diff --git a/modules/sysadmin_guide/nav.adoc b/modules/sysadmin_guide/nav.adoc index 90c47cd..7892e08 100644 --- a/modules/sysadmin_guide/nav.adoc +++ b/modules/sysadmin_guide/nav.adoc @@ -91,8 +91,8 @@ ** xref:planetsubgroup.adoc[Planet Subgroup Infrastructure - SOP] ** xref:publictest-dev-stg-production.adoc[Fedora Infrastructure Machine Classes - SOP] ** xref:rabbitmq.adoc[RabbitMQ - SOP] -** xref:rdiff-backup.adoc[rdiff-backup - SOP in review ] -** xref:registry.adoc[registry - SOP in review ] +** xref:rdiff-backup.adoc[rdiff-backup - SOP] +** xref:registry.adoc[Container registry - SOP] ** xref:requestforresources.adoc[requestforresources - SOP in review ] ** xref:resultsdb.adoc[resultsdb - SOP in review ] ** xref:retrace.adoc[retrace - SOP in review ] diff --git a/modules/sysadmin_guide/pages/rdiff-backup.adoc b/modules/sysadmin_guide/pages/rdiff-backup.adoc index 91a60ac..9841b49 100644 --- a/modules/sysadmin_guide/pages/rdiff-backup.adoc +++ b/modules/sysadmin_guide/pages/rdiff-backup.adoc @@ -6,8 +6,6 @@ Owner:: Fedora Infrastructure Team Contact:: #fedora-admin -Location:: - Phoenix Servers:: backup03 and others Purpose:: @@ -19,28 +17,28 @@ We are now running a rdiff-backup of all our critical data on a daily basis. This allows us to keep incremental changes over time as well has have a recent copy in case of disaster recovery. -The backups are run from backup03 every day at 22:10UTC as root. All +The backups are run from _backup03_ every day at 22:10UTC as root. All config is in ansible. The cron job checks out the ansible repo from git, then runs ansible-playbook with the rdiff-backup playbook. This playbook looks at variables to decide which machines and partitions to backup. -* First, machines in the backup_clients group in inventory are operated +* First, machines in the _backup_clients_ group in inventory are operated on. If a host is not in that group it is not backed up via rdiff-backup. -* Next, any machines in the backup_clients group will have their /etc -and /home directories backed up by the server running rdiff-backup and +* Next, any machines in the _backup_clients_ group will have their `/etc` +and `/home` directories backed up by the server running rdiff-backup and using the rdiff-backup ssh key to access the client. -* Next, if any of the hosts in backup_clients have a variable set for -host_backup_targets, those directories will also be backed up in the +* Next, if any of the hosts in _backup_clients_ have a variable set for +_host_backup_targets_, those directories will also be backed up in the same manner as above with the rdiff-backup ssh key. -For each backup an email will be sent to sysadin-backup-members with a +For each backup an email will be sent to _sysadmin-backup-members_ with a summary. Backups are stored on a netapp volume, so in addition to the incrementals that rdiff-backup provides there are netapp snapshots. This -netapp volume is mounted on /fedora_backups and is running dedup on the +netapp volume is mounted on `/fedora_backups` and is running dedup on the netapp side. == Rebooting backup03 @@ -59,23 +57,20 @@ ssh-add .ssh/rdiff-backup-key [arabic] . add the host to the backup_clients inventory group in ansible. -. {blank} -+ -If you wish to backup more than /etc and /home, add a variable to::: - inventory/host_vars/fqdn like: host_backup_targets: ['/srv'] +. If you wish to backup more than `/etc` and `/home`, add a variable to + `inventory/group_vars/` like: `host_backup_targets: ['/srv']` + See https://pagure.io/fedora-infra/ansible/blob/main/f/inventory/group_vars/pagure#_81 + for example. . On the client to be backed up, install rdiff-backup. -. {blank} +. On the client to be backed up, install the rdiff-backup ssh public key +to `/root/.ssh/authorized_keys` It should be restricted from: + -On the client to be backed up, install the rdiff-backup ssh public key -to:: - `/root/.ssh/authorized_keys` It should be restricted from: - + .... from="10.5.126.161,192.168.1.64" .... - + - and command can be restricted to: - + ++ +and command can be restricted to: ++ .... command="rdiff-backup --server --restrict-update-only" .... @@ -84,7 +79,7 @@ command="rdiff-backup --server --restrict-update-only" rdiff backup keeps a copy of the most recent version of files on disk, so if you wish to restore the last backup copy, simply rsync from -backup03. If you wish an older incremental, see rdiff-backup man page +_backup03_. If you wish an older incremental, see rdiff-backup man page for how to specify the exact time. == Retention