Rsnapshot is a simple and powerful backup tool used for local or remote file and directory synchronization over rsync with differential backup support. Why not just use rsync? With rsync you would have to write your own scripts, usually using with complex logic to handle file rotation, errors, resource consumption etc, while rsnapshot has already been written for you- it`s a well-known, stable, easy-maintenance utility that's already included in many Linux distributions by default.
In this article, I`ll show you how to make a remote backup of your files with rsnapshot and a remote sudo user. In the examples below my computer will have a full name "webserver.domain.com" and the backup will be stored on the remote machine "backupserver.domain.com". Both of them have CentOs 6 running, with SSH setup on non-standard port 30656. There is a special user "snapshot" created only for backup purposes, with write permission on the backup folder of backupserver.domain.com.
We have several sites hosted on webserver.domain.com, so we need to backup the folders located under /var/www/home with some user files, and /etc folder with system configuration files. Altogether, they are using approximately 20 Gb of disk space, and I`d like to creat a backup copy every 2 months, 4 weeks, 7 days, and 12 hours. In usual cases of full-size file backups, we would need to allocate 20*25=500 Gb. However with the differential backup, I would only need 40 Gb of free disk space on the remote server for files that don't need to be modified, or 60 - 80 Gb for more dynamic and frequently modified content.
First, we need to authorize our backup server on the web server with ssh keys. On both server shells, I`ll run a command to create the backup user:
adduser snapshot
Enable "sudo" for snapshot:
nano /etc/sudoers
Add this line:
snapshot ALL=(ALL) NOPASSWD:/usr/bin/rsync
Now, log in to backup.domain.com with a root or sudoer account, and change the user:
su snapshot
Then, still on backup.domain.com, create the keys for the user (leave the passphrase empty):
ssh-keygen -t rsa
Send a copy of the public key from the backup to the web server:
ssh-copy-id '-p 30656 snapshot@webserver.domain.com'
In the commands above you must replace "snapshot" with your backup user name, and the webserver.domain.com with fqdn or IP-address of your server. If you have a SSH daemon running on the standard port, just remove single-quotes, and the "-p 30656" option.
Check the connection:
ssh -p 30656 snapshot@webserver.domain.com
If you successfully login without a password, run
uname --nodename
webserver.domain.com
That`s it! We can now install and setup rsnapshot, let`s go back to the local shell:
exit
On backupserver.domain.com shell, run:
yum install rsnapshot
Create a backup storage directory:
mkdir /var/rsnapshot
chown snapshot:snapshot /var/rsnapshot
Now, edit your rsnapshot config file. In this file, you must use tabs to separate the options, and use regular spaces between the option and its value. For example, in "ssh_args -p 30656", use tab before the "-p" and space after "-p".
nano /etc/rsnapshot.conf
Move the pid file to a directory writable by our user (or you can change permissions on /var/run for the rsnapshot user):
lockfile /home/snapshot/rsnapshot.pid
Change a path to the backup folder, with the necessary slash at the end of a path:
snapshot_root /var/rsnapshot/
Uncomment the paths to system utilities (usually it`s already done by system maintainers):
cmd_rm /bin/rm
cmd_rsync /usr/bin/rsync
cmd_ssh /usr/bin/ssh
If you're not sure, you can check the paths with the "whereis" command.
Define the numbers of backup snapshots:
retain hourly 12
retain daily 7
retain weekly 4
retain monthly 2
Uncomment and edit the next line to define the non-standard SSH port and identity file:
ssh_args -p 30656 -i /home/snapshot/.ssh/id_rsa
Define the main feature to use sudo:
rsync_short_args -a
rsync_long_args --delete --numeric-ids --relative
--delete-excluded --rsync-"sudo rsync"
Under the BACKUP POINTS / SCRIPTS section add the lines of our webserver backups (remember to use tabs, not spaces):
backup snapshot@192.168.10.5:/var/www/ webserver.domain.com
backup snapshot@192.168.10.5:/home/ webserver.domain.com
backup snapshot@192.168.10.5:/etc/ webserver.domain.com
Check out our configuration:
rsnapshot configtest
Syntax OK
Now let`s run the first backup:
rsnapshot hourly
Check for content and size in the backup folder /var/rsnapshot:
du -hc /var/rsnapshot
The files should be in place and it`s almost ready. Every "snapshot" is just a folder, so you can restore files by copying them with scp.
The last step is to add a crontabs for rsnapshot:
crontab -e
@hourly root /usr/bin/rsnapshot hourly
@daily root /usr/bin/rsnapshot daily
@weekly root /usr/bin/rsnapshot weekly
@monthly root /usr/bin/rsnapshot monthly
Should be everything! Now you know how to set up a secure, convenient, and lightweight backup system.
Rsnapshot also has advanced options and settings, like bandwidth-limit, lvm-snapshot usage, and many othersthat you can find within the configuration file comments. Be sure to check those out! Thanks for reading. Follow @serversuit and like us to stay updates with more articles.