Skip to content
GitLab

Container Backups with Restic · Changes

Page history
Bash script and resources authored by Mara Karagianni's avatar Mara Karagianni
Hide whitespace changes
Inline Side-by-side
Container-Backups-with-Restic.md
View page @ ed7f7541
......@@ -6,9 +6,7 @@
A simple tool for backups is [rsync](https://rsync.samba.org/) that copies files from a host to another, and which files can be archived or not, and checks if a file has been modified, or is removed or created, and updates the backup target repository accordingly. But it doesn't create snapshots and thus we cannot access the state of a system's files of a specific date in the past. Dedicated backup tools create snapshots and retain a history of the changes, so we can choose what version to restore. However we need to keep track of the backup's disk storage and remove older snapshots on a regular basis.
Steps we follow to backup LXC containers:
Note: all system paths and parameters in this HOWTO are fictional.
**Steps we follow to backup LXC containers:**
### Process
- stop the containers (*if containers were created by root user, we need root privilege to stop them. We solve this by allowing the specific lxc stop/start commands for the backup user via the *sudoes.d* configuration.*)
- backup the containers
......@@ -69,7 +67,7 @@ Add these commands in a new file under /etc/sudoers.d/
https://www.cyberciti.biz/faq/linux-unix-running-sudo-command-without-a-password/
###Command to run backups from terminal
### Command to run backups from terminal
Needs the following parameters:
- path to password file:
......@@ -78,16 +76,71 @@ PASSWORD="~backupuser/pass"
remote-repo ="/var/backups"
- abosulte path to the directory we want to backup:
local-repo="/var/foo"
- remote host:
$host="backups.org"
$user="backuphost"
- remote host: $host="backups.org", $user="backuphost"
So the command becomes:
`& restic -p ~/backup/pass -r sftp:backuphost@backups.org:/var/backups --verbose backup /var/foo `
OR:
`# restic -p $PASSWORD -r sftp:$user@$host:$remote-path --verbose backup </code>
`# restic -p $PASSWORD -r sftp:$user@$host:$remote-path --verbose backup`
### Final bash script
```
#!/bin/bash
# a backup of LXC containers to a remote host
set -e
PASSWORD=/root/pass_file
# Destination
DEST="sftp:binti-backups:/srv/backups"
STATIC_OPTIONS="--verbose backup"
ROOT="/var/lib/lxc"
# list containers
CONTAINERS="$(sudo lxc-ls)"
declare -a STOPPED_CONTAINERS
# Check if containers are running and then stop the containers
echo $containers
for container in ${CONTAINERS[@]}; do
echo $container
status="$(sudo lxc-info $container | grep 'State' | xargs | cut -d' ' -f2)"
echo $status
if [[ $status == "STOPPED" ]]; then
STOPPED_CONTAINERS+=("$container")
elif [[ $status == "RUNNING" ]]; then
sudo lxc-stop $container
# Update the list of stopped containers
STOPPED_CONTAINERS+=("$container")
fi
done
set +e
restic -p $PASSWORD -r $DEST $STATIC_OPTIONS $ROOT
BACKUP_SUCCESS=$?
set -e
if [[ $BACKUP_SUCCESS -eq 0 ]]; then
echo "BACKUP succeeded"
else
# Send email to admins
echo "BACKUP failed"
sendemail admin@backups.org < ./mail.txt
fi
for container in ${STOPPED_CONTAINERS[@]}; do
echo $container
sudo lxc-start $container
done
```
### Resources for backup scripts and helpful tips
- restic for backups
https://restic.readthedocs.io/en/stable/040_backup.html
- duplicity
https://blog.xmatthias.com/duplicity_backup_script/
- What to backup
https://www.debian.org/doc/manuals/debian-reference/ch10.en.html#_backup_and_recovery
- Read password from a file:
https://www.foxinfotech.in/2019/03/reading-a-password-from-a-file-in-linux.html