Hetzner - DokuWiki

Tartarus Backup-Konfiguration/en

Inhaltsverzeichnis

Tartarus Backup

Tartarus is a backup system based on classic and widespread Unix Tools which is specifically geared to dedicated server requirements.

Installation

Debian users can easily install the program via the package system and keep it up to date by adding the following line to the APT configuration (e.g.in /etc/apt/sources.list.d/tartarus.list):

deb http://wertarbyte.de/apt/ ./

After an "apt-get update", the script can easily be installed using "apt-get install tartarus".

The following commands are sufficient for importing the GnuPG key, which signs the repository, and installing the program:

wget -O /etc/apt/sources.list.d/wertarbyte.list http://wertarbyte.de/apt/wertarbyte-apt.list
wget -O - http://wertarbyte.de/apt/software-key.gpg | apt-key add -
apt-get update
apt-get install tartarus

The script uses a wide range of classic Unix tools which are installed - if this has not taken place automatically - via the package management:

apt-get install tar bzip2 lvm2 gnupg curl

If you do not have Debian (or Ubuntu, for example) the program can be installed manually by simply downloading it from the website and after unzipping the files placing it in /usr/local/. After installing it, you can simply run the tartarus command like you would run it on Debian.

On the other hand, installation via the package system is recommended as new versions can be installed automatically.

If a current Ubuntu distribution is being used (from 10), errors occur with curl and sftp, so curl needs to be compiled separately. Instructions on this can be found here: Curl with sftp

Backup Configuration

Tartarus reads its configuration profile files that are stored in the /etc/tartarus/. These are shell scripts that are processed by the backup process, so it is also possible to include on the command "source" other configuration files in a profile. This can be exploited to store generic settings for all backup profiles centrally:

General Configuration

# /etc/tartarus/generic.inc
# Generic settings for the backup
# on the Hetzner FTP Server
STORAGE_FTP_SSL_INSECURE="yes"
STORAGE_METHOD="FTP"
# Address of the FTP Server
STORAGE_FTP_SERVER="1.2.3.4"
# FTP access
STORAGE_FTP_USER="12345"
STORAGE_FTP_PASSWORD="SecretPassword"
# Encrypt transfer and use SFTP
STORAGE_FTP_USE_SFTP="yes"
# Compression method
COMPRESSION_METHOD="bzip2"
# Size of LVM snapshot
LVM_SNAPSHOT_SIZE="1000M"
# Backup data encrypt symmetrically
ENCRYPT_SYMMETRICALLY="yes"
# Password from /etc/tartarus/backup.sec read
ENCRYPT_PASSPHRASE_FILE="/etc/tartarus/backup.sec"
# During backup setup
# do not go beyond file system limits
STAY_IN_FILESYSTEM="yes"

These settings encrypt backups with a password read from /etc/tartarus/backup.sec. The file contents are needed for unpacking the archive again later; and should, therefore, be kept safely (possibly also in printed format).

Simple Backup

A simple profile for the safety of the root file system could look like this:

# /etc/tartarus/root.conf
#
# Read main config
source /etc/tartarus/generic.inc
# Profile name
NAME="root"
# Directory / Backup
DIRECTORY="/"
# Backup no temporary files
# separate several folders with a space
EXCLUDE="/tmp/"
# No LVM snapshot
CREATE_LVM_SNAPSHOT="no"

Simply start backup with the following:

/usr/sbin/tartarus /etc/tartarus/root.conf

Backup with LVM Snapshot

LVM snapshots enable a file system to be frozen in time during operation. The LVM system creates a virtual block device and stores obvious changes in a separate logical volume.

# /etc/tartarus/home.conf
source /etc/tartarus/generic.inc
NAME="home"
DIRECTORY="/home"
# Create LVM Snapshot
CREATE_LVM_SNAPSHOT="yes"
# LVM volume which stores the file system
LVM_VOLUME_NAME="/dev/volumegroup/home"
# Mountpoint, which hooks the file system
LVM_MOUNT_DIR="/home"

To integrate the snapshot file systems, Tartarus uses /snap: The frozen file systems are latched on to the corresponding subdirectories.

Incremental Backups

Incremental backups only save the changes since the last full backup and do not archive the whole file system. Tartarus creates marker files to determine the exact date of the last backup. To perform incremental backups, you first need to create a directory that contains these files:

mkdir -p /var/spool/tartarus/timestamps/

The configuration profiles now have the following line (with corresponding file name):

INCREMENTAL_TIMESTAMP_FILE="/var/spool/tartarus/timestamps/home"

After each successful backup, the script updates the file. To perform an incremental backup, start Tartarus with the additional parameter "-i":

/usr/sbin/tartarus -i /etc/tartarus/home.conf

Automatic Backup

A typical system has several backup files in the directory in /etc/tartarus/; to call them up automatically use the following script:

#!/bin/sh
# /usr/local/sbin/backup.sh
# Run all backup profile found in /etc/tartarus/ and pass
# command line arguments on to tartarus (e.g. -i)
for profile in /etc/tartarus/*.conf; do
 /usr/sbin/tartarus $* "$profile"
done

Now it can be exceuted with or without parameter, to run all profiles on full or incremental backup:

/usr/local/sbin/backup.sh # full backup
/usr/local/sbin/backup.sh -i # incremental backup

The command "crontab -e" edits the crontab for the root user:

PATH=/bin/:/sbin/:/usr/bin/:/usr/sbin/:/usr/local/sbin/:/usr/local/bin
# m    h       dom     mon     dow     command
0      1       *       *       mon-sat /usr/local/sbin/backup.sh -i
0      1       *       *       sun     /usr/local/sbin/backup.sh

This is an example on full backup every Sunday at approx 1 am and the other days incremental backups.

Recovery

Since Tartarus is based on simple Unix utilities, a backup is easy to restore from the rescue system. To show the files in backup, use the following command line:

curl [[Ftp: |
gpg --decrypt | tar tpvj

To unpack the archive in the directory /mnt/restore modify the line as follows:

curl [[Ftp: |
gpg --decrypt | tar xpvj -C /mnt/restore

Delete Old Backups

If backups are created on a regular basis, the FTP server quota soon reaches its limits - old backups should therefore be removed regularly. This is automatically done with "charon.ftp": The following command checks all backups designated "home" on the FTP server for their "best-before date". The parameter "--dry-run" does not really remove the files.

/usr/sbin/charon.ftp --host 1.2.3.4 \
--user USERNAME \
--password PASSWORD \
--profile home \
--maxage 7 \
--dry-run

Charon removes all files created more than 7 days ago. This only happens however if there are no other incremental backups based on them.

To automatically clean up the FTP server after a successful backup, use the Tartarus hook. The following entry in the Tartarus settings (e.g. generic.inc) checks for out-of-date archives after each backup run on the server:

# Clean up FTP server after backup
TARTARUS_POST_PROCESS_HOOK() {
   echo -n "$STORAGE_FTP_PASSWORD" | /usr/sbin/charon.ftp \
   --host "$STORAGE_FTP_SERVER" \
   --user "$STORAGE_FTP_USER" --readpassword \
   --maxage 7 \
   --dir "$STORAGE_FTP_DIR" --profile "$NAME"
}

In this way, the script takes over the settings directly from the Tartarus configuration. To ensure that the password is not shown in the processing list, it is read from the standard input.

Documentation and Contact

Further information on Tartarus can be found in the project page, the program documentation and the mailing list.

To report errors in the script, keep informed of further developments or to participate, log on there.



© 2019. Hetzner Online GmbH. Alle Rechte vorbehalten.