Advanced backup using rsnaphot

This article describes a advanced automated remote backup scheme using the tool rsnapshot from non-root user, which is based on rsync.

rsnapshot makes a specified number of incremental backups of specified file trees from remote servers via ssh with non-user root using sudo, using hard links to save space on the backup medium.

The following backup scheme will login to remote user  via ssh, fetch all required files with rsync to   host, rotate the backups on a daily, weekly and monthly basis. That means, it will keep a daily snapshot for 7 days, a weekly snapshot for 4 weeks and a monthly snapshot for 12 month. Furthermore, it uses an extra partition for the backup which will be mounted only for the time of the backup process.

Emerge
Install :

Remote server configuration
First, we will setup remote host  for backup. Remote host is host, which we want backup. For example, it is gentoo server, that serves web server and mysql database.

Backup user
All operations on remote server will be executed from non-root user. Lets create such user:

Backup user must have permissions to run rsync as root, as most of files on  belong to root or other users. As we need to backup them, rsync requires root permissions. Lets give those permission to it:

And add to sudoers to group  ability to run [rsync] from root

rsync wrapper
Remote backup server  will login to this server and execute   command. This wrapper requires for sudo. Lets create those dummy wrapper script

And give executable flag for those script

That all. This  ready for remote backuping

Backup server configuration
Backup server will connect to  server via ssh public key. All backup files will be save to directory.

Backup User
SSH keys, configurations for backup will be stored in backup user Lets create those user and group

Directories
All backups will be saving to directory. We will create backup directory

SSH keys
rsnapshot will login to remote servers via ssh public keys. Lets generate private/public ssh keys for all next ssh sessions.

Save ssh keys to default path without password. After this, copy ssh key to remote server with ssh-copy-id:

And lets recheck, that everything is file

No password should be asked and you simply login to remote.example.com

rsnapshot configuration files
Set up the rsnapshot configuration file.

Default rsnapshot config file:

This files have such params:

Parameters, that will directly passed to rsync command:

specify the remote shell to use increase verbosity archive mode. Cause rsync to backup file owners and permissions acl. This option causes rsync to update the destination extended acl attributes to be the same as the source ones xattrs. This option causes rsync to update the destination extended attributes to be the same as the source ones Execute on remote server rsync wrapper script

Path to public key, that should be used for remote ssh login

Path to directory, where all backup files will be stored

specifies a container directory for the backups, usually referring to the machine (in this case, example.com). This can be changed to any name of your choosing. The final snapshots will be saved under

This directory will be excluded from backup

cron jobs
Preserve of permission requires root on backup server.

If you don't require preserver all permissions and file owners, you can create cron jobs for backup user:

Crontab will run rsnapshot with minimum CPU and I/O priority.

Restoration
To restore the remote.example.com backups specified above, we would use:

where is the mount point of the fresh root filesystem. In the paths above *.0 refers to the latest increment.

Possible improvements

 * Remote mount of /mnt/backup - TO BE DONE
 * Remote crypt of /mnt/backup - TO BE DONE