RT Tickets: #855 , #859

Update: after generating a new ssh key and configuring ssh for mgmt/backup, borg backup creation doesnt work as it has this error - . So for now we'll use rsync and compressing tar files

Borg backup

Look at the borg documentation: https://borgbackup.readthedocs.io/en/stable/book.html

For our full server backup we decided to use borg backup over using rsync

Reasons for choosing Borg Backup over rsync:

• Encryption: Borg encrypts your backups before storing them, unlike rsync which doesn't encrypt data by default
• No duplicate backup data: Rsync stores duplicate data
• Versioning: rsync only keeps the latest version of your files, where as borg keeps multiple different versions

Installation

on all 4 of our servers:

sudo apt install borgbackup -y

check that the version is consistent:

borg --version

should be borg 1.1.15 for all the servers, works on both Ubuntu 18.04 and Ubuntu 20.04

Setup

Resources:

• https://www.joshknows.com/blog/87/BorgBackupFromAGitUserAposSPerspective

• https://borgbackup.readthedocs.io/en/stable/book.html

• https://borgbackup.readthedocs.io/en/stable/usage/init.html

For the initial setup, you need to create the encryption key on backup server and initialise a repository within the backup server

create the full_backups directory

sudo borg init --encryption repokey-blake2 /home/group-c/full_backups

You'll be prompted to enter a strong passphrase during initialization. This passphrase protects the encryption key.

Backup our servers

Before doing the next steps, Change the following in the backup server

sudo chown -R group-c:group-c /home/group-c/full_backups
sudo chmod -R 700 /home/group-c/full_backups

On all 3 of mgmt, app, and db servers:

sudo borg create --compression auto,lzma -e repokey-blake2 group-c@backup-c:/home/group-c/full_backups::weekly_app_backup ~/

Testing backing up the puppet config on mgmt server:

sudo borg create --compression auto,lzma -e repokey-blake2 group-c@backup-c:/home/group-c/full_backups::borg_puppet_mgmt2 /etc/puppetlabs/ --stats >> borg_puppet.log 2>&1

the borg puppet log is just to test out any errors that occur during the process

sudo cat borg_puppet.log

Verify the backup creation and append it to a log file:

On the other 3 servers: sudo borg list group-c@backup-c:/home/group-c/full_backups >> borg_backup_list.log 2>&1

On just the backup server: sudo borg list /home/group-c/full_backups (without the log)

sudo cat borg_backup_list.log

This is the command without the log option:

For the content of the backup file itself:

On other 3 servers: sudo borg list group-c@backup-c:/home/group-c/full_backups::borg_puppet_mgmt

On backup:

sudo borg list /home/group-c/full_backups::borg_puppet_mgmt

Borg recovery

• TBD