Off-site Backup with Backupninja
Goal: Setup a remote machine that will be used for incremental backup of critical parts of the LURK servers.
Contents
Requirements
This document assumes you already have:
- A configure Linux/BSD machine to work as off-site backup
- A
lurkuser created on the off-site backup that will be used specifically by the backup scripts - Debian based servers (not sure Backupninja will run otherwise without some slight modifications)
- All the machines (servers and the backup machine) on a working Tinc VPN
- Enough space on the off-site backup machine :)
On the Off-site machine
- As
lurkcreate directories for each server
mkdir /data/lurk/douglas /data/lurk/agnesbaxter
On each server
Installation
Clone Backupninja from https://0xacab.org/riseuplabs/backupninja
cd /usr/src/ && git clone https://0xacab.org/riseuplabs/backupninja cd /usr/src/backupninja
./autogen.sh ./configure make make install
note that by running the above all configurations will be in /usr/local/etc/
Configuration
/etc/backupninja.conf
Some changes:
reportemail = some@where.nice when = everyday at 05:55
MySQL local backups
- As
rootrun the command:
ninjahelper
- create a new backup action
- mysql database backup
- path:
/var/backups/mysql # adjust if this location does not have much free space
- all the databases to backup.
- select the debian maintenance user for access
- compress the sql output file
- select the action and test/run/review the config
- leave ninjahelper
PostgreSQL local backups
- As
rootrun the command:
ninjahelper
- create a new backup action
- postgresql database backup
- path:
/var/backups/postgres # adjust if this location does not have much free space
- backup the whole cluster
- compress the backups
- custom
- select the action and test/run/review the config
- leave ninjahelper
Borg Backup
This is the action that will not only allow you to select which part of your local filesystem to remotely send and rotate to the off-site backup machine, but it will also make sure the local backups above are sent as well!
- make sure you have
borgbackupinstalled:
apt install borgbackup
- As
rootrun:
ninjahelper
- create a new backup action, choose borg
- choose file to include & exclude, add paths, wildcard accepted
- configure backup destination:
- dest_directory
/data/lurk/name-of-server-to-backup - dest_host
10.0.1.2Adjust to the Tinc IP of the off-site backup machine. - dest_user
lurk - dest_type
remote
- dest_directory
- set up ssh keys and test remote connection
- enable encryption, choose a nice long passphrase
- enable pruning, keep
120D(you can adjust if you will run out of space! Keep in mind this is incremental though, so don't panic) - select the action and test/run/review the config
- check that everything is showing up nicely on the backup server in the destination directory!
Fine tuning
Edit/Change the local filesystem path to include/exclude
By default Babckupninja will backup some folder and exclude some others. This can be changed during the initial configuration of the borg action but can also be done later.
- As root, edit
/etc/backup.d/90.borg - Make changes in the section
# files to include in the backup - Optional: run
ninjahelper, select the90.borgaction andrunit to make sure it's being sent to the off-site machine. If you're sure of your changes, you can also wait the next backup to happen to see if it worked.
