From eb4c2c6f41dc916a198498fec86c208109b8eb92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benoit=2ES=20=C2=AB=C2=A0Benpro=C2=A0=C2=BB?= Date: Sat, 3 Aug 2013 22:53:04 +0200 Subject: [PATCH] Refactoring of the code. Evobackup is is now all in english and it is more flexible and easy to install & configure. --- AUTHORS | 4 + INSTALL.md | 116 ++++++++++ PLAN-SAUVEGARDES.template | 10 - README | 215 ------------------ README.md | 47 +++- chroot-bincopy.sh | 19 ++ {etc => chroot-etc}/group | 0 {etc => chroot-etc}/passwd | 0 {etc => chroot-etc}/shadow | 0 {etc => chroot-etc}/sshd_config | 0 chroot-new.sh | 138 +++++++++++ chroot-ssh.sh | 132 ----------- chroot-update.sh | 11 + crons/evobackup-inc.sh | 17 ++ crons/evobackup-rm.sh | 38 ++++ crons/zzz_evobackup | 57 +++++ evobackup | 29 --- evobackup-inc.sh | 27 --- evobackup-rm.sh | 41 ---- install.sh | 34 +++ .../etc/evobackup/actions.d/00_prerequisites | 5 + install/etc/evobackup/actions.d/10_mysql | 47 ++++ install/etc/evobackup/actions.d/11_postgresql | 15 ++ install/etc/evobackup/actions.d/12_redis | 6 + install/etc/evobackup/actions.d/13_mongodb | 7 + install/etc/evobackup/actions.d/50_ldap | 6 + .../etc/evobackup/actions.d/99_system_info | 30 +++ install/etc/evobackup/conf.d/cron.cf | 17 ++ install/etc/evobackup/conf.d/exclude.cf | 24 ++ install/etc/evobackup/conf.d/include.cf | 5 + install/etc/evobackup/conf.d/incrementals.cf | 6 + install/etc/init.d/evobackup | 47 ++++ install/etc/init/evobackup.conf | 30 +++ jail-evobackup-add.sh | 101 -------- zzz_evobackup | 175 -------------- 35 files changed, 724 insertions(+), 732 deletions(-) create mode 100644 AUTHORS create mode 100644 INSTALL.md delete mode 100644 PLAN-SAUVEGARDES.template delete mode 100644 README create mode 100755 chroot-bincopy.sh rename {etc => chroot-etc}/group (100%) rename {etc => chroot-etc}/passwd (100%) rename {etc => chroot-etc}/shadow (100%) rename {etc => chroot-etc}/sshd_config (100%) create mode 100755 chroot-new.sh delete mode 100644 chroot-ssh.sh create mode 100755 chroot-update.sh create mode 100644 crons/evobackup-inc.sh create mode 100644 crons/evobackup-rm.sh create mode 100644 crons/zzz_evobackup delete mode 100755 evobackup delete mode 100644 evobackup-inc.sh delete mode 100644 evobackup-rm.sh create mode 100755 install.sh create mode 100755 install/etc/evobackup/actions.d/00_prerequisites create mode 100755 install/etc/evobackup/actions.d/10_mysql create mode 100644 install/etc/evobackup/actions.d/11_postgresql create mode 100644 install/etc/evobackup/actions.d/12_redis create mode 100644 install/etc/evobackup/actions.d/13_mongodb create mode 100755 install/etc/evobackup/actions.d/50_ldap create mode 100755 install/etc/evobackup/actions.d/99_system_info create mode 100644 install/etc/evobackup/conf.d/cron.cf create mode 100644 install/etc/evobackup/conf.d/exclude.cf create mode 100644 install/etc/evobackup/conf.d/include.cf create mode 100644 install/etc/evobackup/conf.d/incrementals.cf create mode 100755 install/etc/init.d/evobackup create mode 100644 install/etc/init/evobackup.conf delete mode 100644 jail-evobackup-add.sh delete mode 100644 zzz_evobackup diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..1346060 --- /dev/null +++ b/AUTHORS @@ -0,0 +1,4 @@ +Grégory COLPART +Romain DESSORT +Arnaud TOMEÏ +Benoît SÉRIE \ No newline at end of file diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 0000000..9f05c9f --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,116 @@ +Installing EvoBackup +==================== + +Backup server side +------------------ + +1) Git clone the project (i.e in /root/evobackup). + +2) Install configuration files. + +``` +root@backupserver:~/evobackup# install.sh +``` + +This will create /etc/evobackup and /etc/init.d/evobackup (or +/etc/init/evobackup.conf for Ubuntu). + +3) Set up the first chroot. + +``` +root@backupserver:~/evobackup# chroot-new.sh -n client1 -i 192.168.0.10 -p 2222 -k /path/to/rsakeyclient1.pub +``` + +This will create the OpenSSH chroot for the machine "client1", listening on +port 2222 and accepting only connections from 192.168.0.10 using public key +rsakeyclient1.pub. + +Tip: If you have already a chroot, you can commit the port option (-p), it +will be incremented from the last chroot. + +4) Handle incrementals by modifying /etc/evobackup/conf.d/incs/client1 + +Syntax of this file is simple: + +* +%Y-%m-%d.-0day Keep actual day +* +%Y-%m-%d.-1day Keep yesterday +* +%Y-%m-01.-0month Keep the firt day of the actual month +* +%Y-%m-01.-1month Keep the first day of the last month + +Tip: You can use rdiff-backup in place of rsync, and choose to not use +EvoBackup incrementals method. You need to modify the cronjob. + +5) Set up the scripts which will handle incrementals. + +``` +root@backupserver:~/evobackup# mkdir -p /usr/share/scripts +root@backupserver:~/evobackup# cp crons/evobackup-{inc,rm}.sh /usr/share/scripts/ +root@backupserver:~/evobackup# chmod u+x /usr/share/scripts/evobackup-{inc,rm}.sh +root@backupserver:~/evobackup# crontab -e +``` + +Set this in the root crontab + +``` +29 10 * * * pkill evobackup-rm.sh && echo "Kill evobackup-rm.sh done" | mail -s "[warn] EvoBackup - purge incs interrupted" root +30 10 * * * /usr/share/scripts/evobackup-inc.sh && /usr/share/scripts/evobackup-rm.sh +```` + +Client side +----------- + +1) Git clone the project (i.e in /root/evobackup). + +2) Generates OpenSSH key for user root (if user root don't have one already). + +``` +root@client1:~/evobackup# ssh-keygen +``` + +Do not set a passphrase, otherwise you will need to enter the passphrase (or +store it using an agent) for each backups! + +3) Install configuration files. + +``` +root@client1:~/evobackup# install.sh client +``` + +4) Add the zzz_evobackup crontab into the daily cronjobs (recommended): + +``` +root@client1:~/evobackup# cp crons/zzz_evobackup /etc/cron.daily/ +root@client1:~/evobackup# chmod 700 /etc/cron.daily/zzz_evobackup +``` + +Why "zzz"? Because we want the backup cronjob to be the last one. + +5) Configure the cronjob. + +In /etc/evobackup: + +* What to backup using shell scripts in actions.d. By default all scripts are + commented out. Un-comment or write your own code, this will be launched + before the rsync, using run-parts. + +* What to include in conf.d/include.cf +* What to exclude in conf.d/exclude.cf +* General config in conf.d/cron.cf + +6) Optional, test with sh -x. + +``` +root@client1:~/evobackup# sh -x /etc/cron.daily/zzz_evobackup +``` + +Updating OpenSSH chroot +----------------------- + +When you upgrade you system you may need to upgrade the OpenSSH chroot. To do +that launch update-chroot.sh. + +``` +root@backupserver:~/evobackup# chroot-update.sh +``` + +Then reload sshd daemons. \ No newline at end of file diff --git a/PLAN-SAUVEGARDES.template b/PLAN-SAUVEGARDES.template deleted file mode 100644 index b4c05c8..0000000 --- a/PLAN-SAUVEGARDES.template +++ /dev/null @@ -1,10 +0,0 @@ -PLAN DES SAUVEGARDES -==================== - -PORT JAIL ETAT -------------------------------------------------------- -2222 Serveur 1 (IP) 1 -2223 Serveur 2 (IP) 1 -2224 Serveur 3 (IP) 0 -etc.... -....... diff --git a/README b/README deleted file mode 100644 index c333125..0000000 --- a/README +++ /dev/null @@ -1,215 +0,0 @@ -EvoBackup -========= - -EvoBackup est un ensemble de scripts permettant de mettre en place -un service de backups gérant les sauvegardes de plusieurs machines. -Le principe est d'installer des prisons/chroot contenant un service -SSH écoutant sur un port différent dans chaque prison. Chaque serveur -peut ainsi envoyer ses données quotidiennement en "root" via rsync -dans sa propre prison. Les prisons sont ensuite copiées en dehors des -prisons (donc inacccessible par les serveurs) de façon incrémentale -grâce à des "hard links". On peut ainsi conserver des dizaines de -sauvegardes de chaque serveur de façon sécurisé et avec peu de place. - - - ************************** -Serveur 1 ------SSH/rsync -------> * tcp/2222 Serveur * - * de * -Serveur 2 ------SSH/rsync -------> * tcp/2223 Sauvegardes * - ************************** - -Cette technique de sauvegarde s'appuient sur des technologies -standards. Elle est utilisée depuis plusieurs années par Evolix -pour sauvegarder chaque jour des centaines de serveurs représentant -plusieurs To de données incrémentales. - - -Serveur de sauvegardes ----------------------- - -Le serveur de sauvegardes doit être sous Debian Squeeze -(testé sous Etch/Lenny/Squeeze, les instructions sont pour Squeeze). -Avec les logiciels suivants : - - - OpenSSH - - Rsync (le daemon rsync n'est pas nécessaire) - - Le paquet makedev (plus nécessaire depuis Squeeze) - - Commande "mail" (ou un équivalent) capable d'envoyer - des messages à l'extérieur. - -Un volume d'une taille importante doit être monté sur /backup -Pour des raisons de sécurité on pourra chiffre ce volume. -On créera ensuite les répertoires suivants : - -- /backup/jails : pour les prisons -- /backup/incs : pour les copies incrémentales des prisons -- /etc/evobackup : config des fréquences des copies incrémentales - -Pour la mise en place des backups incrémentaux sur le serveur : -- Mettre en place les scripts evobackup-inc.sh et evobackup-rm.sh dans /usr/share/scripts -- Mettre les droits d'exécution : chmod u+x /usr/share/scripts/evobackup-{inc,rm}.sh -- Activer le crontab suivant (ajuster éventuellement les heures) : - 29 10 * * * pkill evobackup-rm.sh && echo "Kill evobackup-rm.sh done" | mail -s "[warn] EvoBackup - purge incs interrupted" root - 30 10 * * * /usr/share/scripts/evobackup-inc.sh && /usr/share/scripts/evobackup-rm.sh - -Note : si l'on ne veut *jamais* supprimer les backups incrémentaux, on pourra se contenter -de ne jamais lancer le script evobackup-rm.sh - - -Si le noyau du serveur est patché avec GRSEC, on évitera pas mal -de warnings en positionnant les paramètres Sysctl suivants : - -# sysctl kernel.grsecurity.chroot_deny_chmod=0 -# sysctl kernel.grsecurity.chroot_deny_mknod=0 - -Note : plus nécessaire avec un noyau récent a priori - -Serveurs à sauvegarder ----------------------- - -On peut sauvegarder différents systèmes : Linux, BSD, Windows, MacOSX. -L'un des seuls prérequis est d'avoir rsync. - - -Installation d'une sauvegarde ------------------------------ - -Côté serveur de sauvegardes -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -1) On récupère les sources via http://git.evolix.org/git/evolinux/evobackup.git - - - Exporter la variable $JAIL avec le nom d'hôte saisit dans la grille : - - # export JAIL= - - - Se placer dans le bon répertoire (attention, ne pas déplacer le script car - il a besoin du répertoire etc/ !) puis exécuter : - - # bash chroot-ssh.sh /backup/jails/$JAIL - - Note : Ignorer une éventuelle erreur avec ld-linux-x86-64.so.2 (32bits) ou ld-linux.so.2 (64bits) - - - Editer le fichier /backup/jails/$JAIL/etc/ssh/sshd_config - et remplacer le port SSH utilisé par le prochain disponible - (ou garder celui assigné si c'est la première prison). - Ajouter également la restriction d'IP si possible via "AllowUsers" : - AllowUsers root@IP root@::ffff:IP - - - Ajouter la clé publique du client à sauvegarder dans - /backup/jails/$JAIL/root/.ssh/authorized_keys - - - Puis corrigez les droits SSH : - - # chmod -R 600 /backup/jails/$JAIL/root/.ssh/ - # chown -R root:root /backup/jails/$JAIL/root/.ssh/ - -2) Gestion du lancement des prisons en modifiant le fichier de démarrage - /etc/init.d/evobackup (on remplacera $JAIL par sa vraie valeur). - - - Ajouter à start) : - - mount -t proc proc-chroot /backup/jails/$JAIL/proc/ - mount -t devtmpfs udev /backup/jails/$JAIL/dev/ - chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null - - - Ajouter à stop) : - - umount /backup/jails/$JAIL/proc/ - umount /backup/jails/$JAIL/dev/ - kill -9 `chroot /backup/jails/$JAIL cat /var/run/sshd.pid` - - - Ajouter à reload|force-reload) : - - kill -HUP `chroot /backup/jails/$JAIL cat /var/run/sshd.pid` - - - Ajouter à restart) : - - kill -9 `chroot /backup/jails/$JAIL cat /var/run/sshd.pid` - chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null - -3) On lance la prison : - - # mount -t proc proc-chroot /backup/jails/$JAIL/proc/ - # mount -t devtmpfs udev /backup/jails/$JAIL/dev/ - # chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null - - Pour vérifier que tout est OK : - - # /etc/init.d/evobackup reload - -4) Gestion des sauvegardes incrémentales - - Pour activer les gestions des copies incrémentales, - créer le fichier /etc/evobackup/$JAIL contenant par - exemple : - - +%Y-%m-%d.-0day - +%Y-%m-%d.-1day - +%Y-%m-%d.-2day - +%Y-%m-%d.-3day - +%Y-%m-01.-0month - +%Y-%m-01.-1month - - Quelques explications sur cette syntaxe particulière. - Par exemple, la ligne ci-dessous signifie "garder la sauvegarde du - jour actuel" (à toujours mettre sur la première ligne a priori) : - +%Y-%m-%d.-0day - La ligne ci-dessous signifie "garder la sauvegarde d'hier" : - +%Y-%m-%d.-1day - La ligne ci-dessous signifie "garder la sauvegarde du 1er jour du - mois courant" : - +%Y-%m-01.-0month - Toujours le même principe, on peut garder celle du 1er jours du - mois dernier : - +%Y-%m-01.-1month - - Et bien sûr, on peut garder aussi le 15e jour (pour avoir une sauvegarde - toutes les 15 jours, le 1er janvier de chaque année, etc.) - - Attention, la création de ce fichier est *obligatoire* pour activer - les copies incrémentales. Si l'on veut garder des copies advitam aeternam - sans jamais les supprimer, on se contentera de ne pas lancer le script - evobackup-rm.sh. - - -Côté serveur à sauvegarder -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -1) Générez une clé SSH pour l'utilisateur "root" : - - # ssh-keygen - - (Ne pas la protéger par une passphrase, sauf si un humain - va l'entrer manuellement à chaque sauvegarde effectuée) - - (La clé générée doit être de type RSA et non DSA !!) - -2) Envoyez "/root/.ssh/id_rsa.pub" au responsable du serveur de - sauvegarde, ainsi que l'adresse IP de la machine. - -3) Ajoutez à la crontab le fichier "zzz_evobackup" - Pour une sauvegarde quotidienne (conseillé), utilisez le répertoire - "/etc/cron.daily/" (sous Linux) ou "/etc/periodic/daily" (sous FreeBSD). - - Il faut éventuellement ajuster le script en supprimant les lignes "--exclude" - si l'on ne souhaite pas exclure les fichiers/répertoires de cette ligne et - ajouter/supprimer les lignes en dessous pour sauvegarder les bons répertoires. - ($rep désigne les données systèmes). Vous pouvez donc choisir librement ce - que vous désirez sauvegarder. - -4) Une fois que tout en place au niveau du serveur de sauvegardes, - on doit initier la première connexion : - - # ssh -p - - -Mise-à-jour du serveur de sauvegardes -------------------------------------- - -En cas d'une mise-à-jour d'un paquet lié à SSH ou rsync côté -serveur de sauvegardes, on mettra à jour ainsi : - -# sh chroot-ssh.sh updateall -# /etc/init.d/evobackup restart - diff --git a/README.md b/README.md index 17d304b..e5471e6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,47 @@ -evobackup +EvoBackup ========= -Backup manager used at @evolix +EvoBackup is a bunch of shell scripts to create a backup server which will +handle the backup of many servers (clients). Licence is GPLv2. + +The main principle uses SSH chroot (called "jails" in the FreeBSD +world) for each client to backup. Each client will upload his data every day +using rsync in his chroot (using root account). +Incrementals are stored outside of the chroot using hard links. (So incrementals +are not available for clients). Using this method we can keep tens of backup of +each client securely and not using too much space. + + Backup server + ************ +Server 1 ------ SSH/rsync -------> * tcp/2222 * + * * +Server 2 ------ SSH/rsync -------> * tcp/2223 * + ************ + +This method uses standard tools (ssh, rsync, cp -al). EvoBackup is used for +many years by Evolix for back up each day hundreds of servers which uses many +terabytes of data. + +Backup server +------------- + +The backup server need to be based on Debian. Tested on Debian Wheezy and +Ubuntu 13.04. + +Needed packages: + +* openssh-server +* rsync +* bsd-mailx (or other package providing /usr/bin/mailx) + +Backups are stored in a big partition mounted on /backup (you can change this). +For security reasons it is recommended to encrypt the backup partition (i.e +using LUKS). + +Main directories: + +* /backup/jails: chroot used by clients +* /backup/incs: incrementals +* /etc/evobackup: config file for incrementals frequency + +To install and configure EvoBackup read INSTALL. \ No newline at end of file diff --git a/chroot-bincopy.sh b/chroot-bincopy.sh new file mode 100755 index 0000000..b8d7fbf --- /dev/null +++ b/chroot-bincopy.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Copy essential binaries into the chroot. + +chrootdir=$1 + +# TODO: better detection of amd64 arch +cp -f /lib/ld-linux.so.2 $chrootdir/lib/ 2>/dev/null \ + || cp -f /lib64/ld-linux-x86-64.so.2 $chrootdir/lib64/ +cp /lib/x86_64-linux-gnu/libnss* $chrootdir/lib/x86_64-linux-gnu/ + +for dbin in /bin/bash /bin/cat /bin/chown /bin/mknod /bin/rm \ + /bin/sed /bin/sh /bin/uname /bin/mount /usr/bin/rsync /usr/sbin/sshd \ + /usr/lib/openssh/sftp-server; do + + cp -f $dbin $chrootdir/$dbin; + for lib in `ldd $dbin | cut -d">" -f2 | cut -d"(" -f1`; do + cp -p $lib $chrootdir/$lib + done +done \ No newline at end of file diff --git a/etc/group b/chroot-etc/group similarity index 100% rename from etc/group rename to chroot-etc/group diff --git a/etc/passwd b/chroot-etc/passwd similarity index 100% rename from etc/passwd rename to chroot-etc/passwd diff --git a/etc/shadow b/chroot-etc/shadow similarity index 100% rename from etc/shadow rename to chroot-etc/shadow diff --git a/etc/sshd_config b/chroot-etc/sshd_config similarity index 100% rename from etc/sshd_config rename to chroot-etc/sshd_config diff --git a/chroot-new.sh b/chroot-new.sh new file mode 100755 index 0000000..8c2bc05 --- /dev/null +++ b/chroot-new.sh @@ -0,0 +1,138 @@ +#!/bin/sh +# Set-up and configure an OpenSSH chroot. + +BACKUP_PATH='/backup/jails' + +#Are we root? +id=$(id -u) +if [ $id != 0 ]; then + echo "Error, you need to be root to install EvoBackup!" + exit 1 +fi + +usage() { + + cat < ${BACKUP_PATH}/${jail}/root/.ssh/authorized_keys +chmod -R 600 ${BACKUP_PATH}/${jail}/root/.ssh/ +chown -R root:root ${BACKUP_PATH}/${jail}/root/.ssh/ +cat </etc/evobackup/conf.d/incs/${jail} ++%Y-%m-%d.-0day ++%Y-%m-%d.-1day ++%Y-%m-%d.-2day ++%Y-%m-%d.-3day ++%Y-%m-01.-0month ++%Y-%m-01.-1month +EOT + +echo -n "Done. OpenSSH chroot added! Restart evobackup service." \ No newline at end of file diff --git a/chroot-ssh.sh b/chroot-ssh.sh deleted file mode 100644 index d57c2c1..0000000 --- a/chroot-ssh.sh +++ /dev/null @@ -1,132 +0,0 @@ -#!/bin/bash - -# Gregory Colpart -# chroot script for OpenSSH -# $Id: chroot-ssh.sh,v 1.12 2010-07-02 17:40:29 gcolpart Exp $ - -# tested on Debian Etch and recently on Lenny -# Execthis script for jail creation: -# ./chroot-ssh.sh /backup/jails/myserver -# Note: etc/{sshd_config,group,passwd} files should be present - -# For Etch -# Start: chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null -# Reload: kill -HUP `chroot /backup/jails/myserver cat /var/run/sshd.pid` -# Stop: kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid` -# Restart: Stop + Start - -# For Lenny -# Start : -# chroot /backup/jails/myserver mount -t proc proc-chroot /proc/ -# chroot /backup/jails/myserver mount -t devpts devpts-chroot /dev/pts/ -# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null -# Reload: kill -HUP `chroot /backup/jails/myserver cat /var/run/sshd.pid` -# Stop: kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid` -# Restart: -# kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid` -# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null - -# After *each* ssh upgrade or libs upgrade: -# sh chroot-ssh.sh updateall -# And restart all sshd daemons - -bincopy() { - -chrootdir=$1 - -# TODO : better detection of amd64 arch -cp -f /lib/ld-linux.so.2 $chrootdir/lib/ || cp -f /lib64/ld-linux-x86-64.so.2 $chrootdir/lib64/ -cp /lib/libnss* $chrootdir/lib/ - -for dbin in /bin/bash /bin/cat /bin/chown /bin/mknod /bin/rm /bin/sed /bin/sh /bin/uname /bin/mount /usr/bin/rsync /usr/sbin/sshd /usr/lib/openssh/sftp-server; do - cp -f $dbin $chrootdir/$dbin; - # (comme dans http://www.gcolpart.com/hacks/chroot-bind.sh) - for lib in `ldd $dbin | cut -d">" -f2 | cut -d"(" -f1`; do - cp -p $lib $chrootdir/$lib - done -done - -} - -# synopsis -if [ $# -ne 1 ]; then - echo "Vous devez indiquer un repertoire." - echo "Exemple : chroot-ssh.sh /backup/jails/myserver" - exit 0 -fi - -# are u root? -if [ `whoami` != "root" ]; then - echo "Vous devez executer le script en tant root." - exit 0 -fi - - -if [ -e $1 ]; then - echo "Le repertoire $1 existe deja..." -fi - -if [ "$1" = "updateall" ]; then - - for i in `ls -1 /backup/jails/*/lib/libnss_compat.so.2`; do - chrootdir=`echo $i | cut -d"/" -f1,2,3,4` - echo -n "MaJ $chrootdir ..." - bincopy $chrootdir - echo "...OK" - done - -else - -# where is jail -chrootdir=$1 - -mkdir -p $chrootdir -chown root:root $chrootdir - -umask 022 - -# create jail - -echo -n "1 - Creation de la prison..." - - mkdir -p $chrootdir/{bin,dev,etc/ssh,lib,lib64} - mkdir -p $chrootdir/lib/tls/i686/cmov/ - mkdir -p $chrootdir/proc - mkdir -p $chrootdir/root/.ssh - mkdir -p $chrootdir/usr/lib/i686/cmov/ - mkdir -p $chrootdir/lib/i686/cmov/ - mkdir -p $chrootdir/usr/{bin,lib,sbin} - mkdir -p $chrootdir/usr/lib/openssh - mkdir -p $chrootdir/var/log/ - mkdir -p $chrootdir/var/run/sshd - - touch $chrootdir/var/log/{authlog,lastlog,messages,syslog} - touch $chrootdir/etc/fstab - -echo "...OK" - -echo -n "2 - Copie des donnees..." - cp /proc/devices $chrootdir/proc - - cp /etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key} $chrootdir/etc/ssh/ - cp etc/sshd_config $chrootdir/etc/ssh/ - cp etc/passwd $chrootdir/etc/ - cp etc/shadow $chrootdir/etc/ - cp etc/group $chrootdir/etc/ - -echo ".......OK" - -echo -n "3 - Copie des binaires..." - -bincopy $chrootdir - -echo "......OK" - -echo -n "4 - Termine." - -# end - -echo "" - -fi - diff --git a/chroot-update.sh b/chroot-update.sh new file mode 100755 index 0000000..f4149e2 --- /dev/null +++ b/chroot-update.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# Update all OpenSSH chroot. + +BACKUP_PATH='/backup/jails' + +for i in `ls -1 ${BACKUP_PATH}/*/lib/libnss_compat.so.2`; do + chrootdir=`echo $i | cut -d"/" -f1,2,3,4` + echo -n "Updating $chrootdir ..." + ./chroot-bincopy.sh $chrootdir + echo "Done!" +done \ No newline at end of file diff --git a/crons/evobackup-inc.sh b/crons/evobackup-inc.sh new file mode 100644 index 0000000..58ca851 --- /dev/null +++ b/crons/evobackup-inc.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# Handles creating incrementals backup. + +. /etc/evobackup/conf.d/incrementals.cf + +start=$(date --rfc-3339=seconds) + +for client in ${CONFDIR}/*; do + backupname=${client#/etc/evobackup/conf.d/incs/} + # hard copy everyday + echo -n "Hard copy of backup $backupname started at $start. " \ + >> $LOGFILE + [[ ! -d ${INCDIR}/${backupname} ]] && mkdir -p ${INCDIR}/${backupname} + cp -alx ${JAILDIR}/${backupname} ${INCDIR}/${backupname}/${DATEDIR} + stop=$(date --rfc-3339=seconds) + echo -n "Hard copy of $backupname ended at $stop." >> $LOGFILE +done | tee -a $LOGFILE | mailx -s "[info] EvoBackup report of creating incrementals" $MAIL_TO \ No newline at end of file diff --git a/crons/evobackup-rm.sh b/crons/evobackup-rm.sh new file mode 100644 index 0000000..14e8086 --- /dev/null +++ b/crons/evobackup-rm.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +# Handle removing of incrementals. + +. /etc/evobackup/conf.d/incrementals.cf + +tmpdir=$(mktemp --tmpdir=/tmp -d evobackup.XXX) +emptydir=$(mktemp --tmpdir=/tmp -d evobackup.XXX) + +# For each client, delete needed incrementals. +for client in ${CONFDIR}/*; do + # Get only the name of the backup. + backupname=${client#${CONFDIR}/} + # List actual incrementals backup. + for inc in ${INCDIR}/${backupname}/*; do + echo $inc + done > ${tmpdir}/${backupname}.files + # List non-obsolete incrementals backup. + for incConf in $(cat ${CONFDIR}/${backupname}); do + MYDATE=$(echo $incConf | cut -d. -f1) + BEFORE=$(echo $incConf | cut -d. -f2) + date -d "$(date $MYDATE) $BEFORE" "+%Y-%m-%d" + done > ${tmpdir}/${backupname}.keep + # Delete obsolete incrementals backup + for inc in $(grep -v -f ${tmpdir}/${backupname}.keep ${tmpdir}/${backupname}.files); do + start=$(date --rfc-3339=seconds) + echo -n "Delete of ${backupname}/${inc#${INCDIR}/${backupname}/} started at ${start}." >> $LOGFILE + # We use rsync to delete since it is faster than rm! + rsync -a --delete ${emptydir}/ $inc + rm -r $inc + rm -r $emptydir + stop=$(date --rfc-3339=seconds) + echo -n "Delete of ${backupname}/${inc#${INCDIR}/${backupname}/} ended at ${stop}." >> $LOGFILE + done +done | tee -a $LOGFILE | mail -s "[info] EvoBackup - purge incs" $MAIL_TO + +# Cleaning +rm -rf $tmpdir \ No newline at end of file diff --git a/crons/zzz_evobackup b/crons/zzz_evobackup new file mode 100644 index 0000000..5abd162 --- /dev/null +++ b/crons/zzz_evobackup @@ -0,0 +1,57 @@ +#!/bin/sh +# EvoBackup cronjob. + +. /etc/evobackup/conf.d/cron.cf + +# Verify if an EvoBackup is already launched, if true, kill it. +if [ -e $PIDFILE ]; then + pkill -9 -F $PIDFILE + echo "$0 is running (PID $(cat $PIDFILE)). Process killed." >&2 +fi +echo "$$" > $PIDFILE +trap "rm -f $PIDFILE" EXIT INT + +# Executes tasks to do before rsync. +run-parts /etc/evobackup/actions.d/ + +# Handle include paths when the system OS is GNU/Linux or FreeBSD. Customize it +# if necessary. +system=$(uname -o) +hostname=$(hostname -f) +start=$(date --rfc-3339=seconds) +tmplog=$(mktemp --tmpdir=/tmp evobackup.XXX) +if [ "$system" = "GNU/Linux" ]; then + rep="/bin /boot /lib /opt /sbin /usr" +elif [ "$system" = "FreeBSD" ]; then + rep="/bsd /bin /boot /sbin /usr" +else + # Not GNU/Linux or FreeBSD + rep="" +fi + +# rsync command line to backup all data. +rsync -avz --delete --force --ignore-errors --partial \ + --exclude-from=/etc/evobackup/conf.d/exclude.cf \ + --include-from=/etc/evobackup/conf.d/include.cf \ + $rep \ + -e "ssh -p $SSHPORT -4" \ + root@${BACKUPSERVER}:/var/backup/ > $tmplog +$status=$? + +# Keep the last 20 lines +tail -20 $tmplog >> $LOG && rm $tmplog + +stop=$(date --rfc-3339=seconds) +echo "EvoBackup started at $start." >> /var/log/evobackup.log +echo "EvoBackup finished at $stop." >> /var/log/evobackup.log + +# Send a report +# Did rsync sucessfully finished? +if [ "$status" != 0 ]; then + tail -10 $LOG \ + | mailx -s "[warn] EvoBackup for $hostname did not finish correctly." \ + $MAIL_TO +else + tail -10 $LOG \ + | mailx -s "[info] EvoBackup report for $hostname" $MAIL_TO +fi \ No newline at end of file diff --git a/evobackup b/evobackup deleted file mode 100755 index 3a7dff5..0000000 --- a/evobackup +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -### BEGIN INIT INFO -# Provides: evobackup -# Required-Start: $syslog -# Required-Stop: $syslog -# Default-Start: 2 -# Default-Stop: 1 -# Short-Description: evobackup jails -### END INIT INFO - -set -e - -case "$1" in - start) - ;; - - stop) - ;; - - reload|force-reload) - ;; - - restart) - ;; -esac - -exit 0 - diff --git a/evobackup-inc.sh b/evobackup-inc.sh deleted file mode 100644 index f10ddfa..0000000 --- a/evobackup-inc.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -# Script backups incrementaux -# Evolix (c) 2007 - -CONFDIR=/etc/evobackup/ -DATE=$(date +"%d-%m-%Y") -LOGFILE=/var/log/evobackup-sync.log -TMPDIR=/tmp/evobackup/ -JAILDIR=/backup/jails/ -INCDIR=/backup/incs/ -MYMAIL=jdoe@example.com - -mkdir -p $TMPDIR - -for i in $( ls $CONFDIR ); do - - # hard copy everyday - echo -n "hard copy $i begins at : " >> $LOGFILE - /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE - mkdir -p "$INCDIR"$i - cp -alx $JAILDIR$i $INCDIR$i/$DATE - echo -n "hard copy $i ends at : " >> $LOGFILE - /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE - -done | tee -a $LOGFILE | mail -s "[info] EvoBackup - create incs" $MYMAIL - diff --git a/evobackup-rm.sh b/evobackup-rm.sh deleted file mode 100644 index fc51343..0000000 --- a/evobackup-rm.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh - -# Script backups incrementaux -# Evolix (c) 2007 - -CONFDIR=/etc/evobackup/ -DATE=$(date +"%d-%m-%Y") -LOGFILE=/var/log/evobackup-sync.log -TMPDIR=/tmp/evobackup/ -JAILDIR=/backup/jails/ -INCDIR=/backup/incs/ -MYMAIL=jdoe@example.com - -mkdir -p $TMPDIR - -for i in $( ls $CONFDIR ); do - - # list actual inc backups - for j in $( ls $INCDIR$i ); do - echo $j - done > "$TMPDIR"$i.files - - # list non-obsolete inc backups - for j in $( cat $CONFDIR$i ); do - MYDATE=$( echo $j | cut -d. -f1 ) - BEFORE=$( echo $j | cut -d. -f2 ) - date -d "$(date $MYDATE) $BEFORE" "+%d-%m-%Y" - done > "$TMPDIR"$i.keep - - # delete obsolete inc backups - for j in $( grep -v -f "$TMPDIR"$i.keep "$TMPDIR"$i.files ); do - echo -n "Delete $i/$j begins at : " >> $LOGFILE - /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE - cd $INCDIR$i - rm -rf $j - echo -n "Delete $i/$j ends at : " >> $LOGFILE - /bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE - done - -done | tee -a $LOGFILE | mail -s "[info] EvoBackup - purge incs" $MYMAIL - diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..ff97aa3 --- /dev/null +++ b/install.sh @@ -0,0 +1,34 @@ +#!/bin/sh +# Install EvoBackup configuration and init files. + +# Debian or Ubuntu? +flavor=$(lsb_release -i -s) +debian=false +ubuntu=false +if [ "$flavor" = "Debian" ]; then + echo "Debian detected." + debian=true +elif [ "$flavor" = "Ubuntu" ]; then + echo "Ubuntu detected." + ubuntu=true +else + echo "Not a Debian based distribution? If yes, fix this script. Exiting..." + exit 1 +fi + +# Are we root? +id=$(id -u) +if [ $id != 0 ]; then + echo "Error, you need to be root to install EvoBackup!" + exit 1 +fi + +cp -r install/etc/evobackup /etc/ +# Don't install init script for client-side. +if [ "$1" != "client" ]; then + $debian && cp install/etc/init.d/evobackup /etc/init.d/ + $ubuntu && cp install/etc/init/evobackup.conf /etc/init/ +fi + +echo "Done." +exit 0 \ No newline at end of file diff --git a/install/etc/evobackup/actions.d/00_prerequisites b/install/etc/evobackup/actions.d/00_prerequisites new file mode 100755 index 0000000..6f76f66 --- /dev/null +++ b/install/etc/evobackup/actions.d/00_prerequisites @@ -0,0 +1,5 @@ +#!/bin/sh +# Prerequisites actions to do. + +test ! -d /home/backup && mkdir /home/backup +exit 0 \ No newline at end of file diff --git a/install/etc/evobackup/actions.d/10_mysql b/install/etc/evobackup/actions.d/10_mysql new file mode 100755 index 0000000..2071b1a --- /dev/null +++ b/install/etc/evobackup/actions.d/10_mysql @@ -0,0 +1,47 @@ +#!/bin/sh +# Many ways of backuping MySQL/MariaDB databases. + +# Dump with all databases in one file. +# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf \ +# --opt --all-databases --force | gzip --best > /home/backup/mysql.bak.gz + +# Dump des BDD en .sql.gz +# mkdir -p /home/mysqldump/ +# for i in $(mysql -e 'show databases' -s --skip-column-names | egrep -v +# "^(Database|information_schema)"); do +# mysqldump --force $i | gzip --best > /home/mysqldump/${i}.sql.gz +# done + +# for i in $(echo SHOW DATABASES | mysql | egrep -v +# "^(Database|information_schema)" ); \ +# do mkdir -p /home/mysqldump/$i ; chown -R mysql /home/mysqldump ; \ +# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q --opt -T \ +# /home/mysqldump/$i $i; done + +# Dump par base +# mkdir -p -m 700 /home/mysqldump/BASE +# chown -R mysql /home/mysqldump/ +# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q \ +# --opt -T /home/mysqldump/BASE BASE + +# mkdir -p /home/mysqlhotcopy/ +# mysqlhotcopy BASE /home/mysqlhotcopy/ + +# Dump instanceS MySQL +# +## Recherche du mot de passe mysqladmin +#mysqladminpasswd=`cat /root/.my.cnf |grep -m1 'password = .*' |cut -d" " -f3` +# +## Determination des instances MySQL disponibles sur le serveur (hors 3306) +#grep -E "^port\s*=\s*\d*" /etc/mysql/my.cnf |while read instance; do +# instance=$(echo $instance |tr -d '\t') +# instance=${instance// /} +# instance=${instance//port=/} +# if [ "$instance" != "3306" ] +# then +# mysqldump -P $instance --opt --all-databases -u mysqladmin +# -p$mysqladminpasswd > /home/backup/mysql.$instance.bak +# fi +#done + +exit 0 \ No newline at end of file diff --git a/install/etc/evobackup/actions.d/11_postgresql b/install/etc/evobackup/actions.d/11_postgresql new file mode 100644 index 0000000..06dfc86 --- /dev/null +++ b/install/etc/evobackup/actions.d/11_postgresql @@ -0,0 +1,15 @@ +#!/bin/sh +# PostgreSQL Dump + +# su - postgres -c "pg_dumpall > ~/pg.dump.bak" +# mv ~postgres/pg.dump.bak /home/backup/ + +# Exemple de backups... +# On sauvegarde les tables d'une base sauf des exceptions +# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f +#/home/backup/pg-backup.tar -t 'TABLE1' -t 'TABLE2' BASE +# On sauvegarde uniquement certaines tables d'une base +# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f +#/home/backup/pg-backup.tar -T 'TABLE1' -T 'TABLE2' BASE + +exit 0 \ No newline at end of file diff --git a/install/etc/evobackup/actions.d/12_redis b/install/etc/evobackup/actions.d/12_redis new file mode 100644 index 0000000..236f3d8 --- /dev/null +++ b/install/etc/evobackup/actions.d/12_redis @@ -0,0 +1,6 @@ +#!/bin/sh +# Dump Redis + +# cp /var/lib/redis/dump.rdb /home/backup/ + +exit 0 \ No newline at end of file diff --git a/install/etc/evobackup/actions.d/13_mongodb b/install/etc/evobackup/actions.d/13_mongodb new file mode 100644 index 0000000..cb03255 --- /dev/null +++ b/install/etc/evobackup/actions.d/13_mongodb @@ -0,0 +1,7 @@ +#!/bin/sh +# Dump MongoDB + +# mongodump -u mongobackup -pPASS -o /home/backup/mongodump/ >/dev/null 2>&1 +# |grep -v "^connected to:" + +exit 0 \ No newline at end of file diff --git a/install/etc/evobackup/actions.d/50_ldap b/install/etc/evobackup/actions.d/50_ldap new file mode 100755 index 0000000..e2411a7 --- /dev/null +++ b/install/etc/evobackup/actions.d/50_ldap @@ -0,0 +1,6 @@ +#!/bin/sh +# Dump LDAP + +# slapcat -l /home/backup/ldap.bak + +exit 0 \ No newline at end of file diff --git a/install/etc/evobackup/actions.d/99_system_info b/install/etc/evobackup/actions.d/99_system_info new file mode 100755 index 0000000..99aae73 --- /dev/null +++ b/install/etc/evobackup/actions.d/99_system_info @@ -0,0 +1,30 @@ +#!/bin/sh +# Get system informations. + +# Extract MBR / table partitions. +# dd if=/dev/sda of=/home/backup/MBR bs=512 count=1 2>&1 | egrep -v "(records +# in|records out|512 bytes)" +# sfdisk -d /dev/sda > /home/backup/partitions 2>&1 | egrep -v "(Warning: +#extended partition does not start at a cylinder boundary|DOS and Linux will +# interpret the contents differently)" + +# Get routes +# traceroute -n 8.8.8.8 > /home/backup/traceroute-8.8.8.8 +# mtr -r 8.8.8.8 > /home/backup/mtr-8.8.8.8 +# traceroute -n backup.evolix.net > /home/backup/traceroute-backup.evolix.net +# mtr -r backup.evolix.net > /home/backup/mtr-backup.evolix.net +# traceroute -n www.evolix.fr > /home/backup/traceroute-www.evolix.fr +# mtr -r www.evolix.fr > /home/backup/mtr-www.evolix.fr +# traceroute -n www.evolix.net > /home/backup/traceroute-www.evolix.net +# mtr -r www.evolix.net > /home/backup/mtr-www.evolix.net + +# Process list. +ps auwwwx > /home/backup/process.txt + +# Network connections list. +netstat -taupen > /home/backup/netstat.txt + +# Packages list. +dpkg -l > /home/backup/packages.txt + +exit 0 \ No newline at end of file diff --git a/install/etc/evobackup/conf.d/cron.cf b/install/etc/evobackup/conf.d/cron.cf new file mode 100644 index 0000000..052f160 --- /dev/null +++ b/install/etc/evobackup/conf.d/cron.cf @@ -0,0 +1,17 @@ +# Pid file +PIDFILE="/var/run/evobackup.pid" + +# Port of the OpenSSH chroot on the backup server. +SSHPORT=2222 + +# Hostname OR adress IP of the backup server. +BACKUPSERVER="haruna.benprobox.fr" + +# A mail to send the report or alert. +MAIL_TO="jdoe@example.com" + +# Log file +LOG="/var/log/evobackup.log" + +# Used when you have more than one backup server. +NODE=$(( $(date +%d) % 2 )) \ No newline at end of file diff --git a/install/etc/evobackup/conf.d/exclude.cf b/install/etc/evobackup/conf.d/exclude.cf new file mode 100644 index 0000000..1f7c766 --- /dev/null +++ b/install/etc/evobackup/conf.d/exclude.cf @@ -0,0 +1,24 @@ +lost+found +.nfs.* +/var/log +/var/log/evobackup* +/var/lib/mysql +/var/lib/postgres +/var/lib/postgresql +/var/lib/sympa +/var/lib/metche +/var/run +/var/lock +/var/state +/var/apt +/var/cache +/usr/src +/usr/doc +/usr/share/doc +/usr/obj +dev +/var/spool/postfix +/var/lib/amavis/amavisd.sock +/var/lib/munin/munin-update.stats.tmp +/var/lib/php5 +/var/spool/squid \ No newline at end of file diff --git a/install/etc/evobackup/conf.d/include.cf b/install/etc/evobackup/conf.d/include.cf new file mode 100644 index 0000000..bf8ad70 --- /dev/null +++ b/install/etc/evobackup/conf.d/include.cf @@ -0,0 +1,5 @@ +/etc +/root +/var +/home +/srv \ No newline at end of file diff --git a/install/etc/evobackup/conf.d/incrementals.cf b/install/etc/evobackup/conf.d/incrementals.cf new file mode 100644 index 0000000..6cb9e50 --- /dev/null +++ b/install/etc/evobackup/conf.d/incrementals.cf @@ -0,0 +1,6 @@ +CONFDIR=/etc/evobackup/conf.d/incs +DATEDIR=$(date +"%Y-%m-%d") +LOGFILE=/var/log/evobackup-sync.log +JAILDIR=/backup/jails +INCDIR=/backup/incs +MAIL_TO=jdoe@example.com \ No newline at end of file diff --git a/install/etc/init.d/evobackup b/install/etc/init.d/evobackup new file mode 100755 index 0000000..59db86d --- /dev/null +++ b/install/etc/init.d/evobackup @@ -0,0 +1,47 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: evobackup +# Required-Start: $syslog +# Required-Stop: $syslog +# Default-Start: 2 +# Default-Stop: 1 +# Short-Description: Backup manager using rsync and OpenSSH chroot. +### END INIT INFO + +set -e +BACKUP_PATH=/backup + +case "$1" in + start) + for jail in ${BACKUP_PATH}/jails/*; do + mount -t proc proc-chroot ${jail}/proc/ + mount -t devtmpfs udev ${jail}/dev/ + chroot ${jail} /usr/sbin/sshd > /dev/null + done + ;; + + stop) + for jail in ${BACKUP_PATH}/jails/*; do + umount ${jail}/proc/ + umount ${jail}/dev/pts/ + kill $(chroot $jail cat /var/run/sshd.pid) + done + ;; + + reload|force-reload) + for jail in ${BACKUP_PATH}/jails/*; do + kill -HUP \ + $(chroot $jail cat /var/run/sshd.pid) + done + ;; + + restart) + for jail in ${BACKUP_PATH}/jails/*; do + kill $(chroot $jail cat /var/run/sshd.pid) + chroot $jail /usr/sbin/sshd > /dev/null + done + ;; +esac + +exit 0 \ No newline at end of file diff --git a/install/etc/init/evobackup.conf b/install/etc/init/evobackup.conf new file mode 100644 index 0000000..9911729 --- /dev/null +++ b/install/etc/init/evobackup.conf @@ -0,0 +1,30 @@ +# evobackup + +description "Backup manager using rsync and OpenSSH chroot." +author "Evobackup team " + +start on (filesystem and net-device-up IFACE=lo) +stop on runlevel [!2345] + +env BACKUP_PATH=/backup + +pre-start script + for jail in ${BACKUP_PATH}/jails/*; do + mount -t proc proc-chroot ${jail}/proc/ + mount -t devtmpfs udev ${jail}/dev/ + done +end script + +script + for jail in ${BACKUP_PATH}/jails/*; do + chroot $jail /usr/sbin/sshd > /dev/null + done +end script + +post-stop script + for jail in ${BACKUP_PATH}/jails/*; do + umount ${jail}/proc/ + umount ${jail}/dev/pts/ + kill $(chroot $jail cat /var/run/sshd.pid) + done +end script \ No newline at end of file diff --git a/jail-evobackup-add.sh b/jail-evobackup-add.sh deleted file mode 100644 index 586e2d5..0000000 --- a/jail-evobackup-add.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh - -BACKUP_ROOT='/backup' - -function usage { - cat <&2 -Add an evobackup jail. -Usage : $0 -n name -i ip -p port -k pub-key-path -All these options are required - -n : name of the jail - -i : IP address of client machine - -p : SSH port where jail listen on - -k : path to the SSH public key of the client machine -EOT -} - -while getopts ':n:i:p:k:' o -do - case $o in - n) - jail=$OPTARG - ;; - i) - ip=$OPTARG - ;; - p) - port=$OPTARG - ;; - k) - pub_key_path=$OPTARG - ;; - ?) - usage - exit 1 - ;; - esac -done - -if [ -z $jail ] || [ -z $ip ] || [ -z $port ] || [ -z $pub_key_path ]; then - usage - exit 1 -fi - -if [ ! -f "$pub_key_path" ]; then - echo "public key file $pub_key_path not found." - exit 1 -fi - -if [ ! -f 'chroot-ssh.sh' ]; then - echo 'script chroot-ssh.sh not found, make sure you are in the correct directory!' - exit 1 -fi - - -bash chroot-ssh.sh $BACKUP_ROOT/jails/$jail - - -sed -i "s/^Port 2222/Port $port/" $BACKUP_ROOT/jails/$jail/etc/ssh/sshd_config -sed -i "s/IP/$ip/g" $BACKUP_ROOT/jails/$jail/etc/ssh/sshd_config - -cat $pub_key_path >> $BACKUP_ROOT/jails/$jail/root/.ssh/authorized_keys -chmod -R 600 $BACKUP_ROOT/jails/$jail/root/.ssh/ -chown -R root:root $BACKUP_ROOT/jails/$jail/root/.ssh/ - - -if [ ! -f '/etc/init.d/evobackup' ]; then - cp evobackup /etc/init.d/ - update-rc.d evobackup start 99 2 . -fi - -sed -i "\?^\s\+start)?a mount -t proc proc-chroot $BACKUP_ROOT/jails/$jail/proc/\n\ -mount -t devpts devpts-chroot $BACKUP_ROOT/jails/$jail/dev/pts/\n\ -chroot $BACKUP_ROOT/jails/$jail /usr/sbin/sshd > /dev/null\n" \ -/etc/init.d/evobackup - -sed -i "\?^\s\+stop)?a umount $BACKUP_ROOT/jails/$jail/proc/\n\ -umount $BACKUP_ROOT/jails/$jail/dev/pts/\n\ -kill -9 \`chroot $BACKUP_ROOT/jails/$jail cat /var/run/sshd.pid\`\n" \ -/etc/init.d/evobackup - -sed -i "\?force-reload)?a kill -HUP \`chroot $BACKUP_ROOT/jails/$jail cat /var/run/sshd.pid\`\n" \ -/etc/init.d/evobackup - -sed -i "\?\\s\+restart)?a kill -9 \`chroot $BACKUP_ROOT/jails/$jail cat /var/run/sshd.pid\`\n\ -chroot $BACKUP_ROOT/jails/$jail /usr/sbin/sshd > /dev/null\n" \ -/etc/init.d/evobackup - -mount -t proc proc-chroot /backup/jails/$jail/proc/ -mount -t devpts devpts-chroot /backup/jails/$jail/dev/pts/ -chroot /backup/jails/$jail /usr/sbin/sshd - - -[ -d /etc/evobackup ] || mkdir /etc/evobackup/ -cat </etc/evobackup/$jail -+%Y-%m-%d.-0day -+%Y-%m-%d.-1day -+%Y-%m-%d.-2day -+%Y-%m-%d.-3day -+%Y-%m-01.-0month -+%Y-%m-01.-1month -EOT diff --git a/zzz_evobackup b/zzz_evobackup deleted file mode 100644 index 0aac80e..0000000 --- a/zzz_evobackup +++ /dev/null @@ -1,175 +0,0 @@ -#!/bin/sh - -# -# Script evobackup client -# $Id: evobackup_cron_daily_client,v 1.21 2010-08-22 10:15:42 gcolpart Exp $ -# - -# Verification qu'un autre evobackup n'est pas deja lance -PIDFILE=/var/run/evobackup.pid -if [ -e $PIDFILE ]; then - pkill -9 -F $PIDFILE - echo "$0 tourne encore (PID `cat $PIDFILE`). Processus killé" >&2 -fi -echo "$$" > $PIDFILE -trap "rm -f $PIDFILE" EXIT - -# port SSH -SSH_PORT=2228 - -# systeme de la machine ("linux" ou "bsd") -SYSTEME=linux - -# mail de remontee Evolix -MAIL=jdoe@example.com - -NODE=$(expr `date +%d` % 2) - -# operations specifiques - -mkdir -p -m 700 /home/backup - -# Dump LDAP -# slapcat -l /home/backup/ldap.bak - -# Dump MySQL -# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf \ -# --opt --all-databases --force | gzip --best > /home/backup/mysql.bak.gz - -# Dump des BDD en .sql.gz -# mkdir -p /home/mysqldump/ -# for i in $(mysql -e 'show databases' -s --skip-column-names | egrep -v "^(Database|information_schema)"); do -# mysqldump --force $i | gzip --best > /home/mysqldump/${i}.sql.gz -# done - -# for i in $(echo SHOW DATABASES | mysql | egrep -v "^(Database|information_schema)" ); \ -# do mkdir -p /home/mysqldump/$i ; chown -R mysql /home/mysqldump ; \ -# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q --opt -T \ -# /home/mysqldump/$i $i; done - -# Dump par base -# mkdir -p -m 700 /home/mysqldump/BASE -# chown -R mysql /home/mysqldump/ -# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q \ -# --opt -T /home/mysqldump/BASE BASE - -# mkdir -p /home/mysqlhotcopy/ -# mysqlhotcopy BASE /home/mysqlhotcopy/ - -# Dump instanceS MySQL -# -## Recherche du mot de passe mysqladmin -#mysqladminpasswd=`cat /root/.my.cnf |grep -m1 'password = .*' |cut -d" " -f3` -# -## Determination des instances MySQL disponibles sur le serveur (hors 3306) -#grep -E "^port\s*=\s*\d*" /etc/mysql/my.cnf |while read instance; do -# instance=$(echo $instance |tr -d '\t') -# instance=${instance// /} -# instance=${instance//port=/} -# if [ "$instance" != "3306" ] -# then -# mysqldump -P $instance --opt --all-databases -u mysqladmin -p$mysqladminpasswd > /home/backup/mysql.$instance.bak -# fi -#done - - -# Dump PostgreSQL -# su - postgres -c "pg_dumpall > ~/pg.dump.bak" -# mv ~postgres/pg.dump.bak /home/backup/ - -# Exemple de backups... -# On sauvegarde les tables d'une base sauf des exceptions -# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f /home/backup/pg-backup.tar -t 'TABLE1' -t 'TABLE2' BASE -# On sauvegarde uniquement certaines tables d'une base -# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f /home/backup/pg-backup.tar -T 'TABLE1' -T 'TABLE2' BASE - -# Dump MongoDB -# Creation d'un utilisateur en lecture seule : -# > use admin -# > db.addUser("mongobackup", "PASS", true); -#mongodump -u mongobackup -pPASS -o /home/backup/mongodump/ >/dev/null 2>&1 |grep -v "^connected to:" - -# Dump Redis -# cp /var/lib/redis/dump.rdb /home/backup/ - -# Dump MBR / table partitions -# dd if=/dev/sda of=/home/backup/MBR bs=512 count=1 2>&1 | egrep -v "(records in|records out|512 bytes)" -# sfdisk -d /dev/sda > /home/backup/partitions 2>&1 | egrep -v "(Warning: extended partition does not start at a cylinder boundary|DOS and Linux will interpret the contents differently)" - -# Dump routes -# traceroute -n 8.8.8.8 > /home/backup/traceroute-8.8.8.8 -# mtr -r 8.8.8.8 > /home/backup/mtr-8.8.8.8 -# traceroute -n backup.evolix.net > /home/backup/traceroute-backup.evolix.net -# mtr -r backup.evolix.net > /home/backup/mtr-backup.evolix.net -# traceroute -n www.evolix.fr > /home/backup/traceroute-www.evolix.fr -# mtr -r www.evolix.fr > /home/backup/mtr-www.evolix.fr -# traceroute -n www.evolix.net > /home/backup/traceroute-www.evolix.net -# mtr -r www.evolix.net > /home/backup/mtr-www.evolix.net - -# Dump des processus -ps aux >/home/backup/ps.out - -# Dump des connexions reseaux en cours -netstat -taupen >/home/backup/netstat.out - -# Liste des paquets installes -dpkg -l >/home/backup/packages - -HOSTNAME=$(hostname) - -DATE=$(/bin/date +"%d-%m-%Y") - -DEBUT=$(/bin/date +"%d-%m-%Y ; %H:%M") - -if [ $SYSTEME = "linux" ]; then - rep="/bin /boot /lib /opt /sbin /usr" -else - rep="/bsd /bin /boot /sbin /usr" -fi - -rsync -av --delete --force --ignore-errors --partial \ - --exclude "lost+found" \ - --exclude ".nfs.*" \ - --exclude "/var/log" \ - --exclude "/var/log/evobackup*" \ - --exclude "/var/lib/mysql" \ - --exclude "/var/lib/postgres" \ - --exclude "/var/lib/postgresql" \ - --exclude "/var/lib/sympa" \ - --exclude "/var/lib/metche" \ - --exclude "/var/run" \ - --exclude "/var/lock" \ - --exclude "/var/state" \ - --exclude "/var/apt" \ - --exclude "/var/cache" \ - --exclude "/usr/src" \ - --exclude "/usr/doc" \ - --exclude "/usr/share/doc" \ - --exclude "/usr/obj" \ - --exclude "dev" \ - --exclude "/var/spool/postfix" \ - --exclude "/var/lib/amavis/amavisd.sock" \ - --exclude "/var/lib/munin/munin-update.stats.tmp" \ - --exclude "/var/lib/php5" \ - --exclude "/var/spool/squid" \ - $rep \ - /etc \ - /root \ - /var \ - /home \ - /srv \ - -e "ssh -p $SSH_PORT" \ - root@node$NODE.backup.example.com:/var/backup/ \ - | tail -20 >> /var/log/evobackup.log - -FIN=$(/bin/date +"%d-%m-%Y ; %H:%M") - -echo "EvoBackup - $HOSTNAME - START $DEBUT" \ - >> /var/log/evobackup.log - -echo "EvoBackup - $HOSTNAME - STOP $FIN" \ - >> /var/log/evobackup.log - -tail -10 /var/log/evobackup.log | \ - mail -s "[info] EvoBackup - Client $HOSTNAME" \ - $MAIL