Backups using Rsync and Bacula
Backups are essential for any office environment, both for disaster recovery and for incidental restore of files when they are inadvertently removed or corrupted. We will start by configuring a backup facility using rsync over Secure Shell. Later, we willl add Bacula so we can have a version-controlled point-in-time restore.
Requirements
These are the requirements for both the rsync and Bacula facilities.
We will host the backup server on one of the workstations, algernon.nerdhole.me.uk. Algernon has a 12TB hard disk specially purchased for this purpose, which we will add to a special volume group backupvg. The backupvg will hold both rsync directories and Bacula storage pools.
Rsync backups
Initially, we will use rsync to back up all file systems that need to be backed up, most notably the /local file systems of the main server. Later, we will add the more variable file systems to Bacula and reserve the rsync backups for files that we don't need version control for.
As a decision, we will not preserve the file and group ownership of files to be backed up, to avoid having to run the rsync on the backup server as root. When restoring/copying files from rsync, the user has to re-establish ownership.
Topology
The backup facility has the following components:
- Backup server - The machines that store all the backup data.
- Backup client - The machines that have data to back up to the backup server
- Rsync target - The directory that holds the files backed up from the client machines
- Source directories - The directories that need to be backed up using either rsync or Bacula
- Rsync user - A local functional user on the backup server that owns the rsync targets
We will be able to support multiple backup servers, so that every location can have its own backup server for performance reasons. A client can only be attached to one backup server.
Ansible roles for configuration
There will be two Ansible roles: one to install a machine as a backup server, and one to install a backup client. These roles will have the "action" parameter - install by default, remove, purge, and report.
- backupserver - Installs a machine as a backup server with both Bacula and Rsync.
- backupclient - Installs a machine as a backup client to a specific backup server.
Groups and users
We will creeate a special functional group and user for rsync, and that user is the only one who can access the rsync targets. These are the relevant groups:
| Group | GID | Comments |
|---|---|---|
| rsync | 10002 | Group owner of the rsync targets |
These are the relevant users:
| User | UID | Group | Extra groups | Gecos | Comments |
|---|---|---|---|---|---|
| rsync | 10002 | rsync | None | Rsync admin user | Can only write into /local/backup/rsync |
The rsync user has in its .ssh/authorized_keys file the public key of every backup client. This allows root@client to SSH into rsync@server without having to supply a password. If this is not secure enough, we can also create a separate user for each backup client. For now, we will use one rsync user for all clients.
To specify that the rsync user can only use rsync over SSH, we need to specify a command in the public key, like so:
command="/usr/local/bin/rrsync -wo /local/backup/rsync",restrict,from="hostname.example.com" ecdsa-sha2-nistp521 AAAAE...
This is explained in a ServerFault post. The rrsync command is a Perl script that is in /usr/share/doc/rsync/support/rrsync by default. We will copy that to /usr/local/bin/rrsync.
SELinux by default will not allow any users outside of /home to have an authorized_keys file, so we need to enable this by setting the correct
Rsync storage
The rsync targets are on a separate file system mounted on /local/backup/rsync, and are owned by the rsync user. Every backup client has its own directory /local/backups/rsync/fqdn.domain.com where it can store its backups. The parameters:
- Logical volume: rsynclv
- Volume group: backupvg - Special VG on large disk.
- Mount point: /local/backup/rsync/
- Size: 4TB, grow as needed
- Owner and group: rsync:rsync
- Permissions: 0750 - rwxr-x---. Writable only by rsync, readable for users in rsync group.
- Special options: noatime for performance reasons.
Command line utilities
We will create shell wrappers for the needed rsync commands, for ease of use.
nschool_rsync /directory1 /directory2 /directory3- Backs up the given directories to the machine's designated backup server using rsync.
nschool_rsync
Synopsis: nschool_rsync /directory...
When run as root, will silently sync the directories passed as parameters to the backup server. Will store the log files in /var/log/nschool_rsync.log. When run as normal user, will attempt to use sudo to become root, asking for a password when necessary and then back up the directories. Only absolute pathnames are allowed, and the backups will end up on the backup server under /local/backups/rsync/fqdn.domain.com.