Advanced backup using rsnaphot

This article describes a advanced automated remote backup scheme using the tool rsnapshot from non-root user, which is based on rsync.

rsnapshot makes a specified number of incremental backups of specified file trees from remote servers via ssh with non-user root using sudo, with help of hard links to save space on the backup medium.

The following backup scheme will login to remote user  via ssh, fetch all required files with rsync to   host, rotate the backups on a daily, weekly and monthly basis. That means, it will keep a daily snapshot for 7 days, a weekly snapshot for 4 weeks and a monthly snapshot for 12 month. Furthermore, it uses an extra partition for the backup which will be mounted only for the time of the backup process.

Emerge
Install :

Remote server
First, we will setup remote host  for backup. Remote host is host, which we want backup. For example, it is gentoo server, that serves web server and mysql database.

Backup user
All operations on remote server will be executed from non-root user. Lets create such user:

Backup user must have permissions to run rsync as root, as most of files on  belong to root or other users. As we need to backup them, rsync requires root permissions. Lets give those permission to it:

And add to sudoers to group  ability to run [rsync] from root

rsync wrapper
Remote backup server  will login to this server and execute   command. This wrapper requires for sudo. Lets create those dummy wrapper script

And give executable flag for those script

That all. This  ready for remote backuping

Backup server
Backup server will connect to  server via ssh public key. All backup files will be save to directory.

Backup user
SSH keys, configurations for backup will be stored in backup user Lets create those user and group

Directories
All backups will be saving to directory. We will create backup directory

SSH keys
rsnapshot will login to remote servers via ssh public keys. Lets generate private/public ssh keys for all next ssh sessions.

Save ssh keys to default path without password. After this, copy ssh key to remote server with ssh-copy-id:

And lets recheck, that everything is file

No password should be asked and you simply login to remote.example.com

RSNAPSHOT
Set up the rsnapshot configuration file.

Default rsnapshot config file:

This files have such params:

Parameters, that will directly passed to rsync command:

specify the remote shell to use increase verbosity archive mode. Cause rsync to backup file owners and permissions acl. This option causes rsync to update the destination extended acl attributes to be the same as the source ones xattrs. This option causes rsync to update the destination extended attributes to be the same as the source ones Execute on remote server rsync wrapper script

Path to public key, that should be used for remote ssh login

Path to directory, where all backup files will be stored

specifies a container directory for the backups, usually referring to the machine (in this case, example.com). This can be changed to any name of your choosing. The final snapshots will be saved under

This directory will be excluded from backup

CRON jobs
Add cron job to run backup-ing

rsnaphost jobs will run rsnapshot with minimum CPU and I/O priority.

mysql backup
This backup configuration are workable for small non-production databases, that doesn't have too many transactions. For more advanced mysql backup, see https://dev.mysql.com/doc/refman/5.7/en/backup-methods.html (replication or Binary Log backup)

Login to backup user: sudo -i -u backup

Create file .my.cnf with such content [mysqldump] host = localhost port = 3306 user = backup password = BACKUP_USER_PASSWORD

This file are used every time, when mysqldump tool will be called. Be sure, that only backup user have access to /home/backup/.my.cnf file

Create bash script, that will for backup: /usr/bin/mysqldump --all-databases | bzip2 -c > /backup/mysql/`date +%Y.%m.%d_%H.%M.%S.sql.bz2`
 * 1) /bin/bash

Create mysql user "backup" with access to all databases (like root user, but for backup) GRANT ALL PRIVILEGES ON *.* TO 'backup'@'localhost' IDENTIFIED BY 'BACKUP_USER_PASSWORD';

Add for user backup into crontab: $ crontab -e 0 1 * * * /home/backup/mysql_dump.bash

postgress backup
To be DONE

Restoration
To restore the remote.example.com backups specified above, we would use:

where is the mount point of the fresh root filesystem. In the paths above *.0 refers to the latest increment.

Possible improvements

 * Use remote device for storing backups - TO BE DONE
 * Use encryption to crypt backups - TO BE DONE

External resources

 * - Documentation from rsnapshot site with some help about configuring rsnapshot
 * - HOWTO configure the same, but more general