Verschlüsselte FTP Backups mit duplicity und duply erstellen (Debian Squeeze)
Sie können nun drei weitere Dateien erstellen; dies ist aber optional:
- /root/.duply/exampleuser/exclude: enthält eine Liste von Verzeichnissen, die vom Backup ausgeschlossen werden sollen (ein Verzeichnis pro Zeile);
- /root/.duply/exampleuser/pre: enthälts Befehle, die vor dem Backup ausgeführt werden sollen (z.B. die Erstellung einer MySQL Datenbank Dump);
- /root/.duply/exampleuser/post: enthält Befehle, die nach dem Backup ausgeführt werden sollen.
Hier sind Beispiele für die /root/.duply/exampleuser/exclude und /root/.duply/exampleuser/pre Datei (die Syntax von /root/.duply/exampleuser/post ist die selbe wie die von /root/.duply/exampleuser/pre):
vi /root/.duply/exampleuser/exclude
/home/exampleuser/news /home/exampleuser/messages /home/exampleuser/tmp |
chmod 600 /root/.duply/exampleuser/exclude
vi /root/.duply/exampleuser/pre
/usr/bin/mysqldump --all-databases -u root -pyourrootsqlpassword > /home/exampleuser/db.sql |
(Beachten Sie bitte, dass die Datenbank während der Erstellung einer SQL Dump gesperrt wird; dies wird für kleinere Webseiten vielleicht kein Problem sein, wohl aber für jene mit hohem Traffic – Ihre Besucher können in dieser Zeit nicht auf datenbankbasierte Seiten zugreifen. Hier ein Link zu einer unterbrechungsfreien MySQL Backupmethode: How To Back Up MySQL Databases Without Interrupting MySQL)
/root/.duply/exampleuser/pre muss ausführbar sein (genauso wie /root/.duply/exampleuser/post, falls Sie diese erstellt haben):
chmod 700 /root/.duply/exampleuser/pre
Wie zuvor erwähnt brauchen Sie nur /root/.duply/exampleuser/conf; die anderen Dateien sind optional.
duply kann nun benutzt werden; um ein Backup zu erstellen, führen Sie einfach folgendes aus:
duply exampleuser backup
Verläuft alles glatt werden Sie nicht nach einem Passwort gefragt:
root@server1:~# duply exampleuser backup
Start duply v1.5.7, time is 2012-07-03 21:02:33.
Using profile ‚/root/.duply/exampleuser‘.
Using installed duplicity version 0.6.08b, python 2.6.6, gpg 1.4.10
(Home: ~/.gnupg), awk ‚mawk 1.3.3 Nov 1996, Copyright (C) Michael D.
Brennan‘, bash ‚4.1.5(1)-release (x86_64-pc-linux-gnu)‘.
Autoset found secret key of first GPG_KEY entry ‚7C6E958B‘ for signing.
Test – Encrypt to 7C6E958B & Sign with 7C6E958B (OK)
Test – Decrypt (OK)
Test – Compare (OK)
Cleanup – Delete ‚/tmp/duply.4161.1341342154_*'(OK)
— Start running command PRE at 21:02:34.459 —
Running ‚/root/.duply/exampleuser/pre‘ – OK
— Finished state OK at 21:02:34.535 – Runtime 00:00:00.075 —
— Start running command BKP at 21:02:34.599 —
NcFTP version is 3.2.4
Reading globbing filelist /root/.duply/exampleuser/exclude
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Tue Jul 3 20:47:50 2012
————–[ Backup Statistics ]————–
StartTime 1341342156.07 (Tue Jul 3 21:02:36 2012)
EndTime 1341342156.13 (Tue Jul 3 21:02:36 2012)
ElapsedTime 0.06 (0.06 seconds)
SourceFiles 50
SourceFileSize 13490043 (12.9 MB)
NewFiles 0
NewFileSize 0 (0 bytes)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 0
RawDeltaSize 0 (0 bytes)
TotalDestinationSizeChange 716 (716 bytes)
Errors 0
————————————————-
— Finished state OK at 21:02:37.483 – Runtime
00:00:02.884 —
— Start running command POST at 21:02:37.556 —
Skipping n/a script ‚/root/.duply/exampleuser/post‘.
— Finished state OK at 21:02:37.636 – Runtime 00:00:00.080 —
root@server1:~#
Um die Backups zu automatisieren können Sie einen Cron Job erstellen (Ich erstelle zwei Cron Jobs; einen der täglich ausgeführt wird und inkrementelle Backups anlegt und einen der monatlich ausgeführt wird und komplette Backups anlegt sowie alte Dateien löscht):
crontab -e
# run the (incremental) backup each night at 03:23h 23 3 * * * /usr/local/bin/duply exampleuser backup # do a full backup once per month & delete old backups 47 4 1 * * /usr/local/bin/duply exampleuser full && /usr/local/bin/duply exampleuser purge --force |
6 Backups mit duply wiederherstellen
Natürlich können Sie duply auch dazu benutzen um Backups wiederherzustellen (auch hier werden Sie nicht nach einem Passwort gefragt). Die Syntax ist sehr einfach:
duply exampleuser restore /home/exampleuser
Sie können einen Blick auf die duply Hilfsseite werfen um mehr über die anderen Optionen zu erfahren:
duply -h
root@server1:~# duply -h
VERSION:
duply version 1.5.7
(http://duply.net)
DESCRIPTION:
Duply deals as a wrapper for the mighty duplicity magic.
It simplifies running duplicity with cron or on command line by:
– keeping recurring settings in profiles per backup job
– enabling batch operations eg. backup_verify_purge
– executing pre/post scripts for every command
– precondition checking for flawless duplicity operation
For each backup job one configuration profile must be created.
The profile folder will be stored under ‚~/.duply/<profile>‘
(where ~ is the current users home directory).
Hint:
If the folder ‚/etc/duply‘ exists, the profiles for the super
user root will be searched & created there.
USAGE:
first time usage (profile creation):
duply <profile> create
general usage in single or batch mode (see EXAMPLES):
duply <profile> <command>[_<command>_…] [<options> …]
Non duply options are passed on to duplicity (see OPTIONS).
All conf parameters can also be defined in the environment instead.
PROFILE:
Indicated by a path or a profile name (<profile>), which is resolved
to ‚~/.duply/<profile>‘ (~ expands to environment variable $HOME).
Superuser root can place profiles under ‚/etc/duply‘. Simply create
the folder manually before running duply as superuser.
Note:
Already existing profiles in root’s profile folder will cease to work
unless there are moved to the new location manually.
example 1: duply humbug backup
Alternatively a _path_ might be used e.g. useful for quick testing,
restoring or exotic locations. Shell expansion should work as usual.
Hint:
The path must contain at least one path separator ‚/‘,
e.g. ‚./test‘ instead of only ‚test‘.
example 2: duply ~/.duply/humbug backup
COMMANDS:
usage get usage help text
create creates a configuration profile
backup backup with pre/post script execution (batch: pre_bkp_post),
full (if full_if_older matches or no earlier backup is found)
incremental (in all other cases)
pre/post execute ‚<profile>/pre‘, ‚<profile>/post‘ scripts
bkp as above but without executing pre/post scripts
full force full backup
incr force incremental backup
list [<age>]
list all files in backup (as it was at <age>, default: now)
status prints backup sets and chains currently in repository
verify list files changed since latest backup
restore <target_path> [<age>]
restore the complete backup to <target_path> [as it was at <age>]
fetch <src_path> <target_path> [<age>]
fetch single file/folder from backup [as it was at <age>]
purge [<max_age>] [–force]
list outdated backup files (older than $MAX_AGE)
[use –force to actually delete these files]
purge-full [<max_full_backups>] [–force]
list outdated backup files ($MAX_FULL_BACKUPS being the number of
full backups and associated incrementals to keep, counting in
reverse chronological order)
[use –force to actually delete these files]
cleanup [–force]
list broken backup chain files archives (e.g. after unfinished run)
[use –force to actually delete these files]
changelog print changelog / todo list
txt2man feature for package maintainers – create a manpage based on the
usage output. download txt2man from http://mvertes.free.fr/, put
it in the PATH and run ‚duply txt2man‘ to create a man page.
OPTIONS:
–force passed to duplicity (see commands: purge, purge-full, cleanup)
–preview do nothing but print out generated duplicity command lines
–disable-encryption
disable encryption, overrides profile settings
PRE/POST SCRIPTS:
All internal duply variables will be readable in the scripts.
Some of interest might be
CONFDIR, SOURCE, TARGET_URL_<PROT|HOSTPATH|USER|PASS>,
GPG_<KEYS_ENC|KEY_SIGN|PW>, CMD_<PREV|NEXT>
The CMD_* variables were introduced to allow different actions according to
the command the scripts were attached to e.g. ‚pre_bkp_post_pre_verify_post‘
will call the pre script two times, with CMD_NEXT variable set to ‚bkp‘
on the first and to ‚verify‘ on the second run.
EXAMPLES:
create profile ‚humbug‘:
duply humbug create (now edit the resulting conf file)
backup ‚humbug‘ now:
duply humbug backup
list available backup sets of profile ‚humbug‘:
duply humbug status
list and delete obsolete backup archives of ‚humbug‘:
duply humbug purge –force
restore latest backup of ‚humbug‘ to /mnt/restore:
duply humbug restore /mnt/restore
restore /etc/passwd of ‚humbug‘ from 4 days ago to /root/pw:
duply humbug fetch etc/passwd /root/pw 4D
(see „duplicity manpage“, section TIME FORMATS)
a one line batch job on ‚humbug‘ for cron execution:
duply humbug backup_verify_purge –force
FILES:
in profile folder ‚~/.duply/<profile>‘ or ‚/etc/duply‘
conf profile configuration file
pre,post pre/post scripts (see above for details)
gpgkey.*.asc exported GPG key files
exclude a globbing list of included or excluded files/folders
(see „duplicity manpage“, section FILE SELECTION)
IMPORTANT:
Copy the _whole_ profile folder after the first backup to a safe place.
It contains everything needed to restore your backups. You will need
it if you have to restore the backup from another system (e.g. after a
system crash). Keep access to these files restricted as they contain
_all_ informations (gpg data, ftp data) to access and modify your backups.
Repeat this step after _all_ configuration changes. Some configuration
options are crucial for restoration.
SEE ALSO:
duplicity man page:
duplicity(1) or http://duplicity.nongnu.org/duplicity.1.html
root@server1:~#
7 Links
- duplicity: http://duplicity.nongnu.org/
- duply: http://duply.net/
- Debian: http://www.debian.org/