1SAFEKEEP(1) [FIXME: manual] SAFEKEEP(1)
2
3
4
6 safekeep - Client/server backup script
7
9 safekeep --server [-q] [-v] [--noemail] [--force] [-c file] [--cleanup]
10 <clientid>*
11
12 safekeep --keys [-q] [-v] [--noemail] [-c file] [-i file] [--status]
13 [--print] [--deploy] <clientid>*
14
15 safekeep --list [-q] [-v] [--noemail] [-c file] [--increments]
16 [--parsable-output] [--sizes] [--changed=<time>] [--at-time=<time>]
17 <clientid>*
18
19 safekeep --client [--cleanup]
20
21 safekeep -h | -V
22
24 SafeKeep is a client/server backup script which enhances the power of
25 rdiff-backup with simple configuration and use.
26
27 SafeKeep can work in server mode, client mode, SSH key management mode
28 or list mode.
29
30 In server mode, SafeKeep parses a set of configurations files which
31 defines a set of backup clients. For each backup client, SafeKeep
32 connects to the client host over SSH (using a public key
33 authentification system previously set up using safekeep --keys
34 --deploy), and launches safekeep --client onto the client host. The
35 client does the real backup and sends the data over SSH to the SafeKeep
36 server which stores it in the specified location.
37
38 In client mode, SafeKeep does a few setup steps, depending on the
39 client configuration (database dump, LVM device snapshot), then backups
40 the client data using rdiff-backup, and then cleanups the state
41 (removes the database dumps, deactivates the LVM snapshots)
42
43 Note that the client mode of SafeKeep should never be invoked manually,
44 this mode is meant to be used only by the server mode of SafeKeep. The
45 only exception to this is if run with the --cleanup option, which is
46 used to remove LVM snapshots and mounts created by Safekeep, after a
47 crash or some other failure, without a connection to the server.
48 Normally this cleanup would be performed through the server command
49 safekeep --server --cleanup.
50
51 The SSH key management mode is a helper mode for deploying or verifying
52 the setup of the SSH authentification keys.
53
54 In list mode, SafeKeep lists the details of existing archives. This is
55 basically an interface to the relevant options for rdiff-backup.
56
57 In server, keys management and list mode, you can restrict the
58 operation to a specific set of clients by listing the desired client
59 IDs as arguments. If no client ID is given, SafeKeep will operate over
60 all known clients.
61
62 Each mode accepts a few options as described below.
63
65 --server
66 Selects the server mode
67
68 --client
69 Selects the client mode. This should never be invoked manually, the
70 clients are started automatically by the server on the client
71 machines using SSH.
72
73 --keys
74 Selects the SSH key management mode
75
76 --list
77 Selects the list mode
78 Please note that you must always specify an operation mode. Earlier
79 versions used do default to --server mode, but that proved to work out
80 poorly in practice.
81
83 -c, --conf=FILE
84 Specifies the configuration file location. If not specified at all,
85 SafeKeep will default to /etc/safekeep/safekeep.conf if it exists.
86 Simply using this default is the recommended usage.
87
88 -h, --help
89 Selects the help mode, in which safekeep prints out the online help
90 and exits.
91
92 -V, --version
93 Selects the version mode, in which safekeep prints out the version
94 number and exits.
95
96 -q, --quiet
97 Decreases the verbosity level. Can be specified more than once.
98
99 -v, --verbose
100 Increases the verbosity level. Can be specified more than once.
101
102 --noemail
103 Disables the sending of email, no matter what the settings within
104 the configuration file.
105
107 --force
108 Pass the --force option to rdiff-backup, allowing it to overwrite
109 the backup directory metadata. This option is potentially
110 dangerous, and should only be used if the backup directory becomes
111 corrupt, and rdiff-backup error logs tells you to use this option.
112
113 --cleanup
114 Remove LVM snapshots and mounts left by Safekeep after a crash or
115 other failure. This will run also run the standard cleanup
116 processes, such as the removal of an DB dumps, and forces a
117 consistency check of the rdiff-backup destination directory. This
118 is the prefered cleanup procedure and can be run with no danger of
119 corrupting the system if there is nothing to cleanup.
120
122 --cleanup
123 Remove LVM snapshots and mounts left after a crash or other failure
124 from the local system. Unlike the equivalent --server option, it
125 does not do any other of the standard cleanups. This option should
126 only be used when it is not possible to refer to the server, for
127 example, when the network connection to the server is no longer
128 available.
129
131 -i FILE
132 Forces ssh(1) to use FILE for the identity (private key) in RSA/DSA
133 authentication. If not specified, ssh(1) will use its default
134 indetity files.
135
136 --status
137 Display the key status for the clients. It is implied if no other
138 option is specified. In effect this option prints the steps that
139 will be taken when the keys are deployed to the client.
140
141 --print
142 Display the authorization keys for the clients. This is useful in
143 case you want to manually copy it into the client’s
144 ~/.ssh/authorized_keys file. This option is seldom useful.
145
146 --deploy
147 Deploy the authorization keys on the clients.
148
150 --increments
151 Pass the --list-increments option to rdiff-backup, to list the
152 number and date of partial incremental backups for the given or all
153 clients. This is the default list option.
154
155 --parseable-output
156 Pass the --parsable-output option to rdiff-backup to generate
157 output in a format that is easily parsed by other programs. This
158 currently only works with the --increments.
159
160 --sizes
161 Pass the --list-increment-sizes option to rdiff-backup, to list the
162 total size of all increment and mirror files by time for the given
163 or all clients. Note, this may take some time.
164
165 --changed=TIME
166 Pass the --list-changed-since option for TIME to rdiff-backup, to
167 list the files changed since TIME for the given clients. TIME is
168 passed directly to rdiff-backup. Note, this may take some time and
169 generate considerable output. Also, unlike rdiff-backup the is no
170 option to select sub-directories.
171
172 --at-time=TIME
173 Pass the --list-at-time option for TIME to rdiff-backup, to list
174 the files in the archive that were present at the given time for
175 the given clients. Note, this may take some time and generate
176 considerable output. Also, unlike rdiff-backup the is no option to
177 select sub-directories.
178
180 Normally the configuration files are placed in the
181 /etc/safekeep/backup.d/ directory from where they will get picked up
182 automatically by SafeKeep. Each backup client is described by a
183 configuration file in XML format. The minimum configuration file is:
184
185
186 <backup>
187 <host name="my_workstation" />
188 </backup>
189
190 This will simply backup all relevant files (excluding temporary files,
191 caches, etc) from the client with the address my_workstation.
192
193 A more realistic example:
194
195
196 <backup>
197 <host name="my_workstation" />
198 <repo retention="10D" />
199 <setup>
200 <dump type="postgres" dbuser="postgres" file="/var/lib/pgsql/backups/all_dbs" />
201 <dump type="mysql" user="mysql" dbuser="dbbackup" db="adatabase" file="/var/backups/dumps/adatabase_dbs" />
202 <dump type="mysql" user="mysql" dbuser="dbbackup" db="mysql" file="/var/backups/dumps/mysql_dbs" cleanup="true" />
203 <snapshot device="/dev/mapper/VolGroup00-LogVol00" size="500M" />
204 </setup>
205
206 <data>
207 <exclude regexp=".*\.ogg"/>
208 <exclude regexp=".*\.mp3"/>
209
210 <include path="/etc"/>
211
212 <exclude glob="/home/*/tmp"/>
213 <include path="/home"/>
214
215 <include path="/root"/>
216
217 <include path="/srv"/>
218
219 <exclude path="/var/cache"/>
220 <exclude path="/var/lock"/>
221 <exclude path="/var/run"/>
222 <exclude path="/var/tmp"/>
223 <include path="/var/named/chroot/etc"/>
224 <include path="/var/named/chroot/var/named"/>
225 <exclude path="/var/named/chroot"/>
226 <include path="/var"/>
227
228 <exclude path="/"/>
229 </data>
230 </backup>
231
232 In this case, SafeKeep will dump all databases managed by PostgreSQL,
233 snapshot the disk via LVM, and proceed to backup /etc, /home, /root,
234 /srv, /var, while excluding some unneeded files and directories. Older
235 data will be retained for 10 days.
236
237 For full reference documentation of the configuration format, see
238 safekeep.backup(5).
239
241 Normally the client IDs are generated automatically from the
242 configuration filenames without the extension. E.g. if a configuration
243 file is named my_workstation.conf, the client ID becomes
244 my_workstation. For more information on this topic, see
245 safekeep.backup(5).
246
248 The safekeep(1) server needs to access the clients in order to conduct
249 the backup. To that end, it establishes two ssh(1) pipes: one for
250 control, and one for data. To simplify the deployment of the keys,
251 safekeep(1) has a key deploy mode.
252
253 When deploying keys using the built-in key management functionality,
254 safekeep(1) needs to be invoked as the user under which it will
255 function as a server. By default, that user is safekeep. For extra
256 security, you can not login into that account, so you have to invoke
257 safekeep(1) as root:
258
259
260 [root@yourbox ~] # safekeep --keys --deploy
261
263 Since safekeep(1) is built around rdiff-backup(1), it doesn’t have any
264 built-in restore capabilities. It simply relies on rdiff-backup to
265 perform this task.
266
267 To do so, you just need to know the directory where the data is
268 actually stored. In a typical installation, for a box configured via
269 the file /etc/safekeep/backup.d/mybox.backup, the data will be stored
270 under /var/lib/safekeep/mybox/. Please refer to safekeep.backup(5) for
271 more information on this matter.
272
273 Once you have determined where the data will be stored (we’ll continue
274 the example above), all you have to do is run rdiff-backup:
275
276
277 # rdiff-backup -r 1s /var/lib/safekeep/mybox my-restore-dir
278
279 You will be able to find more information on the restore procedure in
280 the rdiff-backup(1) man page.
281
283 It is important to note that the include/exclude directives that
284 control file selection are matched in the order they appear in the
285 configuration file, and the first one that matches dictates whether the
286 file will be included or excluded. As a result, you have to add the
287 more specific ones first, or the more generic specifications will
288 always win. For example:
289
290
291 ...
292 <include path="/home"/>
293 <exclude path="/home/joe"/>
294 ...
295
296 will NOT do what you expect, because the /home will match before
297 /home/joe, and thus all files under /home will be included. The correct
298 way is to flip the two around
299
300
301 ...
302 <exclude path="/home/joe"/>
303 <include path="/home"/>
304 ...
305
306 Please see safekeep.backup(5) for more information on file selection.
307
309 rdiff-backup(1), safekeep.conf(5), safekeep.backup(5)
310
312 Written by Dimi Paun <dimi@lattica.com[1]> and Stelian Pop
313 <stelian@lattica.com[2]>.
314
316 1. dimi@lattica.com
317 mailto:dimi@lattica.com
318
319 2. stelian@lattica.com
320 mailto:stelian@lattica.com
321
322
323
324[FIXME: source] 11/27/2011 SAFEKEEP(1)