rsnapshot-backup-host
Description
Make incremental backups securely using rsnapshot.
Why should backups always be pulled instead of being pushed?
Because pushing backups is highly insecure.
Requirements
Yannik/rsnapshot-remote-host
must be installed on the hosts that should be backed up.
Role Variables
rsnapshot_enable_cron
: whether to run backups automatically- Default:
true
- Default:
rsnapshot_mailto
: where email reports should go torsnapshot_custom_options
: set customrsnapshot.conf
options (list of dicts as some options can be used multiple times)rsnapshot_backups
: List of backup setsname
: unique lowercase alphanumeric name (required)enabled
: yes/nointerval
: how often should the data be synced (required)- options:
every30min, every1h, every3h, every6h, every12h, every24h
- options:
snapshot_root
: unique path where the backups will be saved (required)backup_host
: backupro@host from where the backups should be pulled fromretain_settings
: list of backups that should be kept (required)maxdowntime
: maximum time a host is allowed to be down (format: 6h, 12d)custom_options
: custom options (list of dicts as some options can be used multiple times)backup_directives
: the actual list of directories that should be backed up (required)src
: Source directory (required)dest
: destination directory, by default the src path appended tosnapshot_root/
(optional)args
: optional arguments- Example:
exclude=logs,exclude=vendor,+rsync_long_args=--bwlimit=625
- Example:
Example Playbook
- hosts: all
roles:
- role: yannik.rsnapshot-backup-host
rsnapshot_enable_cron: True
rsnapshot_mailto: [email protected]
rsnapshot_custom_directives:
- rsync_long_args: --delete --numeric-ids --relative --delete-excluded --bwlimit=625
rsnapshot_backups:
- name: backups1
interval: every30min
snapshot_root: /var/rsnapshot-backups/backups1
backup_host: [email protected]
retain_settings:
- { name: every1h, keep: 12 }
- { name: every1d, keep: 3 }
- { name: every1w, keep: 4 }
backup_directives:
- src: /etc
- src: /var/www
args: exclude=logs,exclude=vendor,+rsync_long_args=--bwlimit=625
- src: "sudo /etc/rsnapshot/backup-scripts/backup-mysql.sh"
type: ssh
- src: /var/rsnapshot-backup/mysqldump.sql.gz
- name: backups2
interval: every6h
snapshot_root: /var/rsnapshot-backups/backups2
backup_host: [email protected]
retain_settings:
- { name: every1d, keep: 3 }
- { name: every1w, keep: 4 }
backup_directives:
- src: /etc
dest: myetc
Debugging
ssh -F /home/backuppuller/.ssh/config backupro@host test
rsync -a --rsh="/usr/bin/ssh -F /home/backuppuller/.ssh/config" backupro@host:/path-to-dir .
Inspired by
- Backup remote Linux hosts without root access, using rsnapshot
- Restricting SSH Access to rsync
- rsync as root with rrsync and sudo
- Root, Sudo, and Rsnapshot
- OpenSSH: Going flexible with forced commands
- Ausführbare SSH-Kommandos per authorized keys einschränken
- Securing Rsync as Root
- Security of only allowing a few vetted commands using $SSH_ORIGINAL_COMMAND
License
GPLv2
Author Information
Yannik Sembritzki
Install
ansible-galaxy install Yannik/ansible-role-rsnapshot-backup-host
License
Unknown
Downloads
57
Owner