PreshBlog

Incremental backups with rdiff-backup

by on Apr.15, 2011, under Linux, System Administration

My current backup solution is using rdiff-backup to do incremental backups. I’d previously been using plain rsync, but I wanted snapshots too, so I could retrieve a file as it looked at some point in the past (as Sod’s law guarantees that if a file was mistakenly deleted/clobbered, rsync will run between that happening and you noticing, so the backup will be clobbered too).

My setup involves the backup box running rdiff-backup, connecting to the machine to be backed up via SSH, using a passwordless SSH key for authentication. The entry in ~/.ssh/authorized_keys on the machine to be backed up allows that key to be used only to run rdiff-backup, nothing else, and only from the backup host, to provide as much security as possible.

I thought I’d document my setup here, both for easy future reference for myself when adding other boxes to back up, and for anyone else who may find it useful.

So, the steps I use are as follows:

  • Generate a key pair to be used for backups with ssh-keygen.
  • Add the public key to /root/.ssh/authorized_keys on the machine to be backed up, with the command to run forced, the source IP forced, and port forwarding etc disabled, as follows:
    
    command="rdiff-backup --server --restrict-read-only /",from="192.0.2.1",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa [SSH public key here]
    

    The above means that, when connecting with that key, the command rdiff-backup --server --restrict-read-only / will be run (regardless of what the machine at the other end wanted to run), and the key will only be accepted from the IP listed. (I’m connecting as root so I can back up the entire system reliably; if you only want to back up your home dir on a remote system, you can put it in your own ~/.ssh/authorized_keys, and skip the following step.)

  • Allow root to SSH in, but only with keys and using forced commands only, by setting the PermitRootLogin setting in /etc/ssh/sshd_config to the following:

    
    PermitRootLogin  forced-commands-only
    

    (You do ordinarily have PermitRootLogin set to ‘no’, don’t you?)

  • Add an entry to ~/.ssh/config on the backup box to specify the options to use when connecting to the machine to be backed up, for instance:

    
    host supernova-backup
    hostname supernova.preshweb.co.uk
    user root
    identityfile /home/davidp/.ssh/backup-key
    
  • You can now set up a cron job to run rdiff-backup, for example:

    
    0 */3 * * * rdiff-backup --exclude-other-filesystems supernova-backup::/ /mnt/backups/supernova
    

That should be enough to get you going.

rdiff-backup will take care of all the hard work for you; you’ll end up with an immediately usable backup in the destination directory which is a snapshot of how things were at the last backup, with an rdiff-backup-data dir added which contains the data rdiff-backup needs in order to provide previous snapshots.

You can see which snapshots are available with:


[davidp@carryusall:~]$ rdiff-backup -l /mnt/1tb/davidp/lyla
Found 275 increments:
[....]
    increments.2011-04-15T00:00:05+01:00.dir   Fri Apr 15 00:00:05 2011
    increments.2011-04-15T03:00:05+01:00.dir   Fri Apr 15 03:00:05 2011
    increments.2011-04-15T06:00:04+01:00.dir   Fri Apr 15 06:00:04 2011
Current mirror: Fri Apr 15 09:00:04 2011

You can restore files from your backup using the -r option. For instance, to restore /etc/passwd as it was 10 days ago, I could use:


rdiff-backup -r10D /mnt/1tb/davidp/lyla/etc/passwd /tmp/passwd

You can also provide a date stamp, or a specific increment name. See the rdiff-backup documentation for all the things you can do, there’s no point reproducing it all here.


2 Comments for this entry

  • Noreen Messervy

    Hi there, Please excuse the dumb question, but rest assured that I am not being intentionally stupid. Just bought lightroom, and trying to get myself organized. I followed the link to this article from the one where you describe your storage solutions. So if your catalog and images are both stored on an external hard-drive (let’s call it drive Z), how does an automatic daily backup of your computer’s files onto an external drive help with the task of backing up drive Z? If Z is connected to my laptop (let’s say with eSata), will a standard backup program of my computer (using a USB external drive) also backup the Z drive data? I wouldn’t have thought so….but then I’ve never tried. I just use Windows own internal backup software at the moment. Perhaps you don’t explain how to backup an external drive because any fool would know, but I’m not just any fool! Thanks for your patience.

  • bigpresh

    @Noreen – firstly, sorry for the slow comment approval & reply; secondly, I have absolutely no idea about Windows – I haven’t used it for many years, sorry!

1 Trackback or Pingback for this entry

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!