|< Day Day Up >|
Recipe 16.9. Automating rsync over ssh Backups
Write a script, create a cron job, and set up keychain to authenticate to your remote hosts. (See Recipe 17.7 to learn how to use keychain.)
Here is a simple script that backs up /home and /etc, using the "backupadmin" user created just for this job.The second line of the script tells cron to hook into keychain for remote authentication:
#!/bin/bash source /home/backupadmin/.keychain/$HOSTNAME-sh rsync -av -e ssh --delete --force /home /etc stinkpad:home-etc-backup/
Once you have fine-tuned your file selection and tested your backup script, create a cron job to run the script. This runs it every night at 10 p.m.:
# crontab -e 0 22 * * * /usr/local/bin/rsyncbackup.sh
A lot of documentation tells you to create keys with null passphrases, so that you can schedule ssh transfers with cron. It's dangerous to do this, because anyone who gains access to your private key will be able to easily misuse it. keychain handles authentication for you, so you can properly protect your private keys with passphrases. The one downside to keychain is that it does not survive a reboot, so you have to enter your passphrase, or passphrases, at startup. But this is a security utility, after all—you don't want just anyone to be able to boot your machine and have unfettered access to your remote hosts.
Using the —delete flag means that all files deleted from the local archive will also be removed from the remote archive.
—force means that directories will be deleted even if they are not empty.
This is an easy way to perform secure, offsite backups. If all of your users' /home and shared data directories are on a central server, it's even easier.
16.9.4 See Also
|< Day Day Up >|