SYS255 Final Project - eitan-j/tech-journal GitHub Wiki

Setup

• Create webserver blog01-eitan, to be backed up
• Create server backup-eitan, to back up to

Setup SSH

• as root@blog01-eitan
• ssh-keygen
• ssh-copy-id root@backup-eitan
• use no passphrase so it can be done automatically

Dump database

• mysqldump --user='wordpressuser' --password='password' wordpress > /var/www/html/database.sql
  • please don't use 'password' as a password on a production server

Sync /var/www/html

• rsync -avSe ssh --delete /var/www/html root@backup-eitan:"/home/eitan/backup/backup-$(date +"%a")"
  • -a for archive
  • -v for verbose
  • -S makes it work with sparce files
  • -e ssh to use ssh
  • --delete to delete old files
  • $(date +"%a") lets us keep one copy for each day of the week
    • this is a somewhat hacky solution
  • root must be used to preserve all file ownership

Sync the whole system

• rsync -avAXHSe ssh --delete --filter='-x security.selinux' --exclude "/dev/*" --exclude "/proc/*" --exclude "/sys/*" --exclude "/tmp/*" --exclude "/run/*" --exclude "/mnt/*" --exclude "/media/* --exclude "lost+found" / root@backup-eitan:/home/eitan/backup/fullbackup
  • keep the same filename to overwrite old versions
  • -AXH are used to preserve additional metadata
  • --filter='-x security.selinux' excludes the selinux attribute, which cant be copied

Cron

• put in script in /etc/cron.daily (or weekly etc.)

To revert from backup

• rsync -avAXHSe ssh --delete root@backup-eitan:/home/eitan/backup/backup-Sat/html/ /var/www/html/
• disable selinux, since we lost selinux attribute
  • set SELINUX=disabled in /etc/selinux/config
  • reboot