SSH Backup
This script creates remote backups. It let's remote machines stream it's data to your machine using the SSH connection.
There are plugins available that provide functionality.
Python 3 required.
Tested with Debian 8/9, MacOS 10 & Centos 7.6.
Features and Plugins
- User files backup (provided by
FileBackup
plugin); - MySQL database backup (provided by
MySQLBackup
plugin). - PostgreSQL database backup (provided by
PostgreSQLBackup
plugin).
The script comes with backup rotating feature.
Installation
Server Setup
-
Clone a project repo.
-
Generate SSH keys for clients:
$ ssh-keygen ~/.ssh/server_backup
-
Add host key to
~/.ssh/known_hosts
, for example:$ ssh-keyscan example.com >> ~/.ssh/known_hosts
-
Create
settings_local.py
file and override settings fromsettings.py
(seesettings_example.py
). -
Configure cron task like this:
20 22 * * 1,2,3,4,5 python3 /opt/debian-ssh-backup/backup.py
This equals business day backups. If you need to change this, make sure the
MAX_BACKUP_COUNT
variable fromsettings_local
is set correctly.
Client Setup
-
Create system user for the script:
# useradd server_backup -m
-
Create SSH config directory:
# su server_backup $ cd /home/server_backup && mkdir .ssh && chmod 700 .ssh && cd .ssh
-
Add
server_backup.pub
key to the authorized_keys file. -
Allow to run archive command as root without password. Please run:
# visudo
and add this line:
server_backup ALL = (root) NOPASSWD: /bin/tar
-
Configure MySQL or PostgreSQL backup.
Configure MySQL Backup
- Create MySQL user and grant permissions for backup, for example:
CREATE USER 'server_backup' IDENTIFIED BY '<your password here>'; GRANT SELECT, FILE, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, SHOW VIEW, EVENT ON \*.\* TO 'server_backup'@'localhost'; FLUSH PRIVILEGES;
- Create file
/home/server_backup/.my.cnf
with content like this:[mysqldump] user=server_backup password=<your password here>
Configure PostgreSQL Backup
- Login
psql
aspostgres
or other superuser. - Create the new superuser role and set it to read only:
CREATE USER server_backup SUPERUSER password '<PASS>'; ALTER USER server_backup set default_transaction_read_only = on;
Do not forgot the single quotes for the password. You can now use this role to backup.
Usage
python3 backup.py
Author
Eugene Zyatev (eu@zyatev.ru)