Incremental backups with duplicity, plus Nagios monitoring

by

The idea is to setup daily encrypted incremental backups.

This scheme involves 3 machines: the main server to be backed up (www.test.com), the backup server (backup.test.com) and a nagios server (nagios.test.com) for monitoring the backups. There can be as many servers and folders to be backed of as needed of course.

All the following was done on Linux Ubuntu machines. There’s not much details, use at your own risk.

 

Initial setup

On Your system administrator machine

  1. Prepare the GPG key to be used (adapt as needed)
    $ gpg --gen-key
    $ gpg --export D68E26B0 > sysadmin.public.gpg.asc
    
  2. Keep the private key safe, you’ll need it to restore backups.

 

On servers to be backed up

  1. Install/Upgrade duplicity
    $ sudo add-apt-repository ppa:duplicity-team/ppa
    $ sudo apt-get update
    $ apt-get install duplicity
    
  2. Copy the public gpg key, import it as root, and trust it (ultimate):
    # gpg --import sysadmin.public.gpg.asc
    # gpg --edit-key D68E26B0
    gpg> trust
    
  3. Test backup
    # LANG=en_US.UTF-8 duplicity --encrypt-key D68E26B0 /etc sftp://user@backup.test.com/duplicity/www.test.com/etc
    # LANG=en_US.UTF-8 duplicity collection-status sftp://user@backup.test.com/duplicity/test/etc
    
  4. Setup backup cron
    @daily LANG=en_US duplicity --encrypt-key D68E26B0 /etc sftp://user@backup.test.com/duplicity/www.test.com/etc
    

 

Nagios monitoring

The idea is to setup a probe using the duplicity’s collection-status command to test the backup freshness.

  1. Create a SSH key for nagios user (ssh-keygen). Since nagios user has no shell associated it must be created for another user and then copied to nagios’ home .ssh/ The .ssh/known_hosts file must also be setup to contain the backup machine key certificate.
  2. Setup Nagios on nagios.test.com to monitor your main server using the simple script below. This implies you are doing a daily backup, adapt as needed.
    • /usr/local/nagios/libexec/check_duplicity_backup
      #!/bin/bash                                                                                                                                                                      
      #Verifying if the backup plan is working or not                                                                                                                                  
      export LANG=en_US
      BACKUP_BASE_DIR=sftp://user@backup.test.com/duplicity/
      Host=$1
      Folder=$2
      TMP=$(mktemp)
      
      duplicity collection-status $BACKUP_BASE_DIR$Host/$Folder > $TMP 2> /dev/null
      exitcode=$?
      
      TODAY=$(LANG=en_US date +"%a %b %d")
      YESTERDAY=$(LANG=en_US date +"%a %b %d" -d yesterday)
      Latest=$(egrep "^Chain end time:" $TMP)
      
      rm -f $TMP
      if [[ $1 == "" ]]; then echo "Critical - Configuration Broken"; exit 2; fi
      if [[ $exitcode != 0 ]]; then echo "Critical - Check command failed"; exit 2; fi
      if [[ $Latest == "" ]]; then echo "Critical - No backup found at $BACKUP_BASE_DIR$Host/$Folder"; exit 2; fi
      if [[ $Latest == *$TODAY* ]]
      then
          echo "OK - $Latest" 
          exit 0
      elif [[ $Latest == *$YESTERDAY* ]]
      then
          echo "Warning - $Latest" 
          exit 1
      else
          echo "Critical - $Latest" 
          exit 2
      fi
      
    • commands.cfg
      define command{
              command_name    check_duplicity_backup
              command_line    $USER1$/check_duplicity_backup $ARG1$ $ARG2$ 
              }
      
    • http://www.test.com.cfg
      define service{
              use                             generic-service         ; Name of service template to use
              host_name                       www.test.com
              service_description             Backup /etc/
              check_command                   check_duplicity_backup!www.test.com!etc
              first_notification_delay 0
              }
      

 

Publicités

Une Réponse to “Incremental backups with duplicity, plus Nagios monitoring”

  1. Damien Says:

    Hi,

    I’d like to publish a script inspired by yours. What is the copyright here ? Is it inspired by another script ?

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion /  Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion /  Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion /  Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion /  Changer )

Connexion à %s


%d blogueurs aiment cette page :