Review rdiff-backup SOP
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
This commit is contained in:
Michal Konečný
parent
ee224efc2c
commit
c77164329d
2 changed files with 20 additions and 25 deletions
|
|
@ -91,8 +91,8 @@
|
||||||
** xref:planetsubgroup.adoc[Planet Subgroup Infrastructure - SOP]
|
** xref:planetsubgroup.adoc[Planet Subgroup Infrastructure - SOP]
|
||||||
** xref:publictest-dev-stg-production.adoc[Fedora Infrastructure Machine Classes - SOP]
|
** xref:publictest-dev-stg-production.adoc[Fedora Infrastructure Machine Classes - SOP]
|
||||||
** xref:rabbitmq.adoc[RabbitMQ - SOP]
|
** xref:rabbitmq.adoc[RabbitMQ - SOP]
|
||||||
** xref:rdiff-backup.adoc[rdiff-backup - SOP in review ]
|
** xref:rdiff-backup.adoc[rdiff-backup - SOP]
|
||||||
** xref:registry.adoc[registry - SOP in review ]
|
** xref:registry.adoc[Container registry - SOP]
|
||||||
** xref:requestforresources.adoc[requestforresources - SOP in review ]
|
** xref:requestforresources.adoc[requestforresources - SOP in review ]
|
||||||
** xref:resultsdb.adoc[resultsdb - SOP in review ]
|
** xref:resultsdb.adoc[resultsdb - SOP in review ]
|
||||||
** xref:retrace.adoc[retrace - SOP in review ]
|
** xref:retrace.adoc[retrace - SOP in review ]
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,6 @@ Owner::
|
||||||
Fedora Infrastructure Team
|
Fedora Infrastructure Team
|
||||||
Contact::
|
Contact::
|
||||||
#fedora-admin
|
#fedora-admin
|
||||||
Location::
|
|
||||||
Phoenix
|
|
||||||
Servers::
|
Servers::
|
||||||
backup03 and others
|
backup03 and others
|
||||||
Purpose::
|
Purpose::
|
||||||
|
|
@ -19,28 +17,28 @@ We are now running a rdiff-backup of all our critical data on a daily
|
||||||
basis. This allows us to keep incremental changes over time as well has
|
basis. This allows us to keep incremental changes over time as well has
|
||||||
have a recent copy in case of disaster recovery.
|
have a recent copy in case of disaster recovery.
|
||||||
|
|
||||||
The backups are run from backup03 every day at 22:10UTC as root. All
|
The backups are run from _backup03_ every day at 22:10UTC as root. All
|
||||||
config is in ansible.
|
config is in ansible.
|
||||||
|
|
||||||
The cron job checks out the ansible repo from git, then runs
|
The cron job checks out the ansible repo from git, then runs
|
||||||
ansible-playbook with the rdiff-backup playbook. This playbook looks at
|
ansible-playbook with the rdiff-backup playbook. This playbook looks at
|
||||||
variables to decide which machines and partitions to backup.
|
variables to decide which machines and partitions to backup.
|
||||||
|
|
||||||
* First, machines in the backup_clients group in inventory are operated
|
* First, machines in the _backup_clients_ group in inventory are operated
|
||||||
on. If a host is not in that group it is not backed up via rdiff-backup.
|
on. If a host is not in that group it is not backed up via rdiff-backup.
|
||||||
* Next, any machines in the backup_clients group will have their /etc
|
* Next, any machines in the _backup_clients_ group will have their `/etc`
|
||||||
and /home directories backed up by the server running rdiff-backup and
|
and `/home` directories backed up by the server running rdiff-backup and
|
||||||
using the rdiff-backup ssh key to access the client.
|
using the rdiff-backup ssh key to access the client.
|
||||||
* Next, if any of the hosts in backup_clients have a variable set for
|
* Next, if any of the hosts in _backup_clients_ have a variable set for
|
||||||
host_backup_targets, those directories will also be backed up in the
|
_host_backup_targets_, those directories will also be backed up in the
|
||||||
same manner as above with the rdiff-backup ssh key.
|
same manner as above with the rdiff-backup ssh key.
|
||||||
|
|
||||||
For each backup an email will be sent to sysadin-backup-members with a
|
For each backup an email will be sent to _sysadmin-backup-members_ with a
|
||||||
summary.
|
summary.
|
||||||
|
|
||||||
Backups are stored on a netapp volume, so in addition to the
|
Backups are stored on a netapp volume, so in addition to the
|
||||||
incrementals that rdiff-backup provides there are netapp snapshots. This
|
incrementals that rdiff-backup provides there are netapp snapshots. This
|
||||||
netapp volume is mounted on /fedora_backups and is running dedup on the
|
netapp volume is mounted on `/fedora_backups` and is running dedup on the
|
||||||
netapp side.
|
netapp side.
|
||||||
|
|
||||||
== Rebooting backup03
|
== Rebooting backup03
|
||||||
|
|
@ -59,23 +57,20 @@ ssh-add .ssh/rdiff-backup-key
|
||||||
|
|
||||||
[arabic]
|
[arabic]
|
||||||
. add the host to the backup_clients inventory group in ansible.
|
. add the host to the backup_clients inventory group in ansible.
|
||||||
. {blank}
|
. If you wish to backup more than `/etc` and `/home`, add a variable to
|
||||||
+
|
`inventory/group_vars/<app_name>` like: `host_backup_targets: ['/srv']`
|
||||||
If you wish to backup more than /etc and /home, add a variable to:::
|
See https://pagure.io/fedora-infra/ansible/blob/main/f/inventory/group_vars/pagure#_81
|
||||||
inventory/host_vars/fqdn like: host_backup_targets: ['/srv']
|
for example.
|
||||||
. On the client to be backed up, install rdiff-backup.
|
. On the client to be backed up, install rdiff-backup.
|
||||||
. {blank}
|
. On the client to be backed up, install the rdiff-backup ssh public key
|
||||||
|
to `/root/.ssh/authorized_keys` It should be restricted from:
|
||||||
+
|
+
|
||||||
On the client to be backed up, install the rdiff-backup ssh public key
|
|
||||||
to::
|
|
||||||
`/root/.ssh/authorized_keys` It should be restricted from:
|
|
||||||
+
|
|
||||||
....
|
....
|
||||||
from="10.5.126.161,192.168.1.64"
|
from="10.5.126.161,192.168.1.64"
|
||||||
....
|
....
|
||||||
+
|
+
|
||||||
and command can be restricted to:
|
and command can be restricted to:
|
||||||
+
|
+
|
||||||
....
|
....
|
||||||
command="rdiff-backup --server --restrict-update-only"
|
command="rdiff-backup --server --restrict-update-only"
|
||||||
....
|
....
|
||||||
|
|
@ -84,7 +79,7 @@ command="rdiff-backup --server --restrict-update-only"
|
||||||
|
|
||||||
rdiff backup keeps a copy of the most recent version of files on disk,
|
rdiff backup keeps a copy of the most recent version of files on disk,
|
||||||
so if you wish to restore the last backup copy, simply rsync from
|
so if you wish to restore the last backup copy, simply rsync from
|
||||||
backup03. If you wish an older incremental, see rdiff-backup man page
|
_backup03_. If you wish an older incremental, see rdiff-backup man page
|
||||||
for how to specify the exact time.
|
for how to specify the exact time.
|
||||||
|
|
||||||
== Retention
|
== Retention
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue