evolix
/
evobackup
22
0
Fork 1
Code Issues 27 Pull Requests 6 Releases 18 Activity

Compare commits

merge into: evolix:master
Branches Tags
evolix:master
evolix:client-functions
evolix:fix-tempfiles
evolix:remove_temp_files
evolix:split-lib
evolix:excludes-file
evolix:munin-plugins
evolix:debian
evolix:upstream/latest
evolix:bkctld_status_disable_last_column_padding
evolix:evorestore
evolix:fix-cli
evolix:bkctld
evolix:jlecour-evobackup-logging
evolix:dev
evolix:system-backup
evolix:variable-for-log-and-pidfile
evolix:beautification-of-backups-commands
evolix:19-pick_server-issue-octal-mode
evolix:check-incs-loop
evolix:documentation-review
evolix:wheezy
evolix:mr-jlecour
evolix:evobackup-old
evolix:1996-traceroute-stdout-stderr-openbsd
evolix:backup-usb
evolix:link-dest
evolix:evobackup2
evolix:server/22.11
evolix:upstream/22.11
evolix:22.07
evolix:upstream/22.07
evolix:server/22.07
evolix:debian/22.06-1
evolix:debian/22.04-1
evolix:upstream/22.06
evolix:server/22.06
evolix:upstream/22.04
evolix:2.12.0
evolix:2.11.1
evolix:2.11.0
evolix:2.10.0
evolix:2.9.0
evolix:2.8.0
evolix:2.7.0
evolix:2.6.0
evolix:2.5.0
evolix:2.4.1
evolix:2.4.0
evolix:2.3.3
evolix:2.3.2
evolix:2.3.1
evolix:2.2.2
evolix:2.2.0
evolix:2.1.1
evolix:2.1.0
evolix:2.0.1
evolix:2.0.0
evolix:1.7.1
evolix:1.7.0
evolix:1.6.2
evolix:1.6.1
evolix:1.6.0
evolix:1.5.2
evolix:1.5.1
evolix:1.5.0
evolix:1.4.9
evolix:1.4.8
evolix:1.4.7
evolix:1.4.6
evolix:1.4.5
evolix:1.4.4
evolix:1.4
evolix:1.4.3
evolix:1.4.2
evolix:1.4.1
evolix:1.3
evolix:1.2.4
evolix:1.2.3
evolix:1.2.2
evolix:1.2.1
evolix:1.2
evolix:1.1.1
evolix:1.1
evolix:1.0.2
evolix:1.0.1
evolix:1.0
...
pull from: evolix:evobackup2
Branches Tags
evolix:client-functions
evolix:master
evolix:fix-tempfiles
evolix:remove_temp_files
evolix:split-lib
evolix:excludes-file
evolix:munin-plugins
evolix:debian
evolix:upstream/latest
evolix:bkctld_status_disable_last_column_padding
evolix:evorestore
evolix:fix-cli
evolix:bkctld
evolix:jlecour-evobackup-logging
evolix:dev
evolix:system-backup
evolix:variable-for-log-and-pidfile
evolix:beautification-of-backups-commands
evolix:19-pick_server-issue-octal-mode
evolix:check-incs-loop
evolix:documentation-review
evolix:wheezy
evolix:mr-jlecour
evolix:evobackup-old
evolix:1996-traceroute-stdout-stderr-openbsd
evolix:backup-usb
evolix:link-dest
evolix:evobackup2
evolix:server/22.11
evolix:upstream/22.11
evolix:22.07
evolix:upstream/22.07
evolix:server/22.07
evolix:debian/22.06-1
evolix:debian/22.04-1
evolix:upstream/22.06
evolix:server/22.06
evolix:upstream/22.04
evolix:2.12.0
evolix:2.11.1
evolix:2.11.0
evolix:2.10.0
evolix:2.9.0
evolix:2.8.0
evolix:2.7.0
evolix:2.6.0
evolix:2.5.0
evolix:2.4.1
evolix:2.4.0
evolix:2.3.3
evolix:2.3.2
evolix:2.3.1
evolix:2.2.2
evolix:2.2.0
evolix:2.1.1
evolix:2.1.0
evolix:2.0.1
evolix:2.0.0
evolix:1.7.1
evolix:1.7.0
evolix:1.6.2
evolix:1.6.1
evolix:1.6.0
evolix:1.5.2
evolix:1.5.1
evolix:1.5.0
evolix:1.4.9
evolix:1.4.8
evolix:1.4.7
evolix:1.4.6
evolix:1.4.5
evolix:1.4.4
evolix:1.4
evolix:1.4.3
evolix:1.4.2
evolix:1.4.1
evolix:1.3
evolix:1.2.4
evolix:1.2.3
evolix:1.2.2
evolix:1.2.1
evolix:1.2
evolix:1.1.1
evolix:1.1
evolix:1.0.2
evolix:1.0.1
evolix:1.0

45 Commits
master ... evobackup2

Author SHA1 Message Date
Benoît S. aa5b53c9d6 Revert "test" 
This reverts commit 93be4cc969.
 2014-03-27 11:55:17 +01:00
Benoît S. 93be4cc969 test 2014-03-27 11:54:31 +01:00
Benoît S. 73dfd09168 Added steps to INSTALL.md 2014-03-19 11:54:41 +01:00
Benoît S. 84a671604f Typo in filename in actions.d. 10_mysq.disabled -> 10_mysql.disabled 2014-03-19 11:54:41 +01:00
Benoît S. 40a66dd3e1 Change an hard coded path for logging times. 2014-03-19 11:54:41 +01:00
Benoît S. 6af9144eaa New script for Elasticsearch 1.0 
in actions.d/14_elasticsearch.disabled
 2014-03-19 11:54:41 +01:00
Benoît S. 0ea71d02f7 Added a check of release to use the good path for libnss. 2014-03-19 11:54:41 +01:00
Benoît S. 133564283f Revert "Don't use Privilege separation in sshd chroot." 
This reverts commit eb6fd1704a.
 2014-03-19 11:54:41 +01:00
Benoît S. 13f3a49864 Don't use Privilege separation in sshd chroot. 2014-03-19 11:54:41 +01:00
Benoît S. 68ac5cc92d Send mail report only if incrementals where deleted. 2014-03-19 11:54:41 +01:00
Benoit.S « Benpro » 3e7fef7501 Do not pad day of month with zero for calculating node. 2014-03-19 11:54:41 +01:00
Benoît S. 7e51e1a236 Fix issue #10, delete temp empty dir at the end. 2014-03-19 11:54:41 +01:00
Benoit.S « Benpro » 5420d8358c Fix a typo in evobackup-rm.sh & beautifications. 
Beautifications of evobackup-inc.sh, evobackup-rm.sh & zzz_evobackup
 2014-03-19 11:54:41 +01:00
Benoît S. 1a181b3e91 All shebangs set to /bin/bash. 2014-03-19 11:54:41 +01:00
Benoît S. d41d076f1b Ameliorate report when creating or deleting incrementals. 2014-03-19 11:54:40 +01:00
Benoît S. a8fc2f04a1 Added -h to rsync. 2014-03-19 11:54:40 +01:00
Benoît S. 52c6874c62 Added --stats to rsync and keep 30 last lines for log. 2014-03-19 11:54:40 +01:00
Benoît S. 9608b78793 Added sleep 0.2 before umounting /dev when stopping service. 2014-03-19 11:54:40 +01:00
Benoît S. 03fe8aad3e Update INSTALL.md in "What to backup" part. 2014-03-19 11:54:40 +01:00
Benoît S. 2499be0318 Don't return *, if bash glob don't find files/dir in evobackup-rm. 2014-03-19 11:54:40 +01:00
Benoît S. 2990d75ada Changed name of logfile for incs. 2014-03-19 11:54:40 +01:00
Benoît S. 0c2763b16a Added /dev/pts for jails in Debian init script. 2014-03-19 11:54:40 +01:00
Benoît S. 4bf30aac4a Added install/etc/evobackup/conf.d/incs 
And a return line for final message in chroot-new.sh
 2014-03-19 11:54:40 +01:00
Benoît S. 0e7095b121 chroot-new.sh Shebang mush be bash and not sh. 2014-03-19 11:54:40 +01:00
Benoît S. 5282974df1 Didabled all special actions by default. 2014-03-19 11:54:40 +01:00
Benoît S. 6aa9d3459c Ameliorate action 99_system_info. 2014-03-19 11:54:40 +01:00
Benoît S. cd491efcb0 Better mkdir in chroot-ssh. 
Conflicts:
	chroot-ssh.sh
 2014-03-19 11:54:40 +01:00
Benoît S. a0a2184585 Exclude database performance_schema for MySQL dumps. 
Conflicts:
	zzz_evobackup
 2014-03-19 11:54:40 +01:00
Benoît S. a8a5f0b751 Added --events for mysqldump. 
Conflicts:
	zzz_evobackup
 2014-03-19 11:54:40 +01:00
Benoît S. 914f9978a4 Added a way of backuping ElasticSearch 
Conflicts:
	zzz_evobackup
 2014-03-19 11:54:40 +01:00
Benoît S. f616c8cf7d Adding a loop when dumping routes. 
Conflicts:
	zzz_evobackup
 2014-03-19 11:54:40 +01:00
Benoit.S « Benpro » 9db65278d2 More information for "test" part of the doc. 2014-03-19 11:54:40 +01:00
Benoit.S « Benpro » a3a0c80d2c Added "mount /dev/pts" in upstart job. 2014-03-19 11:54:40 +01:00
Benoit.S « Benpro » 134f866088 Added "test connection" in the install doc. 2014-03-19 11:54:40 +01:00
Benoit.S « Benpro » 8c164f2135 Fix issue #2. Better upstart job for Ubuntu. 2014-03-19 11:54:40 +01:00
Benoit.S « Benpro » 8953c98dc4 Remove old comments. 2014-03-19 11:54:40 +01:00
Benoît S. 69876a53bb Fix a bug in the way of killing evobackup. 
Fix a bug in the way of killing evobackup.

The process is launched by "run-parts /etc/cron.daily". When you kill the
process, run-parts is not informed and the process go in Z state (and rsync
continue to work!). When another run-parts is launched the part wich kill a
process if already launched fail.

This fix this particular bug.
 2014-03-19 11:54:39 +01:00
Benoit.S « Benpro » 8489824d50 Adding excludes rules. Chmod 755 for all actions. Changing example server name. 2014-03-19 11:54:39 +01:00
Benoit.S « Benpro » c0c63fe2bf Added --delete-excluded to rsync command line. 
Also exclude /sys by default.
 2014-03-19 11:54:39 +01:00
Benoit.S « Benpro » 2da66af003 Rsync command line was bogus. Changing methods using rsync filter rules. 2014-03-19 11:54:39 +01:00
Benoit.S « Benpro » 48bba6896a Fix typo in variable name. 2014-03-19 11:54:39 +01:00
Benoit.S « Benpro » ee1d5b0517 Another fix in README.md 2014-03-19 11:54:39 +01:00
Benoit.S « Benpro » e7ce053664 Fix formating issue in README.me 2014-03-19 11:54:39 +01:00
Benoit.S « Benpro » 580c352b4f Refactoring of the code. 
Evobackup is is now all in english and it is more flexible and easy to
install & configure.
 2014-03-19 11:54:39 +01:00
Benoît.S 9de135a10c Initial commit 2014-03-19 11:53:52 +01:00
37 changed files with 1137 additions and 745 deletions
Show Stats Expand all files Collapse all files

4
AUTHORS Normal file
View File

@ -0,0 +1,4 @@
Grégory COLPART <reg@evolix.fr>
Romain DESSORT <rdessort@evolix.fr>
Arnaud TOMEÏ <atomei@evolix.fr>
Benoît SÉRIE <bserie@evolix.fr>

137
INSTALL.md Normal file
View File

@ -0,0 +1,137 @@
Installing EvoBackup
====================
Backup server side
------------------
1) Git clone the project (i.e in /root/evobackup).
2) Install configuration files.
```
root@backupserver:~/evobackup# install.sh
```
This will create /etc/evobackup and /etc/init.d/evobackup (or
/etc/init/evobackup.conf for Ubuntu).
3) Set up the first chroot.
```
root@backupserver:~/evobackup# chroot-new.sh -n client1 -i 192.168.0.10 -p 2222 -k /path/to/rsakeyclient1.pub
```
This will create the OpenSSH chroot for the machine "client1", listening on
port 2222 and accepting only connections from 192.168.0.10 using public key
rsakeyclient1.pub.
Tip: If you have already a chroot, you can commit the port option (-p), it
will be incremented from the last chroot.
4) Handle incrementals by modifying /etc/evobackup/conf.d/incs/client1
Syntax of this file is simple:
* +%Y-%m-%d.-0day Keep actual day
* +%Y-%m-%d.-1day Keep yesterday
* +%Y-%m-01.-0month Keep the firt day of the actual month
* +%Y-%m-01.-1month Keep the first day of the last month
Tip: You can use rdiff-backup in place of rsync, and choose to not use
EvoBackup incrementals method. You need to modify the cronjob.
5) Set up the scripts which will handle incrementals.
```
root@backupserver:~/evobackup# mkdir -p /usr/share/scripts
root@backupserver:~/evobackup# cp crons/evobackup-{inc,rm}.sh /usr/share/scripts/
root@backupserver:~/evobackup# chmod u+x /usr/share/scripts/evobackup-{inc,rm}.sh
root@backupserver:~/evobackup# crontab -e
```
Set this in the root crontab
```
29 10 * * * pkill evobackup-rm.sh && echo "Kill evobackup-rm.sh done" | mail -s "[warn] EvoBackup - purge incs interrupted" root
30 10 * * * /usr/share/scripts/evobackup-inc.sh && /usr/share/scripts/evobackup-rm.sh
Edit the configuration in /etc/evobackup/conf.d/incrementals.cf at least for MAIL_TO.
````
Client side
-----------
1) Git clone the project (i.e in /root/evobackup).
2) Generates OpenSSH key for user root (if user root don't have one already).
```
root@client1:~/evobackup# ssh-keygen
```
Do not set a passphrase, otherwise you will need to enter the passphrase (or
store it using an agent) for each backups!
3) Install configuration files.
```
root@client1:~/evobackup# install.sh client
```
4) Add the zzz_evobackup crontab into the daily cronjobs (recommended):
```
root@client1:~/evobackup# cp crons/zzz_evobackup /etc/cron.daily/
root@client1:~/evobackup# chmod 700 /etc/cron.daily/zzz_evobackup
```
Why "zzz"? Because we want the backup cronjob to be the last one.
5) Configure the cronjob.
In /etc/evobackup:
* What to backup using shell scripts in actions.d. By default all scripts are
disabled. To enable a script, move it by clearing .disabled part.
You can also adapt these scripts or write your own.
This will be launched before the rsync, using run-parts.
* What to backup using rsync filter rules in conf.d/include.cf
* General config in conf.d/cron.cf
6) Connect to the OpenSSH chroot for the first time and accept the fingerprint.
```
root@client1:~/evobackup# ssh backupserver.mydomain.tld -p 2222
The authenticity of host 'backupserver.domain.tld (192.168.0.10)' can't be established.
RSA key fingerprint is a6:da:40:ac:72:f2:41:ec:7f:ca:d3:86:f6:27:19:77.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'backupserver.domain.tld,192.168.0.10' (RSA) to the list of known hosts.
```
7) Optional, test with ```sh -x &```, and see if it seems to works.
```
root@client1:~/evobackup# sh -x /etc/cron.daily/zzz_evobackup &
root@client1:~/evobackup# tail -f /tmp/evobackup.*
```
If it works, you can wait for it to finish or cancel it.
```
root@client1:~/evobackup# ^C
root@client1:~/evobackup# fg
root@client1:~/evobackup# ^C
```
Updating OpenSSH chroot
-----------------------
When you upgrade you system you may need to upgrade the OpenSSH chroot. To do
that launch update-chroot.sh.
```
root@backupserver:~/evobackup# chroot-update.sh
```
Then restart evobackup using init script.

339
LICENSE Normal file
View File

@ -0,0 +1,339 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
Backup manager used at @evolix
Copyright (C) 2013 Benoît.S
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
{signature of Ty Coon}, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

10
PLAN-SAUVEGARDES.template
View File

@ -1,10 +0,0 @@
PLAN DES SAUVEGARDES
====================
PORT JAIL ETAT
-------------------------------------------------------
2222 Serveur 1 (IP) 1
2223 Serveur 2 (IP) 1
2224 Serveur 3 (IP) 0
etc....
.......

218
README
View File

@ -1,218 +0,0 @@
EvoBackup
=========
EvoBackup est un ensemble de scripts permettant de mettre en place
un service de backups gérant les sauvegardes de plusieurs machines.
Le principe est d'installer des prisons/chroot contenant un service
SSH écoutant sur un port différent dans chaque prison. Chaque serveur
peut ainsi envoyer ses données quotidiennement en "root" via rsync
dans sa propre prison. Les prisons sont ensuite copiées en dehors des
prisons (donc inacccessible par les serveurs) de façon incrémentale
grâce à des "hard links". On peut ainsi conserver des dizaines de
sauvegardes de chaque serveur de façon sécurisé et avec peu de place.
**************************
Serveur 1 ------SSH/rsync -------> * tcp/2222 Serveur *
* de *
Serveur 2 ------SSH/rsync -------> * tcp/2223 Sauvegardes *
**************************
Cette technique de sauvegarde s'appuient sur des technologies
standards. Elle est utilisée depuis plusieurs années par Evolix
pour sauvegarder chaque jour des centaines de serveurs représentant
plusieurs To de données incrémentales.
Serveur de sauvegardes
----------------------
Le serveur de sauvegardes doit être sous Debian Squeeze
(testé sous Etch/Lenny/Squeeze, les instructions sont pour Squeeze).
Avec les logiciels suivants :
- OpenSSH
- Rsync (le daemon rsync n'est pas nécessaire)
- Le paquet makedev (plus nécessaire depuis Squeeze)
- Commande "mail" (ou un équivalent) capable d'envoyer
des messages à l'extérieur.
Un volume d'une taille importante doit être monté sur /backup
Pour des raisons de sécurité on pourra chiffre ce volume.
On créera ensuite les répertoires suivants :
- /backup/jails : pour les prisons
- /backup/incs : pour les copies incrémentales des prisons
- /etc/evobackup : config des fréquences des copies incrémentales
Pour la mise en place des backups incrémentaux sur le serveur :
- Mettre en place les scripts evobackup-inc.sh et evobackup-rm.sh dans /usr/share/scripts
- Mettre les droits d'exécution : chmod u+x /usr/share/scripts/evobackup-{inc,rm}.sh
- Activer le crontab suivant (ajuster éventuellement les heures) :
29 10 * * * pkill evobackup-rm.sh && echo "Kill evobackup-rm.sh done" | mail -s "[warn] EvoBackup - purge incs interrupted" root
30 10 * * * /usr/share/scripts/evobackup-inc.sh && /usr/share/scripts/evobackup-rm.sh
Note : si l'on ne veut *jamais* supprimer les backups incrémentaux, on pourra se contenter
de ne jamais lancer le script evobackup-rm.sh
Si le noyau du serveur est patché avec GRSEC, on évitera pas mal
de warnings en positionnant les paramètres Sysctl suivants :
# sysctl kernel.grsecurity.chroot_deny_chmod=0
# sysctl kernel.grsecurity.chroot_deny_mknod=0
Note : plus nécessaire avec un noyau récent a priori
Serveurs à sauvegarder
----------------------
On peut sauvegarder différents systèmes : Linux, BSD, Windows, MacOSX.
L'un des seuls prérequis est d'avoir rsync.
Installation d'une sauvegarde
-----------------------------
Côté serveur de sauvegardes
~~~~~~~~~~~~~~~~~~~~~~~~~~~
1) On récupère les sources via http://git.evolix.org/git/evolinux/evobackup.git
- Exporter la variable $JAIL avec le nom d'hôte saisit dans la grille :
# export JAIL=<nom d'hote>
- Se placer dans le bon répertoire (attention, ne pas déplacer le script car
il a besoin du répertoire etc/ !) puis exécuter :
# bash chroot-ssh.sh /backup/jails/$JAIL
Note : Ignorer une éventuelle erreur avec ld-linux-x86-64.so.2 (32bits) ou ld-linux.so.2 (64bits)
- Editer le fichier /backup/jails/$JAIL/etc/ssh/sshd_config
et remplacer le port SSH utilisé par le prochain disponible
(ou garder celui assigné si c'est la première prison).
Ajouter également la restriction d'IP si possible via "AllowUsers" :
AllowUsers root@IP root@::ffff:IP
- Ajouter la clé publique du client à sauvegarder dans
/backup/jails/$JAIL/root/.ssh/authorized_keys
- Puis corrigez les droits SSH :
# chmod -R 600 /backup/jails/$JAIL/root/.ssh/
# chown -R root:root /backup/jails/$JAIL/root/.ssh/
2) Gestion du lancement des prisons en modifiant le fichier de démarrage
/etc/init.d/evobackup (on remplacera $JAIL par sa vraie valeur).
- Ajouter à start) :
mount -t proc proc-chroot /backup/jails/$JAIL/proc/
mount -t devtmpfs udev /backup/jails/$JAIL/dev/
mount -t devpts devpts /backup/jails/$JAIL/dev/pts
chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null
- Ajouter à stop) :
umount /backup/jails/$JAIL/proc/
umount /backup/jails/$JAIL/dev/pts
umount /backup/jails/$JAIL/dev/
kill -9 `chroot /backup/jails/$JAIL cat /var/run/sshd.pid`
- Ajouter à reload|force-reload) :
kill -HUP `chroot /backup/jails/$JAIL cat /var/run/sshd.pid`
- Ajouter à restart) :
kill -9 `chroot /backup/jails/$JAIL cat /var/run/sshd.pid`
chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null
3) On lance la prison :
# mount -t proc proc-chroot /backup/jails/$JAIL/proc/
# mount -t devtmpfs udev /backup/jails/$JAIL/dev/
# mount -t devpts devpts /backup/jails/$JAIL/dev/pts
# chroot /backup/jails/$JAIL /usr/sbin/sshd > /dev/null
Pour vérifier que tout est OK :
# /etc/init.d/evobackup reload
4) Gestion des sauvegardes incrémentales
Pour activer les gestions des copies incrémentales,
créer le fichier /etc/evobackup/$JAIL contenant par
exemple :
+%Y-%m-%d.-0day
+%Y-%m-%d.-1day
+%Y-%m-%d.-2day
+%Y-%m-%d.-3day
+%Y-%m-01.-0month
+%Y-%m-01.-1month
Quelques explications sur cette syntaxe particulière.
Par exemple, la ligne ci-dessous signifie "garder la sauvegarde du
jour actuel" (à toujours mettre sur la première ligne a priori) :
+%Y-%m-%d.-0day
La ligne ci-dessous signifie "garder la sauvegarde d'hier" :
+%Y-%m-%d.-1day
La ligne ci-dessous signifie "garder la sauvegarde du 1er jour du
mois courant" :
+%Y-%m-01.-0month
Toujours le même principe, on peut garder celle du 1er jours du
mois dernier :
+%Y-%m-01.-1month
Et bien sûr, on peut garder aussi le 15e jour (pour avoir une sauvegarde
toutes les 15 jours, le 1er janvier de chaque année, etc.)
Attention, la création de ce fichier est *obligatoire* pour activer
les copies incrémentales. Si l'on veut garder des copies advitam aeternam
sans jamais les supprimer, on se contentera de ne pas lancer le script
evobackup-rm.sh.
Côté serveur à sauvegarder
~~~~~~~~~~~~~~~~~~~~~~~~~~
1) Générez une clé SSH pour l'utilisateur "root" :
# ssh-keygen
(Ne pas la protéger par une passphrase, sauf si un humain
va l'entrer manuellement à chaque sauvegarde effectuée)
(La clé générée doit être de type RSA et non DSA !!)
2) Envoyez "/root/.ssh/id_rsa.pub" au responsable du serveur de
sauvegarde, ainsi que l'adresse IP de la machine.
3) Ajoutez à la crontab le fichier "zzz_evobackup"
Pour une sauvegarde quotidienne (conseillé), utilisez le répertoire
"/etc/cron.daily/" (sous Linux) ou "/etc/periodic/daily" (sous FreeBSD).
Il faut éventuellement ajuster le script en supprimant les lignes "--exclude"
si l'on ne souhaite pas exclure les fichiers/répertoires de cette ligne et
ajouter/supprimer les lignes en dessous pour sauvegarder les bons répertoires.
($rep désigne les données systèmes). Vous pouvez donc choisir librement ce
que vous désirez sauvegarder.
4) Une fois que tout en place au niveau du serveur de sauvegardes,
on doit initier la première connexion :
# ssh -p <port> <serveur de sauvegardes>
Mise-à-jour du serveur de sauvegardes
-------------------------------------
En cas d'une mise-à-jour d'un paquet lié à SSH ou rsync côté
serveur de sauvegardes, on mettra à jour ainsi :
# sh chroot-ssh.sh updateall
# /etc/init.d/evobackup restart

49
README.md Normal file
View File

@ -0,0 +1,49 @@
EvoBackup
=========
EvoBackup is a bunch of shell scripts to create a backup server which will
handle the backup of many servers (clients). Licence is GPLv2.
The main principle uses SSH chroot (called "jails" in the FreeBSD
world) for each client to backup. Each client will upload his data every day
using rsync in his chroot (using root account).
Incrementals are stored outside of the chroot using hard links. (So incrementals
are not available for clients). Using this method we can keep tens of backup of
each client securely and not using too much space.
```
Backup server
************
Server 1 ------ SSH/rsync -------> * tcp/2222 *
* *
Server 2 ------ SSH/rsync -------> * tcp/2223 *
************
```
This method uses standard tools (ssh, rsync, cp -al). EvoBackup is used for
many years by Evolix for back up each day hundreds of servers which uses many
terabytes of data.
Backup server
-------------
The backup server need to be based on Debian. Tested on Debian Wheezy and
Ubuntu 13.04.
Needed packages:
* openssh-server
* rsync
* bsd-mailx (or other package providing /usr/bin/mailx)
Backups are stored in a big partition mounted on /backup (you can change this).
For security reasons it is recommended to encrypt the backup partition (i.e
using LUKS).
Main directories:
* /backup/jails: chroot used by clients
* /backup/incs: incrementals
* /etc/evobackup: Config dir
To install and configure EvoBackup read INSTALL.md

30
chroot-bincopy.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# Copy essential binaries into the chroot.
chrootdir=$1
# TODO: better detection of amd64 arch
cp -f /lib/ld-linux.so.2 $chrootdir/lib/ 2>/dev/null \
|| cp -f /lib64/ld-linux-x86-64.so.2 $chrootdir/lib64/
release=$(lsb_release -s -c)
if [ "$release" = "squeeze" ]; then
cp /lib/libnss* $chrootdir/lib/
else
if [ "$release" = "wheezy" ]; then
cp /lib/x86_64-linux-gnu/libnss* $chrootdir/lib/x86_64-linux-gnu/
else
# Others? Not tested...
cp /lib/x86_64-linux-gnu/libnss* $chrootdir/lib/x86_64-linux-gnu/
fi
fi
for dbin in /bin/bash /bin/cat /bin/chown /bin/mknod /bin/rm \
/bin/sed /bin/sh /bin/uname /bin/mount /usr/bin/rsync /usr/sbin/sshd \
/usr/lib/openssh/sftp-server; do
cp -f $dbin $chrootdir/$dbin;
for lib in `ldd $dbin | cut -d">" -f2 | cut -d"(" -f1`; do
cp -p $lib $chrootdir/$lib
done
done

0
etc/group → chroot-etc/group
View File

0
etc/passwd → chroot-etc/passwd
View File

0
etc/shadow → chroot-etc/shadow
View File

0
etc/sshd_config → chroot-etc/sshd_config
View File

132
chroot-new.sh Executable file
View File

@ -0,0 +1,132 @@
#!/bin/bash
# Set-up and configure an OpenSSH chroot.
BACKUP_PATH='/backup/jails'
#Are we root?
id=$(id -u)
if [ $id != 0 ]; then
echo "Error, you need to be root to install EvoBackup!"
exit 1
fi
usage() {
cat <<EOT
Add an OpenSSH chroot.
Usage: $0 -n name -i ip -p port -k pub-key-path
Mandatory parameters:
-n: Name of the chroot.
-i: IP address of the client machine.
-k: Path to the SSH public key of the client machine.
Optional parameters:
-p: SSH port which chroot/jail will listen on.
port can be ommited if there is already one chroot, it will be guessed.
EOT
}
newchroot() {
# Path to the chroot.
chrootdir=$1
mkdir -p $chrootdir
chown root:root $chrootdir
umask 022
# create jail
echo -n "1 - Creating the chroot..."
mkdir -p $chrootdir/{bin,dev,etc/ssh,lib,lib64,proc}
mkdir -p $chrootdir/lib/{x86_64-linux-gnu,tls/i686/cmov,i686/cmov}
mkdir -p $chrootdir/usr/{bin,lib,sbin}
mkdir -p $chrootdir/usr/lib/{x86_64-linux-gnu,openssh,i686/cmov}
mkdir -p $chrootdir/root/.ssh
mkdir -p $chrootdir/var/{log,run/sshd}
touch $chrootdir/var/log/{authlog,lastlog,messages,syslog}
touch $chrootdir/etc/fstab
echo "...OK"
echo -n "2 - Copying essential files..."
cp /proc/devices $chrootdir/proc
cp /etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key} $chrootdir/etc/ssh/
cp chroot-etc/sshd_config $chrootdir/etc/ssh/
cp chroot-etc/passwd $chrootdir/etc/
cp chroot-etc/shadow $chrootdir/etc/
cp chroot-etc/group $chrootdir/etc/
echo "...OK"
echo -n "3 - Copying binaries..."
./chroot-bincopy.sh $chrootdir
echo "...OK"
}
while getopts ':n:i:p:k:' opt; do
case $opt in
n)
jail=$OPTARG
;;
i)
ip=$OPTARG
;;
p)
port=$OPTARG
;;
k)
pub_key_path=$OPTARG
;;
?)
usage
exit 1
;;
esac
done
# Verify parameters.
if [ -z $jail ] || [ -z $ip ] || [ -z $pub_key_path ];
then
usage
exit 1
fi
# Test if the chroot exists.
if [ -d ${BACKUP_PATH}/${jail} ]; then
echo "Error, directory to chroot already exists!"
exit 1
fi
# Verify the presence of the public key.
if [ ! -f "$pub_key_path" ]; then
echo "Public key $pub_key_path not found."
exit 1
fi
# If port ommited try to guess it.
if [ -z $port ]; then
port=$(grep -h Port /backup/jails/*/etc/ssh/sshd_config \
| grep -Eo [0-9]+ | sort -n | tail -1)
port=$((port+1))
if [ -z $port ]; then
echo "Port cannot be guessed. Add -p option!"
exit 1
fi
fi
# Create the chroot
newchroot ${BACKUP_PATH}/${jail}
# Configure the chroot
echo -n "4 - Configuring the chroot..."
sed -i "s/^Port 2222/Port ${port}/" ${BACKUP_PATH}/${jail}/etc/ssh/sshd_config
sed -i "s/IP/$ip/g" ${BACKUP_PATH}/${jail}/etc/ssh/sshd_config
cat $pub_key_path > ${BACKUP_PATH}/${jail}/root/.ssh/authorized_keys
chmod -R 600 ${BACKUP_PATH}/${jail}/root/.ssh/
chown -R root:root ${BACKUP_PATH}/${jail}/root/.ssh/
cat <<EOT >/etc/evobackup/conf.d/incs/${jail}
+%Y-%m-%d.-0day
+%Y-%m-%d.-1day
+%Y-%m-%d.-2day
+%Y-%m-%d.-3day
+%Y-%m-01.-0month
+%Y-%m-01.-1month
EOT
echo "Done. OpenSSH chroot added! Restart evobackup service."

128
chroot-ssh.sh
View File

@ -1,128 +0,0 @@
#!/bin/bash
# Gregory Colpart <reg@evolix.fr>
# chroot script for OpenSSH
# $Id: chroot-ssh.sh,v 1.12 2010-07-02 17:40:29 gcolpart Exp $
# tested on Debian Etch and recently on Lenny
# Exec this script for jail creation:
# ./chroot-ssh.sh /backup/jails/myserver
# Note: etc/{sshd_config,group,passwd} files should be present
# For Etch
# Start: chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null
# Reload: kill -HUP `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# Stop: kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# Restart: Stop + Start
# For Lenny
# Start :
# chroot /backup/jails/myserver mount -t proc proc-chroot /proc/
# chroot /backup/jails/myserver mount -t devpts devpts-chroot /dev/pts/
# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null
# Reload: kill -HUP `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# Stop: kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# Restart:
# kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null
# After *each* ssh upgrade or libs upgrade:
# sh chroot-ssh.sh updateall
# And restart all sshd daemons
bincopy() {
chrootdir=$1
# TODO : better detection of amd64 arch
cp -f /lib/ld-linux.so.2 $chrootdir/lib/ || cp -f /lib64/ld-linux-x86-64.so.2 $chrootdir/lib64/
cp /lib/libnss* $chrootdir/lib/
for dbin in /bin/bash /bin/cat /bin/chown /bin/mknod /bin/rm /bin/sed /bin/sh /bin/uname /bin/mount /usr/bin/rsync /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
cp -f $dbin $chrootdir/$dbin;
# (comme dans http://www.gcolpart.com/hacks/chroot-bind.sh)
for lib in `ldd $dbin | cut -d">" -f2 | cut -d"(" -f1`; do
cp -p $lib $chrootdir/$lib
done
done
}
# synopsis
if [ $# -ne 1 ]; then
echo "Vous devez indiquer un repertoire."
echo "Exemple : chroot-ssh.sh /backup/jails/myserver"
exit 0
fi
# are u root?
if [ `whoami` != "root" ]; then
echo "Vous devez executer le script en étant root."
exit 0
fi
if [ -e $1 ]; then
echo "Le repertoire $1 existe deja..."
fi
if [ "$1" = "updateall" ]; then
for i in `ls -1 /backup/jails/*/lib/libnss_compat.so.2`; do
chrootdir=`echo $i | cut -d"/" -f1,2,3,4`
echo -n "MaJ $chrootdir ..."
bincopy $chrootdir
echo "...OK"
done
else
# where is jail
chrootdir=$1
mkdir -p $chrootdir
chown root:root $chrootdir
umask 022
# create jail
echo -n "1 - Creation de la prison..."
mkdir -p $chrootdir/{bin,dev,etc/ssh,lib,lib64,proc}
mkdir -p $chrootdir/lib/{x86_64-linux-gnu,tls/i686/cmov,i686/cmov}
mkdir -p $chrootdir/usr/{bin,lib,sbin}
mkdir -p $chrootdir/usr/lib/{x86_64-linux-gnu,openssh,i686/cmov}
mkdir -p $chrootdir/root/.ssh
mkdir -p $chrootdir/var/{log,run/sshd}
touch $chrootdir/var/log/{authlog,lastlog,messages,syslog}
touch $chrootdir/etc/fstab
echo "...OK"
echo -n "2 - Copie des donnees..."
cp /proc/devices $chrootdir/proc
cp /etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key} $chrootdir/etc/ssh/
cp etc/sshd_config $chrootdir/etc/ssh/
cp etc/passwd $chrootdir/etc/
cp etc/shadow $chrootdir/etc/
cp etc/group $chrootdir/etc/
echo ".......OK"
echo -n "3 - Copie des binaires..."
bincopy $chrootdir
echo "......OK"
echo -n "4 - Termine."
# end
echo ""
fi

11
chroot-update.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
# Update all OpenSSH chroot.
BACKUP_PATH='/backup/jails'
for i in `ls -1 ${BACKUP_PATH}/*/lib/libnss_compat.so.2`; do
chrootdir=`echo $i | cut -d"/" -f1,2,3,4`
echo -n "Updating $chrootdir ..."
./chroot-bincopy.sh $chrootdir
echo "Done!"
done

27
crons/evobackup-inc.sh Normal file
View File

@ -0,0 +1,27 @@
#!/bin/bash
# Handles creating incrementals backup.
. /etc/evobackup/conf.d/incrementals.cf
tmplog=$(mktemp --tmpdir=/tmp evobackup.tmplog.XXX)
# Don't return *, if bash glob don't find files/dir.
shopt -s nullglob
# Search for incrementals to do.
for client in ${CONFDIR}/*; do
start=$(date --rfc-3339=seconds)
backupname=${client#/etc/evobackup/conf.d/incs/}
echo "Incrementals of $backupname started at ${start}." \
>> $tmplog
[[ ! -d ${INCDIR}/${backupname} ]] && mkdir -p ${INCDIR}/${backupname}
# Do the incrementals.
cp -alx ${JAILDIR}/${backupname} ${INCDIR}/${backupname}/${DATEDIR}
stop=$(date --rfc-3339=seconds)
echo "Incrementals of $backupname ended at ${stop}." >> $tmplog
done
# Save tmplog to global log.
cat $tmplog >> $LOGFILE
# Send mail report.
< $tmplog mailx -s "[info] EvoBackup report of creating incrementals" $MAIL_TO
# Cleaning.
rm $tmplog

47
crons/evobackup-rm.sh Normal file
View File

@ -0,0 +1,47 @@
#!/bin/bash
# Handle removing of incrementals.
. /etc/evobackup/conf.d/incrementals.cf
tmpdir=$(mktemp --tmpdir=/tmp -d evobackup.tmpdir.XXX)
emptydir=$(mktemp --tmpdir=/tmp -d evobackup.empty.XXX)
tmplog=$(mktemp --tmpdir=/tmp evobackup.tmplog.XXX)
# Don't return *, if bash glob don't find files/dir.
shopt -s nullglob
# For each client (machine to backup), delete old incrementals according to the
# config file.
for client in ${CONFDIR}/*; do
# Get only the name of the backup.
backupname=${client#${CONFDIR}/}
# List actual incrementals backup.
for inc in ${INCDIR}/${backupname}/*; do
echo $inc
done > ${tmpdir}/${backupname}.files
# List non-obsolete incrementals backup.
for incConf in $(cat ${CONFDIR}/${backupname}); do
mydate=$(echo $incConf | cut -d. -f1)
before=$(echo $incConf | cut -d. -f2)
date -d "$(date $mydate) $before" "+%Y-%m-%d"
done > ${tmpdir}/${backupname}.keep
# Delete obsolete incrementals backup
for inc in $(grep -v -f ${tmpdir}/${backupname}.keep ${tmpdir}/${backupname}.files); do
start=$(date --rfc-3339=seconds)
echo "Deletion of ${backupname}/${inc#${INCDIR}/${backupname}/} started at ${start}." >> $tmplog
# We use rsync to delete since it is faster than rm!
rsync -a --delete ${emptydir}/ $inc
rmdir $inc
stop=$(date --rfc-3339=seconds)
echo "Deletion of ${backupname}/${inc#${INCDIR}/${backupname}/} ended at ${stop}." >> $tmplog
done
done
# Send mail report only if incrementals where deleted.
if [ -s $tmplog ]; then
# Save tmplog to global log & send mail.
cat $tmplog >> $LOGFILE
< $tmplog mailx -s "[info] EvoBackup - deletion of obsolete incrementals" $MAIL_TO
fi
# Cleaning
rm -rf $tmpdir $emptydir $tmplog

49
crons/zzz_evobackup Normal file
View File

@ -0,0 +1,49 @@
#!/bin/bash
# EvoBackup cronjob.
. /etc/evobackup/conf.d/cron.cf
# Verify if an EvoBackup is already launched, if true, kill it.
if [ -e $PIDFILE ]; then
# Killing the childs of evobackup.
for pid in $(ps h --ppid $(cat $PIDFILE) -o pid | tr -s '\n' ' '); do
kill -9 $pid;
done
# Then kill the main PID.
kill -9 $(cat $PIDFILE)
echo "$0 is running (PID $(cat $PIDFILE)). Process killed." >&2
fi
echo "$$" > $PIDFILE
trap "rm -f $PIDFILE" EXIT INT
# Executes tasks to do before rsync.
run-parts /etc/evobackup/actions.d/
hostname=$(hostname -f)
start=$(date --rfc-3339=seconds)
tmplog=$(mktemp --tmpdir=/tmp evobackup.XXX)
# rsync command line to backup all data.
rsync -avzh --stats --force --ignore-errors --partial \
--include-from=/etc/evobackup/conf.d/include.cf \
--delete --delete-excluded / -e "ssh -p $SSHPORT -4" \
root@${BACKUPSERVER}:/var/backup/ > $tmplog
status=$?
# Keep the last 30 lines & clean temporary log.
tail -30 $tmplog >> $LOG && rm $tmplog
stop=$(date --rfc-3339=seconds)
echo "EvoBackup started at $start." >> $LOG
echo "EvoBackup finished at $stop." >> $LOG
# Send a report
# Did rsync sucessfully finished?
if [ "$status" != 0 ]; then
tail -30 $LOG \
| mailx -s "[warn] EvoBackup for $hostname did not finish correctly." \
$MAIL_TO
else
tail -30 $LOG \
| mailx -s "[info] EvoBackup report for $hostname" $MAIL_TO
fi

29
evobackup
View File

@ -1,29 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: evobackup
# Required-Start: $syslog
# Required-Stop: $syslog
# Default-Start: 2
# Default-Stop: 1
# Short-Description: evobackup jails
### END INIT INFO
set -e
case "$1" in
start)
;;
stop)
;;
reload|force-reload)
;;
restart)
;;
esac
exit 0

27
evobackup-inc.sh
View File

@ -1,27 +0,0 @@
#!/bin/sh
# Script backups incrementaux
# Evolix (c) 2007
CONFDIR=/etc/evobackup/
DATE=$(date +"%d-%m-%Y")
LOGFILE=/var/log/evobackup-sync.log
TMPDIR=/tmp/evobackup/
JAILDIR=/backup/jails/
INCDIR=/backup/incs/
MYMAIL=jdoe@example.com
mkdir -p $TMPDIR
for i in $( ls $CONFDIR ); do
# hard copy everyday
echo -n "hard copy $i begins at : " >> $LOGFILE
/bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE
mkdir -p "$INCDIR"$i
cp -alx $JAILDIR$i $INCDIR$i/$DATE
echo -n "hard copy $i ends at : " >> $LOGFILE
/bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE
done | tee -a $LOGFILE | mail -s "[info] EvoBackup - create incs" $MYMAIL

41
evobackup-rm.sh
View File

@ -1,41 +0,0 @@
#!/bin/sh
# Script backups incrementaux
# Evolix (c) 2007
CONFDIR=/etc/evobackup/
DATE=$(date +"%d-%m-%Y")
LOGFILE=/var/log/evobackup-sync.log
TMPDIR=/tmp/evobackup/
JAILDIR=/backup/jails/
INCDIR=/backup/incs/
MYMAIL=jdoe@example.com
mkdir -p $TMPDIR
for i in $( ls $CONFDIR ); do
# list actual inc backups
for j in $( ls $INCDIR$i ); do
echo $j
done > "$TMPDIR"$i.files
# list non-obsolete inc backups
for j in $( cat $CONFDIR$i ); do
MYDATE=$( echo $j | cut -d. -f1 )
BEFORE=$( echo $j | cut -d. -f2 )
date -d "$(date $MYDATE) $BEFORE" "+%d-%m-%Y"
done > "$TMPDIR"$i.keep
# delete obsolete inc backups
for j in $( grep -v -f "$TMPDIR"$i.keep "$TMPDIR"$i.files ); do
echo -n "Delete $i/$j begins at : " >> $LOGFILE
/bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE
cd $INCDIR$i
rm -rf $j
echo -n "Delete $i/$j ends at : " >> $LOGFILE
/bin/date +"%d-%m-%Y ; %H:%M" >> $LOGFILE
done
done | tee -a $LOGFILE | mail -s "[info] EvoBackup - purge incs" $MYMAIL

34
install.sh Executable file
View File

@ -0,0 +1,34 @@
#!/bin/bash
# Install EvoBackup configuration and init files.
# Debian or Ubuntu?
flavor=$(lsb_release -i -s)
debian=false
ubuntu=false
if [ "$flavor" = "Debian" ]; then
echo "Debian detected."
debian=true
elif [ "$flavor" = "Ubuntu" ]; then
echo "Ubuntu detected."
ubuntu=true
else
echo "Not a Debian based distribution? If yes, fix this script. Exiting..."
exit 1
fi
# Are we root?
id=$(id -u)
if [ $id != 0 ]; then
echo "Error, you need to be root to install EvoBackup!"
exit 1
fi
cp -r install/etc/evobackup /etc/
# Don't install init script for client-side.
if [ "$1" != "client" ]; then
$debian && cp install/etc/init.d/evobackup /etc/init.d/
$ubuntu && cp install/etc/init/evobackup.conf /etc/init/
fi
echo "Done."
exit 0

5
install/etc/evobackup/actions.d/00_prerequisites Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# Prerequisites actions to do.
test ! -d /home/backup && mkdir /home/backup
exit 0

44
install/etc/evobackup/actions.d/10_mysql.disabled Executable file
View File

@ -0,0 +1,44 @@
#!/bin/bash
# Many ways of backuping MySQL/MariaDB databases.
# Dump with all databases in one file.
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf \
# --opt --all-databases --force --events | gzip --best > /home/backup/mysql.bak.gz
# Dump des BDD en .sql.gz
# mkdir -p /home/mysqldump/
# for i in $(mysql -e 'show databases' -s --skip-column-names | egrep -v "^(Database|information_schema|performance_schema)"); do
# mysqldump --force --events $i | gzip --best > /home/mysqldump/${i}.sql.gz
# done
# for i in $(echo SHOW DATABASES | mysql | egrep -v "^(Database|information_schema|performance_schema)" ); \
# do mkdir -p /home/mysqldump/$i ; chown -R mysql /home/mysqldump ; \
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q --opt --events --skip-comments -T \
# /home/mysqldump/$i $i; done
# Dump par base
# mkdir -p -m 700 /home/mysqldump/BASE
# chown -R mysql /home/mysqldump/
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q \
# --opt --events --skip-comments -T /home/mysqldump/BASE BASE
# mkdir -p /home/mysqlhotcopy/
# mysqlhotcopy BASE /home/mysqlhotcopy/
# Dump instanceS MySQL
#
## Recherche du mot de passe mysqladmin
#mysqladminpasswd=`cat /root/.my.cnf |grep -m1 'password = .*' |cut -d" " -f3`
#
## Determination des instances MySQL disponibles sur le serveur (hors 3306)
#grep -E "^port\s*=\s*\d*" /etc/mysql/my.cnf |while read instance; do
# instance=$(echo $instance |tr -d '\t')
# instance=${instance// /}
# instance=${instance//port=/}
# if [ "$instance" != "3306" ]
# then
# mysqldump -P $instance --opt --all-databases -u mysqladmin -p$mysqladminpasswd > /home/backup/mysql.$instance.bak
# fi
#done
exit 0

15
install/etc/evobackup/actions.d/11_postgresql.disabled Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# PostgreSQL Dump
# su - postgres -c "pg_dumpall > ~/pg.dump.bak"
# mv ~postgres/pg.dump.bak /home/backup/
# Exemple de backups...
# On sauvegarde les tables d'une base sauf des exceptions
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f
#/home/backup/pg-backup.tar -t 'TABLE1' -t 'TABLE2' BASE
# On sauvegarde uniquement certaines tables d'une base
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f
#/home/backup/pg-backup.tar -T 'TABLE1' -T 'TABLE2' BASE
exit 0

6
install/etc/evobackup/actions.d/12_redis.disabled Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# Dump Redis
# cp /var/lib/redis/dump.rdb /home/backup/
exit 0

7
install/etc/evobackup/actions.d/13_mongodb.disabled Executable file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# Dump MongoDB
# mongodump -u mongobackup -pPASS -o /home/backup/mongodump/ >/dev/null 2>&1
# |grep -v "^connected to:"
exit 0

29
install/etc/evobackup/actions.d/14_elasticsearch.disabled Executable file
View File

@ -0,0 +1,29 @@
#!/bin/bash
# Dump/Snapshots for Elasticsearch 1.0
## Yout need to register a repository, this action need to be only done one time,
## but you must register a repository on all nodes!
## $ curl -XPUT 'http://localhost:9200/_snapshot/backup' -d '{
## "type": "fs",
## "settings": {
## "location": "/home/backup-elasticsearch",
## "compress": true
## }
## }'
## Delete old snapshots. Handled in EvoBackup.
# rm -rf /home/backup/elasticsearch/*
## Take a snapshot on master node.
# date=$(date +%Y%m%d%H%M)
# curl -XPUT "localhost:9200/_snapshot/backup/snapshot_${date}?wait_for_completion=true"
## To restore: List snapshots, close all indexes & restore one snapshot.
## curl -XGET "localhost:9200/_snapshot/backup/_all?pretty=true"
## curl -XPOST "localhost:9200/_all/_close"
## rsync master node:/home/backup/elasticsearch to slaves nodes
## example : rsync -av --delete /home/backup/elasticsearch node:/home/backup/elasticsearch
## restore snapshots
## curl -XPOST "localhost:9200/_snapshot/backup/snapshot_DATE/_restore?wait_for_completion=true"
exit 0

6
install/etc/evobackup/actions.d/15_ldap.disabled Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# Dump LDAP
# slapcat -l /home/backup/ldap.bak
exit 0

26
install/etc/evobackup/actions.d/99_system_info Executable file
View File

@ -0,0 +1,26 @@
#!/bin/bash
# Get system informations.
# Dependency: dd, sfdisk, mtr, traceroute, ps, netstat, dpkg
# Extract MBR / table partitions.
dd if=/dev/sda of=/home/backup/MBR bs=512 count=1 2>&1 | \
egrep -v "(records in|records out|512 bytes)"
sfdisk -d /dev/sda > /home/backup/partitions 2>&1 | \
egrep -v "(Warning: extended partition does not start at a cylinder boundary|DOS and Linux will interpret the contents differently)"
# Get routes
for addr in 8.8.8.8 backup.evolix.net www.evolix.fr www.evolix.net; do
mtr -r $addr > /home/backup/mtr-${addr}
traceroute -n $addr > /home/backup/traceroute-${addr}
done
# Process list.
ps auwwwx > /home/backup/process.txt
# Network connections list.
netstat -taupen > /home/backup/netstat.txt
# Packages list.
dpkg -l > /home/backup/packages.txt
exit 0

17
install/etc/evobackup/conf.d/cron.cf Normal file
View File

@ -0,0 +1,17 @@
# Pid file
PIDFILE="/var/run/evobackup.pid"
# Port of the OpenSSH chroot on the backup server.
SSHPORT=2222
# Hostname OR adress IP of the backup server.
BACKUPSERVER="mybackupserver.domain.tld"
# A mail to send the report or alert.
MAIL_TO="jdoe@example.com"
# Log file
LOG="/var/log/evobackup.log"
# Used when you have more than one backup server.
NODE=$(( $(date +%-d) % 2 ))

37
install/etc/evobackup/conf.d/include.cf Normal file
View File

@ -0,0 +1,37 @@
# Use this file to exlude files (-) or explicit include (+).
# Exemple, backup /home/backup/mysql.bak.gz but not what is left in /home/backup
# + /home/backup/mysql.bak.gz
# - /home/backup/**
# General excludes.
- lost+found
- .nfs.*
- /backup
- /dev
- /lib
- /proc
- /selinux
- /run
- /sys
- /tmp
- /usr/doc
- /usr/lib
- /usr/src
- /usr/share/doc
- /usr/obj
- /var/log
- /var/lib/mysql
- /var/lib/postgres
- /var/lib/postgresql
- /var/lib/sympa
- /var/lib/metche
- /var/run
- /var/lock
- /var/state
- /var/apt
- /var/cache
- /var/spool/postfix
- /var/lib/amavis/amavisd.sock
- /var/lib/munin/munin-update.stats.tmp
- /var/lib/php5
- /var/spool/squid

6
install/etc/evobackup/conf.d/incrementals.cf Normal file
View File

@ -0,0 +1,6 @@
CONFDIR=/etc/evobackup/conf.d/incs
DATEDIR=$(date +"%Y-%m-%d")
LOGFILE=/var/log/evobackup-incs.log
JAILDIR=/backup/jails
INCDIR=/backup/incs
MAIL_TO=jdoe@example.com

0
install/etc/evobackup/conf.d/incs/.dummy Normal file
View File

51
install/etc/init.d/evobackup Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
### BEGIN INIT INFO
# Provides: evobackup
# Required-Start: $syslog
# Required-Stop: $syslog
# Default-Start: 2
# Default-Stop: 1
# Short-Description: Backup manager using rsync and OpenSSH chroot.
### END INIT INFO
set -e
BACKUP_PATH=/backup
case "$1" in
start)
for jail in ${BACKUP_PATH}/jails/*; do
mount -t proc proc-chroot ${jail}/proc/
mount -t devtmpfs udev ${jail}/dev/
mount -t devpts devpts ${jail}/dev/pts
chroot ${jail} /usr/sbin/sshd > /dev/null
done
;;
stop)
for jail in ${BACKUP_PATH}/jails/*; do
kill $(chroot $jail cat /var/run/sshd.pid)
umount ${jail}/proc/
umount ${jail}/dev/pts/
# Need to wait a little time before unmounting /dev
sleep 0.2
umount ${jail}/dev
done
;;
reload|force-reload)
for jail in ${BACKUP_PATH}/jails/*; do
kill -HUP \
$(chroot $jail cat /var/run/sshd.pid)
done
;;
restart)
for jail in ${BACKUP_PATH}/jails/*; do
kill $(chroot $jail cat /var/run/sshd.pid)
chroot $jail /usr/sbin/sshd > /dev/null
done
;;
esac
exit 0

29
install/etc/init/evobackup.conf Normal file
View File

@ -0,0 +1,29 @@
# evobackup
description "Backup manager using rsync and OpenSSH chroot."
author "Evobackup team <equipe@evolix.fr>"
start on (filesystem and net-device-up IFACE=lo)
stop on runlevel [!2345]
env BACKUP_PATH=/backup
pre-start script
for jail in ${BACKUP_PATH}/jails/*; do
mount -t proc proc-chroot ${jail}/proc
mount -t devtmpfs udev ${jail}/dev
mount -t devpts devpts ${jail}/dev/pts
chroot $jail /usr/sbin/sshd > /dev/null
done
end script
post-stop script
for jail in ${BACKUP_PATH}/jails/*; do
kill $(chroot $jail cat /var/run/sshd.pid)
umount ${jail}/proc
umount ${jail}/dev/pts
# Need to wait a little time before unmounting /dev
sleep 0.2
umount ${jail}/dev
done
end script

101
jail-evobackup-add.sh
View File

@ -1,101 +0,0 @@
#!/bin/sh
BACKUP_ROOT='/backup'
function usage {
cat <<EOT >&2
Add an evobackup jail.
Usage : $0 -n name -i ip -p port -k pub-key-path
All these options are required
-n : name of the jail
-i : IP address of client machine
-p : SSH port where jail listen on
-k : path to the SSH public key of the client machine
EOT
}
while getopts ':n:i:p:k:' o
do
case $o in
n)
jail=$OPTARG
;;
i)
ip=$OPTARG
;;
p)
port=$OPTARG
;;
k)
pub_key_path=$OPTARG
;;
?)
usage
exit 1
;;
esac
done
if [ -z $jail ] || [ -z $ip ] || [ -z $port ] || [ -z $pub_key_path ]; then
usage
exit 1
fi
if [ ! -f "$pub_key_path" ]; then
echo "public key file $pub_key_path not found."
exit 1
fi
if [ ! -f 'chroot-ssh.sh' ]; then
echo 'script chroot-ssh.sh not found, make sure you are in the correct directory!'
exit 1
fi
bash chroot-ssh.sh $BACKUP_ROOT/jails/$jail
sed -i "s/^Port 2222/Port $port/" $BACKUP_ROOT/jails/$jail/etc/ssh/sshd_config
sed -i "s/IP/$ip/g" $BACKUP_ROOT/jails/$jail/etc/ssh/sshd_config
cat $pub_key_path >> $BACKUP_ROOT/jails/$jail/root/.ssh/authorized_keys
chmod -R 600 $BACKUP_ROOT/jails/$jail/root/.ssh/
chown -R root:root $BACKUP_ROOT/jails/$jail/root/.ssh/
if [ ! -f '/etc/init.d/evobackup' ]; then
cp evobackup /etc/init.d/
update-rc.d evobackup start 99 2 .
fi
sed -i "\?^\s\+start)?a mount -t proc proc-chroot $BACKUP_ROOT/jails/$jail/proc/\n\
mount -t devpts devpts-chroot $BACKUP_ROOT/jails/$jail/dev/pts/\n\
chroot $BACKUP_ROOT/jails/$jail /usr/sbin/sshd > /dev/null\n" \
/etc/init.d/evobackup
sed -i "\?^\s\+stop)?a umount $BACKUP_ROOT/jails/$jail/proc/\n\
umount $BACKUP_ROOT/jails/$jail/dev/pts/\n\
kill -9 \`chroot $BACKUP_ROOT/jails/$jail cat /var/run/sshd.pid\`\n" \
/etc/init.d/evobackup
sed -i "\?force-reload)?a kill -HUP \`chroot $BACKUP_ROOT/jails/$jail cat /var/run/sshd.pid\`\n" \
/etc/init.d/evobackup
sed -i "\?\\s\+restart)?a kill -9 \`chroot $BACKUP_ROOT/jails/$jail cat /var/run/sshd.pid\`\n\
chroot $BACKUP_ROOT/jails/$jail /usr/sbin/sshd > /dev/null\n" \
/etc/init.d/evobackup
mount -t proc proc-chroot /backup/jails/$jail/proc/
mount -t devpts devpts-chroot /backup/jails/$jail/dev/pts/
chroot /backup/jails/$jail /usr/sbin/sshd
[ -d /etc/evobackup ] || mkdir /etc/evobackup/
cat <<EOT >/etc/evobackup/$jail
+%Y-%m-%d.-0day
+%Y-%m-%d.-1day
+%Y-%m-%d.-2day
+%Y-%m-%d.-3day
+%Y-%m-01.-0month
+%Y-%m-01.-1month
EOT

191
zzz_evobackup
View File

@ -1,191 +0,0 @@
#!/bin/sh
#
# Script evobackup client
# $Id: evobackup_cron_daily_client,v 1.21 2010-08-22 10:15:42 gcolpart Exp $
#
# Verification qu'un autre evobackup n'est pas deja lance
PIDFILE=/var/run/evobackup.pid
if [ -e $PIDFILE ]; then
# Killing the childs of evobackup.
for pid in $(ps h --ppid $(cat $PIDFILE) -o pid | tr -s '\n' ' '); do
kill -9 $pid;
done
# Then kill the main PID.
kill -9 $(cat $PIDFILE)
echo "$0 tourne encore (PID `cat $PIDFILE`). Processus killé" >&2
fi
echo "$$" > $PIDFILE
trap "rm -f $PIDFILE" EXIT
# port SSH
SSH_PORT=2228
# systeme de la machine ("linux" ou "bsd")
SYSTEME=linux
# mail de remontee Evolix
MAIL=jdoe@example.com
NODE=$(expr `date +%d` % 2)
# operations specifiques
mkdir -p -m 700 /home/backup
# Dump LDAP
# slapcat -l /home/backup/ldap.bak
# Dump MySQL
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf \
# --opt --all-databases --force --events | gzip --best > /home/backup/mysql.bak.gz
# Dump des BDD en .sql.gz
# mkdir -p /home/mysqldump/
# for i in $(mysql -e 'show databases' -s --skip-column-names | egrep -v "^(Database|information_schema|performance_schema)"); do
# mysqldump --force --events $i | gzip --best > /home/mysqldump/${i}.sql.gz
# done
# for i in $(echo SHOW DATABASES | mysql | egrep -v "^(Database|information_schema|performance_schema)" ); \
# do mkdir -p /home/mysqldump/$i ; chown -R mysql /home/mysqldump ; \
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q --opt --events --skip-comments -T \
# /home/mysqldump/$i $i; done
# Dump par base
# mkdir -p -m 700 /home/mysqldump/BASE
# chown -R mysql /home/mysqldump/
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --force -Q \
# --opt --events --skip-comments -T /home/mysqldump/BASE BASE
# mkdir -p /home/mysqlhotcopy/
# mysqlhotcopy BASE /home/mysqlhotcopy/
# Dump instanceS MySQL
#
## Recherche du mot de passe mysqladmin
#mysqladminpasswd=`cat /root/.my.cnf |grep -m1 'password = .*' |cut -d" " -f3`
#
## Determination des instances MySQL disponibles sur le serveur (hors 3306)
#grep -E "^port\s*=\s*\d*" /etc/mysql/my.cnf |while read instance; do
# instance=$(echo $instance |tr -d '\t')
# instance=${instance// /}
# instance=${instance//port=/}
# if [ "$instance" != "3306" ]
# then
# mysqldump -P $instance --opt --all-databases -u mysqladmin -p$mysqladminpasswd > /home/backup/mysql.$instance.bak
# fi
#done
# Dump PostgreSQL
# su - postgres -c "pg_dumpall > ~/pg.dump.bak"
# mv ~postgres/pg.dump.bak /home/backup/
# Exemple de backups...
# On sauvegarde les tables d'une base sauf des exceptions
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f /home/backup/pg-backup.tar -t 'TABLE1' -t 'TABLE2' BASE
# On sauvegarde uniquement certaines tables d'une base
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f /home/backup/pg-backup.tar -T 'TABLE1' -T 'TABLE2' BASE
# Dump MongoDB
# Creation d'un utilisateur en lecture seule :
# > use admin
# > db.addUser("mongobackup", "PASS", true);
#mongodump -u mongobackup -pPASS -o /home/backup/mongodump/ >/dev/null 2>&1 |grep -v "^connected to:"
# Dump Redis
# cp /var/lib/redis/dump.rdb /home/backup/
## Dump ElasticSearch
## Disable ES translog flush
#curl -s -XPUT 'localhost:9200/_settings' -d '{"index.translog.disable_flush": true}' >/dev/null
## Flushes translog
#curl -s 'localhost:9200/_flush' | grep -qe '"ok":true'
## If it succeed, do an rsync of the datadir
#if [ $? -eq 0 ]; then
# rsync -a /var/lib/elasticsearch /home/backup/
#else
# echo "Error when flushing ES translog indexes."
#fi
## In any case re-enable translog flush
#curl -s -XPUT 'localhost:9200/_settings' -d '{"index.translog.disable_flush": false}' > /dev/null
# Dump MBR / table partitions
# dd if=/dev/sda of=/home/backup/MBR bs=512 count=1 2>&1 | egrep -v "(records in|records out|512 bytes)"
# sfdisk -d /dev/sda > /home/backup/partitions 2>&1 | egrep -v "(Warning: extended partition does not start at a cylinder boundary|DOS and Linux will interpret the contents differently)"
# Dump routes
for addr in 8.8.8.8 backup.evolix.net www.evolix.fr www.evolix.net; do
mtr -r $addr > /home/backup/mtr-${addr}
traceroute -n $addr > /home/backup/traceroute-${addr}
done
# Dump des processus
ps aux >/home/backup/ps.out
# Dump des connexions reseaux en cours
netstat -taupen >/home/backup/netstat.out
# Liste des paquets installes
dpkg -l >/home/backup/packages
HOSTNAME=$(hostname)
DATE=$(/bin/date +"%d-%m-%Y")
DEBUT=$(/bin/date +"%d-%m-%Y ; %H:%M")
if [ $SYSTEME = "linux" ]; then
rep="/bin /boot /lib /opt /sbin /usr"
else
rep="/bsd /bin /boot /sbin /usr"
fi
rsync -av --delete --force --ignore-errors --partial \
--exclude "lost+found" \
--exclude ".nfs.*" \
--exclude "/var/log" \
--exclude "/var/log/evobackup*" \
--exclude "/var/lib/mysql" \
--exclude "/var/lib/postgres" \
--exclude "/var/lib/postgresql" \
--exclude "/var/lib/sympa" \
--exclude "/var/lib/metche" \
--exclude "/var/run" \
--exclude "/var/lock" \
--exclude "/var/state" \
--exclude "/var/apt" \
--exclude "/var/cache" \
--exclude "/usr/src" \
--exclude "/usr/doc" \
--exclude "/usr/share/doc" \
--exclude "/usr/obj" \
--exclude "dev" \
--exclude "/var/spool/postfix" \
--exclude "/var/lib/amavis/amavisd.sock" \
--exclude "/var/lib/munin/munin-update.stats.tmp" \
--exclude "/var/lib/php5" \
--exclude "/var/spool/squid" \
--exclude "/var/lib/elasticsearch" \
$rep \
/etc \
/root \
/var \
/home \
/srv \
-e "ssh -p $SSH_PORT" \
root@node$NODE.backup.example.com:/var/backup/ \
| tail -20 >> /var/log/evobackup.log
FIN=$(/bin/date +"%d-%m-%Y ; %H:%M")
echo "EvoBackup - $HOSTNAME - START $DEBUT" \
>> /var/log/evobackup.log
echo "EvoBackup - $HOSTNAME - STOP $FIN" \
>> /var/log/evobackup.log
tail -10 /var/log/evobackup.log | \
mail -s "[info] EvoBackup - Client $HOSTNAME" \
$MAIL