Configuring 3rd party remote backups
Table of Contents
Sonassi offer a cost-effective remote backup service which should be utilised to ensure fast backup and restoration. However, in addition to this, it is wise to maintain your own backups of your server (you are ultimately responsible for your data).
The instructions below detail the steps required to configure a bandwidth efficient, lightweight, backup cloning and retention process; to supplement our own remote backup facility.
Installation steps
On your acc server
First switch user to root
su root
Install sudo
apt-get install -y --force-yes sudo
Then create a user for the backup process (remote-backup
) and grant it sudo
permissions to execute a helper script, restricting the public key authorisation to a single command (for security).
useradd -u 999 -N -m -s /bin/bash remote-backup
echo "remote-backup ALL = (ALL) NOPASSWD: /home/remote-backup/server.sh" >> /etc/sudoers
mkdir -p /home/remote-backup/.ssh
chmod -R 700 /home/remote-backup
Then create the authorized_keys
file to execute the scripts, in /home/remote-backup/.ssh/authorized_keys
and correct the file permissions for the SSH directory,
chmod 700 /home/remote-backup/.ssh
chmod 644 /home/remote-backup/.ssh/authorized_keys
chown -R remote-backup:root /home/remote-backup
Replace the public key as necessary, with your destination server's root
user public key
command="sudo /home/remote-backup/server.sh \"$SSH_ORIGINAL_COMMAND\"",no-pty,no-agent-forwarding,no-port-forwarding ssh-rsa MFswDQYJKoZIhvcNAQEBBQADSgAwRwJAWk/MyEUsht2sZMI7kjqwtZ36SNSFv3MWjLYPIwC4dBEWZ59y49hfyc3gQEHxzqurEb+3AgAaUlEltMsYxaaZ/wIDAQAB root@example.com
Then create /home/remote-backup/server.sh
,
Download and make the file executable by using,
cd /home/remote-backup
wget --no-check-certificate -O server.sh https://raw.githubusercontent.com/sonassi/magestack-scripts/master/cli/remote-backup/server.sh
chmod +x server.sh
On your destination server
Create another script (the actual backup script), which is what handles the backups and rotation, in /root/client.sh
Download and make the file executable by using,
cd /root
wget --no-check-certificate -O client.sh https://raw.githubusercontent.com/sonassi/magestack-scripts/master/cli/remote-backup/client.sh
chmod +x client.sh
The default backup directory is /microcloud/backups_ro
, if you wish to use another destination directory, you should symlink this location to it.
Eg. Symlinking /microcloud/backups_ro
to /mnt/backups
mkdir /microcloud
ln -s /mnt/backups /microcloud/backups_ro
An OpenVPN bundle is required for this server, so that the server can initiate a VPN tunnel to SSH in to the acc
server. Install OpenVPN on the target server and ensure the connection works.
Then add a cron job to run the backup script twice daily (9am/9pm) and log the output to a file.
0 9,21 * * * /root/client.sh >> /var/log/remote-backup.log
Finally logrotate should be configured to ensure the log file doesn't get too large, create /etc/logrotate.d/remote-backup
Download the file by using,
cd /etc/logrotate.d
wget --no-check-certificate -O remote-backup https://raw.githubusercontent.com/sonassi/magestack-scripts/master/cli/remote-backup/remote-backup.conf
Once everything is in place, first attempt a manual run in a screen,
# screen
# /root/client.sh
Normal progress looks like this,
[2015-01-12T19:31:59]: Running backup on acc.magestack.com
[2015-01-12T19:32:00]: Starting backup for acc.magestack.com
[2015-01-12T19:32:01]: Synchronsing and deleting domain backups locally before remote sync
[2015-01-12T19:32:01]: Removing old logs_ro backups
[2015-01-12T19:32:01]: Removing old mysql backups
[2015-01-12T19:32:01]: Removing old domains backups
[2015-01-12T19:32:01]: Running incremental remote backup (logs_ro)
[2015-01-12T19:32:01]: Running incremental remote backup (config)
[2015-01-12T19:32:02]: Running incremental remote backup (mysql)
...
If you see errors, ensure all steps above have been followed, or alternatively, contact our support for further assistance in deployment.