====== Généralités ======
Grifon réalise des sauvegardes quotidiennes des données et configurations de ses VM avec l'outil [[https://borgbackup.readthedocs.io/en/stable/#|Borg Backup]]. La destination des sauvegardes est une VM qui se trouve sur un site distant : [[machines:grifon:loth|Loth]].
Voici maintenant un exemple de mise en place de la sauvegarde automatique quotidienne pour une VM.
====== Initialisation ======
resolver02 ~ # ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:k1sJUwhscOyN4lJfjQAyj+dY42n/YOXBG8HwNnujBx0 root@resolver02.grifon.fr
The key's randomart image is:
+---[RSA 2048]----+
| o o=+. .. |
| = .=+.. |
| . =o +OoE |
| *oooo+O.o |
| .o=o .S * |
| .....o @ . |
| . + = . |
| . o . |
| . |
+----[SHA256]-----+
resolver02 ~ # cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdkdcHKX/mRy5EoQdXjO7TT5ZcWqIFGqH7Q4c4ErAMyXVquIjDUn0PLMmjGnpQgZ/thW4jS4qEjmwbRSxxRvDdSdkXzelTbN/dpMPAfeH6j3NqaDBgiKYIas9DvMYy8mag3i6uUoix4ISP4u+xS8nWoUv86fJ7T6pIe90IvBLtnrzg4SA0c6Hb6xfFhdanLhr4zT28cP0dQam1vByX4JsTNo8X81CfXijPz6fpE2CEZJKHZM7cSsa4ghvs8Q+WxAzzuL17VW2x0FYo8MWNO/slkmZcF2zi5QcCSRrOMvVr5XbH27rtj2kozC+Q3qxDRKM276d7BzwWqqRaxpOE69V root@resolver02.grifon.fr
loth ~ # echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdkdcHKX/mRy5EoQdXjO7TT5ZcWqIFGqH7Q4c4ErAMyXVquIjDUn0PLMmjGnpQgZ/thW4jS4qEjmwbRSxxRvDdSdkXzelTbN/dpMPAfeH6j3NqaDBgiKYIas9DvMYy8mag3i6uUoix4ISP4u+xS8nWoUv86fJ7T6pIe90IvBLtnrzg4SA0c6Hb6xfFhdanLhr4zT28cP0dQam1vByX4JsTNo8X81CfXijPz6fpE2CEZJKHZM7cSsa4ghvs8Q+WxAzzuL17VW2x0FYo8MWNO/slkmZcF2zi5QcCSRrOMvVr5XbH27rtj2kozC+Q3qxDRKM276d7BzwWqqRaxpOE69V root@resolver02.grifon.fr' >> /home/backup/.ssh/authorized_keys
resolver02 ~ # emerge -va borgbackup
[…]
>>> No outdated packages were found on your system.
* GNU
info directory index is up-to-date.
resolver02 ~ # borg init -e=none backup@loth.grifon.fr:$(hostname -s )
The authenticity of host 'loth.grifon.fr (2001:67c:1740:9007::20)' can't be established.
ECDSA key fingerprint is SHA256:aIHusQI+wt/ea+ym+z/TinYNga6v9Vvrndutr84Irws.
Are you sure you want to continue connecting (yes/no)? yes
Remote: Warning: Permanently added 'loth.grifon.fr,2001:67c:1740:9007::20' (ECDSA) to the list of known hosts.
loth ~ # mv /home/backup/resolver02/ /var/backup/
loth ~ # ln -s /var/backup/resolver02/ /home/backup/
====== Init repo ======
Il faut init le repo sur la target de backup, exemple sur backup03 :
backup@backup03:~/grifon$ pwd
/var/backups/grifon
backup@backup03:~/grifon$ mkdir gitlab
Puis depuis le serveur à backuper :
root@gitlab:~# borg init -e none backup@backup03.grifon.fr:/var/backups/grifon/$(hostname -s)
====== Script de backup ======
Script à mettre dans /usr/local/sbin/backup.sh :
#!/usr/bin/env bash
borg prune -v backup@backup03.grifon.fr:/var/backups/grifon/$(hostname -s) --keep-daily=7 --keep-weekly=4 --keep-monthly=1
borg create --info --stats --compression lzma,9 backup@backup03.grifon.fr:/var/backups/grifon/$(hostname -s)::$(date +%F) $(find / -maxdepth 1 -type d | grep -Ev '^/$|^/tmp|^/lost\+found|^/mnt|^/run|^/proc|^/dev|^/sys|^/media' | tr '\n' ' ')
puis :
chmod +x /usr/local/sbin/backup.sh
et enfin un fichier de cron :
echo "51 0 * * * root /usr/local/sbin/backup.sh" > /etc/cron.d/backup