User Tools

Site Tools


backup_plan

Backup Plan

Bog is a webserver running PHP/MySQL websites. It needs to be backed up so that it can be restored if the need arises.

“Plan” as in “this is the plan we have made and ARE ACTIVELY DOING EVERYDAY” and not “plan” as in “I hope to get around to this someday”

Backing up bog to berg will be different from backing up webfaction to berg. Webfaction ran everything as owned by the same user: bassjas. On bog everything is owned by the user apache. I think that means the backup will have to run as apache or root. Since apache is not a login shell, I'm not sure how to run the backup as apache.

OPTIONS:

  1. I could try having cron copy everything to a staging area on bog. Root would make the copy but the staging area would be modified to allow an outside user to copy it via rsync.
  2. I could look into running an rsync daemon. The daemon should be configurable to run as root on bog even though it's a non-root user who connects to it from berg.
  3. I could try a trick I saw where you pass the rsync option “–rsync-path=sudo rsync” so that logon is handled by ssh, and then the ssh shell calls “sudo rsync” as the local user, and then you have a sudoers rule that allows that user to run rsync w/o requesting a password.

Currently

Here's how it's working at the moment.

  1. bog runs a cron job as root at 2:16 AM to make a logical backup of all databases. Places it in /var/www/db-backups
  2. berg runs a cron job as jason to run rsnapshot. rsnapshot uses “–rsync-path=sudo rsync” to perform backup as root user on bog. Entire /var/www directory gets copied to berg.

Daily Web Server Backup

The purpose of the daily backup would be to recover contents of websites if we were hacked or hosed.

All files go to berg via rsnapshot. That would be:

  • MariaDB databases
  • Apache configuration
  • Web content directories (/var/www/*)
  • Log files for diagnosis?
  • LetsEncrypt certificates? (If we had to recover, would I just copy those certificates or require new ones to be issued?)

Disaster Recovery Plan

If the whole machine gets hosed and we have to recreate it from scratch, what do we do?

I would need to know:

  • What software packages were installed.
  • What versions of apache, php, mariadb, …
  • What websites did we host?
    • What databases are associated with each?
  • What cron jobs did we have scheduled?
  • What SSL and other certificates would I need copies of?
  • Copies of scripts from /root/bin
backup_plan.txt · Last modified: 2019/07/03 09:29 (external edit)