Ticket ID #299 Configure Secure Automated Backups to Central Storage Server - GriffinKat/group-a GitHub Wiki

Initial Server Setup

  1. Access the offsite backup server at 20.40.64.18 using group credentials.

  2. Change default password (p@ssword@oe2) immediately.

    Use command passwd to change the password.

  3. Create organized directory structure (e.g., /home/group-x/{mgmt,app,db,backup})

    image

Secure Authentication

  1. Generate SSH key pairs on each source server(apps-a, mgmt-a, db-a and backup-a)

    ssh-keygen -t rsa -b 4096 -C "server-name"

  2. Deploy public keys to offsite backup server's authorized_keys

    sudo cat ~/.ssh/id_rsa.pub | ssh [email protected] "cat >> ~/.ssh/authorized_keys"

  3. Verify passwordless SSH connectivity

    image

  4. Private keys stored with 600 permissions

    Use the following commands to copy the private key to a different location and limiting permissions.

    sudo cp ~/.ssh/id_rsa /etc/backup/.ssh/id_rsa

    sudo chmod 700 /etc/backup/.ssh

    sudo chmod 600 /etc/backup/.ssh/id_rsa

    image

Backup Script Development

Create custom rsync scripts for each server type:

Include:

  • Nagios/Puppet custom configurations
  • ownCloud data and metadata
  • MySQL database dumps (more on this in the next lab)
  • Critical system configs and data

Backup Script for apps-a server:

image

Backup Script for mgmt-a server:

image

Similary, below is the screenshot of the backup script for db-a and backup-a server respectively.

image

image

Automation & Monitoring

  • Implement Puppet module to:

    • Distribute backup scripts

    • Configure cron jobs (4x daily staggered schedule)

    • Set up log rotation for backup operations

    Create a backup module in Puppet Master as shown below and place the backup scripts in the files directory inside the module. Also, create a file for log rotation settings

    image

    The content of log rotation file is shown below:

    image

    Configure the init.pp file to carry out the backup and setup cron jobs

    image

    Edit the site.pp file to include the backup module in Puppet Master and Agents

    image

  • Validation

    • Test backup integrity checks

      Below are the screenshots of successful distribution of scripts using puppet and setting up cron jobs for running the script 4 times daily.

      image

      image

      image

      image

      image

      image

      image

      image

      Below is the screenshot of the offsite backup server, after the backup scripts were run from individual servers.

      image

      The files were backed up on the offsite backup server.