Wiki source for Borg
======Borg Backup======
Backups are done using [[https://borgbackup.readthedocs.io/en/stable/ Borg]] and [[http://rsync.net]] as a storage service. Backups should be nightly, encrypted, incremental, compressed, and deduped.
=====Install=====
On Amazon Linux, you need to make sure python3 and some dependencies are installed. Borg is not in a yum repository, so that needs to be installed separately.
%%
yum groupinstall "Development Tools"
yum install python34 openssl-devel lz4-devel python34-devel libacl-devel
pip install borgbackup
%%
On CentOS and RHEL this can usually be accomplished with a simple ##yum install##
%%
yum install borgbackup
%%
=====Configuration=====
rsync.net is our backend using SSH. Example SSH config:
%%
Host rsync
Hostname usw-s009.rsync.net
IdentityFile /root/.ssh/id_rsa.rsync.net
User 9774
%%
Generate an SSH key specifically for that machine and send it up. We should keep these keys unique to a machine so we can revoke access to specific machines when necessary.
%%
ssh-keygen -t rsa -f ~/.ssh/id_rsa.rsync.net
cat ~/.ssh/id_rsa.rsync.net.pub | ssh 9774@usw-s009.rsync.net 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
%%
Test it: ##ssh rsync -- ls -lah##
=====Create an Repository=====
%%
borg init --encryption=keyfile ssh://rsync/data1/home/9774/[machine_name]
%%
=====Create an Archive=====
**NOTE**: Much of this functionality is now handled by [[https://github.com/votesmart/undine undine]].
An archive is an individual backup in the repository. Normally a new archive would be created every day for every significant part of the system.
Format:
%%
borg create -sp -C lz4 [repo]::[archive]-{now:%Y-%m-%d} [/path/to/files]
%%
Example:
%%
borg create -sp -C lz4 ssh://rsync//data1/home/9774/file0.ia.votesmart.org::hr-{now:%Y-%m-%d} /export/hr
%%
=====Restore=====
====Known Files====
This is how you would restore a specific file.
%%
borg extract [repo]::[archive] "path/to/file"
%%
Example:
%%
borg extract ssh://rsync//data1/home/9774/file0.ia.votesmart.org::hr-2017-04-27 "export/hr/1-OFFICE MGMT AND ADMINISTRATION/Executive Assistance/Project Management Tools.xls"
%%
====Using Mounted FS====
For more complex restores, or restores that need to be scripted, it might be better to actually mount the archive as a filesystem.
%%
borg mount [repo]::[archive] [/path/to/mount/point]
%%
====Bare System Restore====
Sometimes, hopefully rarely, you need to restore to a bare system because the other one failed or otherwise is now gone. You should first setup borg like any other system, but do NOT create a new repository and do not generate any new borg encryption keys. You need to get the key you have backed up elsewhere(you have backups of the client keys, right?). This is best done through ##borg key export ...##.
So, assuming you have borg configured, with the SSH entry and everything, import the key for the old system's repository:
%%
borg key import [repository] /path/to/key.file
%%
From here on out, you should be able to perform all the same borg operations as you could before.
=====Helpful Commands=====
====Check Usage and Quota====
%%
ssh rsync.net quota
%%
====Verify Archive====
%%
borg check [repo]::[archive]
%%
====Pruning====
This command prunes all backups except the ones made during the last 7 days that have had an archive created.
%%
borg prune -d7
%%
====Lock Management====
Sometimes a borg process may end unexpectedly, for whatever reason. Unexpected reboot, or you had to terminate it for resource usage, whatever. This will leave a lock in place that will prevent borg from continuing on the next round of backups. You can use this command to clean up any leftover locks:
%%
borg break-lock [repo]
%%
----
CategoryITDoc
Backups are done using [[https://borgbackup.readthedocs.io/en/stable/ Borg]] and [[http://rsync.net]] as a storage service. Backups should be nightly, encrypted, incremental, compressed, and deduped.
=====Install=====
On Amazon Linux, you need to make sure python3 and some dependencies are installed. Borg is not in a yum repository, so that needs to be installed separately.
%%
yum groupinstall "Development Tools"
yum install python34 openssl-devel lz4-devel python34-devel libacl-devel
pip install borgbackup
%%
On CentOS and RHEL this can usually be accomplished with a simple ##yum install##
%%
yum install borgbackup
%%
=====Configuration=====
rsync.net is our backend using SSH. Example SSH config:
%%
Host rsync
Hostname usw-s009.rsync.net
IdentityFile /root/.ssh/id_rsa.rsync.net
User 9774
%%
Generate an SSH key specifically for that machine and send it up. We should keep these keys unique to a machine so we can revoke access to specific machines when necessary.
%%
ssh-keygen -t rsa -f ~/.ssh/id_rsa.rsync.net
cat ~/.ssh/id_rsa.rsync.net.pub | ssh 9774@usw-s009.rsync.net 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
%%
Test it: ##ssh rsync -- ls -lah##
=====Create an Repository=====
%%
borg init --encryption=keyfile ssh://rsync/data1/home/9774/[machine_name]
%%
=====Create an Archive=====
**NOTE**: Much of this functionality is now handled by [[https://github.com/votesmart/undine undine]].
An archive is an individual backup in the repository. Normally a new archive would be created every day for every significant part of the system.
Format:
%%
borg create -sp -C lz4 [repo]::[archive]-{now:%Y-%m-%d} [/path/to/files]
%%
Example:
%%
borg create -sp -C lz4 ssh://rsync//data1/home/9774/file0.ia.votesmart.org::hr-{now:%Y-%m-%d} /export/hr
%%
=====Restore=====
====Known Files====
This is how you would restore a specific file.
%%
borg extract [repo]::[archive] "path/to/file"
%%
Example:
%%
borg extract ssh://rsync//data1/home/9774/file0.ia.votesmart.org::hr-2017-04-27 "export/hr/1-OFFICE MGMT AND ADMINISTRATION/Executive Assistance/Project Management Tools.xls"
%%
====Using Mounted FS====
For more complex restores, or restores that need to be scripted, it might be better to actually mount the archive as a filesystem.
%%
borg mount [repo]::[archive] [/path/to/mount/point]
%%
====Bare System Restore====
Sometimes, hopefully rarely, you need to restore to a bare system because the other one failed or otherwise is now gone. You should first setup borg like any other system, but do NOT create a new repository and do not generate any new borg encryption keys. You need to get the key you have backed up elsewhere(you have backups of the client keys, right?). This is best done through ##borg key export ...##.
So, assuming you have borg configured, with the SSH entry and everything, import the key for the old system's repository:
%%
borg key import [repository] /path/to/key.file
%%
From here on out, you should be able to perform all the same borg operations as you could before.
=====Helpful Commands=====
====Check Usage and Quota====
%%
ssh rsync.net quota
%%
====Verify Archive====
%%
borg check [repo]::[archive]
%%
====Pruning====
This command prunes all backups except the ones made during the last 7 days that have had an archive created.
%%
borg prune -d7
%%
====Lock Management====
Sometimes a borg process may end unexpectedly, for whatever reason. Unexpected reboot, or you had to terminate it for resource usage, whatever. This will leave a lock in place that will prevent borg from continuing on the next round of backups. You can use this command to clean up any leftover locks:
%%
borg break-lock [repo]
%%
----
CategoryITDoc
