`bkctl rm`. − Copier une prison sur un second serveur : @@ -158,16 +138,6 @@ On utilisera rsync pour faire ceci. ``` Ainsi le second nÅ“ud aura exactement la même prison (et même empreinte SSH). -Mise-à-jour du serveur de sauvegardes ---- - -En cas d'une mise-à-jour d'un paquet lié à SSH ou rsync côté -serveur de sauvegardes, on mettra à jour les prisons ainsi : -``` -# ./chroot-ssh.sh -n updateall -# /etc/init.d/evobackup restart -``` - Installation EvoBackup côté client === diff --git a/bkctl b/bkctl new file mode 100755 index 0000000..aabe472 --- /dev/null +++ b/bkctl @@ -0,0 +1,317 @@ +#!/bin/bash + +id=$(id -u) +if [ $id != 0 ]; then + echo "Error, you need to be root to run bkctl !" + exit 1 +fi + +if [ -f /etc/default/evobackup ]; then + source /etc/default/evobackup +else + echo "Error, you need /etc/default/evobackup !" + exit 1 +fi + +mkdir -p $CONFDIR $JAILDIR $INCDIR + +ProgName=$(basename $0) + +sub_help(){ + echo "Usage: $ProgName [options]" + echo "Subcommands:" + echo " init " + echo " start " + echo " stop " + echo " reload " + echo " restart " + echo " status []" + echo " key []" + echo " port []" + echo " inc" + echo " rm" + echo "" + echo "For help with each subcommand run:" + echo "$ProgName -h|--help" + echo "" +} + +sub_init() { + mkdir -p ${JAILDIR}/${jail} + umask 022 + + echo -n "1 - Creating the chroot..." + mkdir -p ${JAILDIR}/${jail}/{bin,dev,etc/ssh,lib,lib64,proc} + mkdir -p ${JAILDIR}/${jail}/lib/{x86_64-linux-gnu,tls/i686/cmov,i686/cmov} + mkdir -p ${JAILDIR}/${jail}/usr/{bin,lib,sbin} + mkdir -p ${JAILDIR}/${jail}/usr/lib/{x86_64-linux-gnu,openssh,i686/cmov} + mkdir -p ${JAILDIR}/${jail}/root/.ssh && chmod 700 ${JAILDIR}/${jail}/root/.ssh + mkdir -p ${JAILDIR}/${jail}/var/{log,run/sshd} + touch ${JAILDIR}/${jail}/var/log/{authlog,lastlog,messages,syslog} + touch ${JAILDIR}/${jail}/etc/fstab + echo "...OK" + + echo -n "2 - Copying essential files..." + cp /proc/devices ${JAILDIR}/${jail}/proc + cp /etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key} ${JAILDIR}/${jail}/etc/ssh/ + cp ${TPLDIR}/{passwd,shadow,group} ${JAILDIR}/${jail}/etc/ + if [ ! -f ${JAILDIR}/$jail/${SSHD_CONFIG} ]; then + cp ${TPLDIR}/sshd_config ${JAILDIR}/$jail/${SSHD_CONFIG} + fi + echo "...OK" + + echo -n "3 - Copying binaries..." + cp -f /lib/ld-linux.so.2 ${JAILDIR}/${jail}/lib/ 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 ${JAILDIR}/${jail}/lib64/ + cp /lib/x86_64-linux-gnu/libnss* ${JAILDIR}/${jail}/lib/x86_64-linux-gnu/ + + for dbin in /bin/bash /bin/cat /bin/chown /bin/mknod /bin/rm /bin/ls /bin/sed /bin/sh /bin/uname /bin/mount /usr/bin/rsync /usr/sbin/sshd /usr/lib/openssh/sftp-server; do + cp -f $dbin ${JAILDIR}/${jail}/$dbin; + for lib in $(ldd $dbin | grep -Eo "/.*so.[0-9\.]+"); do + cp -p $lib ${JAILDIR}/${jail}/$lib + done + done + echo "...OK" +} + +sub_start() { + set -e + check_jail $jail + status=`check_jail_on $jail` + if [ $status == "ON" ]; then + echo "Jail $jail already running !" + exit 1 + fi + mount -t proc proc-chroot ${JAILDIR}/${jail}/proc/ + mount -t devtmpfs udev ${JAILDIR}/${jail}/dev/ + mount -t devpts devpts ${JAILDIR}/${jail}/dev/pts + exec chroot ${JAILDIR}/${jail} /usr/sbin/sshd -E /var/log/authlog +} + +sub_stop() { + set -e + check_jail $jail + status=`check_jail_on $jail` + if [ $status == "OFF" ]; then + echo "Jail $jail is not running !" + exit 1 + fi + pid=`cat ${JAILDIR}/${jail}/${SSHD_PID}` + ps --ppid $pid -o pid=| while read conn; do + kill $conn + done + kill $pid + umount ${JAILDIR}/${jail}/proc/ + umount ${JAILDIR}/${jail}/dev/pts + sleep 0.2 + umount ${JAILDIR}/${jail}/dev/ +} + +sub_reload() { + set -e + check_jail $jail + status=`check_jail_on $jail` + if [ $status == "ON" ]; then + pkill -HUP -F ${JAILDIR}/${jail}/${SSHD_PID} + fi +} + +sub_restart() { + set -e + check_jail $jail + $0 stop $jail + $0 start $jail +} + +sub_key() { + set -e + check_jail $jail + keyfile=$3 + if [ -n "$keyfile" ]; then + set_key $jail $keyfile + else + get_key $jail + fi +} + +sub_port() { + set -e + check_jail $jail + port=$3 + pre_port=`get_port $jail` + if [ -z $port ]; then + echo "$pre_port" + else + set_port $jail $port + $0 reload $jail + fi +} + +sub_status() { + set -e + check_jail $jail + inc=`check_inc jail` + status=`check_jail_on $jail` + port=`get_port $jail` + echo "$jail : $status ($port) -> $inc" +} + +sub_inc() { + for jail in `ls -1 $CONFDIR`; do + echo -n "hard copy $jail begins at : " >> $LOGFILE + /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE + mkdir -p ${INCDIR}${jail} + cp -alx ${JAILDIR}/${jail}/ ${INCDIR}${jail}/$DATE + echo -n "hard copy $i ends at : " >> $LOGFILE + /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE + done #| tee -a $LOGFILE | mail -s "[info] EvoBackup - create incs" $MYMAIL +} + +sub_rm() { + for i in $( ls -1 $CONFDIR ); do + # list actual inc backups + for j in $( ls $INCDIR$i ); do + echo $j + done > "$TMPDIR"$i.files + + # list non-obsolete inc backups + for j in $( cat $CONFDIR$i ); do + MYDATE=$( echo $j | cut -d. -f1 ) + BEFORE=$( echo $j | cut -d. -f2 ) + date -d "$(date $MYDATE) $BEFORE" "+%Y-%m-%d" + done > "$TMPDIR"$i.keep + + # delete obsolete inc backups + for j in $( grep -v -f "$TMPDIR"$i.keep "$TMPDIR"$i.files ); do + echo -n "Delete $i/$j begins at : " >> $LOGFILE + /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE + cd $INCDIR$i + [ -n "$j" ] && rsync -a --delete $EMPTYDIR/ $j* + [ -n "$j" ] && rmdir $j* && touch /tmp/evobackup-rm.txt + echo -n "Delete $i/$j ends at : " >> $LOGFILE + /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE + done + done #| tee -a $LOGFILE | ( [ -e "/tmp/evobackup-rm.txt" ] && mail -s "[info] EvoBackup - purge incs" $MYMAIL && rm /tmp/evobackup-rm.txt ) + + rm -rf $TMPDIR $EMPTYDIR +} + +check_jail() { + jail=$1 + if [ ! -d ${JAILDIR}/${jail} ]; then + echo "$jail doesn't exits !" >/dev/stderr + exit 1 + fi +} + +check_jail_on() { + jail=$1 + status="OFF" + if [ -f ${JAILDIR}/${jail}/${SSHD_PID} ]; then + pid=`cat ${JAILDIR}/${jail}/${SSHD_PID}` + ps -p $pid > /dev/null + if [ $? == 0 ]; then + status="ON " + else + rm ${JAILDIR}/${jail}/${SSHD_PID} + fi + fi + echo $status +} + +check_inc() { + jail=$1 + inc="0" + if [ -f ${CONFDIR}/${jail} ]; then + day=`grep -c "day" ${CONFDIR}/${jail}` + month=`grep -c "month" ${CONFDIR}/${jail}` + inc="${day}/${month}" + fi + echo $inc +} + +get_port() { + jail=$1 + port=`grep -E "Port [0-9]+" ${JAILDIR}/${jail}/${SSHD_CONFIG}|grep -oE "[0-9]+"` + echo $port +} + +set_port() { + jail=$1 + port=$2 + if [ $port = "auto" ]; then + port=$(grep -h Port ${JAILDIR}/*/${SSHD_CONFIG} 2>/dev/null | grep -Eo [0-9]+ | sort -n | tail -1) + port=$((port+1)) + if [ ! $port -gt 1 ]; then + port=2222 + fi + fi + sed -i "s/^Port .*/Port ${port}/" ${JAILDIR}/$jail/${SSHD_CONFIG} +} + +get_key() { + jail=$1 + if [ -f ${JAILDIR}/${jail}/${AUTHORIZED_KEYS} ]; then + cat ${JAILDIR}/${jail}/${AUTHORIZED_KEYS} + fi +} + +set_key() { + jail=$1 + keyfile=$2 + if [ -f $keyfile ]; then + cat $keyfile > ${JAILDIR}/${jail}/${AUTHORIZED_KEYS} + chmod 600 ${JAILDIR}/${jail}/${AUTHORIZED_KEYS} + else + echo "Keyfile $keyfile dosen't exist !" + exit 1 + fi +} + +subcommand=$1 +jail=$2 +case $subcommand in + "" | "-h" | "--help") + sub_help + ;; + "inc" | "rm") + pkill -f /run/bkctl.pid #| mail -s "[warn] EvoBackup - purge incs interrupted" $MYMAIL + rm -f /run/bkctl.pid + sub_${subcommand} $@ & + echo $! > /run/bkctl.pid + ;; + "init" | "key" | "port") + if [ -z $jail ]; then + sub_help + exit 1 + fi + sub_${subcommand} $@ + ;; + "start" | "stop" | "reload" | "restart") + if [ -z $jail ]; then + sub_help + exit 1 + fi + if [ $jail = "all" ]; then + for jail in `ls $JAILDIR`; do + $0 ${subcommand} $jail + done + else + sub_${subcommand} $@ + fi + ;; + "status") + if [ -z $jail ]; then + for jail in `ls $JAILDIR`; do + $0 status $jail + done + else + sub_${subcommand} $@ + fi + ;; + *) + shift + echo "Error: '$subcommand' is not a known subcommand." >&2 + echo " Run '$ProgName --help' for a list of known subcommands." >&2 + exit 1 + ;; +esac diff --git a/chroot-ssh.sh b/chroot-ssh.sh deleted file mode 100755 index df62289..0000000 --- a/chroot-ssh.sh +++ /dev/null @@ -1,192 +0,0 @@ -#!/bin/bash - -# Gregory Colpart & Benoit Serie -# Chroot script for EvoBackup/OpenSSH - -# Tested only on Debian Wheezy/Jessie amd64 -# Start: -# chroot /backup/jails/myserver mount -t proc proc-chroot /proc/ -# chroot /backup/jails/myserver mount -t devtmpfs udev /dev/ -# chroot /backup/jails/myserver mount -t devpts devpts-chroot /dev/pts/ -# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null -# Reload: -# kill -HUP $(chroot /backup/jails/myserver cat /var/run/sshd.pid) -# Stop: -# kill -9 $(chroot /backup/jails/myserver cat /var/run/sshd.pid) -# Restart: -# kill -9 $(chroot /backup/jails/myserver cat /var/run/sshd.pid) -# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null - -# *Warning* : this setting is specific EvoBackup but used *only* -# for guessing SSH port and updating all the chroot -BACKUP_PATH='/backup/jails' -# With all your jails in $BACKUP_PATH, after *each* ssh upgrade -# or libs upgrade, you can upgrade all your chroots with: -# sh chroot-ssh.sh updateall -# And restart all sshd daemons - - -# Are we root? -id=$(id -u) -if [ $id != 0 ]; then - echo "Error, you need to be root to install EvoBackup!" - exit 1 -fi - -usage() { - - cat </dev/null \ - || cp -f /lib64/ld-linux-x86-64.so.2 $chrootdir/lib64/ - -release=$(lsb_release -s -c) -if [ "$release" = "squeeze" ]; then - cp /lib/libnss* $chrootdir/lib/ -else - if [ "$release" = "wheezy" ]; then - cp /lib/x86_64-linux-gnu/libnss* $chrootdir/lib/x86_64-linux-gnu/ - else - # Others? Not tested... - cp /lib/x86_64-linux-gnu/libnss* $chrootdir/lib/x86_64-linux-gnu/ - fi -fi - -for dbin in /bin/bash /bin/cat /bin/chown /bin/mknod /bin/rm \ - /bin/sed /bin/sh /bin/uname /bin/mount /usr/bin/rsync /usr/sbin/sshd \ - /usr/lib/openssh/sftp-server; do - - cp -f $dbin $chrootdir/$dbin; - for lib in $(ldd $dbin | grep -Eo "/.*so.[0-9\.]+"); do - cp -p $lib $chrootdir/$lib - done -done - -} - - -while getopts ':n:i:p:k:' opt; do - case $opt in - n) - chrootdir=$OPTARG - ;; - i) - ip=$OPTARG - ;; - p) - port=$OPTARG - ;; - k) - pub_key_path=$OPTARG - ;; - ?) - usage - exit 1 - ;; - esac -done - -# Verify parameters. -if [ -z $chrootdir ]; -then - usage - exit 1 -fi -# Test if the chroot exists. -if [ -e $chrootdir ]; then - echo "Error, directory to chroot already exists!" - exit 1 -fi -# Verify the presence of the public key. -if [ -n "$pub_key_path" ] && [ ! -f "$pub_key_path" ]; then - echo "Public key $pub_key_path not found." - exit 1 -fi -# Try to guess the next SSH port. -if [ "$port" = "guess" ]; then - port=$(grep -h Port ${BACKUP_PATH}/*/etc/ssh/sshd_config 2>/dev/null \ - | grep -Eo [0-9]+ | sort -n | tail -1) - port=$((port+1)) - if [ ! $port -gt 1 ]; then - echo "Sorry, port cannot be guessed." - exit 1 - fi -fi - -# specific EvoBackup (use ${BACKUP_PATH}) : updating jails in /backup/jails -if [ "$chrootdir" = "updateall" ]; then - - for i in $(ls -1 ${BACKUP_PATH}/*/lib/x86_64-linux-gnu/libnss_compat.so.2); do - chrootdir=$(echo $i | cut -d"/" -f1,2,3,4) - echo -n "Updating $chrootdir ..." - bincopy $chrootdir - echo "...Done!" - done - -else - -# Creation of the jail. -mkdir -p $chrootdir -chown root:root $chrootdir -umask 022 - -echo -n "1 - Creating the chroot..." -mkdir -p $chrootdir/{bin,dev,etc/ssh,lib,lib64,proc} -mkdir -p $chrootdir/lib/{x86_64-linux-gnu,tls/i686/cmov,i686/cmov} -mkdir -p $chrootdir/usr/{bin,lib,sbin} -mkdir -p $chrootdir/usr/lib/{x86_64-linux-gnu,openssh,i686/cmov} -mkdir -p $chrootdir/root/.ssh && chmod 700 $chrootdir/root/.ssh -mkdir -p $chrootdir/var/{log,run/sshd} -touch $chrootdir/var/log/{authlog,lastlog,messages,syslog} -touch $chrootdir/etc/fstab -echo "...OK" - -echo -n "2 - Copying essential files..." -cp /proc/devices $chrootdir/proc -cp /etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key} $chrootdir/etc/ssh/ -cp etc/sshd_config $chrootdir/etc/ssh/ -cp etc/passwd $chrootdir/etc/ -cp etc/shadow $chrootdir/etc/ -cp etc/group $chrootdir/etc/ -echo "...OK" - -echo -n "3 - Copying binaries..." -bincopy $chrootdir -echo "...OK" - -echo -n "4 - Configuring the chroot..." -[ -n "$port" ] && [ "$port" != "guess" ] && sed -i "s/^Port 2222/Port ${port}/" ${chrootdir}/etc/ssh/sshd_config -[ -n "$ip" ] && sed -i "s/IP/$ip/g" ${chrootdir}/etc/ssh/sshd_config -touch ${chrootdir}/root/.ssh/authorized_keys && chmod 600 ${chrootdir}/root/.ssh/authorized_keys && chown -R root:root ${chrootdir}/root/.ssh/ -[ -n "$pub_key_path" ] && cat $pub_key_path >> ${chrootdir}/root/.ssh/authorized_keys -echo "...OK" - -echo "" -echo "Done. OpenSSH chroot added! Restart evobackup service." -echo "" - -fi - diff --git a/etc/inc.tpl b/etc/inc.tpl new file mode 100644 index 0000000..626fcdb --- /dev/null +++ b/etc/inc.tpl @@ -0,0 +1,6 @@ ++%Y-%m-%d.-0day ++%Y-%m-%d.-1day ++%Y-%m-%d.-2day ++%Y-%m-%d.-3day ++%Y-%m-01.-0month ++%Y-%m-01.-1month diff --git a/etc/sshd_config b/etc/sshd_config index e3176fc..ef57bba 100644 --- a/etc/sshd_config +++ b/etc/sshd_config @@ -32,4 +32,5 @@ UseLogin no Subsystem sftp /usr/lib/openssh/sftp-server -AllowUsers root@IP root@::ffff:IP +AllowUsers root +#AllowUsers root@IP root@::ffff:IP diff --git a/evobackup b/evobackup index dfb765a..37f185c 100755 --- a/evobackup +++ b/evobackup @@ -10,46 +10,32 @@ ### END INIT INFO set -e -BACKUP_PATH=/backup +. /etc/default/evobackup case "$1" in start) - for jail in $(ls -1 ${BACKUP_PATH}/jails |grep -v \.bak); do - mount -t proc proc-chroot ${BACKUP_PATH}/jails/${jail}/proc/ - mount -t devtmpfs udev ${BACKUP_PATH}/jails/${jail}/dev/ - mount -t devpts devpts ${BACKUP_PATH}/jails/${jail}/dev/pts - chroot ${BACKUP_PATH}/jails/${jail} /usr/sbin/sshd > /dev/null - done + bkctl start all ;; stop) - for jail in $(ls -1 ${BACKUP_PATH}/jails |grep -v \.bak); do - kill $(chroot ${BACKUP_PATH}/jails/${jail} cat /var/run/sshd.pid) - umount ${BACKUP_PATH}/jails/${jail}/proc/ - umount ${BACKUP_PATH}/jails/${jail}/dev/pts/ - # Need to wait a little time before unmounting /dev - sleep 0.2 - umount ${BACKUP_PATH}/jails/${jail}/dev - done + bkctl stop all ;; reload|force-reload) - for jail in $(ls -1 ${BACKUP_PATH}/jails |grep -v \.bak); do - kill -HUP \ - $(chroot ${BACKUP_PATH}/jails/${jail} cat /var/run/sshd.pid) - done + bkctl reload all ;; restart) - for jail in $(ls -1 ${BACKUP_PATH}/jails |grep -v \.bak); do - kill $(chroot ${BACKUP_PATH}/jails/${jail} cat /var/run/sshd.pid) - chroot ${BACKUP_PATH}/jails/${jail} /usr/sbin/sshd > /dev/null - done + bkctl restart all + ;; + + status) + bkctl status ;; *) - echo "Usage: $0 {start|stop|restart|reload}" + echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 esac diff --git a/evobackup-inc.sh b/evobackup-inc.sh deleted file mode 100755 index 98511b8..0000000 --- a/evobackup-inc.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -# Script backups incrementaux -# Evolix (c) 2007 - -CONFDIR=/etc/evobackup/ -DATE=$(date +"%Y-%m-%d-%H") -LOGFILE=/var/log/evobackup-incs.log -JAILDIR=/backup/jails/ -INCDIR=/backup/incs/ -MYMAIL=jdoe@example.com - -for i in $( ls -1 $CONFDIR ); do - - # hard copy everyday - echo -n "hard copy $i begins at : " >> $LOGFILE - /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE - mkdir -p "$INCDIR"$i - cp -alx $JAILDIR$i $INCDIR$i/$DATE - echo -n "hard copy $i ends at : " >> $LOGFILE - /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE - -done | tee -a $LOGFILE | mail -s "[info] EvoBackup - create incs" $MYMAIL - diff --git a/evobackup-rm.sh b/evobackup-rm.sh deleted file mode 100755 index 7b1d35d..0000000 --- a/evobackup-rm.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -# Script backups incrementaux -# Evolix (c) 2007 - -CONFDIR=/etc/evobackup/ -DATE=$(date +"%Y-%m-%d") -LOGFILE=/var/log/evobackup-sync.log -JAILDIR=/backup/jails/ -INCDIR=/backup/incs/ -MYMAIL=jdoe@example.com - -TMPDIR=$(mktemp --tmpdir=/tmp -d evobackup.tmpdir.XXX) -EMPTYDIR=$(mktemp --tmpdir=/tmp -d evobackup.empty.XXX) - -for i in $( ls -1 $CONFDIR ); do - - # list actual inc backups - for j in $( ls $INCDIR$i ); do - echo $j - done > "$TMPDIR"$i.files - - # list non-obsolete inc backups - for j in $( cat $CONFDIR$i ); do - MYDATE=$( echo $j | cut -d. -f1 ) - BEFORE=$( echo $j | cut -d. -f2 ) - date -d "$(date $MYDATE) $BEFORE" "+%Y-%m-%d" - done > "$TMPDIR"$i.keep - - # delete obsolete inc backups - for j in $( grep -v -f "$TMPDIR"$i.keep "$TMPDIR"$i.files ); do - echo -n "Delete $i/$j begins at : " >> $LOGFILE - /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE - cd $INCDIR$i - [ -n "$j" ] && rsync -a --delete $EMPTYDIR/ $j* - [ -n "$j" ] && rmdir $j* && touch /tmp/evobackup-rm.txt - echo -n "Delete $i/$j ends at : " >> $LOGFILE - /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE - done -done | tee -a $LOGFILE | ( [ -e "/tmp/evobackup-rm.txt" ] && mail -s "[info] EvoBackup - purge incs" $MYMAIL && rm /tmp/evobackup-rm.txt ) - -rm -rf $TMPDIR $EMPTYDIR diff --git a/evobackup.conf b/evobackup.conf new file mode 100644 index 0000000..c0ae2f1 --- /dev/null +++ b/evobackup.conf @@ -0,0 +1,13 @@ +# Defaults for bkctl command (evobackup) +# sourced by /usr/sbin/bkctl or /usr/local/sbin/bkctl + +CONFDIR=/etc/evobackup/ +JAILDIR=/backup/jails/ +INCDIR=/backup/incs/ +TPLDIR=/usr/share/evobackup/ +LOGFILE=/var/log/evobackup.log +DATE=$(date +"%Y-%m-%d-%H") +MYMAIL=jdoe@example.com +SSHD_PID=/var/run/sshd.pid +SSHD_CONFIG=/etc/ssh/sshd_config +AUTHORIZED_KEYS=/root/.ssh/authorized_keys diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..608a796 --- /dev/null +++ b/install.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +dir=`dirname $0` + +cp $dir/evobackup.conf /etc/default/evobackup +source /etc/default/evobackup + +grep -q usr /etc/fstab +if [ $? == 0 ]; then + mount -o remount,rw /usr +fi + +mkdir -p $TPLDIR +cp $dir/etc/* $TPLDIR +cp $dir/bkctl /usr/local/sbin/ + +crontab -l|grep -q bkctl +if [ $? != 0 ]; then + (crontab -l 2>/dev/null; echo "29 10 * * * bkctl inc && bkctl rm") | crontab - +fi + +dpkg -l sysvinit >/dev/null +if [ $? == 0 ]; then + cp $dir/evobackup /etc/init.d/evobackup + insserv evobackup +fi + +dpkg -l systemd >/dev/null +if [ $? == 0 ] ; then + #cp evobackup@.service /etc/systemd/system/evobackup@.service + cp $dir/evobackup /etc/init.d/evobackup + systemctl enable evobackup +fi