June 11, 2009
In my last post I’ve written a howto on installing Xen and OpenVZ on a dedicated root server at a locally well know server ISP. This post is now about the method I use to backup this server on the ISP provided FTP space. The backup solution I use provides following:
- Full backup and restore of the whole server or single files
- GnuPG encryption of the data on the FTP server
- full and incremental backup
- open source and free
- simple setup and usage
The base of the backup system is duplicity, but I use ftplicity as front-end which makes the interface easier to handle in this special case. As the hardware node of the server is running under CentOS 5, this howto is centered around it, but the basic idea is the same for any distribution.
- Repository: We need to add the EPEL5 repository by calling
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm
Info: Replace x86_64 with i386 if you’ve a 32bit system.
- Packages: I did following to update and install the required packages:
yum install duplicity python-GnuPGInterface
- Bug fixing: There is a small bug in the duplicity package (duplicity-0.5.06-1.el5) which leads to some unlovely error messages. You can and should correct them like this:
patch /usr/bin/duplicity duplicity-sys-exit.patch
If the patching worked you should get a output like this:
patching file /usr/bin/duplicity
Hunk #1 succeeded at 589 (offset 2 lines).
- ftplicity install: There is currently no package for ftplicity, but as it consists basically only of one bash script that doesn’t really matter. Just use following commands
tar xzf ftplicity_126.96.36.199.tgz
cp ftplicity_188.8.131.52/ftplicity /usr/local/sbin/
to install it.
- ftplicity configuration:Everything is now installed and we only need to configure it. The shell script creates its own default config if called like this:
ftplicity [profilename] create. Choose a profile name, as ftplicity allows you to use more than one profile (e.g. to backup different stuff to different ftp servers). Now change into the directory
You need now to create a gpg key with
gpg --gen-key– use the default options and a complicated pass-phrase. Continue with editing the file
conf, by at least setting following variables:
GPG_KEY= to the ID of the key just generated
GPG_PW= to the pass-phrase you just entered
TARGET= to your backup server, use a subdirectory and not / as you may want to backup a second profile or server later and create that subdirectory
TARGET_PW= to the ftp password
SOURCE='/' # as we backup everything
Take also a look at the other parameters but you’re not required to change them. As we’re backing up the whole server it is necessary to exclude some directories. To accomplish this you need to create a file
excludein the profile directory which contains at least following lines.
As we’re using the server with OpenVZ we also add following lines:
- first backup: Type
ftplicity profilename backupto make your first (=full) backup. You should not get any exceptions or error message if you’ve configured every correctly.
- automatic backup As you see at the first backup, ftplicity is verbosely – this is good if an error occurs but I don’t like an email every day if all worked. Therefore I’ve written the python script ftplicity.py, which parses the output of the shell script and only sends (but than the full verbose output) an email (via cron) to me if something went wrong. Copy the script to
/usr/local/sbinand set the execute flag.Now you only need to edit the crontab with following command:
crontab -eand place some lines like this there.
5 9 * * * /usr/local/sbin/ftplicity.py profilename backup
6 17 1 * * /usr/local/sbin/ftplicity.py profilename full && /usr/local/sbin/ftplicity.py profilename purge --force && /usr/local/sbin/ftplicity.py hetzner purge-full
That’s it – quite easy? Anyway take a look at
ftplicity usage which shows you these usage examples:
- create profile ‘humbug’:
ftplicity humbug create(now edit the resulting conf file)
- backup ‘humbug’ now:
ftplicity humbug backup
- list available backup sets of profile ‘humbug’:
ftplicity humbug status
- list and delete obsolete backup archives of ‘humbug’:
ftplicity humbug purge --force
- restore latest backup of ‘humbug’ to /mnt/restore:
ftplicity humbug restore /mnt/restore
- restore /etc/passwd of ‘humbug’ from 4 days ago to /root/pw:
ftplicity humbug fetch etc/passwd /root/pw 4D(see “man duplicity”, section TIME FORMATS)