Gr0x0rd: Created page with "=Backup strategy= The backup home for librti scripts and files is '''/opt/librti'''.

The folder, file folder and all subdirectories should be owned by root:sudo. Th..."

2023-02-03T06:05:09Z

Created page with "=Backup strategy= The backup home for librti scripts and files is '''/opt/librti'''. The folder, file folder and all subdirectories should be owned by root:sudo. Th..."

New page

=Backup strategy=

The backup home for librti scripts and files is '''/opt/librti'''.
 
The folder, file folder and all subdirectories should be owned by root:sudo. This will allow all users to view and modify the files using appropriate sudo commands.
 
Backups are done using tar and encrypted using gpg. A 32 bit passphrase is generated for each server.
 
On the server, generate the passphrase.
$ openssl rand -hex 32 > enc.key

The command to encrypt files, and thus to be used in scripts, is thus
<pre>
#/bin/bash
datum=`/bin/date +%Y%m%d-%H`
ENCRYPTIONKEY=`cat /opt/librti/ssl/enc.key`
tar czvpf - --exclude='^#' --verbatim-files-from -T /opt/librti/filelist.txt | \
gpg -c --batch --yes -z 0 --cipher-algo AES256 -o /opt/librti/backups/$HOSTNAME-${datum}.librti --passphrase-fd 9s 9< <(printf '%s' "$ENCRYPTIONKEY") -
</pre>

To decrypt
$ gpg --batch --yes --passphrase <phrase from enc.key> -o outputfile.tar.gz -d inputfile.librti

==Connecting to Wasabi storage==
$ sudo apt-get install s3cmd python3 python3-boto3
After install, set up the connection.
$ s3cmd --configure
Enter in the access and secret key. When prompted for region
us-east-1
For the S3 endpoint
s3.wasabisys.com
Buckets are provisioned on the wasabi side (Roman did this first time).
%(bucket)s.s3.wasabisys.com
Provide an encryption key. Store it in the vault. The path to gpg should be default. Use HTTPS. Leave the proxy blank.
 
Test the connection. It should work.
===View files on the s3 bucket===
$ s3cmd la
This will also tell us the bucket name.
===Send a file to the s3 storage===
$ s3cmd put /path/to/file s3://<bucket_name>
===Recursively send all files in a folder ===
$ s3cmd sync --acl-private --recursive --skip-existing --multipart-chunk-size-mb=256 /path/to/files/ s3://<bucket-name>

Encrypted backups - Revision history

Gr0x0rd: Created page with "=Backup strategy= The backup home for librti scripts and files is '''/opt/librti'''. The folder, file folder and all subdirectories should be owned by root:sudo. Th..."

Gr0x0rd: Created page with "=Backup strategy= The backup home for librti scripts and files is '''/opt/librti'''.

The folder, file folder and all subdirectories should be owned by root:sudo. Th..."