Incremental backups with duplicity, plus Nagios·monitoring


2017-09-20

Sommaire

On Your system administrator machine
On servers to be backed up
Nagios monitoring

The idea is to setup daily encrypted incremental backups.

This scheme involves 3 machines: the main server to be backed up (www.test.com), the backup server (backup.test.com) and a nagios server (nagios.test.com) for monitoring the backups. There can be as many servers and folders to be backed of as needed of course.

All the following was done on Linux Ubuntu machines. There’s not much details, use at your own risk.

December 2018 update

I have dropped this solution in favor of rdiff-backup because of the insane amount of cache data duplicity is using.

On Your system administrator machine

  1. Prepare the GPG key to be used (adapt as needed)

    $ gpg --gen-key
$ gpg --export D68E26B0 > sysadmin.public.gpg.asc

  2. Keep the private key safe, you’ll need it to restore backups.

On servers to be backed up

  1. Install/Upgrade duplicity

    $ sudo add-apt-repository ppa:duplicity-team/ppa
$ sudo apt-get update
$ apt-get install duplicity

  2. Copy the public gpg key, import it as root, and trust it (ultimate):

    # gpg --import sysadmin.public.gpg.asc
# gpg --edit-key D68E26B0
gpg> trust

  3. Test backup

    # LANG=en_US.UTF-8 duplicity --encrypt-key D68E26B0 /etc sftp://user@backup.test.com/duplicity/www.test.com/etc
# LANG=en_US.UTF-8 duplicity collection-status sftp://user@backup.test.com/duplicity/test/etc

  4. Setup backup cron

    @daily LANG=en_US duplicity --encrypt-key D68E26B0 /etc sftp://user@backup.test.com/duplicity/www.test.com/etc

Nagios monitoring

The idea is to setup a probe using the duplicity’s collection-status command to test the backup freshness.

  1. Create a SSH key for nagios user (ssh-keygen). Since nagios user has no shell associated it must be created for another user and then copied to nagios’ home .ssh/ The .ssh/known_hosts file must also be setup to contain the backup machine key certificate.

  2. Setup Nagios on

    nagios.test.com

    to monitor your main server using the simple script below. This implies you are doing a daily backup, adapt as needed.

    • /usr/local/nagios/libexec/check_duplicity_backup

      #!/bin/bash                                                                                                                                                                      
#Verifying if the backup plan is working or not                                                                                                                                  
export LANG=en_US
BACKUP_BASE_DIR=sftp://user@backup.test.com/duplicity/
Host=$1
Folder=$2
TMP=$(mktemp)

duplicity collection-status $BACKUP_BASE_DIR$Host/$Folder > $TMP 2> /dev/null
exitcode=$?

TODAY=$(LANG=en_US date +"%a %b %d")
YESTERDAY=$(LANG=en_US date +"%a %b %d" -d yesterday)
Latest=$(egrep "^Chain end time:" $TMP)

rm -f $TMP
if [[ $1 == "" ]]; then echo "Critical - Configuration Broken"; exit 2; fi
if [[ $exitcode != 0 ]]; then echo "Critical - Check command failed"; exit 2; fi
if [[ $Latest == "" ]]; then echo "Critical - No backup found at $BACKUP_BASE_DIR$Host/$Folder"; exit 2; fi
if [[ $Latest == *$TODAY* ]]
then
    echo "OK - $Latest" 
    exit 0
elif [[ $Latest == *$YESTERDAY* ]]
then
    echo "Warning - $Latest" 
    exit 1
else
    echo "Critical - $Latest" 
    exit 2
fi

    • commands.cfg

      define command{
        command_name    check_duplicity_backup
        command_line    $USER1$/check_duplicity_backup $ARG1$ $ARG2$ 
        }

    • www.test.com.cfg

      define service{
        use                             generic-service         ; Name of service template to use
        host_name                       www.test.com
        service_description             Backup /etc/
        check_command                   check_duplicity_backup!www.test.com!etc
        first_notification_delay 0
        }
ghostghostghostghostghostghostghostghostghostghost
Précédent   Suivant
 Sommaire