Rsnapshot is a powerfull rotating snapshot utility.
RSnapshot rotations processing use hardlinks ; only the changed files are copied, the rest is hard linked to the most recent backup. This method reduce hard disk used space.
Using remote root ssh access, Rsnapshot is able to backup a whole distant host. But, as you know, this is not an elegant nor a secure solution.
Consider we have several Remote Hosts, and a Backup Server host.
We'll use a common user (named backupuser).
From Backup Server, we'll be able to log on each Remote Host using backupuser ssh public key.
The main trick is to set sudoers on Remote Host in order to allow rsync root access to backupuser, and tell rsnapshot to use additionnal parameters when calling RSync.
Let's see in details.
sudo adduser backupuser sudo su backupuser ssh-keygen exit
WORKUSER is your usual user on Remote Host
REMOTE is adress/ip of Remote Host
sudo scp /home/backupuser/.ssh/id_rsa.pub WORKUSER@REMOTE:
sudo vim /etc/rsnapshot.conf
(Mind that separator MUST BE TAB and folders MUST ENDS WITH A TRAILING SLASH)
Uncomment this line
Uncomment and modify these lines
rsync_long_args -ev --rsync-path=/home/backupuser/rsync-wrapper.sh ssh_args -i /home/backupuser/.ssh/id_rsa
For each directory to backup, add this line at the end of the file
backup backupuser@REMOTE:/PATH/ REMOTE_NAME/PATH/
To backup /etc of myremote.org :
backup email@example.com:/etc/ myremote_backup/etc/
Finally, configure rotations. I use 3 daily, 3 weekly and 3 monthly rotations
interval daily 3 interval weekly 3 interval monthly 3
sudo crontab -e
A cron task must be defined for each rotation type, mine is like this, according Rsnapshot config
#3am each day 0 3 * * * /usr/bin/rsnapshot daily #4am each week 0 4 * * 1 /usr/bin/rsnapshot weekly #4am each month 0 4 1 * * /usr/bin/rsnapshot monthly
Repeat these steps for each remote
Log on to remote using your usual user (WORKUSER)
sudo useradd backupuser -c "limited backup user" -m -u 4210 sudo mkdir /home/backupuser/.ssh sudo mv id_rsa.pub /home/backupuser/.ssh/authorized_keys (debian)
sudo vim /home/backupuser/rsync-wrapper.sh
#!/bin/sh date >> /home/backupuser/backuplog echo $@ >> /home/backupuser/backuplog /usr/bin/sudo /usr/bin/rsync "$@";
(Once created, you can copy this file accross all remotes using scp)
sudo chown backupuser:backupuser /home/backupuser/rsync-wrapper.sh sudo chmod 755 /home/backupuser/rsync-wrapper.sh
sudo vim /etc/sudoers
Add this line (This file is read only on debian systems, so ignore the warning)
backupuser ALL=NOPASSWD: /usr/bin/rsync
Each backupuser ssh connection must be initialized once.
From Backup Server, type :
ssh backupuser@REMOTE -i /home/backupuser/.ssh/id_rsa
Before been called by your Cron tasks, you can test your backups calling Rnapshot manually.
When finished, you can check the results in Rsnapshot directory (default on debian /var/cache/rsnapshot)
If repeated, you'll see the rotations folders.
My first attempt to use Rsnapshot without root access was really complicated
Then, I've read this article on Linux Puzzle blog, and, after used it with success, I've deciced to write a bit more detailed tutorial about this elegant solution.