Grifon réalise des sauvegardes quotidiennes des données et configurations de ses VM avec l'outil Borg Backup. La destination des sauvegardes est une VM qui se trouve sur un site distant : Loth.

Voici maintenant un exemple de mise en place de la sauvegarde automatique quotidienne pour une VM.

resolver02 ~ # ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:k1sJUwhscOyN4lJfjQAyj+dY42n/YOXBG8HwNnujBx0 root@resolver02.grifon.fr
The key's randomart image is:
+---[RSA 2048]----+
|  o o=+. ..      |
|   = .=+..       |
|  . =o +OoE      |
|   *oooo+O.o     |
|  .o=o .S *      |
|  .....o @ .     |
|   .  + = .      |
|     . o .       |
|        .        |
+----[SHA256]-----+
resolver02 ~ # cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdkdcHKX/mRy5EoQdXjO7TT5ZcWqIFGqH7Q4c4ErAMyXVquIjDUn0PLMmjGnpQgZ/thW4jS4qEjmwbRSxxRvDdSdkXzelTbN/dpMPAfeH6j3NqaDBgiKYIas9DvMYy8mag3i6uUoix4ISP4u+xS8nWoUv86fJ7T6pIe90IvBLtnrzg4SA0c6Hb6xfFhdanLhr4zT28cP0dQam1vByX4JsTNo8X81CfXijPz6fpE2CEZJKHZM7cSsa4ghvs8Q+WxAzzuL17VW2x0FYo8MWNO/slkmZcF2zi5QcCSRrOMvVr5XbH27rtj2kozC+Q3qxDRKM276d7BzwWqqRaxpOE69V root@resolver02.grifon.fr

loth ~ # echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdkdcHKX/mRy5EoQdXjO7TT5ZcWqIFGqH7Q4c4ErAMyXVquIjDUn0PLMmjGnpQgZ/thW4jS4qEjmwbRSxxRvDdSdkXzelTbN/dpMPAfeH6j3NqaDBgiKYIas9DvMYy8mag3i6uUoix4ISP4u+xS8nWoUv86fJ7T6pIe90IvBLtnrzg4SA0c6Hb6xfFhdanLhr4zT28cP0dQam1vByX4JsTNo8X81CfXijPz6fpE2CEZJKHZM7cSsa4ghvs8Q+WxAzzuL17VW2x0FYo8MWNO/slkmZcF2zi5QcCSRrOMvVr5XbH27rtj2kozC+Q3qxDRKM276d7BzwWqqRaxpOE69V root@resolver02.grifon.fr' >> /home/backup/.ssh/authorized_keys

resolver02 ~ # emerge -va borgbackup
[…]
>>> No outdated packages were found on your system.

 * GNU 

info directory index is up-to-date.
resolver02 ~ # borg init -e=none backup@loth.grifon.fr:$(hostname -s )
The authenticity of host 'loth.grifon.fr (2001:67c:1740:9007::20)' can't be established.
ECDSA key fingerprint is SHA256:aIHusQI+wt/ea+ym+z/TinYNga6v9Vvrndutr84Irws.
Are you sure you want to continue connecting (yes/no)? yes
Remote: Warning: Permanently added 'loth.grifon.fr,2001:67c:1740:9007::20' (ECDSA) to the list of known hosts.

loth ~ # mv /home/backup/resolver02/ /var/backup/
loth ~ # ln -s /var/backup/resolver02/ /home/backup/

Il faut init le repo sur la target de backup, exemple sur backup03 :

backup@backup03:~/grifon$ pwd
/var/backups/grifon
backup@backup03:~/grifon$ mkdir gitlab

Puis depuis le serveur à backuper :

root@gitlab:~# borg init -e none backup@backup03.grifon.fr:/var/backups/grifon/$(hostname -s)

Script à mettre dans /usr/local/sbin/backup.sh :

#!/usr/bin/env bash

borg prune -v backup@backup03.grifon.fr:/var/backups/grifon/$(hostname -s) --keep-daily=7 --keep-weekly=4 --keep-monthly=1
borg create --info --stats --compression lzma,9 backup@backup03.grifon.fr:/var/backups/grifon/$(hostname -s)::$(date +%F) $(find / -maxdepth 1 -type d | grep -Ev '^/$|^/tmp|^/lost\+found|^/mnt|^/run|^/proc|^/dev|^/sys|^/media' | tr '\n' ' ')

puis :

chmod +x /usr/local/sbin/backup.sh

et enfin un fichier de cron :

echo "51 0 * * * root /usr/local/sbin/backup.sh" > /etc/cron.d/backup