Remote Backup Using Flexbackup and SSH
December 26th, 2005I have a server running Gentoo Linux which hosts a Subversion repository, a vpopmail and qmail system, a MySql database and more. I’m going to make a backup copy of the data on this machine in the event that I need to rebuild this server. I have chosen Flexbackup to perform this task. Here’s how I did it.
- Install Flexbackup
- Prepare Subversion Repositories for Flexbackup
- Prepare MySql Database for Flexbackup
- Prepare for qmail/vpopmail Flexbackup
- Configuring Passwordless SSH
- Configuring Flexbackup
1. Install Flexbackup
Thanks to Gentoo’s portage, this is as easy as
emerge flexbackup
2. Prepare Subversion Repositories for Backup
It is not wise to simply recursively copy Subversion repositories unless you have first ensured no one is using it. The Berkeley Databases used by Subversion can be in an unrecoverable state while someone is writing to it. Luckily, a script is provided by Subversion called hot-backup.py. In Gentoo this script is named svn-hot-backup and allows us to safely copy a live Berkeley Database. Lets perform a backup now. I’ve created a backup directory called /var/flexbackup/svn which is owned by root and only readable by root. I also have 3 svn repositories named project1, project2 and project3.
svn-hot-backup /var/svn/project1 /var/flexbackup/svn/project1/
svn-hot-backup /var/svn/project2 /var/flexbackup/svn/project2/
svn-hot-backup /var/svn/project3 /var/flexbackup/svn/project3/
This will create a backup copy of each of our repositories. Since I want to automate this process I will add the above lines to a cron job which will run daily.
crontab -e
And add the following
01 0 * * * svn-hot-backup /var/svn/project1/ /var/flexbackup/svn/project1/ >/dev/null 2>&1
02 0 * * * svn-hot-backup /var/svn/project2/ /var/flexbackup/svn/project2/ >/dev/null 2>&1
03 0 * * * svn-hot-backup /var/svn/project3/ /var/flexbackup/svn/project3/ >/dev/null 2>&1
3. Prepare MySql Database for Flexbackup
We will use the mysqldump utility to backup all of our MySql databases. We will store this backup in a file /var/flexbackup/mysql/mysql_backup.sql
mysqldump -uroot --password=yourpassword -hlocalhost --all-databases --opt --allow-keywords --flush-logs --hex-blob --master-data --max_allowed_packet=16M --quote-names --result-file=/var/flexbackup/mysql/mysql_backup.sql
Again, I wish to automate this process and have added it as a cronjob which runs daily.
4. Prepare for qmail/vpopmail Flexbackup
Backing up qmail and vpopmail is more straightforward. We just need to tell Flexbackup the directory locations these programs use and we’re done. In my case these locations are /var/qmail and /var/vpopmail.
5. Configuring Passwordless SSH
So that we can use the Flexbackup command in a cronjob, we need to make sure we can ssh into our remote server without being prompted for a password. The solution is passwordless SSH. There are security implications in using this system. I am fairly comfortable with it, if you are concerned I suggest you read up on the process so that you understand the implications.
Ok lets go. On the client machine (The machine containing the important data) as root we must generate a public/private key pair. I am using SSH2 and will use the dsa algorithm to generate my keys. When asked for a passphrase just press enter.
ssh-keygen -t dsa
Our keys have now been created. By default these will be in ~/.ssh/ directory. The file named id_dsa.pub is your public key. This key must be stored in the backup server users home directory in a file called ~/.ssh/authorized_keys. Lets use scp to copy our newly created public key id_dsa.pub to our backup server. I have created a user called backup on my backup server.
scp id_dsa.pub backup@backupserver.org:
Remember that trailing colon! Now ssh into your backup server as your backup user and append this public key to ~/.ssh/authorized_keys.
mkdir .ssh
chmod 700 .ssh
cat id_dsa.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
rm id_dsa.pub
That’s it. We should now be able to ssh to our backup server with no password prompt.
Now we must tell Flexbackup to backup all of these directories.
6. Configuring Flexbackup
We can now edit the Flexbackup configuration file, /etc/flexbackup.conf. I’ve added these lines under sets
$set{'subversion'} = "/var/backup/svn";
$set{'mysql'} = "/var/backup/mysql";
$set{'qmail'} = "/var/qmail";
$set{'vpopmail'} = "/var/vpopmail";
The title of this article is a little misleading. I could not get Flexbackup to use SSH to backup to a remote server. Instead I’ve had to cheat a little. I had to run Flexbackup locally and then use scp to copy the backup files to a remote server. This works but some of the features of Flexbackup are lost. If you have Flexbackup working with SSH please let me know. In the mean time, here is my inelegant hack. Edit the $device variable in /etc/flexbackup.conf to point to location on your local filesystem. Here is my entry
$device = 'var/backup';
Now we can test that this works before adding it to cron by typing
flexbackup -set all
Now we need to copy this information to our backup server using scp. Since we have already set up passwordless ssh, this is quite straightforward.
scp backupfile.tar.gz backup@backupserver.org:
If this works we can now edit our crontab and add the following lines.
30 1 * * * flexbackup -set all >/dev/null 2>&1
45 1 * * * scp /var/backup/*.tar.gz backup@backupserver.org: >/dev/null 2>&1
We’re done. Every night your Subversion repositories, MySql database, Qmail and Vpopmail information should be backed up to a remote server.
Useful Links