Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!

Install and Configure Tartarus for Backups

profile picture
Author
Hetzner Online
Published
2019-03-08
Time to read
5 minutes reading time

Introduction

Tartarus is a backup system based on classic and widespread Unix Tools which is specifically geared to dedicated server requirements.

Further information on Tartarus can be found on the project page, the program documentation and the mailing list.

Step 1 - Installation

Tartarus can be installed manually by downloading it from the website and after unzipping the files placing it in /usr/local/. After installing it, you can simply run the tartarus command.

The script uses a wide range of classic Unix tools which are installed via the package management:

apt-get install tar bzip2 lvm2 gnupg curl

Note: if a current Ubuntu distribution is being used, errors occur with curl and sftp, so curl needs to be compiled separately.

Step 2 - Backup Configuration

Tartarus reads its configuration profile files that are stored in /etc/tartarus/. These are shell scripts that are processed by the backup process, so it is also possible to include on the command "source" other configuration files in a profile. This can be exploited to store generic settings for all backup profiles centrally:

Step 2.1 - General Configuration

# /etc/tartarus/generic.inc
# Generic settings for the backup
# on the Hetzner FTP Server
STORAGE_FTP_SSL_INSECURE="yes"
STORAGE_METHOD="FTP"
# Address of the FTP Server
STORAGE_FTP_SERVER="1.2.3.4"
# FTP access
STORAGE_FTP_USER="12345"
STORAGE_FTP_PASSWORD="SecretPassword"
# Encrypt transfer and use SFTP
STORAGE_FTP_USE_SFTP="yes"

# Compression method
COMPRESSION_METHOD="bzip2"
# Size of LVM snapshot
LVM_SNAPSHOT_SIZE="1000M"

# Backup data encrypt symmetrically
ENCRYPT_SYMMETRICALLY="yes"
# Password from /etc/tartarus/backup.sec read
ENCRYPT_PASSPHRASE_FILE="/etc/tartarus/backup.sec"

# During backup setup
# do not go beyond file system limits
STAY_IN_FILESYSTEM="yes"

These settings encrypt backups with a password read from /etc/tartarus/backup.sec. The file contents are needed for unpacking the archive again later; and should, therefore, be kept safely (possibly also in printed format).

Step 2.2 - Simple Backup

A simple profile for the safety of the root file system could look like this:

# /etc/tartarus/root.conf
#
# Read main config
source /etc/tartarus/generic.inc
# Profile name
NAME="root"
# Directory / Backup
DIRECTORY="/"
# Backup no temporary files
# separate several folders with a space
EXCLUDE="/tmp/"
# No LVM snapshot
CREATE_LVM_SNAPSHOT="no"

Simply start the backup with the following:

/usr/sbin/tartarus /etc/tartarus/root.conf

Step 2.3 - Backup with LVM Snapshot

LVM snapshots enable a file system to be frozen in time during operation. The LVM system creates a virtual block device and stores obvious changes in a separate logical volume.

# /etc/tartarus/home.conf
source /etc/tartarus/generic.inc

NAME="home"
DIRECTORY="/home"
# Create LVM Snapshot
CREATE_LVM_SNAPSHOT="yes"
# LVM volume which stores the file system
LVM_VOLUME_NAME="/dev/volumegroup/home"
# Mountpoint, which hooks the file system
LVM_MOUNT_DIR="/home"

To integrate the snapshot file systems, Tartarus uses the folder "/snap": The frozen file systems are latched on to the corresponding subdirectories.

Step 2.4 - Incremental Backups

Incremental backups only save the changes since the last full backup and do not archive the whole file system. Tartarus creates marker files to determine the exact date of the last backup. To perform incremental backups, you first need to create a directory that contains these files:

mkdir -p /var/spool/tartarus/timestamps/

The configuration profiles now have the following line (with corresponding file name):

INCREMENTAL_TIMESTAMP_FILE="/var/spool/tartarus/timestamps/home"

After each successful backup, the script updates the file. To perform an incremental backup, start Tartarus with the additional parameter -i:

/usr/sbin/tartarus -i /etc/tartarus/home.conf

Step 2.5 - Automatic Backup

A typical system has several backup files in the directory in /etc/tartarus/; to call them up automatically use the following script:

#!/bin/sh
# /usr/local/sbin/backup.sh
# Run all backup profile found in /etc/tartarus/ and pass
# command line arguments on to tartarus (e.g. -i)
for profile in /etc/tartarus/*.conf; do
 /usr/sbin/tartarus $* "$profile"
done

Now it can be executed with or without parameters, to run all profiles on full or incremental backup:

/usr/local/sbin/backup.sh # full backup

/usr/local/sbin/backup.sh -i # incremental backup

The command crontab -e edits the crontab for the root user:

PATH=/bin/:/sbin/:/usr/bin/:/usr/sbin/:/usr/local/sbin/:/usr/local/bin
# m    h       dom     mon     dow     command
0      1       *       *       mon-sat /usr/local/sbin/backup.sh -i
0      1       *       *       sun     /usr/local/sbin/backup.sh

This is an example of a full backup every Sunday at approx 1 am and the other days incremental backups.

Step 3 - Recovery

Since Tartarus is based on simple Unix utilities, a backup is easy to restore from the rescue system. To show the files in backup, use the following command line:

curl ftp://USER:PASS@YOURSERVER/home-20080411-1349.tar.bz2.gpg |
gpg --decrypt | tar tpvj

To unpack the archive in the directory /mnt/restore modify the line as follows:

curl ftp://USER:PASS@YOURSERVER/home-20080411-1349.tar.bz2.gpg |
gpg --decrypt | tar xpvj -C /mnt/restore

Step 4 - Delete Old Backups

If backups are created on a regular basis, the FTP server quota soon reaches its limits - old backups should therefore be removed regularly. This is automatically done with "charon.ftp": The following command checks all backups designated "home" on the FTP server for their "best-before date". The parameter --dry-run does not really remove the files.

/usr/sbin/charon.ftp --host 1.2.3.4 \
--user USERNAME \
--password PASSWORD \
--profile home \
--maxage 7 \
--dry-run

Charon removes all files created more than 7 days ago. This only happens however if there are no other incremental backups based on them.

To automatically clean up the FTP server after a successful backup, use the Tartarus hook. The following entry in the Tartarus settings (e.g. generic.inc) checks for out-of-date archives after each backup run on the server:

# Clean up FTP server after backup
TARTARUS_POST_PROCESS_HOOK() {
   echo -n "$STORAGE_FTP_PASSWORD" | /usr/sbin/charon.ftp \
   --host "$STORAGE_FTP_SERVER" \
   --user "$STORAGE_FTP_USER" --readpassword \
   --maxage 7 \
   --dir "$STORAGE_FTP_DIR" --profile "$NAME"
}

In this way, the script takes over the settings directly from the Tartarus configuration. To ensure that the password is not shown in the processing list, it is read from the standard input.

Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Report Issue
Try Hetzner Cloud

Get 20€ free credit!

Valid until: 31 December 2024 Valid for: 3 months and only for new customers
Get started
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more