Configuring 3rd party remote backups

Sonassi offer a cost-effective remote backup service which should be utilised to ensure fast backup and restoration. However, in addition to this, it is wise to maintain your own backups of your server (you are ultimately responsible for your data).

The instructions below detail the steps required to configure a bandwidth efficient, lightweight, backup cloning and retention process; to supplement our own remote backup facility.

Installation steps

On your acc server

First switch user to root

su root

Install sudo

apt-get install -y --force-yes sudo

Then create a user for the backup process (remote-backup) and grant it sudo permissions to execute a helper script, restricting the public key authorisation to a single command (for security).

useradd -u 999 -N -m -s /bin/bash remote-backup
echo "remote-backup ALL = (ALL) NOPASSWD: /home/remote-backup/" >> /etc/sudoers
mkdir -p /home/remote-backup/.ssh
chmod -R 700 /home/remote-backup

Then create the authorized_keys file to execute the scripts, in /home/remote-backup/.ssh/authorized_keys and correct the file permissions for the SSH directory,

chmod 700 /home/remote-backup/.ssh
chmod 644 /home/remote-backup/.ssh/authorized_keys
chown -R remote-backup:root /home/remote-backup

Replace the public key as necessary, with your destination server's root user public key

command="sudo /home/remote-backup/ \"$SSH_ORIGINAL_COMMAND\"",no-pty,no-agent-forwarding,no-port-forwarding ssh-rsa MFswDQYJKoZIhvcNAQEBBQADSgAwRwJAWk/MyEUsht2sZMI7kjqwtZ36SNSFv3MWjLYPIwC4dBEWZ59y49hfyc3gQEHxzqurEb+3AgAaUlEltMsYxaaZ/wIDAQAB

Then create /home/remote-backup/,

Download and make the file executable by using,

cd /home/remote-backup
wget --no-check-certificate -O
chmod +x

On your destination server

Create another script (the actual backup script), which is what handles the backups and rotation, in /root/

Download and make the file executable by using,

cd /root
wget --no-check-certificate -O
chmod +x

The default backup directory is /microcloud/backups_ro, if you wish to use another destination directory, you should symlink this location to it.

Eg. Symlinking /microcloud/backups_ro to /mnt/backups

mkdir /microcloud
ln -s /mnt/backups /microcloud/backups_ro

An OpenVPN bundle is required for this server, so that the server can initiate a VPN tunnel to SSH in to the acc server. Install OpenVPN on the target server and ensure the connection works.

Then add a cron job to run the backup script twice daily (9am/9pm) and log the output to a file.

0 9,21 * * * /root/ >> /var/log/remote-backup.log

Finally logrotate should be configured to ensure the log file doesn't get too large, create /etc/logrotate.d/remote-backup

Download the file by using,

cd /etc/logrotate.d
wget --no-check-certificate -O remote-backup

Once everything is in place, first attempt a manual run in a screen,

# screen
# /root/

Normal progress looks like this,

[2015-01-12T19:31:59]: Running backup on
[2015-01-12T19:32:00]: Starting backup for
[2015-01-12T19:32:01]: Synchronsing and deleting domain backups locally before remote sync
[2015-01-12T19:32:01]: Removing old logs_ro backups
[2015-01-12T19:32:01]: Removing old mysql backups
[2015-01-12T19:32:01]: Removing old domains backups
[2015-01-12T19:32:01]: Running incremental remote backup (logs_ro)
[2015-01-12T19:32:01]: Running incremental remote backup (config)
[2015-01-12T19:32:02]: Running incremental remote backup (mysql)

If you see errors, ensure all steps above have been followed, or alternatively, contact our support for further assistance in deployment.