A Python script for backing up machine config and/or scripts in a periodic and secure manner.
There's a lot of backup tools on the market, but they are complex to use, may break without admin/user noticing and they do not necessarily secure sensitive data either on the way or at target destination.
Simple cron-ran script that uses git for versioning, GPG for encryption and sends the configuration and script backup to indicated address is often preferable in simpler cases or smaller infrastructure.
Another advantage of doing things this way is that one can have config files and scripts versioned periodically in /.git repo, while having a full backup sent periodically to email as well (obviously, this is not designed for doing big backups, but only for local things like configuration files and custom scripts).
- Version and commit your config files automatically with git
- GPG encryption
- Sending file using specified SMTP server and/or delivery script
- Symlink target handling (see below)
- Automatically add typical locations to be skipped to /.gitignore, like: /usr/bin, /usr/lib, /proc, *.lock, etc.
git, GPG, python (2.5+), awk, typical Linux/U**x utilities (find, etc).
- Copy config_backup.py to a desired location and config_backup.conf to /etc or the same location as config_backup.py script.
- Edit config_backup.conf.
# config_backup.py [I 2013-08-12 23:00:09] Using config /etc/config_backup.conf [I 2013-08-12 23:00:09] Adding item /root to archive. [I 2013-08-12 23:00:09] Adding item /etc to archive. [I 2013-08-12 23:00:09] Adding item /var/spool/cron/crontabs to archive. [I 2013-08-12 23:00:09] Adding item /usr/local/bin to archive. [I 2013-08-12 23:00:09] Adding item /usr/nx/etc to archive. [I 2013-08-12 23:00:09] Adding item /export/www/html to archive. [I 2013-08-12 23:00:09] Writing 2701 files to archive /config_MyMachine_2013-08-12.tar.bz2 [I 2013-08-12 23:00:17] Sending backup [I 2013-08-12 23:00:17] Host: 192.168.1.1 [I 2013-08-12 23:00:17] Subject: Config backup on 2013-08-12 (config_MyMachine_2013-08-12.tar.bz2.gpg) [I 2013-08-12 23:00:17] Attachment: /config_MyMachine_2013-08-12.tar.bz2.gpg [I 2013-08-12 23:00:17] Sender: **** [I 2013-08-12 23:00:17] Recipient: **** [I 2013-08-12 23:00:31] Finished
Run config_backup.py from cron.
If you need more items (dirs or files) backed up, either add them to ITEMS (recommended, since if you add something to a directory specified this way it will be automatically added on next backup) or add them to root git repo (/.git):
$ cd /
$ git add /path/to/file
You should also configure /.gitignore for files/dirs you do not want backed up.
Problem: symlinks and git
If a symlink points to a file outside directories currently stored in repo, git stores it as a symbolic link only (no content). This might be a problem for versioning, since you might edit a file, forget that it was a actually a symlink to a path that is not stored in /.git repo, and expect it to be backed up while it actually won't be backed up.
config_backup.py gets around this problem by dereferencing symlinks (that is, storing content in place of symlinks).
WARNING: be careful with /.gitignore! If you add a symlink target's dir to /.gitignore, obviously target won't be stored in git.
If you don't have a GPG key:
$ gpg --list-keys
$ gpg --gen-key
Copy the public key part to a machine to be backed up and run:
$ gpg --import public_key_filename
$ gpg --edit-key "John Doe firstname.lastname@example.org"
set trust to 5 (trust ultimately), otherwise gpg --encrypt will stop with question
paste key name ("John Doe email@example.com") in GPGID in config_backup.conf.
Not to mention you should back up a generated private key in a safe place, obviously!