Inhaltsverzeichnis |
Tartarus Backup
Tartarus is a backup system based on classic and widespread Unix Tools which is specifically geared to dedicated server requirements.
Installation
Debian users can easily install the program via the package system and keep it up to date by adding the following line to the APT configuration (e.g.in /etc/apt/sources.list.d/tartarus.list):
deb http://wertarbyte.de/apt/ ./
After an “apt-get update”, the script can easily be installed using “apt-get install tartarus”.
The following commands are sufficient for importing the GnuPG key, which signs the repository, and installing the program:
wget -O /etc/apt/sources.list.d/wertarbyte.list http://wertarbyte.de/apt/wertarbyte-apt.list wget -O - http://wertarbyte.de/apt/software-key.gpg | apt-key add - apt-get update apt-get install tartarus
The script uses a wide range of classic Unix tools which are installed – if this has not taken place automatically – via the package management:
apt-get install tar bzip2 lvm2 gnupg curl
If you do not have Debian (or Ubuntu, for example) the program can be installed manually by simplydownloading it from the website and after unzipping the files placing it in /usr/local/.
On the other hand, installation via the package system is recommended as new versions can be installed automatically.
If a current Ubuntu distribution is being used (from 10), errors occur with curl and sftp, so curl needs to be compiled separately. Instructions on this can be found here: Curl with sftp
Backup Configuration
Tartarus reads its configuration profile files that are stored in the /etc/tartarus/. These are shell scripts that are processed by the backup process, so it is also possible to include on the command “source” other configuration files in a profile. This can be exploited to store generic settings for all backup profiles centrally:
General Configuration
# /etc/tartarus/generic.inc # Generic settings for the backup # on the Hetzner FTP Server STORAGE_FTP_SSL_INSECURE="yes" STORAGE_METHOD="FTP" # Address of the FTP Server STORAGE_FTP_SERVER="1.2.3.4" # FTP access STORAGE_FTP_USER="12345" STORAGE_FTP_PASSWORD="SecretPassword" # Encrypt transfer and use SFTP STORAGE_FTP_USE_SFTP="yes"
# Compression method COMPRESSION_METHOD="bzip2" # Size of LVM snapshot LVM_SNAPSHOT_SIZE="1000M"
# Backup data encrypt symmetrically ENCRYPT_SYMMETRICALLY="yes" # Password from /etc/tartarus/backup.sec read ENCRYPT_PASSPHRASE_FILE="/etc/tartarus/backup.sec"
# During backup setup # do not go beyond file system limits STAY_IN_FILESYSTEM="yes"
These settings encrypt backups with a password read from /etc/tartarus/backup.sec. The file contents are needed for unpacking the archive again later; and should, therefore, be kept safely (possibly also in printed format).
Simple Backup
A simple profile for the safety of the root file system could look like this:
# /etc/tartarus/root.conf # # Read main config source /etc/tartarus/generic.inc # Profile name NAME="root" # Directory / Backup DIRECTORY="/" # Backup no temporary files # separate several folders with a space EXCLUDE="/tmp/" # No LVM snapshot CREATE_LVM_SNAPSHOT="no"
Simply start backup with the following:
/usr/sbin/tartarus /etc/tartarus/root.conf
Backup with LVM Snapshot
LVM snapshots enable a file system to be frozen in time during operation. The LVM system creates a virtual block device and stores obvious changes in a separate logical volume.
# /etc/tartarus/home.conf source /etc/tartarus/generic.inc
NAME="home" DIRECTORY="/home" # Create LVM Snapshot CREATE_LVM_SNAPSHOT="yes" # LVM volume which stores the file system LVM_VOLUME_NAME="/dev/volumegroup/home" # Mountpoint, which hooks the file system LVM_MOUNT_DIR="/home"
To integrate the snapshot file systems, Tartarus uses /snap: The frozen file systems are latched on to the corresponding subdirectories.
Incremental Backups
Incremental backups only save the changes since the last full backup and do not archive the whole file system. Tartarus creates marker files to determine the exact date of the last backup. To perform incremental backups, you first need to create a directory that contains these files:
mkdir -p /var/spool/tartarus/timestamps/
The configuration profiles now have the following line (with corresponding file name):
INCREMENTAL_TIMESTAMP_FILE="/var/spool/tartarus/timestamps/home"
After each successful backup, the script updates the file. To perform an incremental backup, start Tartarus with the additional parameter “-i”:
/usr/sbin/tartarus -i /etc/tartarus/home.conf
Automatic Backup
A typical system has several backup files in the directory in /etc/tartarus/; to call them up automatically use the following script:
#!/bin/sh # /usr/local/sbin/backup.sh # Run all backup profile found in /etc/tartarus/ and pass # command line arguments on to tartarus (e.g. -i) for profile in /etc/tartarus/*.conf; do /usr/sbin/tartarus $* "$profile" done
Now it can be exceuted with or without parameter, to run all profiles on full or incremental backup:
/usr/local/sbin/backup.sh # full backup
/usr/local/sbin/backup.sh -i # incremental backup
The command “crontab -e” edits the crontab for the root user:
PATH=/bin/:/sbin/:/usr/bin/:/usr/sbin/:/usr/local/sbin/:/usr/local/bin # m h dom mon dow command 0 1 * * mon-sat /usr/local/sbin/backup.sh -i 0 1 * * sun /usr/local/sbin/backup.sh
This is an example on full backup every Sunday at approx 1 am and the other days incremental backups.
Recovery
Since Tartarus is based on simple Unix utilities, a backup is easy to restore from the rescue system. To show the files in backup, use the following command line:
curl [[Ftp: | gpg --decrypt | tar tpvj
To unpack the archive in the directory /mnt/restore modify the line as follows:
curl [[Ftp: | gpg --decrypt | tar xpvj -C /mnt/restore
Delete Old Backups
If backups are created on a regular basis, the FTP server quota soon reaches its limits – old backups should therefore be removed regularly. This is automatically done with “charon.ftp”: The following command checks all backups designated “home” on the FTP server for their “best-before date”. The parameter “–dry-run” does not really remove the files.
/usr/sbin/charon.ftp --host 1.2.3.4 \ --user USERNAME \ --password PASSWORD \ --profile home \ --maxage 7 \ --dry-run
Charon removes all files created more than 7 days ago. This only happens however if there are no other incremental backups based on them.
To automatically clean up the FTP server after a successful backup, use the Tartarus hook. The following entry in the Tartarus settings (e.g. generic.inc) checks for out-of-date archives after each backup run on the server:
# Clean up FTP server after backup TARTARUS_POST_PROCESS_HOOK() { echo -n "$STORAGE_FTP_PASSWORD" | /usr/sbin/charon.ftp \ --host "$STORAGE_FTP_SERVER" \ --user "$STORAGE_FTP_USER" --readpassword \ --maxage 7 \ --dir "$STORAGE_FTP_DIR" --profile "$NAME" }
In this way, the script takes over the settings directly from the Tartarus configuration. To ensure that the password is not shown in the processing list, it is read from the standard input.
Documentation and Contact
Further information on Tartarus can be found in the project page, the program documentation and the mailing list.
To report errors in the script, keep informed of further developments or to participate, log on there.
# Allgemeine Einstellungen einlesen source /etc/tartarus/generic.inc # Name des Sicherungsprofils NAME="database" # Verzeichnis /var/lib/mysqldump sichern DIRECTORY="/var/lib/mysqldump" # Keine temporären Dateien sichern EXCLUDE="" # keinen LVM-Snapshot erstellen CREATE_LVM_SNAPSHOT="no" # Informationen für Incrementelle Sicherungen speichern in INCREMENTAL_TIMESTAMP_FILE="/var/spool/tartarus/database" # Datenbank dumpen TARTARUS_PRE_PROCESS_HOOK() { /usr/local/sbin/mysqlbackup.sh } # Datenbankdump wieder entfernen TARTARUS_POST_STORE_HOOK() { rm -R /var/lib/mysqldump/* } # abschließendes Löschen alter Backups source /etc/tartarus/post.inc