-
Notifications
You must be signed in to change notification settings - Fork 2
/
keepconf-hands-on.txt
354 lines (223 loc) · 9.82 KB
/
keepconf-hands-on.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
----------------------
Keepconf
Hands On
----------------------
Ricardo F.
16/January/2021
1.- Abstract
2.- Ssh configuration, for any host to backup
3.- Ssh configuration, for backup storage host
4.- Keepconf configuration, for backup storage host
5.- Keepconf case, adding new host
6.- Keepconf case, removing old host
7.- Keepconf case, using two configuration files
================
| 1.- Abstract |
================
This document is a hands on guide for starting from scratch, covering the base
ssh and rsync configuration and various keepconf scenarios.
The following hosts are used for the examples:
backups.example.com - Backup storage
web1.example.com - Webserver
web2.example.com - Webserver
=========================-------------------------
| 2.- Ssh configuration | For any host to backup |
=========================-------------------------
+ Prerequisites:
- ssh server
- rsync > 3.0
- a user, for example "backman", for connect into.
+ "backman" a normal user:
backman@web1:~$ id backman
uid=1001(backman) gid=1001(backman) groups=1001(backman)
+ Generate the ssh key for the user "backman" without passphrase:
backman@web1:~$ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /home/backman/.ssh/id_rsa.
Your public key has been saved in /home/backman/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:EW/PLNgH/ZmD3PxOn84W8AxhpJkPJzyF5DVk+oQ2/ws backman@lnode3
The key's randomart image is:
+---[RSA 2048]----+
| . ..+B |
| oooXo. |
| . +#oo. |
| =.*@B o |
| S o B+% |
| o .* |
| E .+|
| o++|
| o=o|
+----[SHA256]-----+
+ Authorize the key for connect into it without password:
backman@web1:~$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
+ Ensure that ssh is running and rsync installed.
=========================--------------------------
| 3.- Ssh configuration | For backup storage host |
=========================--------------------------
Prerequisites:
- ssh client
- rsync > 3.0
- git > 1.7
- python 3
- keepconf, latest release.
- a user, in this case "root" will launch the backup.
+ Copy the private key from the user "backman" at "web1.example.com" into .ssh/ folder:
root@backups:~# cd .ssh/
root@backups:~/.ssh# scp [email protected]:/home/backman/.ssh/id_rsa id_rsa-backman
[email protected]'s password:
id_rsa 100% 668 0.7KB/s 00:00
root@backups:~/.ssh# chmod 700 id_rsa-backman
+ Configure ssh for connect to "web1" with the user "backman" and its key.
root@backups:~/.ssh# cat >> ~/.ssh/config << EOF
Host web1.example.com
IdentityFile /root/.ssh/id_rsa-backman
EOF
+ Test it!, don't continue until you can connect to "web1.example.com" with the
user "backman" without password:
(Only the first time you will need to ask "yes" to the question)
root@backups:~/.ssh# ssh [email protected]
The authenticity of host 'web1.example.com (192.168.1.5)' can't be established.
ECDSA key fingerprint is 97:59:3f:36:ae:0e:5e:67:5d:4c:cc:91:db:b9:76:c3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'web1.example.com,192.168.1.5' (ECDSA) to the list of known hosts.
backman@web1:~$
==============================--------------------------
| 4.- Keepconf configuration | For backup storage host |
==============================--------------------------
+ Install keepconf:
root@backups:~# bash <(curl -Ls https://raw.githubusercontent.com/rfmoz/keepconf/master/keepconf-install.sh)
+ Be sure that git is configured correctly with your name an email. Maybe you have already set them:
root@backups:~# git config user.email || git config --global user.email "[email protected]"
root@backups:~# git config user.name || git config --global user.name "Your Name"
+ Set the default backup user for keepconf, uncomment the rsync_user line and change the user to "backman":
root@backups:~# vi /etc/keepconf/keepconf.cfg
# Default global user for connect to other hosts
rsync_user = backman
+ Remove the example conf files, you won't need it:
root@backups:~# rm /etc/keepconf/hosts/*
+ Create a file called "/etc/keepconf/hosts/web-servers.lst" and add the following example lines:
web1.example.com
+ Create a file called "/etc/keepconf/files/web-files.lst" and add the following example lines:
/etc/passwd
/var/lib/dpkg/status
+ Set both files on the variables inside "/etc/keepconf/keepconf.cfg" and remove
'# Or / And sample .. list' content next to them too:
list_hosts = /etc/keepconf/hosts/web-servers.lst
list_files = /etc/keepconf/files/web-files.lst
+ Run it! (In this example, with "-s" for reduce output):
root@backups:~# keepconf -s
- - -
- -
- Processing: /etc/keepconf/keepconf.cfg
- Initialize local repository on: /var/keepconf/hosts/
Initialized empty Git repository in /var/keepconf/hosts/.git/
- -
- Fetching start
- Reading hosts list: /etc/keepconf/hosts/web-servers.lst
- Reading files list: /etc/keepconf/files/web-files.lst
- Finding exec files in: /etc/keepconf/pre-get.d/
- Fetching host: web1.example.com
- Finding exec files in: /etc/keepconf/post-get.d/
- Processing: /etc/keepconf/post-get.d/01-remove-binary
Script -> Removing binary files
- Fetching done
- -
- Committing start
- Finding files in /etc/keepconf/pre-commit.d/
- Processing: /etc/keepconf/pre-commit.d/01-add-git-ignore
Script -> Adding files to .gitignore
- Committing into local repository
[master (root-commit) f8cc8aa] Keepconf commit at 13:27:21 - Tuesday/August/2015 Hosts ok: [1] web1.example.com Hosts bad: [0]
Committer: root <[email protected]>
3 files changed, 8359 insertions(+)
create mode 100644 .gitignore
create mode 100644 web1.example.com/etc/passwd
create mode 100644 web1.example.com/var/lib/dpkg/status
- Finding files in /etc/keepconf/post-commit.d/
- Committing done
-
- Hosts rsync'ed: [1] web1.example.com
- Hosts not rsync'ed: [0]
- Fetched in: 0.44 seconds
- Committed in: 0.04 seconds
- Completed in: 0.48 seconds
- Monitor file: /var/tmp/keepconf/keepconf.csv
+ Now, the files from "web1.example.com" are yet inside "backups.example.com" located where
keepconf "d_dest" variable define, as you can see:
root@backups:~# cd /var/keepconf/hosts/web1.example.com/
root@backups:/var/keepconf/hosts/web1.example.com# tree
.
├── etc
│ └── passwd
└── var
└── lib
└── dpkg
└── status
4 directories, 2 files
+ And tracked into a git repository:
root@backups:/var/keepconf/hosts/web1.example.com# git log
commit f8cc8aa01cbe9d95b1ed0da8d7b8dcf465ab7d80
Author: root <[email protected]>
Date: Tue Aug 4 13:27:21 2015 +0200
Keepconf commit at 13:27:21 - Tuesday/August/2015
Hosts ok: [1] web1.example.com
Hosts bad: [0]
+ Finally, add a cron entry for automate the process:
root@backups:~# vi /etc/cron.d/keepconf
# /etc/cron.d/keepconf: crontab entrie for keepconf update
MAILTO=root
15 5 * * * root if [ -x /usr/bin/keepconf ]; then /usr/bin/keepconf > /dev/null; fi
=====================------------------
| 5.- Keepconf case | Adding new host |
=====================------------------
+ Configure "web2" as described in section "2.- Ssh configuration, For any host to backup."
+ Add the new host to the configuration file, in this case "web2" to "/etc/keepconf/hosts/web-servers.lst":
Previous state:
web1.example.com
Posterior state, option with full name:
web1.example.com
web2.example.com
Posterior state, option using wildcard:
web[1-2].example.com
+ Execute keepconf normally, and check that "web2" is fetched:
root@backups:~# keepconf
+ If all went ok, inside "d_dest" directory there are a new folder for the new server with their files:
root@backups:~# cd /var/keepconf/hosts/
root@backups:/var/keepconf/hosts/# ls
web1.example.com web2.example.com
+ And the corresponding commit with the new host:
root@backups:/var/keepconf/hosts/# git log
commit dff0b7add12856bcfa8ae00d0bc573a841235f37
Author: root <[email protected]>
Date: Tue Aug 5 12:22:01 2015 +0200
Keepconf commit at 12:22:01 - Thursday/August/2015
Hosts ok: [2] web1.example.com, web2.example.com
Hosts bad: [0]
=====================--------------------
| 6.- Keepconf case | Removing old host |
=====================--------------------
+ Remove the host from the configuration file, in this case "web2" from "/etc/keepconf/hosts/web-servers.lst":
Previous state:
web1.example.com
web2.example.com
Posterior state:
web1.example.com
+ Remove the fetched files from the repo directory "/var/keepconf/hosts/":
root@backups:/var/keepconf/hosts/# git rm -r web2.example.com
+ Execute keepconf with commit only and an informative message:
root@backups:/var/keepconf/hosts/# keepconf -c -m "Deleting old host"'
+ Wich produce the following commit:
root@backups:/var/keepconf/hosts/# git log
commit df0ce9a83f3d7e509dfcaae3895318ff7db61b41
Author: root <[email protected]>
Date: Thu Aug 6 10:19:50 2015 +0200
Keepconf: Deleting old host
=====================--------------------------------
| 7.- Keepconf case | Using two configuration files |
=====================--------------------------------
Is it possible to have more than one configuration file, for example, each one for one enviroment.
+ Copy default configuration file to the same folder with an other name:
root@backups:~# cp /etc/keepconf/keepconf.cfg /etc/keepconf/keepconf-dev.cfg
+ Change whatever you consider for the new enviroment. Avoid mix folders and repositories.
+ Run "keepconf", both files will be parsed and process using their configured values.