Review rdiff-backup SOP
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
This commit is contained in:
Michal Konečný
parent
ee224efc2c
commit
c77164329d
2 changed files with 20 additions and 25 deletions
|
|
@ -91,8 +91,8 @@
|
|||
** xref:planetsubgroup.adoc[Planet Subgroup Infrastructure - SOP]
|
||||
** xref:publictest-dev-stg-production.adoc[Fedora Infrastructure Machine Classes - SOP]
|
||||
** xref:rabbitmq.adoc[RabbitMQ - SOP]
|
||||
** xref:rdiff-backup.adoc[rdiff-backup - SOP in review ]
|
||||
** xref:registry.adoc[registry - SOP in review ]
|
||||
** xref:rdiff-backup.adoc[rdiff-backup - SOP]
|
||||
** xref:registry.adoc[Container registry - SOP]
|
||||
** xref:requestforresources.adoc[requestforresources - SOP in review ]
|
||||
** xref:resultsdb.adoc[resultsdb - SOP in review ]
|
||||
** xref:retrace.adoc[retrace - SOP in review ]
|
||||
|
|
|
|||
|
|
@ -6,8 +6,6 @@ Owner::
|
|||
Fedora Infrastructure Team
|
||||
Contact::
|
||||
#fedora-admin
|
||||
Location::
|
||||
Phoenix
|
||||
Servers::
|
||||
backup03 and others
|
||||
Purpose::
|
||||
|
|
@ -19,28 +17,28 @@ We are now running a rdiff-backup of all our critical data on a daily
|
|||
basis. This allows us to keep incremental changes over time as well has
|
||||
have a recent copy in case of disaster recovery.
|
||||
|
||||
The backups are run from backup03 every day at 22:10UTC as root. All
|
||||
The backups are run from _backup03_ every day at 22:10UTC as root. All
|
||||
config is in ansible.
|
||||
|
||||
The cron job checks out the ansible repo from git, then runs
|
||||
ansible-playbook with the rdiff-backup playbook. This playbook looks at
|
||||
variables to decide which machines and partitions to backup.
|
||||
|
||||
* First, machines in the backup_clients group in inventory are operated
|
||||
* First, machines in the _backup_clients_ group in inventory are operated
|
||||
on. If a host is not in that group it is not backed up via rdiff-backup.
|
||||
* Next, any machines in the backup_clients group will have their /etc
|
||||
and /home directories backed up by the server running rdiff-backup and
|
||||
* Next, any machines in the _backup_clients_ group will have their `/etc`
|
||||
and `/home` directories backed up by the server running rdiff-backup and
|
||||
using the rdiff-backup ssh key to access the client.
|
||||
* Next, if any of the hosts in backup_clients have a variable set for
|
||||
host_backup_targets, those directories will also be backed up in the
|
||||
* Next, if any of the hosts in _backup_clients_ have a variable set for
|
||||
_host_backup_targets_, those directories will also be backed up in the
|
||||
same manner as above with the rdiff-backup ssh key.
|
||||
|
||||
For each backup an email will be sent to sysadin-backup-members with a
|
||||
For each backup an email will be sent to _sysadmin-backup-members_ with a
|
||||
summary.
|
||||
|
||||
Backups are stored on a netapp volume, so in addition to the
|
||||
incrementals that rdiff-backup provides there are netapp snapshots. This
|
||||
netapp volume is mounted on /fedora_backups and is running dedup on the
|
||||
netapp volume is mounted on `/fedora_backups` and is running dedup on the
|
||||
netapp side.
|
||||
|
||||
== Rebooting backup03
|
||||
|
|
@ -59,23 +57,20 @@ ssh-add .ssh/rdiff-backup-key
|
|||
|
||||
[arabic]
|
||||
. add the host to the backup_clients inventory group in ansible.
|
||||
. {blank}
|
||||
+
|
||||
If you wish to backup more than /etc and /home, add a variable to:::
|
||||
inventory/host_vars/fqdn like: host_backup_targets: ['/srv']
|
||||
. If you wish to backup more than `/etc` and `/home`, add a variable to
|
||||
`inventory/group_vars/<app_name>` like: `host_backup_targets: ['/srv']`
|
||||
See https://pagure.io/fedora-infra/ansible/blob/main/f/inventory/group_vars/pagure#_81
|
||||
for example.
|
||||
. On the client to be backed up, install rdiff-backup.
|
||||
. {blank}
|
||||
. On the client to be backed up, install the rdiff-backup ssh public key
|
||||
to `/root/.ssh/authorized_keys` It should be restricted from:
|
||||
+
|
||||
On the client to be backed up, install the rdiff-backup ssh public key
|
||||
to::
|
||||
`/root/.ssh/authorized_keys` It should be restricted from:
|
||||
+
|
||||
....
|
||||
from="10.5.126.161,192.168.1.64"
|
||||
....
|
||||
+
|
||||
and command can be restricted to:
|
||||
+
|
||||
+
|
||||
and command can be restricted to:
|
||||
+
|
||||
....
|
||||
command="rdiff-backup --server --restrict-update-only"
|
||||
....
|
||||
|
|
@ -84,7 +79,7 @@ command="rdiff-backup --server --restrict-update-only"
|
|||
|
||||
rdiff backup keeps a copy of the most recent version of files on disk,
|
||||
so if you wish to restore the last backup copy, simply rsync from
|
||||
backup03. If you wish an older incremental, see rdiff-backup man page
|
||||
_backup03_. If you wish an older incremental, see rdiff-backup man page
|
||||
for how to specify the exact time.
|
||||
|
||||
== Retention
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue