====== Généralités ====== Grifon réalise des sauvegardes quotidiennes des données et configurations de ses VM avec l'outil [[https://borgbackup.readthedocs.io/en/stable/#|Borg Backup]]. La destination des sauvegardes est une VM qui se trouve sur un site distant : [[machines:grifon:loth|Loth]]. Voici maintenant un exemple de mise en place de la sauvegarde automatique quotidienne pour une VM. ====== Initialisation ====== resolver02 ~ # ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:k1sJUwhscOyN4lJfjQAyj+dY42n/YOXBG8HwNnujBx0 root@resolver02.grifon.fr The key's randomart image is: +---[RSA 2048]----+ | o o=+. .. | | = .=+.. | | . =o +OoE | | *oooo+O.o | | .o=o .S * | | .....o @ . | | . + = . | | . o . | | . | +----[SHA256]-----+ resolver02 ~ # cat /root/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdkdcHKX/mRy5EoQdXjO7TT5ZcWqIFGqH7Q4c4ErAMyXVquIjDUn0PLMmjGnpQgZ/thW4jS4qEjmwbRSxxRvDdSdkXzelTbN/dpMPAfeH6j3NqaDBgiKYIas9DvMYy8mag3i6uUoix4ISP4u+xS8nWoUv86fJ7T6pIe90IvBLtnrzg4SA0c6Hb6xfFhdanLhr4zT28cP0dQam1vByX4JsTNo8X81CfXijPz6fpE2CEZJKHZM7cSsa4ghvs8Q+WxAzzuL17VW2x0FYo8MWNO/slkmZcF2zi5QcCSRrOMvVr5XbH27rtj2kozC+Q3qxDRKM276d7BzwWqqRaxpOE69V root@resolver02.grifon.fr loth ~ # echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdkdcHKX/mRy5EoQdXjO7TT5ZcWqIFGqH7Q4c4ErAMyXVquIjDUn0PLMmjGnpQgZ/thW4jS4qEjmwbRSxxRvDdSdkXzelTbN/dpMPAfeH6j3NqaDBgiKYIas9DvMYy8mag3i6uUoix4ISP4u+xS8nWoUv86fJ7T6pIe90IvBLtnrzg4SA0c6Hb6xfFhdanLhr4zT28cP0dQam1vByX4JsTNo8X81CfXijPz6fpE2CEZJKHZM7cSsa4ghvs8Q+WxAzzuL17VW2x0FYo8MWNO/slkmZcF2zi5QcCSRrOMvVr5XbH27rtj2kozC+Q3qxDRKM276d7BzwWqqRaxpOE69V root@resolver02.grifon.fr' >> /home/backup/.ssh/authorized_keys resolver02 ~ # emerge -va borgbackup […] >>> No outdated packages were found on your system. * GNU info directory index is up-to-date. resolver02 ~ # borg init -e=none backup@loth.grifon.fr:$(hostname -s ) The authenticity of host 'loth.grifon.fr (2001:67c:1740:9007::20)' can't be established. ECDSA key fingerprint is SHA256:aIHusQI+wt/ea+ym+z/TinYNga6v9Vvrndutr84Irws. Are you sure you want to continue connecting (yes/no)? yes Remote: Warning: Permanently added 'loth.grifon.fr,2001:67c:1740:9007::20' (ECDSA) to the list of known hosts. loth ~ # mv /home/backup/resolver02/ /var/backup/ loth ~ # ln -s /var/backup/resolver02/ /home/backup/ ====== Init repo ====== Il faut init le repo sur la target de backup, exemple sur backup03 : backup@backup03:~/grifon$ pwd /var/backups/grifon backup@backup03:~/grifon$ mkdir gitlab Puis depuis le serveur à backuper : root@gitlab:~# borg init -e none backup@backup03.grifon.fr:/var/backups/grifon/$(hostname -s) ====== Script de backup ====== Script à mettre dans /usr/local/sbin/backup.sh : #!/usr/bin/env bash borg prune -v backup@backup03.grifon.fr:/var/backups/grifon/$(hostname -s) --keep-daily=7 --keep-weekly=4 --keep-monthly=1 borg create --info --stats --compression lzma,9 backup@backup03.grifon.fr:/var/backups/grifon/$(hostname -s)::$(date +%F) $(find / -maxdepth 1 -type d | grep -Ev '^/$|^/tmp|^/lost\+found|^/mnt|^/run|^/proc|^/dev|^/sys|^/media' | tr '\n' ' ') puis : chmod +x /usr/local/sbin/backup.sh et enfin un fichier de cron : echo "51 0 * * * root /usr/local/sbin/backup.sh" > /etc/cron.d/backup