From f945ad2b2cc152e2ec6a3c8127f8afefdb4acf7f Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Fri, 10 Feb 2017 11:31:08 +0100 Subject: [PATCH 01/10] Fix repository url in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 18395ba..45749b7 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ This volume can be encrypted by **luks** for security reason. A Debian package is available in Evolix repository ~~~ -echo "http://pub.evolix.net" >> /etc/apt/sources.list +echo "http://pub.evolix.net/ jessie/" >> /etc/apt/sources.list apt update apt install bkctld ~~~ From 031723d26a48132a8056882ea3f85e1b5a5edbed Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Fri, 17 Feb 2017 12:53:39 +0100 Subject: [PATCH 02/10] Add local dir for surcharge default templates files --- bkctld | 19 ++++++++++++++++--- bkctld.conf | 1 + docs/bkctld.8 | 10 +++++++++- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/bkctld b/bkctld index 8272518..84c1908 100755 --- a/bkctld +++ b/bkctld @@ -172,6 +172,12 @@ set_firewall() { mk_jail() { jail=$1 + passwd="${TPLDIR}/passwd" + shadow="${TPLDIR}/shadow" + group="${TPLDIR}/group" + [ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd" + [ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow" + [ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group" umask 022 echo -n "1 - Creating the chroot..." @@ -188,7 +194,9 @@ mk_jail() { echo -n "2 - Copying essential files..." cp /proc/devices ${JAILDIR}/${jail}/proc cp /etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key} ${JAILDIR}/${jail}/etc/ssh/ - cp ${TPLDIR}/{passwd,shadow,group} ${JAILDIR}/${jail}/etc/ + cp $passwd ${JAILDIR}/${jail}/etc/ + cp $shadow ${JAILDIR}/${jail}/etc/ + cp $group ${JAILDIR}/${jail}/etc/ echo "...OK" echo -n "3 - Copying binaries..." @@ -208,6 +216,10 @@ mk_jail() { sub_init() { jail=$1 + sshd_config="${TPLDIR}/sshd_config" + inctpl="${TPLDIR}/inc.tpl" + [ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config" + [ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl" if ( check_jail $jail ); then echo "Jail $jail already exist ! Use '$0 update $jail' for update it" >&2 exit 1 @@ -221,13 +233,13 @@ sub_init() { fi mk_jail $jail echo -n "4 - Copie default sshd_config..." - install -m 0640 ${TPLDIR}/sshd_config ${JAILDIR}/$jail/${SSHD_CONFIG} + install -m 0640 $sshd_config ${JAILDIR}/$jail/${SSHD_CONFIG} echo "...OK" echo -n "5 - Set usable sshd port..." set_port $jail auto echo "...OK" echo -n "6 - Copie default inc configuration..." - install -m 0640 ${TPLDIR}/inc.tpl ${CONFDIR}/$jail + install -m 0640 $inctpl ${CONFDIR}/$jail echo "...OK" } @@ -519,6 +531,7 @@ main() { [ -z "${JAILDIR}" ] && JAILDIR='/backup/jails' [ -z "${INCDIR}" ] && INCDIR='/backup/incs' [ -z "${TPLDIR}" ] && TPLDIR='/usr/share/bkctld' + [ -z "${LOCALTPLDIR}" ] && LOCALTPLDIR='/usr/local/share/bkctld' [ -z "${LOG_DIR}" ] && LOG_DIR='/var/log' [ -z "${SSHD_PID}" ] && SSHD_PID='/var/run/sshd.pid' [ -z "${SSHD_CONFIG}" ] && SSHD_CONFIG='/etc/ssh/sshd_config' diff --git a/bkctld.conf b/bkctld.conf index ed93071..0e6b2c3 100644 --- a/bkctld.conf +++ b/bkctld.conf @@ -5,6 +5,7 @@ #JAILDIR='/backup/jails' #INCDIR='/backup/incs' #TPLDIR='/usr/share/bkctld' +#LOCALTPLDIR='/usr/local/share/bkctld' #LOG_DIR='/var/log' #SSHD_PID='/var/run/sshd.pid' #SSHD_CONFIG='/etc/ssh/sshd_config' diff --git a/docs/bkctld.8 b/docs/bkctld.8 index 7dcf8c5..d8de15c 100644 --- a/docs/bkctld.8 +++ b/docs/bkctld.8 @@ -130,6 +130,14 @@ Dir where jail template file is stored. default : /usr/share/bkctld .RE .PP +LOCALTPLDIR +.RS 4 +Dir for surcharge jail templates. +.RE +.RS 4 +default : /usr/local/share/bkctld +.RE +.PP LOG_DIR .RS 4 Emplacement of log directory. @@ -194,7 +202,7 @@ Keep the incremental backup of the first january .RE .PP .PP -Default value : keep incremental of last 4 days and last 2 months. Change default in $TPLDIR/inc.tpl. +Default value : keep incremental of last 4 days and last 2 months. Change default in $LOCALTPLDIR/inc.tpl. +%Y-%m-%d.-0day +%Y-%m-%d.-1day From da72a2e71bb496e37dad2eef23d51aa45111dbaa Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Fri, 17 Feb 2017 13:00:47 +0100 Subject: [PATCH 03/10] Add uname in client sample script (Fix #1953) --- docs/zzz_evobackup | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/zzz_evobackup b/docs/zzz_evobackup index 7c54cdf..90505d2 100755 --- a/docs/zzz_evobackup +++ b/docs/zzz_evobackup @@ -143,6 +143,9 @@ mkdir -p -m 700 /home/backup # backup MegaCli config #megacli -CfgSave -f /home/backup/megacli_conf.dump -a0 >/dev/null +## Dump system and kernel versions +uname -a > /home/backup/uname + ## Dump network routes with mtr and traceroute (warning: could be long with aggressive firewalls) for addr in 8.8.8.8 www.evolix.fr travaux.evolix.net; do mtr -r $addr > /home/backup/mtr-${addr} From 7493327b1b86871a5603393e02ed839dfdf81b52 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Wed, 15 Mar 2017 11:15:55 +0100 Subject: [PATCH 04/10] Don't automatically purge incs with bkctld remove (cp version) --- bkctld | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bkctld b/bkctld index 84c1908..890724a 100755 --- a/bkctld +++ b/bkctld @@ -281,8 +281,8 @@ sub_remove() { /sbin/btrfs subvolume delete ${JAILDIR}/${jail} else rm -f ${CONFDIR}/${jail} - rm -rf ${INCDIR}/${jail} rm -rf ${JAILDIR}/${jail} + echo "You need to purge ${INCDIR}/${jail} manually !" fi echo "...OK" } From 207386de282451f0bb5699f610e8c675af28cf48 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Fri, 17 Mar 2017 11:06:53 +0100 Subject: [PATCH 05/10] Fix schema on README --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 45749b7..e6a897f 100644 --- a/README.md +++ b/README.md @@ -11,12 +11,14 @@ Incrementals are stored outside of the chroot using hard links or btrfs snapshot (So incrementals are not available for clients). Using this method we can keep tens of backup of each client securely and not using too much space. +~~~ Backup server ************ Server 1 ------ SSH/rsync -------> * tcp/2222 * * * Server 2 ------ SSH/rsync -------> * tcp/2223 * ************ +~~~ This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume). EvoBackup is used for many years by Evolix for back up each day hundreds of servers which From 661e69ed4b8caf8be5a9cfc36ee568321019b8a3 Mon Sep 17 00:00:00 2001 From: Daniel Jakots Date: Thu, 23 Mar 2017 13:57:50 -0400 Subject: [PATCH 06/10] autodetect the system we run on --- docs/zzz_evobackup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/zzz_evobackup b/docs/zzz_evobackup index 90505d2..d319e24 100755 --- a/docs/zzz_evobackup +++ b/docs/zzz_evobackup @@ -33,7 +33,7 @@ trap "rm -f $PIDFILE" EXIT SSH_PORT=2XXX # choose "linux" or "bsd" -SYSTEME=linux +SYSTEME=$(uname | tr '[:upper:]' '[:lower:]') # email adress for notifications MAIL=jdoe@example.com From e815d61867360d9c47fe1746df270a76c5c16dab Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Fri, 24 Mar 2017 12:13:02 +0100 Subject: [PATCH 07/10] Use lazy umount (wait for sshd stop) --- bkctld | 8 ++++---- docs/bkctld.8 | 5 ----- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/bkctld b/bkctld index 890724a..c60a7eb 100755 --- a/bkctld +++ b/bkctld @@ -48,8 +48,8 @@ check_jail_on() { exit 0 else rm ${JAILDIR}/${jail}/${SSHD_PID} - umount -R ${JAILDIR}/${jail}/dev - umount ${JAILDIR}/${jail}/proc/ + umount --lazy --recursive ${JAILDIR}/${jail}/dev + umount --lazy ${JAILDIR}/${jail}/proc/ exit 1 fi else @@ -339,8 +339,8 @@ sub_stop() { kill $conn done kill $pid - umount -R ${JAILDIR}/${jail}/dev - umount ${JAILDIR}/${jail}/proc/ + umount --lazy --recursive ${JAILDIR}/${jail}/dev + umount --lazy ${JAILDIR}/${jail}/proc/ echo "...OK" } diff --git a/docs/bkctld.8 b/docs/bkctld.8 index d8de15c..3612761 100644 --- a/docs/bkctld.8 +++ b/docs/bkctld.8 @@ -253,11 +253,6 @@ SSH_PORT Port of corespondant evobackup jail. .RE .PP -SYSTEME -.RS 4 -Linux or BSD. -.RE -.PP MAIL .RS 4 Email address for notification. From 8c4be9fc0d8677389c799958c2cbc3c0132ecc4b Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Fri, 24 Mar 2017 12:20:51 +0100 Subject: [PATCH 08/10] Update man page --- docs/bkctld.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/bkctld.8 b/docs/bkctld.8 index 3612761..c66e68a 100644 --- a/docs/bkctld.8 +++ b/docs/bkctld.8 @@ -1,6 +1,6 @@ .\" Manpage for bkctld. .\" Contact vlaborie@evolix.fr to correct errors or typos. -.TH man 8 "11 Janvier 2017" "1.0" "bkctld man page" +.TH man 8 "24 Mars 2017" "1.2.3" "bkctld man page" .SH NAME bkctld - tool to manage evobackup jail .SH SYNOPSIS From d8b6fe9d87ea7a0a02aec492fc5cf98e5a6b1b7e Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Mon, 27 Mar 2017 11:33:58 +0200 Subject: [PATCH 09/10] Dump all disk (include vd[a-z]) on Linux (work for mbr and gpt disk) --- docs/zzz_evobackup | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/zzz_evobackup b/docs/zzz_evobackup index d319e24..099beae 100755 --- a/docs/zzz_evobackup +++ b/docs/zzz_evobackup @@ -135,8 +135,12 @@ mkdir -p -m 700 /home/backup ## Dump MBR / table partitions with dd and sfdisk ## Linux -# dd if=/dev/sda of=/home/backup/MBR bs=512 count=1 2>&1 | egrep -v "(records in|records out|512 bytes)" -# sfdisk -d /dev/sda > /home/backup/partitions 2>&1 | egrep -v "(Warning: extended partition does not start at a cylinder boundary|DOS and Linux will interpret the contents differently)" +#for disk in $(ls /dev/{s,v}d[a-z] 2>/dev/null); do +# name=$(basename $disk) +# dd if=$disk of=/home/backup/MBR-$name bs=512 count=1 2>&1 | egrep -v "(records in|records out|512 bytes)" +# fdisk -l $disk > /home/backup/partitions-$name +#done +#cat /home/backup/partitions-* > /home/backup/partitions ## OpenBSD # disklabel sd0 > /home/backup/partitions From e5ac7e6e73cc01304d0f9135bf46d8fb0bd5633b Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Fri, 31 Mar 2017 14:54:18 +0200 Subject: [PATCH 10/10] Delete firewall rules on bkctld remove --- bkctld | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/bkctld b/bkctld index c60a7eb..e3e0b34 100755 --- a/bkctld +++ b/bkctld @@ -158,12 +158,14 @@ set_firewall() { if [ -f $FIREWALL_RULES ]; then sed -i "/#${jail}$/d" $FIREWALL_RULES fi - port=$(get_port $jail) - for ip in $(get_ip $jail); do - echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport $port -s $ip -j ACCEPT #$jail" >> $FIREWALL_RULES - done - if [ -f /etc/init.d/minifirewall ]; then - /etc/init.d/minifirewall restart >/dev/null + if ( check_jail $jail ); then + port=$(get_port $jail) + for ip in $(get_ip $jail); do + echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport $port -s $ip -j ACCEPT #$jail" >> $FIREWALL_RULES + done + if [ -f /etc/init.d/minifirewall ]; then + /etc/init.d/minifirewall restart >/dev/null + fi fi fi } @@ -284,6 +286,7 @@ sub_remove() { rm -rf ${JAILDIR}/${jail} echo "You need to purge ${INCDIR}/${jail} manually !" fi + set_firewall $jail echo "...OK" }