Online Backup for Linux

This manual decribes how you can write your data onto our online backup server using the OpenSSH Public-/Private key procedure and the program rsync.

How is the backup established?

  • Generate SSH public/private key pair.
  • Copy the public key on the backup server. 
  • Manually check, if the login with SSH key is successful.
  • Manual execution of backup via rysnc-command.
  • Generate the backup scripts.
  • Test the backup scripts.
  • Set up periodic backups.

Start with step 1.

Overview

Step 1

Generate the SSH public/private key pair.

To be able to use a public key with the backup server, you first have to generate a public/private key pair without password.

Please keep in mind that the output below is an example. Details of the output will be different on your system.

user@box ~ $ ssh-keygen -N '' -t ed25519 -f "${HOME}/.ssh/backup_id_ed25519"
Generating public/private ed25519 key pair.
Your identification has been saved in /home/user/.ssh/backup_id_ed25519.
Your public key has been saved in /home/user/.ssh/backup_id_ed25519.pub.
The key fingerprint is: SHA256:ljP1HGjYtQVeORT7V6CK2mBUPf723ntF2XY6om48vAU user@box
The key's randomart image is:
+--[ED25519 256]--+
|         .. oo*o |
|       . oo+ =oo |
|      . ..=.= ..+|
|       . =.+ . o*|
|       o S E.o ++|
|     . = o .+ o o|
|      . .o o.o ..|
|           *. ...|
|         ooo ...+|
+----[SHA256]-----+

The following two data sets were generated:

${HOME}/.ssh/backup_id_ed25519
${HOME}/.ssh/backup_id_ed25519.pub

Overview

Step 2

Copy the public key to the backup server.

The public key will now be copied to the backup server(backup-02.stoney-backup.com) with the following name: "authorized_keys".

Do not forget to replace the number 4000042 with your user name (usually your backup UID).

For the password entry your will use the password you have received from stepping-stone AG.

user@box ~ $ ssh-copy-id -i /home/user/.ssh/backup_id_ed25519.pub 4000042@backup-02.stoney-backup.com
The authenticity of host 'backup-02.stoney-backup.com (31.216.40.233)' can't be established.
RSA key fingerprint is af:79:39:f7:89:c2:88:7a:17:80:73:a6:08:23:a2:2e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'backup-02.stoney-backup.com' (RSA) to the list of known hosts.
Password: ******

Overview

Step 3

Manual test, if the login with the SSH key is working properly.

After you have copied the key to the backup server successfully, you need to verify if you can login to the server via SSH.

This command returns "it works" if the login was successful: (Again, do not forget to replace the number 4200042 with your user name, which is usually your backup UID)

user@box ~ $ ssh -i ${HOME}/.ssh/backup_id_ed25519 4000042@backup-02.stoney-backup.com echo It works
It works

Congratulations, everything works how it is supposed to work!

Overview

Step 4

Generate the backup script.

Save the file OnlineBackup.tgz in your home directory. Use the following commands to unpack the file OnlineBackup.tgz:

user@box ~ $ mkdir -p OnlineBackup
user@box ~ $ tar xzfv online-backup-2.0.11.tar.gz --strip 1 --directory OnlineBackup
online-backup-2.0.11/
online-backup-2.0.11/.gitignore
online-backup-2.0.11/CHANGES
online-backup-2.0.11/Jenkinsfile
online-backup-2.0.11/LICENSE
online-backup-2.0.11/README.md
online-backup-2.0.11/bin/
online-backup-2.0.11/bin/OLBUtils.pm
online-backup-2.0.11/bin/OnlineBackup.pl
online-backup-2.0.11/bin/OnlineRestore.pl
online-backup-2.0.11/bin/OnlineRestore.sh
online-backup-2.0.11/conf/
online-backup-2.0.11/conf/OnlineBackup.conf.default
online-backup-2.0.11/conf/OnlineBackupExcludeFiles.conf.default
online-backup-2.0.11/conf/OnlineBackupIncludeFiles.conf.default
online-backup-2.0.11/doc/
online-backup-2.0.11/doc/OnlineBackup.html
online-backup-2.0.11/doc/OnlineBackup.pod
online-backup-2.0.11/doc/OnlineBackup.txt
online-backup-2.0.11/log/
online-backup-2.0.11/log/.gitignore
online-backup-2.0.11/onlinebackup.spec
online-backup-2.0.11/tmp/
online-backup-2.0.11/tmp/.gitignore

If you install OnlineBackup for the first time on this system, you have to rename the configuration files to their final names: 

cd OnlineBackup/conf
mv OnlineBackup.conf.default OnlineBackup.conf
mv OnlineBackupExcludeFiles.conf.default OnlineBackupExcludeFiles.conf
mv OnlineBackupIncludeFiles.conf.default OnlineBackupIncludeFiles.conf

After you have installed OnlineBackup in a folder, you should configure it.

The configuration includes the following three files: 

  • OnlineBackup.conf
  • OnlineBackupExcludeFiles.conf
  • OnlineBackupIncludeFiles.conf

We will start with customizing the file OnlineBackup.conf. This file is responsible for the correct localization of all path specifications, etc. 

First we need to add our user name and host name:

REMOTEUSER=username # Example: 4000042
REMOTEDIR=hostname # Example: box

If you have followed the installation as described previously, the remaining options should be correct. Otherwise you will have to change the path to the files manually:

INCLUDEFILE=$HOME/OnlineBackup/conf/OnlineBackupIncludeFiles.conf
EXCLUDEFILE=$HOME/OnlineBackup/conf/OnlineBackupExcludeFiles.conf
PERMSCRIPT=/tmp/SetPermissions.sh

Please check the entry for PERMSCRIPT. This is a very important file as it saves all file permissions, so the files can be restored successfully after a loss of data. The entry should point to the /tmp folder, as shown here: PERMSCRIPT=$HOME/OnlineBackup/tmp/.SetPermissions.sh.

user@box ~ $ vi ~/OnlineBackup/conf/OnlineBackup.conf
REMOTEUSER=4000042
PRIVKEYFILE=$HOME/.ssh/backup_id_ed25519
INCLUDEFILE=$HOME/OnlineBackup/conf/OnlineBackupIncludeFiles.conf
EXCLUDEFILE=$HOME/OnlineBackup/conf/OnlineBackupExcludeFiles.conf
PERMSCRIPT=$HOME/OnlineBackup/tmp/SetPermissions.sh
LOGFILE=$HOME/OnlineBackup/log/OnlineBackup.log
REMOTEDIR=box
LOCKFILE=$HOME/OnlineBackup/tmp/OnlineBackup.lock

Please do not edit the second part of the file. It includes server and system specific parts.

Save the OnlineBackup.conf and open the file OnlineBackupIncludeFiles.conf next.

IMPORTANT: The file must reside in a folder where your user has read and write permission!

Add all paths that you would like to include in the backup (In this example, we would like to secure /etc and /home). In the next configuration file you will have the opportunity to exclude certain folders from the backup, even if they are in a path which you define here.

user@box ~ $ vi ${HOME}/OnlineBackup/conf/OnlineBackupIncludeFiles.conf
$HOME/OnlineBackup
/etc/
/home/

Save the file OnlineBackupIncludeFiles.conf and open OnlineBackupExcludeFiles.conf.

Add all paths that should not be added to the backup to this file. If you would like to secure /home but you have a user which you would not like to be included (like 'scponly' in this example), simply add this path to the list.

user@box ~ $ vi ${HOME}/OnlineBackup/conf/OnlineBackupExcludeFiles.conf
/proc/*
/sys/*
/home/scponly/*

Save the file OnlineBackupExcludeFiles.conf. You have now successfully configured all files necessary. 

In the following step, you can test your online backup.

Overview

Step 5

Test the backup script.

If the file is not executable, change its permissions with chmod as follows:

user@box ~ $ chmod 750 ${HOME}/OnlineBackup/bin/OnlineBackup.pl

Warning: Perl should be installed and executable!

The parameters -h or --help of the script output a small usage help.

Start your backup script with the following command:

user@box ~ $ ${HOME}/OnlineBackup/bin/OnlineBackup.pl -c ${HOME}/OnlineBackup/conf/OnlineBackup.conf

or

user@box ~ $ perl ${HOME}/OnlineBackup/bin/OnlineBackup.pl -c ${HOME}/OnlineBackup/conf/OnlineBackup.conf

Depending on how many folders you have added to your backup, this step can take a while as the first synchronisation copies and saves all data.

Once this process has finished, you can execute the same command again. Now, as well as in future times, the script only transfers the files which have changed.

The following step describes how to set up periodic backups.

Overview

Step 6

Set up periodic backups

This example is for Gentoo Linux with dcron - other configurations may differ from this example!

First you have to make sure that you have installed and configured cron for the user. If not, add the user to the group cron. (You have to be registered as root)

To set up a daily backup, create the file crons.cron as follows: 

user@box ~ $ vi crons.cron
#Mins Hours Days Months Day of the week
#This entry will execute the backup daily at 17:00 h.
00 17 * * * ${HOME}/OnlineBackup/bin/OnlineBackup.pl -c ${HOME}/OnlineBackup/conf/OnlineBackup.conf

Save the file crons.cron and add the job to cron:

user@box ~ $ crontab crons.cron

To be sure that the job is executed, please control the log-file. (Please test this after the set execution time, otherwise you will not find anything).

For dcron you can perform this functions as follows:

user@box ~ $ tail -f /var/log/cron.log
16-Jun-06 12:19 USER user pid 12451 cmd
/home/user/OnlineBackup/bin/OnlineBackup.pl -c /home/user/OnlineBackup/conf/OnlineBackup.conf

If the entry OnlineBackup.pl appeared in the log, the job is executed successfully. Congratulations you have now an automatic daily backup which saves your important data.

 

This example is for CentOS Linux with systemd - other configurations may differ from this example!

To set up a daily backup, create the files onlinebackup.service and onlinebackup.timer as follows:

user@box ~ $ vi /etc/systemd/system/onlinebackup.service
[Unit]
Description=Run the Online Backup utility

[Service]
Type=oneshot
ExecStart=/home/user/OnlineBackup/bin/OnlineBackup.pl -c /home/user/OnlineBackup/conf/OnlineBackup.conf

user@box ~ $ vi /etc/systemd/system/onlinebackup.timer
[Unit]
Description=Run onlinebackup daily

[Timer]
#This entry will execute the backup daily at 17:00 h.
OnCalendar=*-*-* 17:00:00
[Install]
WantedBy=timers.target

Enable and start the timer now:

systemctl daemon-reload

systemctl enable onlinebackup.timer
systemctl start onlinebackup.timer

systemctl list-timers onlinebackup.timer

NEXT                        LEFT     LAST
Sat 2018-06-02 17:00:00 CET 12h left Fri 2018-06-01 17:00:00 CET
PASSED  UNIT               ACTIVATES
11h ago onlinebackup.timer onlinebackup.service

1 timers listed.

To monitor this daily backup, please follow step 8.

Overview

Step 7

Monitor daily backup

To activate the monitoring of a daily backup, you have to edit the configuration file. Set the values for SCHEDULEDHOUR and SCHEDULEDMINUTE in accordance with the settings you have entered in the cronjob (Please use the 24h format):

user@box ~ $ vi ${HOME}/OnlineBackup/conf/OnlineBackup.conf
SCHEDULEDHOUR=17
SCHEDULEDMINUTE=00

This settings will be used by the backup server to know, when your daily backup is scheduled.

To activated the monitoring, please send an email to support(at)stepping-stone.ch including your user name.

Overview