On Mon, May 19, 2008 at 09:03:33AM +0200, Alexander Horn wrote:
> > People should back up regularly in any event. How to do that is
> > a different discussion, but totally worth having.
> >
>
> I would like to learn more about this if possible.
What I have done is create an encrypted loopback on a 2nd
machine and do the backup over my home network via rsync (using
the sort of "snapshots" technique that you can can find on the
net). I tunnel my rsync through ssh for security; the link is
usually a wireless link. And I keep the key for the encrypted
loopback on the encrypted drive of my laptop (I also have a copy
done up with PGP and emailed to me, because I would need that if
I crashed my laptop).
These are similar to the scripts I am currently using; aria is my
laptop, and emma is the desktop I save my backups on.
#----- BEGIN backup2emma -----
#!/bin/bash
# in case we have extra keys loaded via sshagent.
unset SSH_AGENT_PID SSH_AUTH_SOCK
# key for backup storage password (ripemd160 hash): NotREALLY!
export KEY=aaaabbbbccccddddaaaabbbbccccddddaaaabbbb000000000000000000000000
# login as root with "backup" key to start the process
# root's .ssh/authorized_keys file has
# COMMAND="/usr/local/sbin/rsync2emma" field set.
ssh -i ~dbindner/.ssh/backup_dsa \
-L3141:localhost:3141 \
-o 'SendEnv KEY' \
[EMAIL PROTECTED] backup_from_aria
echo "Done."
sleep 20s
#----- END backup2emma -----
#----- BEGIN backup_from_aria -----
#!/bin/bash
dest=/mnt/huge/aria
# Assumes a KEY has been passed from aria and uses it to
# mount encrypted partition via losetup and dmsetup.
aria-storage on
if [ ! -d $dest/lost+found ]; then
echo "Problem mounting backup storage area!"
exit 1
fi
cd $dest || exit 1
# increment the backups
rm -rf ./backup.30
for i in {2,1,\ }{9,8,7,6,5,4,3,2,1,0} ; do
test -d ./backup.$(($i)) && mv ./backup.$(($i)) ./backup.$(($i+1))
done
# make a hard link copy of most recent backup
test -d ./backup.1 && cp -al ./backup.1 ./backup.0
# rotate the vmware backup as well
rm -rf ./vmware.1
test -d ./vmware.0 && mv ./vmware.0 ./vmware.1
test -d ./vmware.1 && cp -al ./vmware.1 ./vmware.0
# get out of the destination directory
cd /
# Make sure our rsync daemon is running
rsync --daemon --port=3141 --address=127.0.0.1 \
--log-file=/root/.rsyncd.log \
--config=/root/.rsyncd.conf < /dev/null
# Get originating IP address
ip=`echo "$SSH_CLIENT"|cut -f1 -d' '`
# Ssh back and start the rsync over ssh tunnel
ssh -o 'StrictHostKeyChecking no' \
-i /root/.ssh/rsync_dsa \
[EMAIL PROTECTED] /usr/local/sbin/rsync2emma
df -h /mnt/huge/aria
aria-storage off
#----- END backup_from_aria -----
#----- BEGIN rsync2emma -----
#!/bin/bash
EXCLUDES=" \
--exclude lost+found/ \
--exclude .mozilla/ \
--exclude vmware/ \
"
FILESYSTEMS="/ /home /usr/local"
# Don't backup downloaded packages
apt-get -q clean
# Don't change atimes during backup
for i in $FILESYSTEMS; do
mount -o remount,noatime $i
done
export RSYNC_PASSWORD=NotREALLY
rsync -avx --numeric-ids \
--delete --delete-excluded \
$EXCLUDES $FILESYSTEMS \
--port 3141 \
[EMAIL PROTECTED]::aria/backup.0
# handle vmware separately
rsync -avx --numeric-ids \
--delete --delete-excluded \
--port 3141 \
/home/dbindner/vmware/ [EMAIL PROTECTED]::aria/vmware.0
unset RSYNC_PASSWORD
# Go back to changing atimes
for i in $FILESYSTEMS; do
mount -o remount,atime $i
done
#----- END rsync2emma -----
This isn't all of the details; I didn't go into how the loopback
is actually decrypted and mounted. But it is certainly the right
idea.
Don
--
Don Bindner <[EMAIL PROTECTED]>
-----------------------------------------------------------------
To get off this list, send email to [EMAIL PROTECTED]
with Subject: unsubscribe
-----------------------------------------------------------------
