(This post is mostly as a reminder to myself on how I’ve set up my backup system. It should probably go on a wiki instead so I can keep it up to date.) After the recent OpenSSL debacle in Debian and Ubuntu, I found that all my backups were encrypted with something amounting to a well-known secret key. Ouch. I was not entirely happy with how my old backup system worked either (it was based on boxbackup). In particular, the on-disk format was opaque, the tools needed to access it were not particularly user-friendly and I had to run Yet Another CA for managing the keys for it.
After looking around a little, I settled on rdup which is a tool very much written in the unix tradition of “do one thing and do it well”. As it reads on the home page:
The only backup program that doesn't make backups!
(which is almost true).
It keeps a list of information about which files have been backed up locally on the machine to be backed up, including some meta-information such as file size and permissions, so it can take a new backup if any of those changes. For more details, read the web page and the source.
rdup is more of a framework for making your own backup system than a complete system in its own right, so this post is really about how I have customised it.
First, I want my backups to be encrypted, and rdup supports
encryption (both GPG and mcrypt). I’m lazy, so I settled on what
rdup-simple gives me, which is mcrypt. Key generation is easy
enough: head -c 56 /dev/random > /root/backup-$(hostname).crypt.key
and then a chmod 600 to avoid it being world-readable.
In /root/.ssh/config, I put
Host backup-$hostname
Hostname $backupserver.err.no
User backup-$hostname
IdentityFile /root/.ssh/id_rsa_rdup
ProxyCommand pv -L 40k -q | nc %h %p
so as to make it fairly easy to move stuff around and to make it pick
up the right identity. The last bit is a trick to rate limit it so it
doesn’t saturate my DSL. pv has a wonderful -R switch which lets
me change the arguments to an already-running pv, if I want to do
that. ssh-keygen -t rsa -f /root/.ssh/id_rsa_rdup to generate an
ssh key. It got put into
/home/backup-$hostname/.ssh/authorized_keys on the backup server, so
the line reads like:
command="/usr/local/bin/rdup-ssh-wrapper",no-pty,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-rsa AAAAB3N
The /usr/local/bin/rdup-ssh-wrapper is a small perl wrapper which
only allows the rdup commands and sanitises the command line
somewhat. Since I don’t want to make a backup of all bits on my
machines, I have an exclude file, which lives in
/root/rdup-exclude. It is just a list of regexes of files to
ignore.
To actually make a backup, I run something like for p in /etc /home /var; do rdup-simple -v -a -z -E /root/rdup-exclude -k /root/backup-$(hostname).crypt.key $p ssh://backup-$(hostname)/srv/backup/$(hostname)/$p ; done which then
goes on for a while. It gives me nice structures with hard-linked
files to avoid using more disk space than needed. I can then just
have a small find(1) script prunes old backups as I don’t need them.