aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
blob: 80f2bb893b801837776f446f7b51d94c371cf98c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# Alpine Remote Backup

## Introduction

Alpine remote backup (RBU) is a set of scripts based on LBU
(Alpine Local Backup). It consist of a main script which need to be run from
cron and a set of profiles which can be used as pre/post scripts for LBU.
The idea of profiles is to simplify the backup process and to make sure
services inside Alpine infrastructure are setup in a similar way. Some of the
features/profiles of RBU are:

* Dump databases to a cache directory
* Synchronise backups to remote location
* Copy backup status log to remote location
* Send status notifications over mqtt

The alpine-backup script itself takes care of capturing the logs, creating the
snapshot, and updating the status for monitoring. Other tasks such uploading the
backup should be done through profiles. See the *Minimal Setup* section for
details.

## Prerequisite

* POSIX shell
* LBU (default on Alpine installation)
* rsync `apk add rsync`
* mosquitto-pub `apk add mosquitto-clients`

## Usage

### Configuration

RBU needs a configuration file named `rbu.conf`. This configuration should
(by default) be put in the lbu configuration directory `/etc/lbu`. Inside this
configuration should be a list of exported configuration variables which are
needed for lbu and its pre/post scripts to function properly.

### Profiles

Profiles are a set of LBU pre/post scripts. To use these scripts you should
symlink (or copy) them from the profile directory to one of the following dirs:

* `/etc/lbu/pre-package.d` (scripts run before LBU creates its backup)
* `/etc/lbu/post-package.d` (scripts run after LBU created its backup)

These profiles/scripts will be run by busybox run-parts which means they cannot
have an extension and need to be executable. If you need to run these scripts
in a specific order you should prefix them with a number like `10-scriptname`.

### Minimal setup

The `profiles/` directory contains some default profiles which can be used to
setup basic back-ups.

At the minimum, you want to add the `backup-sync` script in the `post-package.d`
directory to actually upload the backup archive to the remote server in the
homedir of the user provided in `rbu.conf`.

`backup-list` can be placed in the `pre-package.d` directory to generate a list
of files that are being backed up, which will added to the log.

### Encryption

To make sure the backups are safe we use openssl encryption option provided by
LBU. Please make sure you provide a secure password in `rbu.conf` and make sure
you have a backup of that password in case you will need it when restoring.

### Include non etc files

By default LBU will only backup files located in the `/etc` directory and have
been modified. To include other files you need to `lbu_include` files and
directories. Exclusion is possible via `lbu_exclude`. Please check
[Alpine wiki](http://wiki.alpinelinux.org/wiki/Alpine_local_backup) for more
information regarding LBU usage.

### Backup server

Backups will be kept in the specified backup location in rbu.conf. After the
backup is successful these backups will be rsynced to the remote backup server.
To be able to automatically rsync backups a ssh key needs to be generated per
backup. For generating a Ed25519 key exec: `ssh-keygen -t ed25519` and copy the
public key to the backup server.

### Enable daily backups

Copy the provided `alpine-backup` to `/etc/periodic/daily` to make the backup
run every night.

### Retention

LBU is configured to keep 7 days of backups. If you also want a monthly backup,
enable the backup-archive profile in `post-package.d` and make sure that it's
run after the `backup-sync` profile. This will copy the last created backup at
the first of each month to the `month/` directory..

## Backup monitoring

Backups are are automatically monitored by Alpine monitoring system. After the
backup has finished it will send a message with metadata to our mqtt server
which will be picked up by Alpine monitoring system.

## NOTE

Older version of LBU have a bug which prevents the cleanup of older local
encrypted backups. see:
https://git.alpinelinux.org/cgit/alpine-conf/commit/?id=cd395b