Add a client to tykbackup: Difference between revisions
| No edit summary | No edit summary | ||
| (5 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
| Make sure the folder <code>/root/.ssh</code> exists, and add the public ssh key below to <code>/root/.ssh/authorized_keys</code> to allow the backup server to log in as root using ssh: | Make sure the folder <code>/root/.ssh</code> exists, and add the public ssh key below to <code>/root/.ssh/authorized_keys</code> to allow the backup server to log in as root using ssh: | ||
| <pre>from=" | <pre>from="195.184.98.144,10.100.100.18" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtcUmjmE+dkGzpsRthCInngEvoPK2BF8j16boL5GJpZCnVCEFxWWoa+j4UKD8P4XFpKx3swsSFacofqcu/s/Vtx51CSXmQiB6SKjEvUc6Yig9/uZB/YxlklTZfKg3nZOcji/xzeyGF8M51YFMVMrawi26EexpZtSigHz8rrYFdhQ+SdwDQpQzRy06LYRbnIj+wtqdJ8gIAA9iTvrjJ3WMG82A/Vk38xd5acrW33S325ian/c2cfZXXvqvc1KssfJurhkaedpxTo8pRncxlo2KEPs2e2FWYHQfZtO63hbhWw0oOQzDd1JDr4Bo9GZyXtDysaW1q3u9trTrIG6Asf7N3Fy/9b/l3S3g5oaD+n7Q5dZhDQSzNTPsG8hV0C47+A6XZlxlWSfxhE+G3GBh5CF9kiHiA0xwblLIfo8otP/uo0GjJoGqqaYpRUgh4to9rMx1x+QEActyT3aXmv6C8JhImZwXlcKnxgM4EWvELdV4dMtvV7/wWEoY3LR8bpZXlu/sfIF0PZCMv/SGrr6+HVsbqCWflia444vvUjYKOiH/5NFGv0sSl4HxiHnWFwxNoAyQ/z8CeIEm8MQNta+xrpucAWRfLI/I4qpb7g9tJZZWy/NVlcoB2SNo75NqdP/4rZ3R9b5pFNwc/aNnsdnqwTBeNNiD52loXIsNBaec9PMxypQ== root@backup.tyknet.dk</pre> | ||
| == Configure sshd == | == Configure sshd == | ||
| Also change <code>PermitRootLogin no</code> to yes in <code>/etc/ssh/sshd_config</code>, the (sensible) default in FreeBSD is to not allow root logins over ssh.   | Also change <code>PermitRootLogin no</code> to yes in <code>/etc/ssh/sshd_config</code>, the (sensible) default in FreeBSD is to not allow root logins over ssh.   | ||
| '''Consider disallowing password logins and use key login only | A few points regarding SSH, which are relevant whether root logins are enabled or not: | ||
| * '''Consider disallowing password logins and use key-based login only.''' | |||
| * '''Always firewall ssh.''' | |||
| == Configure firewall == | == Configure firewall == | ||
| Line 33: | Line 35: | ||
| sudo chsh -s sh | sudo chsh -s sh | ||
| </pre> | </pre> | ||
| This  | This doesn't matter much for me, since I don't use the root account for actual work anyway. | ||
| == Add NRPE Check == | |||
| I add the following line to <code>/usr/local/etc/nrpe.cfg</code>: | |||
| <pre> | |||
| command[check_backup_time]=/usr/local/libexec/nagios/check_file_age -w 90000 -c 180000 -f /tmp/tykbackup_complete_timestamp | |||
| </pre> | |||
| == PostgreSQL Backups == | |||
| When backing up a server that has Postgres installed, I make sure the following lines are in <code>/etc/periodic.conf</code>: | |||
| <pre> | |||
| daily_pgsql_backup_enable="YES" # do backup of all databases | |||
| daily_pgsql_vacuum_enable="YES" # do vacuum | |||
| </pre> | |||
Latest revision as of 00:36, 17 January 2011
The following steps should be followed to add a new client to TykBackup. This information is not relevant to you if you don't know what TykBackup is:
Add SSH key
Make sure the folder /root/.ssh exists, and add the public ssh key below to /root/.ssh/authorized_keys to allow the backup server to log in as root using ssh:
from="195.184.98.144,10.100.100.18" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtcUmjmE+dkGzpsRthCInngEvoPK2BF8j16boL5GJpZCnVCEFxWWoa+j4UKD8P4XFpKx3swsSFacofqcu/s/Vtx51CSXmQiB6SKjEvUc6Yig9/uZB/YxlklTZfKg3nZOcji/xzeyGF8M51YFMVMrawi26EexpZtSigHz8rrYFdhQ+SdwDQpQzRy06LYRbnIj+wtqdJ8gIAA9iTvrjJ3WMG82A/Vk38xd5acrW33S325ian/c2cfZXXvqvc1KssfJurhkaedpxTo8pRncxlo2KEPs2e2FWYHQfZtO63hbhWw0oOQzDd1JDr4Bo9GZyXtDysaW1q3u9trTrIG6Asf7N3Fy/9b/l3S3g5oaD+n7Q5dZhDQSzNTPsG8hV0C47+A6XZlxlWSfxhE+G3GBh5CF9kiHiA0xwblLIfo8otP/uo0GjJoGqqaYpRUgh4to9rMx1x+QEActyT3aXmv6C8JhImZwXlcKnxgM4EWvELdV4dMtvV7/wWEoY3LR8bpZXlu/sfIF0PZCMv/SGrr6+HVsbqCWflia444vvUjYKOiH/5NFGv0sSl4HxiHnWFwxNoAyQ/z8CeIEm8MQNta+xrpucAWRfLI/I4qpb7g9tJZZWy/NVlcoB2SNo75NqdP/4rZ3R9b5pFNwc/aNnsdnqwTBeNNiD52loXIsNBaec9PMxypQ== root@backup.tyknet.dk
Configure sshd
Also change PermitRootLogin no to yes in /etc/ssh/sshd_config, the (sensible) default in FreeBSD is to not allow root logins over ssh. 
A few points regarding SSH, which are relevant whether root logins are enabled or not:
- Consider disallowing password logins and use key-based login only.
- Always firewall ssh.
Configure firewall
Allow SSH logins from backup.tyknet.dk or 10.100.100.18 to allow the backup server to login.
Install rsync
Dirvish uses rsync, so install the port /usr/ports/net/rsync/ with the default options:
sudo portmaster /usr/ports/net/rsync/
Install sysinfo
I use Daniel Gerzos sysinfo port to get some information about the server included in the backup. It is called from the backup server before the backup starts, so it must be installed on the client:
sudo portmaster /usr/ports/sysutils/sysinfo/
I normally check both options, dmidecode and portaudit, to get as much info as possible.
Change root shell to sh
Dirvish runs the pre-* and post-* hooks with sh, so the root shell needs to be sh instead of the default csh:
sudo chsh -s sh
This doesn't matter much for me, since I don't use the root account for actual work anyway.
Add NRPE Check
I add the following line to /usr/local/etc/nrpe.cfg:
command[check_backup_time]=/usr/local/libexec/nagios/check_file_age -w 90000 -c 180000 -f /tmp/tykbackup_complete_timestamp
PostgreSQL Backups
When backing up a server that has Postgres installed, I make sure the following lines are in /etc/periodic.conf:
daily_pgsql_backup_enable="YES" # do backup of all databases daily_pgsql_vacuum_enable="YES" # do vacuum