If you are using a laptop as your main computation device having reliable and uptodate backup should be a strong priority. A laptop can be stolen, can fall or as any other computer die in a cloud of smoke (like my last laptop did $^%# ).

For quite sometimes I’ve used duply that is a nice an intuitive frontend to duplicity. Duply allows you to have backups that are : encrypted incremental * offsite

This is basically everything that I want from a backup solution. A nice article about duply here. Since I don’t want to remember to run duply every now and then, I want a daemon to think about it at my place. If you are using a laptop, cron is not your friend as you laptop might be sleeping or simply not connected to the network.

A solution that I knew about for years is anacron. Today I set it up following these instructions. I’ve created 4 different profiles to backup different part of my home directory : home, pictures, media and projects and instructed anacron to run the backup for home and project daily while the rest only weekly.

Since the backup is unattended I’ve used the options of duply that will take care of creating a new full backup each month (2 months for pictures and music). To do this you need to call duply as

duply <profile> backup

and specify the option MAX_FULLBKP_AGE=1M in the conf file of your profile.

I can not sleep better … somebody/something else is looking after my data

And …

something else I might add in the next few days is a script to detect the type of network I’m connected to and to launch the backup accordingly. Some like :

#!/bin/bash

$backuphost=backup.example.org

#gw="$(ip route | awk "/^default via/ {print \$3}")"
#ping -c 1 "$gw" > /dev/null

ping -c 1 "$backuphost" > /dev/null
result="$?"

dev="$(ip route | awk "/^default via/ {print \$5}")"
if [ $dev == "eth0" & $result == 0 ]; then
  # you can run your backup
  echo "wired"
  exit 0
elif [ $dev == "wlan0" & $result == 0 ]; then
  # you can run your backup ... or not
  echo "wireless"
  exit 0
else
  # you should try again another time
  echo "disconnected"
  exit 1
fi

I just finished to setup our off-site backup . Since the admin in the data center where out off-site backup machine is hosted asked for a pull method, I had to setup a “secure” rsync jail to allow him/her to move our data. To this end, I installed rssh, rsync and I setup a simple jail for it.

The rssh configuration is pretty straightforward. First you need to add the backup user to your system.

adduser--disabled-login  --no-create-home --home /var/chroot/backup backup 

Then you can use the script that comes with rssh to build the jail. This script actually build the jail only with scp. This is not enough as we want rsync. To add ryync to the jail is necessary to copy the binary and a couple of libraries that we can easily find out with ldd.

#/usr/share/doc/rssh/examples/mkchroot.sh /var/chroot
#cp /usr/bin/rsync  /var/chroor/usr/bin
#ldd `which rsync`
    libacl.so.1 => /lib/libacl.so.1 (0x00002ad794dd6000)
    libpopt.so.0 => /lib/libpopt.so.0 (0x00002ad794edc000)
    libc.so.6 => /lib/libc.so.6 (0x00002ad794fe5000)
    libattr.so.1 => /lib/libattr.so.1 (0x00002ad795222000)
    /lib64/ld-linux-x86-64.so.2 (0x00002ad794cbe000)
#cp /lib/libacl.so.1 /lib/libpopt.so.0 /lib/libattr.so.1 /var/chroot/lib

Then we need to configure rssh to allow the backup user in the jail

#cat /etc/rssh/rssh.conf
logfacility = LOG_USER
umask = 022
user=backup:011:10000:/var/chroot

In order to give read-only access to the user partition I decided to bind mount the real partition readonly

#mount -o ro --bind /srv/backup /var/chroot/home/backup

and in the end to copy the public key of the backup user in the .ssh directory.

I can finally rync my encrypted backup !

rsync --list-only backup@backupmachine: .
drwxr-xr-x        4096 2009/02/10 03:21:53 .
-rw-r--r--    63056911 2009/02/09 15:59:47 dev_full.1.dar
-rw-r--r--      214303 2009/02/09 16:11:46 dev_incr1.1.dar
-rw-r--r--      281236 2009/02/10 03:17:38 dev_incr2.1.dar
-rw-r--r--     3323334 2009/02/09 16:05:25 mail_full.1.dar
-rw-r--r--        9584 2009/02/09 16:14:19 mail_incr1.1.dar
-rw-r--r--  1211287691 2009/02/10 03:21:24 mail_incr2.1.dar
-rw-r--r--  1156597930 2009/02/09 16:06:48 nfs_full.1.dar
-rw-r--r--    33476937 2009/02/09 16:14:36 nfs_incr1.1.dar
-rw-r--r--   205390873 2009/02/10 03:21:51 nfs_incr2.1.dar
[...]

I’ve modified a script to backup live xen images with dar. This script uses lvm to snapshot a running VM disk, then mount it read only and uses dar to create an incremental backup. The script is a derivative of a script I’ve found on the net [1]. There is still a small problem with journaled file system that even if the fs is frozen before taking the snapshot, for some reason, even if I mount it read only, the kernel module tries to go through the journal to recover the fs. I’m worried that this might lead to data corruptions… There is this old thread [2] shading a bit of light on the problem.

The script is pretty simple. To create a full backup of a xen domain the command line is:

./xenBackup.sh -d domainname

to create an incremental backup :

./xenBackup.sh -d domainname -i 1

where -i is the sequence number of the incremental backup. Of course you need the previous incremental backup for the operation to be successful (if i = 1, you need a full backup) . You can use this script from cron, running a full backup on sunday and an incremental backup every day of the week.

Script attached.

[1] http://www.johnandcailin.com/blog/john/backing-your-xen-domains [2] http://www.nabble.com/Xen-backups-using-LVM-Snapshots-td19988096.html

• Attachment 0