Advanced backup using rsnaphot

This article Article description::describes a advanced automated remote backup scheme using the tool as non-root user, which is based on rsync.

rsnapshot makes a specified number of incremental backups of specified file trees from remote servers via ssh with non-user root using sudo, with help of hard links to save space on the backup medium.

The following backup scheme will login to remote user  via ssh, fetch all required files with rsync to   host, rotate the backups on a daily, weekly and monthly basis. That means, it will keep a daily snapshot for 7 days, a weekly snapshot for 4 weeks and a monthly snapshot for 12 month. Furthermore, it uses an extra partition for the backup which will be mounted only for the time of the backup process.

Emerge
Install :

Remote server
First, we will setup remote host  for backup. Remote host is host, which we want backup. For example, it is Gentoo server, that serves web server and MySQL database.

Backup user
All operations on remote server will be executed from non-root user. Lets create such user:

Backup user must have permissions to run rsync as root, as most of files on  belong to root or other users. As we need to backup them, rsync requires root permissions. Lets give those permission to it:

And add to sudoers to group  ability to run [rsync] from root

rsync wrapper
Remote backup server  will login to this server and execute   command. This wrapper requires for sudo. Lets create those dummy wrapper script

And give executable flag for those script

That all. This  ready for remote backuping

Backup server
Backup server will connect to  server via ssh public key. All backup files will be save to directory.

Backup user
SSH keys, configurations for backup will be stored in backup user Lets create those user and group

Directories
All backups will be saving to directory. We will create backup directory

SSH keys
rsnapshot will login to remote servers via ssh public keys. Lets generate private/public ssh keys for all next ssh sessions.

Save ssh keys to default path without password. After this, copy ssh key to remote server with ssh-copy-id:

And lets recheck, that everything is file

No password should be asked and you simply login to remote.example.com

rsnapshot
Set up the rsnapshot configuration file.

Default rsnapshot config file:

This files have such params:

Parameters, that will directly passed to rsync command:

specify the remote shell to use increase verbosity archive mode. Cause rsync to backup file owners and permissions acl. This option causes rsync to update the destination extended acl attributes to be the same as the source ones xattrs. This option causes rsync to update the destination extended attributes to be the same as the source ones Execute on remote server rsync wrapper script

Path to public key, that should be used for remote ssh login

Path to directory, where all backup files will be stored

specifies a container directory for the backups, usually referring to the machine (in this case, example.com). This can be changed to any name of your choosing. The final snapshots will be saved under

This directory will be excluded from backup

cron jobs
Add cron job to run backup-ing

rsnaphost jobs will run with minimum CPU and I/O priority.

MySQL backup
Login to backup user:

Create file with such content

This file are used every time, when tool will be called. Be sure, that only backup user have access to file

Create bash script mysql_dump.bash, that will for backup:

Add executable flag for script:

Create directory, that contain all MySQL backups and grand permissions:

Create MySQL user with access to all databases (like root user, but for backup)

and type:

Last step - create cron job, that will call mysql_dump.bash script and dump all databases. Execute from backup user

and add such line (run every day at 01:00)

PostgreSQL backup
To be DONE

Restoration
To restore the remote.example.com backups specified above, we would use:

If backup are on remote server, rsync can be done via ssh

where is the mount point of the fresh root filesystem. In the paths above *.0 refers to the latest increment.

MySQL
Technically, MySQL dump (created from upper section) are just bzipped text file with SQL commands to MySQL database. Those command will unzip archive, and send sql command to mysql

Possible improvements

 * Use remote device for storing backups - TO BE DONE
 * Use encryption to crypt backups - TO BE DONE

External resources

 * - Documentation from rsnapshot site with some help about configuring rsnapshot
 * - HOWTO configure the same, but more general