Borg Backup


Backups are done using Borg and http://rsync.net as a storage service. Backups should be nightly, encrypted, incremental, compressed, and deduped.

Install


On Amazon Linux, you need to make sure python3 and some dependencies are installed. Borg is not in a yum repository, so that needs to be installed separately.

yum groupinstall "Development Tools"
yum install python34 openssl-devel lz4-devel python34-devel  libacl-devel
pip install borgbackup


On CentOS and RHEL this can usually be accomplished with a simple yum install

yum install borgbackup


Configuration


rsync.net is our backend using SSH. Example SSH config:

Host rsync
		Hostname usw-s009.rsync.net
		IdentityFile /root/.ssh/id_rsa.rsync.net
		User 9774


Generate an SSH key specifically for that machine and send it up. We should keep these keys unique to a machine so we can revoke access to specific machines when necessary.

ssh-keygen -t rsa -f ~/.ssh/id_rsa.rsync.net
cat ~/.ssh/id_rsa.rsync.net.pub | ssh 9774@usw-s009.rsync.net 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'


Test it: ssh rsync -- ls -lah


Create an Repository


borg init --encryption=keyfile ssh://rsync/data1/home/9774/[machine_name]


Create an Archive


NOTE: Much of this functionality is now handled by undine.

An archive is an individual backup in the repository. Normally a new archive would be created every day for every significant part of the system.

Format:

borg create -sp -C lz4 [repo]::[archive]-{now:%Y-%m-%d} [/path/to/files]


Example:

borg create -sp -C lz4 ssh://rsync//data1/home/9774/file0.ia.votesmart.org::hr-{now:%Y-%m-%d} /export/hr


Restore


Known Files


This is how you would restore a specific file.

borg extract [repo]::[archive] "path/to/file"


Example:

borg extract ssh://rsync//data1/home/9774/file0.ia.votesmart.org::hr-2017-04-27 "export/hr/1-OFFICE MGMT AND ADMINISTRATION/Executive Assistance/Project Management Tools.xls"


Using Mounted FS


For more complex restores, or restores that need to be scripted, it might be better to actually mount the archive as a filesystem.

borg mount [repo]::[archive] [/path/to/mount/point]


Bare System Restore


Sometimes, hopefully rarely, you need to restore to a bare system because the other one failed or otherwise is now gone. You should first setup borg like any other system, but do NOT create a new repository and do not generate any new borg encryption keys. You need to get the key you have backed up elsewhere(you have backups of the client keys, right?). This is best done through borg key export ....

So, assuming you have borg configured, with the SSH entry and everything, import the key for the old system's repository: 

borg key import [repository] /path/to/key.file


From here on out, you should be able to perform all the same borg operations as you could before.

Helpful Commands


Check Usage and Quota


ssh rsync.net quota


Verify Archive


borg check [repo]::[archive]


Pruning


This command prunes all backups except the ones made during the last 7 days that have had an archive created.

borg prune -d7


Lock Management


Sometimes a borg process may end unexpectedly, for whatever reason. Unexpected reboot, or you had to terminate it for resource usage, whatever. This will leave a lock in place that will prevent borg from continuing on the next round of backups. You can use this command to clean up any leftover locks: 

borg break-lock [repo]


CategoryITDoc
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki