Server
Install Dirvish, rsync and ssh on the backup server:
apt-get install dirvish ssh
/etc/dirvish/master.conf should look something like this:
bank: /data/backup Runall: expire-default: +15 days expire-rule: #MIN HR DOM MON DOW STRFTIME_FMT * * * * 1 +3 months * * 1-7 * 1 +1 year * * 1-7 1,4,7,10 1 * 10-20 * * * +4 days
Create a dirctory where all backup’s will be stored:
mkdir -p /home/backup chmod 700 /home/backup
Create the directory where the backup’s will be stored:
mkdir -p /data/backup/client-root/dirvish
/data/backup/client-root/dirvish/default.conf should look something like this (to backup the root partition on the client):
Now create a temporary ssh script to found out the correct rsync commando to be run on the client.
echo -e '#!/bin/sh\necho $@ > /tmp/rsync' > /tmp/ssh chmod +x /tmp/ssh
Run Dirvish so we find the command:
dirvish --vault client-root --init cat /tmp/rsync client rsync --server --sender -vlHogDtprx --numeric-ids . /
Over on the client we need to use the content of /tmp/rsync (except the first word – the name of the client):
rsync --server --sender -vlHogDtprx --numeric-ids . /
In /data/backup/client-root/dirvish/default.conf your should change the rsh: part to something like this:
rsh: ssh -i /root/.ssh/id_rsa_dirvish_client-root client
And delete the failde backup (to found out the exact rsync command we made a backup, but it failed because the ssh script was used):
rm -rf /data/backup/client-root/2005-03-25
Remember to change the date to the current date.
This section is done on the server.
Create a SSH key that will be used to connect to the client (don’t write any password, just press enter) and copy the public part to your client:
ssh-keygen -t rsa -f /root/.ssh/id_rsa_dirvish_client-root scp /root/.ssh/id_rsa_dirvish_client-root.pub user@client:/tmp
Client Machine/Server
This section is done on the server that is being backed up.
Install rsync and ssh:
apt-get install rsync ssh
Copy the key we made on the server into authorized keys:
cat /tmp/id_rsa_dirvish_client-root.pub >> /root/.ssh/authorized_keys2
In the bottom of /root/.ssh/authorized_keys2 there should be af new line starting with ssh-rsa. Add the following the the beginning of that line:
command="rsync --server --sender -vlHogDtprx --numeric-ids . /",from="192.168.1.25",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
- Replace the rsync-command with the command we found in /tmp/rsync
- Replace the IP-address with the IP-address of the backup server. This is the IP-address the client sees the server with, so if the server is behind NAT and the client is somewhere on the internet, it’s the external address.
The line should now look something like this (everyting should be on one line):
command="rsync --server --sender -vlHogDtprx --numeric-ids . /",from="192.168.1.25" ,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa AAAAB3NzaC1yc 2EAAAABIwAAAIEAxH1KNHrOFn1XOZzYRaCaZRqtFfwjzGYPjE5FMhF4voEetoSojXMTIyUU6EI81S+6 Z9XWPFuEZDN0x2xZzjJlcR0ur1zZ5O0ipfNE7f7hqBusH1NQfE5VmH3R+ehQ61FBztvaGuGtl0DjehX WUFrMT7INjJu2whz9+3Vtn4Vxp4U= root@server
Now you should problaly have your ssh server set to not accept root logins. Change it so you can log in as root only with a ssh key and a predefined command.
In /etc/ssh/sshd_config set PermitRootLogin to this:
PermitRootLogin forced-commands-only
And reload the ssh server:
/etc/init.d/ssh reload
Server
The initial backup can now be startet on the server with this command:
dirvish --vault client-root --init
This takes som time as all the data is transfered from the client to the server.
If all goes well, you now have af full backup up of the client.
Now set up Dirvish to automatic make a backup every night. In /etc/dirvish/master.conf under Runall: insert a line, so the file looks something like this:
Runall: client-root 22:00
Note that dirvish supports –dry-run, and it logs the command line it runs, so you don’t need to do a dummy backup with the /tmp/ssh script first.