Refactoring of the code.
Evobackup is is now all in english and it is more flexible and easy to install & configure.
This commit is contained in:
Benoit.S « Benpro »
parent
7968aea863
commit
eb4c2c6f41
4
AUTHORS
Normal file
4
AUTHORS
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
Grégory COLPART <reg@evolix.fr>
|
||||
Romain DESSORT <rdessort@evolix.fr>
|
||||
Arnaud TOMEÏ <atomei@evolix.fr>
|
||||
Benoît SÉRIE <bserie@evolix.fr>
|
||||
116
INSTALL.md
Normal file
116
INSTALL.md
Normal file
|
|
@ -0,0 +1,116 @@
|
|||
Installing EvoBackup
|
||||
====================
|
||||
|
||||
Backup server side
|
||||
------------------
|
||||
|
||||
1) Git clone the project (i.e in /root/evobackup).
|
||||
|
||||
2) Install configuration files.
|
||||
|
||||
```
|
||||
root@backupserver:~/evobackup# install.sh
|
||||
```
|
||||
|
||||
This will create /etc/evobackup and /etc/init.d/evobackup (or
|
||||
/etc/init/evobackup.conf for Ubuntu).
|
||||
|
||||
3) Set up the first chroot.
|
||||
|
||||
```
|
||||
root@backupserver:~/evobackup# chroot-new.sh -n client1 -i 192.168.0.10 -p 2222 -k /path/to/rsakeyclient1.pub
|
||||
```
|
||||
|
||||
This will create the OpenSSH chroot for the machine "client1", listening on
|
||||
port 2222 and accepting only connections from 192.168.0.10 using public key
|
||||
rsakeyclient1.pub.
|
||||
|
||||
Tip: If you have already a chroot, you can commit the port option (-p), it
|
||||
will be incremented from the last chroot.
|
||||
|
||||
4) Handle incrementals by modifying /etc/evobackup/conf.d/incs/client1
|
||||
|
||||
Syntax of this file is simple:
|
||||
|
||||
* +%Y-%m-%d.-0day Keep actual day
|
||||
* +%Y-%m-%d.-1day Keep yesterday
|
||||
* +%Y-%m-01.-0month Keep the firt day of the actual month
|
||||
* +%Y-%m-01.-1month Keep the first day of the last month
|
||||
|
||||
Tip: You can use rdiff-backup in place of rsync, and choose to not use
|
||||
EvoBackup incrementals method. You need to modify the cronjob.
|
||||
|
||||
5) Set up the scripts which will handle incrementals.
|
||||
|
||||
```
|
||||
root@backupserver:~/evobackup# mkdir -p /usr/share/scripts
|
||||
root@backupserver:~/evobackup# cp crons/evobackup-{inc,rm}.sh /usr/share/scripts/
|
||||
root@backupserver:~/evobackup# chmod u+x /usr/share/scripts/evobackup-{inc,rm}.sh
|
||||
root@backupserver:~/evobackup# crontab -e
|
||||
```
|
||||
|
||||
Set this in the root crontab
|
||||
|
||||
```
|
||||
29 10 * * * pkill evobackup-rm.sh && echo "Kill evobackup-rm.sh done" | mail -s "[warn] EvoBackup - purge incs interrupted" root
|
||||
30 10 * * * /usr/share/scripts/evobackup-inc.sh && /usr/share/scripts/evobackup-rm.sh
|
||||
````
|
||||
|
||||
Client side
|
||||
-----------
|
||||
|
||||
1) Git clone the project (i.e in /root/evobackup).
|
||||
|
||||
2) Generates OpenSSH key for user root (if user root don't have one already).
|
||||
|
||||
```
|
||||
root@client1:~/evobackup# ssh-keygen
|
||||
```
|
||||
|
||||
Do not set a passphrase, otherwise you will need to enter the passphrase (or
|
||||
store it using an agent) for each backups!
|
||||
|
||||
3) Install configuration files.
|
||||
|
||||
```
|
||||
root@client1:~/evobackup# install.sh client
|
||||
```
|
||||
|
||||
4) Add the zzz_evobackup crontab into the daily cronjobs (recommended):
|
||||
|
||||
```
|
||||
root@client1:~/evobackup# cp crons/zzz_evobackup /etc/cron.daily/
|
||||
root@client1:~/evobackup# chmod 700 /etc/cron.daily/zzz_evobackup
|
||||
```
|
||||
|
||||
Why "zzz"? Because we want the backup cronjob to be the last one.
|
||||
|
||||
5) Configure the cronjob.
|
||||
|
||||
In /etc/evobackup:
|
||||
|
||||
* What to backup using shell scripts in actions.d. By default all scripts are
|
||||
commented out. Un-comment or write your own code, this will be launched
|
||||
before the rsync, using run-parts.
|
||||
|
||||
* What to include in conf.d/include.cf
|
||||
* What to exclude in conf.d/exclude.cf
|
||||
* General config in conf.d/cron.cf
|
||||
|
||||
6) Optional, test with sh -x.
|
||||
|
||||
```
|
||||
root@client1:~/evobackup# sh -x /etc/cron.daily/zzz_evobackup
|
||||
```
|
||||
|
||||
Updating OpenSSH chroot
|
||||
-----------------------
|
||||
|
||||
When you upgrade you system you may need to upgrade the OpenSSH chroot. To do
|
||||
that launch update-chroot.sh.
|
||||
|
||||
```
|
||||
root@backupserver:~/evobackup# chroot-update.sh
|
||||
```
|
||||
|
||||
Then reload sshd daemons.
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
PLAN DES SAUVEGARDES
|
||||
====================
|
||||
|
||||
PORT JAIL ETAT
|
||||
-------------------------------------------------------
|
||||
2222 Serveur 1 (IP) 1
|
||||
2223 Serveur 2 (IP) 1
|
||||
2224 Serveur 3 (IP) 0
|
||||
etc....
|
||||
.......
|
||||
215
README
215
README
|
|
@ -1,215 +0,0 @@
|
|||
EvoBackup
|
||||
=========
|
||||
|
||||
EvoBackup est un ensemble de scripts permettant de mettre en place
|
||||
un service de backups gérant les sauvegardes de plusieurs machines.
|
||||
Le principe est d'installer des prisons/chroot contenant un service
|
||||
SSH écoutant sur un port différent dans chaque prison. Chaque serveur
|
||||
peut ainsi envoyer ses données quotidiennement en "root" via rsync
|
||||
dans sa propre prison. Les prisons sont ensuite copiées en dehors des
|
||||
prisons (donc inacccessible par les serveurs) de façon incrémentale
|
||||
grâce à des "hard links". On peut ainsi conserver des dizaines de
|
||||
sauvegardes de chaque serveur de façon sécurisé et avec peu de place.
|
||||
|
||||
|
||||
**************************
|
||||
Serveur 1 ------SSH/rsync -------> * tcp/2222 Serveur *
|
||||
* de *
|
||||
Serveur 2 ------SSH/rsync -------> * tcp/2223 Sauvegardes *
|
||||
**************************
|
||||
|
||||
Cette technique de sauvegarde s'appuient sur des technologies
|
||||
standards. Elle est utilisée depuis plusieurs années par Evolix
|
||||
pour sauvegarder chaque jour des centaines de serveurs représentant
|
||||
plusieurs To de données incrémentales.
|
||||
|
||||
|
||||
Serveur de sauvegardes
|
||||
----------------------
|
||||
|
||||
Le serveur de sauvegardes doit être sous Debian Squeeze
|
||||
(testé sous Etch/Lenny/Squeeze, les instructions sont pour Squeeze).
|
||||
Avec les logiciels suivants :
|
||||
|
||||
- OpenSSH
|
||||
- Rsync (le daemon rsync n'est pas nécessaire)
|
||||
- Le paquet makedev (plus nécessaire depuis Squeeze)
|
||||
- Commande "mail" (ou un équivalent) capable d'envoyer
|
||||
des messages à l'extérieur.
|
||||
|
||||
Un volume d'une taille importante doit être monté sur /backup
|
||||
Pour des raisons de sécurité on pourra chiffre ce volume.
|
||||
On créera ensuite les répertoires suivants :
|
||||
|
||||
- /backup/jails : pour les prisons
|
||||
- /backup/incs : pour les copies incrémentales des prisons
|
||||
- /etc/evobackup : config des fréquences des copies incrémentales
|
||||
|
||||
Pour la mise en place des backups incrémentaux sur le serveur :
|
||||
- Mettre en place les scripts evobackup-inc.sh et evobackup-rm.sh dans /usr/share/scripts
|
||||
- Mettre les droits d'exécution : chmod u+x /usr/share/scripts/evobackup-{inc,rm}.sh
|
||||
- Activer le crontab suivant (ajuster éventuellement les heures) :
|
||||
29 10 * * * pkill evobackup-rm.sh && echo "Kill evobackup-rm.sh done" | mail -s "[warn] EvoBackup - purge incs interrupted" root
|
||||
30 10 * * * /usr/share/scripts/evobackup-inc.sh && /usr/share/scripts/evobackup-rm.sh
|
||||
|
||||
Note : si l'on ne veut *jamais* supprimer les backups incrémentaux, on pourra se contenter
|
||||
de ne jamais lancer le script evobackup-rm.sh
|
||||
|
||||
|
||||
Si le noyau du serveur est patché avec GRSEC, on évitera pas mal
|
||||
de warnings en positionnant les paramètres Sysctl suivants :
|
||||
|
||||
# sysctl kernel.grsecurity.chroot_deny_chmod=0
|
||||
# sysctl kernel.grsecurity.chroot_deny_mknod=0
|
||||
|
||||
Note : plus nécessaire avec un noyau récent a priori
|
||||
|
||||
Serveurs à sauvegarder
|
||||
----------------------
|
||||
|
||||
On peut sauvegarder différents systèmes : Linux, BSD, Windows, MacOSX.
|
||||
L'un des seuls prérequis est d'avoir rsync.
|
||||
|
||||
|
||||
Installation d'une sauvegarde
|
||||
-----------------------------
|
||||
|
||||
Côté serveur de sauvegardes
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
1) On récupère les sources via http://git.evolix.org/git/evolinux/evobackup.git
|
||||
|
||||
- Exporter la variable $JAIL avec le nom d'hôte saisit dans la grille :
|
||||
|
||||
# export JAIL=<nom d'hote>
|
||||
|
||||
- Se placer dans le bon répertoire (attention, ne pas déplacer le script car
|
||||
il a besoin du répertoire etc/ !) puis exécuter :
|
||||
|
||||
# bash chroot-ssh.sh /backup/jails/$JAIL
|
||||
|
||||
Note : Ignorer une éventuelle erreur avec ld-linux-x86-64.so.2 (32bits) ou ld-linux.so.2 (64bits)
|
||||
|
||||
- Editer le fichier /backup/jails/$JAIL/etc/ssh/sshd_config
|
||||
et remplacer le port SSH utilisé par le prochain disponible
|
||||
(ou garder celui assigné si c'est la première prison).
|
||||
Ajouter également la restriction d'IP si possible via "AllowUsers" :
|
||||
AllowUsers root@IP root@::ffff:IP
|
||||
|
||||
- Ajouter la clé publique du client à sauvegarder dans
|
||||
/backup/jails/$JAIL/root/.ssh/authorized_keys
|
||||
|
||||
- Puis corrigez les droits SSH :
|
||||
|
||||
# chmod -R 600 /backup/jails/$JAIL/root/.ssh/
|
||||
# chown -R root:root /backup/jails/$JAIL/root/.ssh/
|
||||
|
||||
2) Gestion du lancement des prisons en modifiant le fichier de démarrage
|
||||
/etc/init.d/evobackup (on remplacera $JAIL par sa vraie valeur).
|
||||
|
||||
- Ajouter à start) :
|
||||
|
||||
mount -t proc proc-chroot /backup/jails/$JAIL/proc/
|
||||
mount -t devtmpfs udev /backup/jails/$JAIL/dev/
|
||||
chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null
|
||||
|
||||
- Ajouter à stop) :
|
||||
|
||||
umount /backup/jails/$JAIL/proc/
|
||||
umount /backup/jails/$JAIL/dev/
|
||||
kill -9 `chroot /backup/jails/$JAIL cat /var/run/sshd.pid`
|
||||
|
||||
- Ajouter à reload|force-reload) :
|
||||
|
||||
kill -HUP `chroot /backup/jails/$JAIL cat /var/run/sshd.pid`
|
||||
|
||||
- Ajouter à restart) :
|
||||
|
||||
kill -9 `chroot /backup/jails/$JAIL cat /var/run/sshd.pid`
|
||||
chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null
|
||||
|
||||
3) On lance la prison :
|
||||
|
||||
# mount -t proc proc-chroot /backup/jails/$JAIL/proc/
|
||||
# mount -t devtmpfs udev /backup/jails/$JAIL/dev/
|
||||
# chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null
|
||||
|
||||
Pour vérifier que tout est OK :
|
||||
|
||||
# /etc/init.d/evobackup reload
|
||||
|
||||
4) Gestion des sauvegardes incrémentales
|
||||
|
||||
Pour activer les gestions des copies incrémentales,
|
||||
créer le fichier /etc/evobackup/$JAIL contenant par
|
||||
exemple :
|
||||
|
||||
+%Y-%m-%d.-0day
|
||||
+%Y-%m-%d.-1day
|
||||
+%Y-%m-%d.-2day
|
||||
+%Y-%m-%d.-3day
|
||||
+%Y-%m-01.-0month
|
||||
+%Y-%m-01.-1month
|
||||
|
||||
Quelques explications sur cette syntaxe particulière.
|
||||
Par exemple, la ligne ci-dessous signifie "garder la sauvegarde du
|
||||
jour actuel" (à toujours mettre sur la première ligne a priori) :
|
||||
+%Y-%m-%d.-0day
|
||||
La ligne ci-dessous signifie "garder la sauvegarde d'hier" :
|
||||
+%Y-%m-%d.-1day
|
||||
La ligne ci-dessous signifie "garder la sauvegarde du 1er jour du
|
||||
mois courant" :
|
||||
+%Y-%m-01.-0month
|
||||
Toujours le même principe, on peut garder celle du 1er jours du
|
||||
mois dernier :
|
||||
+%Y-%m-01.-1month
|
||||
|
||||
Et bien sûr, on peut garder aussi le 15e jour (pour avoir une sauvegarde
|
||||
toutes les 15 jours, le 1er janvier de chaque année, etc.)
|
||||
|
||||
Attention, la création de ce fichier est *obligatoire* pour activer
|
||||
les copies incrémentales. Si l'on veut garder des copies advitam aeternam
|
||||
sans jamais les supprimer, on se contentera de ne pas lancer le script
|
||||
evobackup-rm.sh.
|
||||
|
||||
|
||||
Côté serveur à sauvegarder
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
1) Générez une clé SSH pour l'utilisateur "root" :
|
||||
|
||||
# ssh-keygen
|
||||
|
||||
(Ne pas la protéger par une passphrase, sauf si un humain
|
||||
va l'entrer manuellement à chaque sauvegarde effectuée)
|
||||
|
||||
(La clé générée doit être de type RSA et non DSA !!)
|
||||
|
||||
2) Envoyez "/root/.ssh/id_rsa.pub" au responsable du serveur de
|
||||
sauvegarde, ainsi que l'adresse IP de la machine.
|
||||
|
||||
3) Ajoutez à la crontab le fichier "zzz_evobackup"
|
||||
Pour une sauvegarde quotidienne (conseillé), utilisez le répertoire
|
||||
"/etc/cron.daily/" (sous Linux) ou "/etc/periodic/daily" (sous FreeBSD).
|
||||
|
||||
Il faut éventuellement ajuster le script en supprimant les lignes "--exclude"
|
||||
si l'on ne souhaite pas exclure les fichiers/répertoires de cette ligne et
|
||||
ajouter/supprimer les lignes en dessous pour sauvegarder les bons répertoires.
|
||||
($rep désigne les données systèmes). Vous pouvez donc choisir librement ce
|
||||
que vous désirez sauvegarder.
|
||||
|
||||
4) Une fois que tout en place au niveau du serveur de sauvegardes,
|
||||
on doit initier la première connexion :
|
||||
|
||||
# ssh -p <port> <serveur de sauvegardes>
|
||||
|
||||
|
||||
Mise-à-jour du serveur de sauvegardes
|
||||
-------------------------------------
|
||||
|
||||
En cas d'une mise-à-jour d'un paquet lié à SSH ou rsync côté
|
||||
serveur de sauvegardes, on mettra à jour ainsi :
|
||||
|
||||
# sh chroot-ssh.sh updateall
|
||||
# /etc/init.d/evobackup restart
|
||||
|
||||
47
README.md
47
README.md
|
|
@ -1,4 +1,47 @@
|
|||
evobackup
|
||||
EvoBackup
|
||||
=========
|
||||
|
||||
Backup manager used at @evolix
|
||||
EvoBackup is a bunch of shell scripts to create a backup server which will
|
||||
handle the backup of many servers (clients). Licence is GPLv2.
|
||||
|
||||
The main principle uses SSH chroot (called "jails" in the FreeBSD
|
||||
world) for each client to backup. Each client will upload his data every day
|
||||
using rsync in his chroot (using root account).
|
||||
Incrementals are stored outside of the chroot using hard links. (So incrementals
|
||||
are not available for clients). Using this method we can keep tens of backup of
|
||||
each client securely and not using too much space.
|
||||
|
||||
Backup server
|
||||
************
|
||||
Server 1 ------ SSH/rsync -------> * tcp/2222 *
|
||||
* *
|
||||
Server 2 ------ SSH/rsync -------> * tcp/2223 *
|
||||
************
|
||||
|
||||
This method uses standard tools (ssh, rsync, cp -al). EvoBackup is used for
|
||||
many years by Evolix for back up each day hundreds of servers which uses many
|
||||
terabytes of data.
|
||||
|
||||
Backup server
|
||||
-------------
|
||||
|
||||
The backup server need to be based on Debian. Tested on Debian Wheezy and
|
||||
Ubuntu 13.04.
|
||||
|
||||
Needed packages:
|
||||
|
||||
* openssh-server
|
||||
* rsync
|
||||
* bsd-mailx (or other package providing /usr/bin/mailx)
|
||||
|
||||
Backups are stored in a big partition mounted on /backup (you can change this).
|
||||
For security reasons it is recommended to encrypt the backup partition (i.e
|
||||
using LUKS).
|
||||
|
||||
Main directories:
|
||||
|
||||
* /backup/jails: chroot used by clients
|
||||
* /backup/incs: incrementals
|
||||
* /etc/evobackup: config file for incrementals frequency
|
||||
|
||||
To install and configure EvoBackup read INSTALL.
|
||||
19
chroot-bincopy.sh
Executable file
19
chroot-bincopy.sh
Executable file
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/sh
|
||||
# Copy essential binaries into the chroot.
|
||||
|
||||
chrootdir=$1
|
||||
|
||||
# TODO: better detection of amd64 arch
|
||||
cp -f /lib/ld-linux.so.2 $chrootdir/lib/ 2>/dev/null \
|
||||
|| cp -f /lib64/ld-linux-x86-64.so.2 $chrootdir/lib64/
|
||||
cp /lib/x86_64-linux-gnu/libnss* $chrootdir/lib/x86_64-linux-gnu/
|
||||
|
||||
for dbin in /bin/bash /bin/cat /bin/chown /bin/mknod /bin/rm \
|
||||
/bin/sed /bin/sh /bin/uname /bin/mount /usr/bin/rsync /usr/sbin/sshd \
|
||||
/usr/lib/openssh/sftp-server; do
|
||||
|
||||
cp -f $dbin $chrootdir/$dbin;
|
||||
for lib in `ldd $dbin | cut -d">" -f2 | cut -d"(" -f1`; do
|
||||
cp -p $lib $chrootdir/$lib
|
||||
done
|
||||
done
|
||||
138
chroot-new.sh
Executable file
138
chroot-new.sh
Executable file
|
|
@ -0,0 +1,138 @@
|
|||
#!/bin/sh
|
||||
# Set-up and configure an OpenSSH chroot.
|
||||
|
||||
BACKUP_PATH='/backup/jails'
|
||||
|
||||
#Are we root?
|
||||
id=$(id -u)
|
||||
if [ $id != 0 ]; then
|
||||
echo "Error, you need to be root to install EvoBackup!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
usage() {
|
||||
|
||||
cat <<EOT
|
||||
Add an OpenSSH chroot.
|
||||
Usage: $0 -n name -i ip -p port -k pub-key-path
|
||||
|
||||
Mandatory parameters:
|
||||
-n: Name of the chroot.
|
||||
-i: IP address of the client machine.
|
||||
-k: Path to the SSH public key of the client machine.
|
||||
|
||||
Optional parameters:
|
||||
-p: SSH port which chroot/jail will listen on.
|
||||
port can be ommited if there is already one chroot, it will be guessed.
|
||||
EOT
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
newchroot() {
|
||||
|
||||
# Path to the chroot.
|
||||
chrootdir=$1
|
||||
mkdir -p $chrootdir
|
||||
chown root:root $chrootdir
|
||||
umask 022
|
||||
# create jail
|
||||
echo -n "1 - Creating the chroot..."
|
||||
mkdir -p $chrootdir/{bin,dev,etc/ssh,lib,lib64}
|
||||
mkdir -p $chrootdir/lib/tls/i686/cmov/
|
||||
mkdir -p $chrootdir/lib/x86_64-linux-gnu/
|
||||
mkdir -p $chrootdir/proc
|
||||
mkdir -p $chrootdir/root/.ssh
|
||||
mkdir -p $chrootdir/usr/lib/i686/cmov/
|
||||
mkdir -p $chrootdir/lib/i686/cmov/
|
||||
mkdir -p $chrootdir/usr/{bin,lib,sbin}
|
||||
mkdir -p $chrootdir/usr/lib/x86_64-linux-gnu/
|
||||
mkdir -p $chrootdir/usr/lib/openssh
|
||||
mkdir -p $chrootdir/var/log/
|
||||
mkdir -p $chrootdir/var/run/sshd
|
||||
touch $chrootdir/var/log/{authlog,lastlog,messages,syslog}
|
||||
touch $chrootdir/etc/fstab
|
||||
echo "...OK"
|
||||
|
||||
echo -n "2 - Copying essential files..."
|
||||
cp /proc/devices $chrootdir/proc
|
||||
cp /etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key} $chrootdir/etc/ssh/
|
||||
cp chroot-etc/sshd_config $chrootdir/etc/ssh/
|
||||
cp chroot-etc/passwd $chrootdir/etc/
|
||||
cp chroot-etc/shadow $chrootdir/etc/
|
||||
cp chroot-etc/group $chrootdir/etc/
|
||||
echo "...OK"
|
||||
|
||||
echo -n "3 - Copying binaries..."
|
||||
./chroot-bincopy.sh $chrootdir
|
||||
echo "...OK"
|
||||
}
|
||||
|
||||
while getopts ':n:i:p:k:' opt; do
|
||||
case $opt in
|
||||
n)
|
||||
jail=$OPTARG
|
||||
;;
|
||||
i)
|
||||
ip=$OPTARG
|
||||
;;
|
||||
p)
|
||||
port=$OPTARG
|
||||
;;
|
||||
k)
|
||||
pub_key_path=$OPTARG
|
||||
;;
|
||||
?)
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Verify parameters.
|
||||
if [ -z $jail ] || [ -z $ip ] || [ -z $pub_key_path ];
|
||||
then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
# Test if the chroot exists.
|
||||
if [ -d ${BACKUP_PATH}/${jail} ]; then
|
||||
echo "Error, directory to chroot already exists!"
|
||||
exit 1
|
||||
fi
|
||||
# Verify the presence of the public key.
|
||||
if [ ! -f "$pub_key_path" ]; then
|
||||
echo "Public key $pub_key_path not found."
|
||||
exit 1
|
||||
fi
|
||||
# If port ommited try to guess it.
|
||||
if [ -z $port ]; then
|
||||
port=$(grep -h Port /backup/jails/*/etc/ssh/sshd_config \
|
||||
| grep -Eo [0-9]+ | sort -n | tail -1)
|
||||
port=$((port+1))
|
||||
if [ -z $port ]; then
|
||||
echo "Port cannot be guessed. Add -p option!"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create the chroot
|
||||
newchroot ${BACKUP_PATH}/${jail}
|
||||
# Configure the chroot
|
||||
echo -n "4 - Configuring the chroot..."
|
||||
sed -i "s/^Port 2222/Port ${port}/" ${BACKUP_PATH}/${jail}/etc/ssh/sshd_config
|
||||
sed -i "s/IP/$ip/g" ${BACKUP_PATH}/${jail}/etc/ssh/sshd_config
|
||||
cat $pub_key_path > ${BACKUP_PATH}/${jail}/root/.ssh/authorized_keys
|
||||
chmod -R 600 ${BACKUP_PATH}/${jail}/root/.ssh/
|
||||
chown -R root:root ${BACKUP_PATH}/${jail}/root/.ssh/
|
||||
cat <<EOT >/etc/evobackup/conf.d/incs/${jail}
|
||||
+%Y-%m-%d.-0day
|
||||
+%Y-%m-%d.-1day
|
||||
+%Y-%m-%d.-2day
|
||||
+%Y-%m-%d.-3day
|
||||
+%Y-%m-01.-0month
|
||||
+%Y-%m-01.-1month
|
||||
EOT
|
||||
|
||||
echo -n "Done. OpenSSH chroot added! Restart evobackup service."
|
||||
132
chroot-ssh.sh
132
chroot-ssh.sh
|
|
@ -1,132 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Gregory Colpart <reg@evolix.fr>
|
||||
# chroot script for OpenSSH
|
||||
# $Id: chroot-ssh.sh,v 1.12 2010-07-02 17:40:29 gcolpart Exp $
|
||||
|
||||
# tested on Debian Etch and recently on Lenny
|
||||
# Exec this script for jail creation:
|
||||
# ./chroot-ssh.sh /backup/jails/myserver
|
||||
# Note: etc/{sshd_config,group,passwd} files should be present
|
||||
|
||||
# For Etch
|
||||
# Start: chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null
|
||||
# Reload: kill -HUP `chroot /backup/jails/myserver cat /var/run/sshd.pid`
|
||||
# Stop: kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid`
|
||||
# Restart: Stop + Start
|
||||
|
||||
# For Lenny
|
||||
# Start :
|
||||
# chroot /backup/jails/myserver mount -t proc proc-chroot /proc/
|
||||
# chroot /backup/jails/myserver mount -t devpts devpts-chroot /dev/pts/
|
||||
# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null
|
||||
# Reload: kill -HUP `chroot /backup/jails/myserver cat /var/run/sshd.pid`
|
||||
# Stop: kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid`
|
||||
# Restart:
|
||||
# kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid`
|
||||
# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null
|
||||
|
||||
# After *each* ssh upgrade or libs upgrade:
|
||||
# sh chroot-ssh.sh updateall
|
||||
# And restart all sshd daemons
|
||||
|
||||
bincopy() {
|
||||
|
||||
chrootdir=$1
|
||||
|
||||
# TODO : better detection of amd64 arch
|
||||
cp -f /lib/ld-linux.so.2 $chrootdir/lib/ || cp -f /lib64/ld-linux-x86-64.so.2 $chrootdir/lib64/
|
||||
cp /lib/libnss* $chrootdir/lib/
|
||||
|
||||
for dbin in /bin/bash /bin/cat /bin/chown /bin/mknod /bin/rm /bin/sed /bin/sh /bin/uname /bin/mount /usr/bin/rsync /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
|
||||
cp -f $dbin $chrootdir/$dbin;
|
||||
# (comme dans http://www.gcolpart.com/hacks/chroot-bind.sh)
|
||||
for lib in `ldd $dbin | cut -d">" -f2 | cut -d"(" -f1`; do
|
||||
cp -p $lib $chrootdir/$lib
|
||||
done
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
# synopsis
|
||||
if [ $# -ne 1 ]; then
|
||||
echo "Vous devez indiquer un repertoire."
|
||||
echo "Exemple : chroot-ssh.sh /backup/jails/myserver"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# are u root?
|
||||
if [ `whoami` != "root" ]; then
|
||||
echo "Vous devez executer le script en étant root."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
||||
if [ -e $1 ]; then
|
||||
echo "Le repertoire $1 existe deja..."
|
||||
fi
|
||||
|
||||
if [ "$1" = "updateall" ]; then
|
||||
|
||||
for i in `ls -1 /backup/jails/*/lib/libnss_compat.so.2`; do
|
||||
chrootdir=`echo $i | cut -d"/" -f1,2,3,4`
|
||||
echo -n "MaJ $chrootdir ..."
|
||||
bincopy $chrootdir
|
||||
echo "...OK"
|
||||
done
|
||||
|
||||
else
|
||||
|
||||
# where is jail
|
||||
chrootdir=$1
|
||||
|
||||
mkdir -p $chrootdir
|
||||
chown root:root $chrootdir
|
||||
|
||||
umask 022
|
||||
|
||||
# create jail
|
||||
|
||||
echo -n "1 - Creation de la prison..."
|
||||
|
||||
mkdir -p $chrootdir/{bin,dev,etc/ssh,lib,lib64}
|
||||
mkdir -p $chrootdir/lib/tls/i686/cmov/
|
||||
mkdir -p $chrootdir/proc
|
||||
mkdir -p $chrootdir/root/.ssh
|
||||
mkdir -p $chrootdir/usr/lib/i686/cmov/
|
||||
mkdir -p $chrootdir/lib/i686/cmov/
|
||||
mkdir -p $chrootdir/usr/{bin,lib,sbin}
|
||||
mkdir -p $chrootdir/usr/lib/openssh
|
||||
mkdir -p $chrootdir/var/log/
|
||||
mkdir -p $chrootdir/var/run/sshd
|
||||
|
||||
touch $chrootdir/var/log/{authlog,lastlog,messages,syslog}
|
||||
touch $chrootdir/etc/fstab
|
||||
|
||||
echo "...OK"
|
||||
|
||||
echo -n "2 - Copie des donnees..."
|
||||
cp /proc/devices $chrootdir/proc
|
||||
|
||||
cp /etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key} $chrootdir/etc/ssh/
|
||||
cp etc/sshd_config $chrootdir/etc/ssh/
|
||||
cp etc/passwd $chrootdir/etc/
|
||||
cp etc/shadow $chrootdir/etc/
|
||||
cp etc/group $chrootdir/etc/
|
||||
|
||||
echo ".......OK"
|
||||
|
||||
echo -n "3 - Copie des binaires..."
|
||||
|
||||
bincopy $chrootdir
|
||||
|
||||
echo "......OK"
|
||||
|
||||
echo -n "4 - Termine."
|
||||
|
||||
# end
|
||||
|
||||
echo ""
|
||||
|
||||
fi
|
||||
|
||||
11
chroot-update.sh
Executable file
11
chroot-update.sh
Executable file
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
# Update all OpenSSH chroot.
|
||||
|
||||
BACKUP_PATH='/backup/jails'
|
||||
|
||||
for i in `ls -1 ${BACKUP_PATH}/*/lib/libnss_compat.so.2`; do
|
||||
chrootdir=`echo $i | cut -d"/" -f1,2,3,4`
|
||||
echo -n "Updating $chrootdir ..."
|
||||
./chroot-bincopy.sh $chrootdir
|
||||
echo "Done!"
|
||||
done
|
||||
17
crons/evobackup-inc.sh
Normal file
17
crons/evobackup-inc.sh
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
# Handles creating incrementals backup.
|
||||
|
||||
. /etc/evobackup/conf.d/incrementals.cf
|
||||
|
||||
start=$(date --rfc-3339=seconds)
|
||||
|
||||
for client in ${CONFDIR}/*; do
|
||||
backupname=${client#/etc/evobackup/conf.d/incs/}
|
||||
# hard copy everyday
|
||||
echo -n "Hard copy of backup $backupname started at $start. " \
|
||||
>> $LOGFILE
|
||||
[[ ! -d ${INCDIR}/${backupname} ]] && mkdir -p ${INCDIR}/${backupname}
|
||||
cp -alx ${JAILDIR}/${backupname} ${INCDIR}/${backupname}/${DATEDIR}
|
||||
stop=$(date --rfc-3339=seconds)
|
||||
echo -n "Hard copy of $backupname ended at $stop." >> $LOGFILE
|
||||
done | tee -a $LOGFILE | mailx -s "[info] EvoBackup report of creating incrementals" $MAIL_TO
|
||||
38
crons/evobackup-rm.sh
Normal file
38
crons/evobackup-rm.sh
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Handle removing of incrementals.
|
||||
|
||||
. /etc/evobackup/conf.d/incrementals.cf
|
||||
|
||||
tmpdir=$(mktemp --tmpdir=/tmp -d evobackup.XXX)
|
||||
emptydir=$(mktemp --tmpdir=/tmp -d evobackup.XXX)
|
||||
|
||||
# For each client, delete needed incrementals.
|
||||
for client in ${CONFDIR}/*; do
|
||||
# Get only the name of the backup.
|
||||
backupname=${client#${CONFDIR}/}
|
||||
# List actual incrementals backup.
|
||||
for inc in ${INCDIR}/${backupname}/*; do
|
||||
echo $inc
|
||||
done > ${tmpdir}/${backupname}.files
|
||||
# List non-obsolete incrementals backup.
|
||||
for incConf in $(cat ${CONFDIR}/${backupname}); do
|
||||
MYDATE=$(echo $incConf | cut -d. -f1)
|
||||
BEFORE=$(echo $incConf | cut -d. -f2)
|
||||
date -d "$(date $MYDATE) $BEFORE" "+%Y-%m-%d"
|
||||
done > ${tmpdir}/${backupname}.keep
|
||||
# Delete obsolete incrementals backup
|
||||
for inc in $(grep -v -f ${tmpdir}/${backupname}.keep ${tmpdir}/${backupname}.files); do
|
||||
start=$(date --rfc-3339=seconds)
|
||||
echo -n "Delete of ${backupname}/${inc#${INCDIR}/${backupname}/} started at ${start}." >> $LOGFILE
|
||||
# We use rsync to delete since it is faster than rm!
|
||||
rsync -a --delete ${emptydir}/ $inc
|
||||
rm -r $inc
|
||||
rm -r $emptydir
|
||||
stop=$(date --rfc-3339=seconds)
|
||||
echo -n "Delete of ${backupname}/${inc#${INCDIR}/${backupname}/} ended at ${stop}." >> $LOGFILE
|
||||
done
|
||||
done | tee -a $LOGFILE | mail -s "[info] EvoBackup - purge incs" $MAIL_TO
|
||||
|
||||
# Cleaning
|
||||
rm -rf $tmpdir
|
||||
57
crons/zzz_evobackup
Normal file
57
crons/zzz_evobackup
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
#!/bin/sh
|
||||
# EvoBackup cronjob.
|
||||
|
||||
. /etc/evobackup/conf.d/cron.cf
|
||||
|
||||
# Verify if an EvoBackup is already launched, if true, kill it.
|
||||
if [ -e $PIDFILE ]; then
|
||||
pkill -9 -F $PIDFILE
|
||||
echo "$0 is running (PID $(cat $PIDFILE)). Process killed." >&2
|
||||
fi
|
||||
echo "$$" > $PIDFILE
|
||||
trap "rm -f $PIDFILE" EXIT INT
|
||||
|
||||
# Executes tasks to do before rsync.
|
||||
run-parts /etc/evobackup/actions.d/
|
||||
|
||||
# Handle include paths when the system OS is GNU/Linux or FreeBSD. Customize it
|
||||
# if necessary.
|
||||
system=$(uname -o)
|
||||
hostname=$(hostname -f)
|
||||
start=$(date --rfc-3339=seconds)
|
||||
tmplog=$(mktemp --tmpdir=/tmp evobackup.XXX)
|
||||
if [ "$system" = "GNU/Linux" ]; then
|
||||
rep="/bin /boot /lib /opt /sbin /usr"
|
||||
elif [ "$system" = "FreeBSD" ]; then
|
||||
rep="/bsd /bin /boot /sbin /usr"
|
||||
else
|
||||
# Not GNU/Linux or FreeBSD
|
||||
rep=""
|
||||
fi
|
||||
|
||||
# rsync command line to backup all data.
|
||||
rsync -avz --delete --force --ignore-errors --partial \
|
||||
--exclude-from=/etc/evobackup/conf.d/exclude.cf \
|
||||
--include-from=/etc/evobackup/conf.d/include.cf \
|
||||
$rep \
|
||||
-e "ssh -p $SSHPORT -4" \
|
||||
root@${BACKUPSERVER}:/var/backup/ > $tmplog
|
||||
$status=$?
|
||||
|
||||
# Keep the last 20 lines
|
||||
tail -20 $tmplog >> $LOG && rm $tmplog
|
||||
|
||||
stop=$(date --rfc-3339=seconds)
|
||||
echo "EvoBackup started at $start." >> /var/log/evobackup.log
|
||||
echo "EvoBackup finished at $stop." >> /var/log/evobackup.log
|
||||
|
||||
# Send a report
|
||||
# Did rsync sucessfully finished?
|
||||
if [ "$status" != 0 ]; then
|
||||
tail -10 $LOG \
|
||||
| mailx -s "[warn] EvoBackup for $hostname did not finish correctly." \
|
||||
$MAIL_TO
|
||||
else
|
||||
tail -10 $LOG \
|
||||
| mailx -s "[info] EvoBackup report for $hostname" $MAIL_TO
|
||||
fi
|
||||
29
evobackup
29
evobackup
|
|
@ -1,29 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: evobackup
|
||||
# Required-Start: $syslog
|
||||
# Required-Stop: $syslog
|
||||
# Default-Start: 2
|
||||
# Default-Stop: 1
|
||||
# Short-Description: evobackup jails
|
||||
### END INIT INFO
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
;;
|
||||
|
||||
stop)
|
||||
;;
|
||||
|
||||
reload|force-reload)
|
||||
;;
|
||||
|
||||
restart)
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Script backups incrementaux
|
||||
# Evolix (c) 2007
|
||||
|
||||
CONFDIR=/etc/evobackup/
|
||||
DATE=$(date +"%d-%m-%Y")
|
||||
LOGFILE=/var/log/evobackup-sync.log
|
||||
TMPDIR=/tmp/evobackup/
|
||||
JAILDIR=/backup/jails/
|
||||
INCDIR=/backup/incs/
|
||||
MYMAIL=jdoe@example.com
|
||||
|
||||
mkdir -p $TMPDIR
|
||||
|
||||
for i in $( ls $CONFDIR ); do
|
||||
|
||||
# hard copy everyday
|
||||
echo -n "hard copy $i begins at : " >> $LOGFILE
|
||||
/bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE
|
||||
mkdir -p "$INCDIR"$i
|
||||
cp -alx $JAILDIR$i $INCDIR$i/$DATE
|
||||
echo -n "hard copy $i ends at : " >> $LOGFILE
|
||||
/bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE
|
||||
|
||||
done | tee -a $LOGFILE | mail -s "[info] EvoBackup - create incs" $MYMAIL
|
||||
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Script backups incrementaux
|
||||
# Evolix (c) 2007
|
||||
|
||||
CONFDIR=/etc/evobackup/
|
||||
DATE=$(date +"%d-%m-%Y")
|
||||
LOGFILE=/var/log/evobackup-sync.log
|
||||
TMPDIR=/tmp/evobackup/
|
||||
JAILDIR=/backup/jails/
|
||||
INCDIR=/backup/incs/
|
||||
MYMAIL=jdoe@example.com
|
||||
|
||||
mkdir -p $TMPDIR
|
||||
|
||||
for i in $( ls $CONFDIR ); do
|
||||
|
||||
# list actual inc backups
|
||||
for j in $( ls $INCDIR$i ); do
|
||||
echo $j
|
||||
done > "$TMPDIR"$i.files
|
||||
|
||||
# list non-obsolete inc backups
|
||||
for j in $( cat $CONFDIR$i ); do
|
||||
MYDATE=$( echo $j | cut -d. -f1 )
|
||||
BEFORE=$( echo $j | cut -d. -f2 )
|
||||
date -d "$(date $MYDATE) $BEFORE" "+%d-%m-%Y"
|
||||
done > "$TMPDIR"$i.keep
|
||||
|
||||
# delete obsolete inc backups
|
||||
for j in $( grep -v -f "$TMPDIR"$i.keep "$TMPDIR"$i.files ); do
|
||||
echo -n "Delete $i/$j begins at : " >> $LOGFILE
|
||||
/bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE
|
||||
cd $INCDIR$i
|
||||
rm -rf $j
|
||||
echo -n "Delete $i/$j ends at : " >> $LOGFILE
|
||||
/bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE
|
||||
done
|
||||
|
||||
done | tee -a $LOGFILE | mail -s "[info] EvoBackup - purge incs" $MYMAIL
|
||||
|
||||
34
install.sh
Executable file
34
install.sh
Executable file
|
|
@ -0,0 +1,34 @@
|
|||
#!/bin/sh
|
||||
# Install EvoBackup configuration and init files.
|
||||
|
||||
# Debian or Ubuntu?
|
||||
flavor=$(lsb_release -i -s)
|
||||
debian=false
|
||||
ubuntu=false
|
||||
if [ "$flavor" = "Debian" ]; then
|
||||
echo "Debian detected."
|
||||
debian=true
|
||||
elif [ "$flavor" = "Ubuntu" ]; then
|
||||
echo "Ubuntu detected."
|
||||
ubuntu=true
|
||||
else
|
||||
echo "Not a Debian based distribution? If yes, fix this script. Exiting..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Are we root?
|
||||
id=$(id -u)
|
||||
if [ $id != 0 ]; then
|
||||
echo "Error, you need to be root to install EvoBackup!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cp -r install/etc/evobackup /etc/
|
||||
# Don't install init script for client-side.
|
||||
if [ "$1" != "client" ]; then
|
||||
$debian && cp install/etc/init.d/evobackup /etc/init.d/
|
||||
$ubuntu && cp install/etc/init/evobackup.conf /etc/init/
|
||||
fi
|
||||
|
||||
echo "Done."
|
||||
exit 0
|
||||
5
install/etc/evobackup/actions.d/00_prerequisites
Executable file
5
install/etc/evobackup/actions.d/00_prerequisites
Executable file
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/sh
|
||||
# Prerequisites actions to do.
|
||||
|
||||
test ! -d /home/backup && mkdir /home/backup
|
||||
exit 0
|
||||
47
install/etc/evobackup/actions.d/10_mysql
Executable file
47
install/etc/evobackup/actions.d/10_mysql
Executable file
|
|
@ -0,0 +1,47 @@
|
|||
#!/bin/sh
|
||||
# Many ways of backuping MySQL/MariaDB databases.
|
||||
|
||||
# Dump with all databases in one file.
|
||||
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf \
|
||||
# --opt --all-databases --force | gzip --best > /home/backup/mysql.bak.gz
|
||||
|
||||
# Dump des BDD en .sql.gz
|
||||
# mkdir -p /home/mysqldump/
|
||||
# for i in $(mysql -e 'show databases' -s --skip-column-names | egrep -v
|
||||
# "^(Database|information_schema)"); do
|
||||
# mysqldump --force $i | gzip --best > /home/mysqldump/${i}.sql.gz
|
||||
# done
|
||||
|
||||
# for i in $(echo SHOW DATABASES | mysql | egrep -v
|
||||
# "^(Database|information_schema)" ); \
|
||||
# do mkdir -p /home/mysqldump/$i ; chown -R mysql /home/mysqldump ; \
|
||||
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q --opt -T \
|
||||
# /home/mysqldump/$i $i; done
|
||||
|
||||
# Dump par base
|
||||
# mkdir -p -m 700 /home/mysqldump/BASE
|
||||
# chown -R mysql /home/mysqldump/
|
||||
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q \
|
||||
# --opt -T /home/mysqldump/BASE BASE
|
||||
|
||||
# mkdir -p /home/mysqlhotcopy/
|
||||
# mysqlhotcopy BASE /home/mysqlhotcopy/
|
||||
|
||||
# Dump instanceS MySQL
|
||||
#
|
||||
## Recherche du mot de passe mysqladmin
|
||||
#mysqladminpasswd=`cat /root/.my.cnf |grep -m1 'password = .*' |cut -d" " -f3`
|
||||
#
|
||||
## Determination des instances MySQL disponibles sur le serveur (hors 3306)
|
||||
#grep -E "^port\s*=\s*\d*" /etc/mysql/my.cnf |while read instance; do
|
||||
# instance=$(echo $instance |tr -d '\t')
|
||||
# instance=${instance// /}
|
||||
# instance=${instance//port=/}
|
||||
# if [ "$instance" != "3306" ]
|
||||
# then
|
||||
# mysqldump -P $instance --opt --all-databases -u mysqladmin
|
||||
# -p$mysqladminpasswd > /home/backup/mysql.$instance.bak
|
||||
# fi
|
||||
#done
|
||||
|
||||
exit 0
|
||||
15
install/etc/evobackup/actions.d/11_postgresql
Normal file
15
install/etc/evobackup/actions.d/11_postgresql
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/sh
|
||||
# PostgreSQL Dump
|
||||
|
||||
# su - postgres -c "pg_dumpall > ~/pg.dump.bak"
|
||||
# mv ~postgres/pg.dump.bak /home/backup/
|
||||
|
||||
# Exemple de backups...
|
||||
# On sauvegarde les tables d'une base sauf des exceptions
|
||||
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f
|
||||
#/home/backup/pg-backup.tar -t 'TABLE1' -t 'TABLE2' BASE
|
||||
# On sauvegarde uniquement certaines tables d'une base
|
||||
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f
|
||||
#/home/backup/pg-backup.tar -T 'TABLE1' -T 'TABLE2' BASE
|
||||
|
||||
exit 0
|
||||
6
install/etc/evobackup/actions.d/12_redis
Normal file
6
install/etc/evobackup/actions.d/12_redis
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
# Dump Redis
|
||||
|
||||
# cp /var/lib/redis/dump.rdb /home/backup/
|
||||
|
||||
exit 0
|
||||
7
install/etc/evobackup/actions.d/13_mongodb
Normal file
7
install/etc/evobackup/actions.d/13_mongodb
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/sh
|
||||
# Dump MongoDB
|
||||
|
||||
# mongodump -u mongobackup -pPASS -o /home/backup/mongodump/ >/dev/null 2>&1
|
||||
# |grep -v "^connected to:"
|
||||
|
||||
exit 0
|
||||
6
install/etc/evobackup/actions.d/50_ldap
Executable file
6
install/etc/evobackup/actions.d/50_ldap
Executable file
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
# Dump LDAP
|
||||
|
||||
# slapcat -l /home/backup/ldap.bak
|
||||
|
||||
exit 0
|
||||
30
install/etc/evobackup/actions.d/99_system_info
Executable file
30
install/etc/evobackup/actions.d/99_system_info
Executable file
|
|
@ -0,0 +1,30 @@
|
|||
#!/bin/sh
|
||||
# Get system informations.
|
||||
|
||||
# Extract MBR / table partitions.
|
||||
# dd if=/dev/sda of=/home/backup/MBR bs=512 count=1 2>&1 | egrep -v "(records
|
||||
# in|records out|512 bytes)"
|
||||
# sfdisk -d /dev/sda > /home/backup/partitions 2>&1 | egrep -v "(Warning:
|
||||
#extended partition does not start at a cylinder boundary|DOS and Linux will
|
||||
# interpret the contents differently)"
|
||||
|
||||
# Get routes
|
||||
# traceroute -n 8.8.8.8 > /home/backup/traceroute-8.8.8.8
|
||||
# mtr -r 8.8.8.8 > /home/backup/mtr-8.8.8.8
|
||||
# traceroute -n backup.evolix.net > /home/backup/traceroute-backup.evolix.net
|
||||
# mtr -r backup.evolix.net > /home/backup/mtr-backup.evolix.net
|
||||
# traceroute -n www.evolix.fr > /home/backup/traceroute-www.evolix.fr
|
||||
# mtr -r www.evolix.fr > /home/backup/mtr-www.evolix.fr
|
||||
# traceroute -n www.evolix.net > /home/backup/traceroute-www.evolix.net
|
||||
# mtr -r www.evolix.net > /home/backup/mtr-www.evolix.net
|
||||
|
||||
# Process list.
|
||||
ps auwwwx > /home/backup/process.txt
|
||||
|
||||
# Network connections list.
|
||||
netstat -taupen > /home/backup/netstat.txt
|
||||
|
||||
# Packages list.
|
||||
dpkg -l > /home/backup/packages.txt
|
||||
|
||||
exit 0
|
||||
17
install/etc/evobackup/conf.d/cron.cf
Normal file
17
install/etc/evobackup/conf.d/cron.cf
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
# Pid file
|
||||
PIDFILE="/var/run/evobackup.pid"
|
||||
|
||||
# Port of the OpenSSH chroot on the backup server.
|
||||
SSHPORT=2222
|
||||
|
||||
# Hostname OR adress IP of the backup server.
|
||||
BACKUPSERVER="haruna.benprobox.fr"
|
||||
|
||||
# A mail to send the report or alert.
|
||||
MAIL_TO="jdoe@example.com"
|
||||
|
||||
# Log file
|
||||
LOG="/var/log/evobackup.log"
|
||||
|
||||
# Used when you have more than one backup server.
|
||||
NODE=$(( $(date +%d) % 2 ))
|
||||
24
install/etc/evobackup/conf.d/exclude.cf
Normal file
24
install/etc/evobackup/conf.d/exclude.cf
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
lost+found
|
||||
.nfs.*
|
||||
/var/log
|
||||
/var/log/evobackup*
|
||||
/var/lib/mysql
|
||||
/var/lib/postgres
|
||||
/var/lib/postgresql
|
||||
/var/lib/sympa
|
||||
/var/lib/metche
|
||||
/var/run
|
||||
/var/lock
|
||||
/var/state
|
||||
/var/apt
|
||||
/var/cache
|
||||
/usr/src
|
||||
/usr/doc
|
||||
/usr/share/doc
|
||||
/usr/obj
|
||||
dev
|
||||
/var/spool/postfix
|
||||
/var/lib/amavis/amavisd.sock
|
||||
/var/lib/munin/munin-update.stats.tmp
|
||||
/var/lib/php5
|
||||
/var/spool/squid
|
||||
5
install/etc/evobackup/conf.d/include.cf
Normal file
5
install/etc/evobackup/conf.d/include.cf
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
/etc
|
||||
/root
|
||||
/var
|
||||
/home
|
||||
/srv
|
||||
6
install/etc/evobackup/conf.d/incrementals.cf
Normal file
6
install/etc/evobackup/conf.d/incrementals.cf
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
CONFDIR=/etc/evobackup/conf.d/incs
|
||||
DATEDIR=$(date +"%Y-%m-%d")
|
||||
LOGFILE=/var/log/evobackup-sync.log
|
||||
JAILDIR=/backup/jails
|
||||
INCDIR=/backup/incs
|
||||
MAIL_TO=jdoe@example.com
|
||||
47
install/etc/init.d/evobackup
Executable file
47
install/etc/init.d/evobackup
Executable file
|
|
@ -0,0 +1,47 @@
|
|||
#!/bin/sh
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: evobackup
|
||||
# Required-Start: $syslog
|
||||
# Required-Stop: $syslog
|
||||
# Default-Start: 2
|
||||
# Default-Stop: 1
|
||||
# Short-Description: Backup manager using rsync and OpenSSH chroot.
|
||||
### END INIT INFO
|
||||
|
||||
set -e
|
||||
BACKUP_PATH=/backup
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
for jail in ${BACKUP_PATH}/jails/*; do
|
||||
mount -t proc proc-chroot ${jail}/proc/
|
||||
mount -t devtmpfs udev ${jail}/dev/
|
||||
chroot ${jail} /usr/sbin/sshd > /dev/null
|
||||
done
|
||||
;;
|
||||
|
||||
stop)
|
||||
for jail in ${BACKUP_PATH}/jails/*; do
|
||||
umount ${jail}/proc/
|
||||
umount ${jail}/dev/pts/
|
||||
kill $(chroot $jail cat /var/run/sshd.pid)
|
||||
done
|
||||
;;
|
||||
|
||||
reload|force-reload)
|
||||
for jail in ${BACKUP_PATH}/jails/*; do
|
||||
kill -HUP \
|
||||
$(chroot $jail cat /var/run/sshd.pid)
|
||||
done
|
||||
;;
|
||||
|
||||
restart)
|
||||
for jail in ${BACKUP_PATH}/jails/*; do
|
||||
kill $(chroot $jail cat /var/run/sshd.pid)
|
||||
chroot $jail /usr/sbin/sshd > /dev/null
|
||||
done
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
30
install/etc/init/evobackup.conf
Normal file
30
install/etc/init/evobackup.conf
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
# evobackup
|
||||
|
||||
description "Backup manager using rsync and OpenSSH chroot."
|
||||
author "Evobackup team <equipe@evolix.fr>"
|
||||
|
||||
start on (filesystem and net-device-up IFACE=lo)
|
||||
stop on runlevel [!2345]
|
||||
|
||||
env BACKUP_PATH=/backup
|
||||
|
||||
pre-start script
|
||||
for jail in ${BACKUP_PATH}/jails/*; do
|
||||
mount -t proc proc-chroot ${jail}/proc/
|
||||
mount -t devtmpfs udev ${jail}/dev/
|
||||
done
|
||||
end script
|
||||
|
||||
script
|
||||
for jail in ${BACKUP_PATH}/jails/*; do
|
||||
chroot $jail /usr/sbin/sshd > /dev/null
|
||||
done
|
||||
end script
|
||||
|
||||
post-stop script
|
||||
for jail in ${BACKUP_PATH}/jails/*; do
|
||||
umount ${jail}/proc/
|
||||
umount ${jail}/dev/pts/
|
||||
kill $(chroot $jail cat /var/run/sshd.pid)
|
||||
done
|
||||
end script
|
||||
|
|
@ -1,101 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
BACKUP_ROOT='/backup'
|
||||
|
||||
function usage {
|
||||
cat <<EOT >&2
|
||||
Add an evobackup jail.
|
||||
Usage : $0 -n name -i ip -p port -k pub-key-path
|
||||
All these options are required
|
||||
-n : name of the jail
|
||||
-i : IP address of client machine
|
||||
-p : SSH port where jail listen on
|
||||
-k : path to the SSH public key of the client machine
|
||||
EOT
|
||||
}
|
||||
|
||||
while getopts ':n:i:p:k:' o
|
||||
do
|
||||
case $o in
|
||||
n)
|
||||
jail=$OPTARG
|
||||
;;
|
||||
i)
|
||||
ip=$OPTARG
|
||||
;;
|
||||
p)
|
||||
port=$OPTARG
|
||||
;;
|
||||
k)
|
||||
pub_key_path=$OPTARG
|
||||
;;
|
||||
?)
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z $jail ] || [ -z $ip ] || [ -z $port ] || [ -z $pub_key_path ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "$pub_key_path" ]; then
|
||||
echo "public key file $pub_key_path not found."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f 'chroot-ssh.sh' ]; then
|
||||
echo 'script chroot-ssh.sh not found, make sure you are in the correct directory!'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
bash chroot-ssh.sh $BACKUP_ROOT/jails/$jail
|
||||
|
||||
|
||||
sed -i "s/^Port 2222/Port $port/" $BACKUP_ROOT/jails/$jail/etc/ssh/sshd_config
|
||||
sed -i "s/IP/$ip/g" $BACKUP_ROOT/jails/$jail/etc/ssh/sshd_config
|
||||
|
||||
cat $pub_key_path >> $BACKUP_ROOT/jails/$jail/root/.ssh/authorized_keys
|
||||
chmod -R 600 $BACKUP_ROOT/jails/$jail/root/.ssh/
|
||||
chown -R root:root $BACKUP_ROOT/jails/$jail/root/.ssh/
|
||||
|
||||
|
||||
if [ ! -f '/etc/init.d/evobackup' ]; then
|
||||
cp evobackup /etc/init.d/
|
||||
update-rc.d evobackup start 99 2 .
|
||||
fi
|
||||
|
||||
sed -i "\?^\s\+start)?a mount -t proc proc-chroot $BACKUP_ROOT/jails/$jail/proc/\n\
|
||||
mount -t devpts devpts-chroot $BACKUP_ROOT/jails/$jail/dev/pts/\n\
|
||||
chroot $BACKUP_ROOT/jails/$jail /usr/sbin/sshd > /dev/null\n" \
|
||||
/etc/init.d/evobackup
|
||||
|
||||
sed -i "\?^\s\+stop)?a umount $BACKUP_ROOT/jails/$jail/proc/\n\
|
||||
umount $BACKUP_ROOT/jails/$jail/dev/pts/\n\
|
||||
kill -9 \`chroot $BACKUP_ROOT/jails/$jail cat /var/run/sshd.pid\`\n" \
|
||||
/etc/init.d/evobackup
|
||||
|
||||
sed -i "\?force-reload)?a kill -HUP \`chroot $BACKUP_ROOT/jails/$jail cat /var/run/sshd.pid\`\n" \
|
||||
/etc/init.d/evobackup
|
||||
|
||||
sed -i "\?\\s\+restart)?a kill -9 \`chroot $BACKUP_ROOT/jails/$jail cat /var/run/sshd.pid\`\n\
|
||||
chroot $BACKUP_ROOT/jails/$jail /usr/sbin/sshd > /dev/null\n" \
|
||||
/etc/init.d/evobackup
|
||||
|
||||
mount -t proc proc-chroot /backup/jails/$jail/proc/
|
||||
mount -t devpts devpts-chroot /backup/jails/$jail/dev/pts/
|
||||
chroot /backup/jails/$jail /usr/sbin/sshd
|
||||
|
||||
|
||||
[ -d /etc/evobackup ] || mkdir /etc/evobackup/
|
||||
cat <<EOT >/etc/evobackup/$jail
|
||||
+%Y-%m-%d.-0day
|
||||
+%Y-%m-%d.-1day
|
||||
+%Y-%m-%d.-2day
|
||||
+%Y-%m-%d.-3day
|
||||
+%Y-%m-01.-0month
|
||||
+%Y-%m-01.-1month
|
||||
EOT
|
||||
175
zzz_evobackup
175
zzz_evobackup
|
|
@ -1,175 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
#
|
||||
# Script evobackup client
|
||||
# $Id: evobackup_cron_daily_client,v 1.21 2010-08-22 10:15:42 gcolpart Exp $
|
||||
#
|
||||
|
||||
# Verification qu'un autre evobackup n'est pas deja lance
|
||||
PIDFILE=/var/run/evobackup.pid
|
||||
if [ -e $PIDFILE ]; then
|
||||
pkill -9 -F $PIDFILE
|
||||
echo "$0 tourne encore (PID `cat $PIDFILE`). Processus killé" >&2
|
||||
fi
|
||||
echo "$$" > $PIDFILE
|
||||
trap "rm -f $PIDFILE" EXIT
|
||||
|
||||
# port SSH
|
||||
SSH_PORT=2228
|
||||
|
||||
# systeme de la machine ("linux" ou "bsd")
|
||||
SYSTEME=linux
|
||||
|
||||
# mail de remontee Evolix
|
||||
MAIL=jdoe@example.com
|
||||
|
||||
NODE=$(expr `date +%d` % 2)
|
||||
|
||||
# operations specifiques
|
||||
|
||||
mkdir -p -m 700 /home/backup
|
||||
|
||||
# Dump LDAP
|
||||
# slapcat -l /home/backup/ldap.bak
|
||||
|
||||
# Dump MySQL
|
||||
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf \
|
||||
# --opt --all-databases --force | gzip --best > /home/backup/mysql.bak.gz
|
||||
|
||||
# Dump des BDD en .sql.gz
|
||||
# mkdir -p /home/mysqldump/
|
||||
# for i in $(mysql -e 'show databases' -s --skip-column-names | egrep -v "^(Database|information_schema)"); do
|
||||
# mysqldump --force $i | gzip --best > /home/mysqldump/${i}.sql.gz
|
||||
# done
|
||||
|
||||
# for i in $(echo SHOW DATABASES | mysql | egrep -v "^(Database|information_schema)" ); \
|
||||
# do mkdir -p /home/mysqldump/$i ; chown -R mysql /home/mysqldump ; \
|
||||
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q --opt -T \
|
||||
# /home/mysqldump/$i $i; done
|
||||
|
||||
# Dump par base
|
||||
# mkdir -p -m 700 /home/mysqldump/BASE
|
||||
# chown -R mysql /home/mysqldump/
|
||||
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q \
|
||||
# --opt -T /home/mysqldump/BASE BASE
|
||||
|
||||
# mkdir -p /home/mysqlhotcopy/
|
||||
# mysqlhotcopy BASE /home/mysqlhotcopy/
|
||||
|
||||
# Dump instanceS MySQL
|
||||
#
|
||||
## Recherche du mot de passe mysqladmin
|
||||
#mysqladminpasswd=`cat /root/.my.cnf |grep -m1 'password = .*' |cut -d" " -f3`
|
||||
#
|
||||
## Determination des instances MySQL disponibles sur le serveur (hors 3306)
|
||||
#grep -E "^port\s*=\s*\d*" /etc/mysql/my.cnf |while read instance; do
|
||||
# instance=$(echo $instance |tr -d '\t')
|
||||
# instance=${instance// /}
|
||||
# instance=${instance//port=/}
|
||||
# if [ "$instance" != "3306" ]
|
||||
# then
|
||||
# mysqldump -P $instance --opt --all-databases -u mysqladmin -p$mysqladminpasswd > /home/backup/mysql.$instance.bak
|
||||
# fi
|
||||
#done
|
||||
|
||||
|
||||
# Dump PostgreSQL
|
||||
# su - postgres -c "pg_dumpall > ~/pg.dump.bak"
|
||||
# mv ~postgres/pg.dump.bak /home/backup/
|
||||
|
||||
# Exemple de backups...
|
||||
# On sauvegarde les tables d'une base sauf des exceptions
|
||||
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f /home/backup/pg-backup.tar -t 'TABLE1' -t 'TABLE2' BASE
|
||||
# On sauvegarde uniquement certaines tables d'une base
|
||||
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f /home/backup/pg-backup.tar -T 'TABLE1' -T 'TABLE2' BASE
|
||||
|
||||
# Dump MongoDB
|
||||
# Creation d'un utilisateur en lecture seule :
|
||||
# > use admin
|
||||
# > db.addUser("mongobackup", "PASS", true);
|
||||
#mongodump -u mongobackup -pPASS -o /home/backup/mongodump/ >/dev/null 2>&1 |grep -v "^connected to:"
|
||||
|
||||
# Dump Redis
|
||||
# cp /var/lib/redis/dump.rdb /home/backup/
|
||||
|
||||
# Dump MBR / table partitions
|
||||
# dd if=/dev/sda of=/home/backup/MBR bs=512 count=1 2>&1 | egrep -v "(records in|records out|512 bytes)"
|
||||
# sfdisk -d /dev/sda > /home/backup/partitions 2>&1 | egrep -v "(Warning: extended partition does not start at a cylinder boundary|DOS and Linux will interpret the contents differently)"
|
||||
|
||||
# Dump routes
|
||||
# traceroute -n 8.8.8.8 > /home/backup/traceroute-8.8.8.8
|
||||
# mtr -r 8.8.8.8 > /home/backup/mtr-8.8.8.8
|
||||
# traceroute -n backup.evolix.net > /home/backup/traceroute-backup.evolix.net
|
||||
# mtr -r backup.evolix.net > /home/backup/mtr-backup.evolix.net
|
||||
# traceroute -n www.evolix.fr > /home/backup/traceroute-www.evolix.fr
|
||||
# mtr -r www.evolix.fr > /home/backup/mtr-www.evolix.fr
|
||||
# traceroute -n www.evolix.net > /home/backup/traceroute-www.evolix.net
|
||||
# mtr -r www.evolix.net > /home/backup/mtr-www.evolix.net
|
||||
|
||||
# Dump des processus
|
||||
ps aux >/home/backup/ps.out
|
||||
|
||||
# Dump des connexions reseaux en cours
|
||||
netstat -taupen >/home/backup/netstat.out
|
||||
|
||||
# Liste des paquets installes
|
||||
dpkg -l >/home/backup/packages
|
||||
|
||||
HOSTNAME=$(hostname)
|
||||
|
||||
DATE=$(/bin/date +"%d-%m-%Y")
|
||||
|
||||
DEBUT=$(/bin/date +"%d-%m-%Y ; %H:%M")
|
||||
|
||||
if [ $SYSTEME = "linux" ]; then
|
||||
rep="/bin /boot /lib /opt /sbin /usr"
|
||||
else
|
||||
rep="/bsd /bin /boot /sbin /usr"
|
||||
fi
|
||||
|
||||
rsync -av --delete --force --ignore-errors --partial \
|
||||
--exclude "lost+found" \
|
||||
--exclude ".nfs.*" \
|
||||
--exclude "/var/log" \
|
||||
--exclude "/var/log/evobackup*" \
|
||||
--exclude "/var/lib/mysql" \
|
||||
--exclude "/var/lib/postgres" \
|
||||
--exclude "/var/lib/postgresql" \
|
||||
--exclude "/var/lib/sympa" \
|
||||
--exclude "/var/lib/metche" \
|
||||
--exclude "/var/run" \
|
||||
--exclude "/var/lock" \
|
||||
--exclude "/var/state" \
|
||||
--exclude "/var/apt" \
|
||||
--exclude "/var/cache" \
|
||||
--exclude "/usr/src" \
|
||||
--exclude "/usr/doc" \
|
||||
--exclude "/usr/share/doc" \
|
||||
--exclude "/usr/obj" \
|
||||
--exclude "dev" \
|
||||
--exclude "/var/spool/postfix" \
|
||||
--exclude "/var/lib/amavis/amavisd.sock" \
|
||||
--exclude "/var/lib/munin/munin-update.stats.tmp" \
|
||||
--exclude "/var/lib/php5" \
|
||||
--exclude "/var/spool/squid" \
|
||||
$rep \
|
||||
/etc \
|
||||
/root \
|
||||
/var \
|
||||
/home \
|
||||
/srv \
|
||||
-e "ssh -p $SSH_PORT" \
|
||||
root@node$NODE.backup.example.com:/var/backup/ \
|
||||
| tail -20 >> /var/log/evobackup.log
|
||||
|
||||
FIN=$(/bin/date +"%d-%m-%Y ; %H:%M")
|
||||
|
||||
echo "EvoBackup - $HOSTNAME - START $DEBUT" \
|
||||
>> /var/log/evobackup.log
|
||||
|
||||
echo "EvoBackup - $HOSTNAME - STOP $FIN" \
|
||||
>> /var/log/evobackup.log
|
||||
|
||||
tail -10 /var/log/evobackup.log | \
|
||||
mail -s "[info] EvoBackup - Client $HOSTNAME" \
|
||||
$MAIL
|
||||
Loading…
Reference in a new issue