You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 lines
3.3 KiB
87 lines
3.3 KiB
2 years ago
|
---
|
||
|
title: Using OVH PCA with backupninja
|
||
|
description: Accessing the OVH Public cloud archive with the automated backup tool backupninja using its duplicity backend
|
||
|
date: 2022-03-03
|
||
|
---
|
||
|
|
||
|
## motivation
|
||
|
OVH provides a cheap way for longterm storing backup data, the Public Cloud Archive (PCA). As this is for write-once data (cold data store), it needs to be used together with a little bit more expensive hot data store for meta data when used for sequential backups. The backup solution [duplicity](https://duplicity.gitlab.io/duplicity-web/) is capable of using such multi backends. [backupninja](https://0xacab.org/liberate/backupninja) provides a nice solution for a standardized configuration of duplicity and running it automatically.
|
||
|
|
||
|
## Prerequisites
|
||
|
### On system
|
||
|
- Enable email sending for backup status mails by [installing a mta](/msmtp-on-debian/).
|
||
|
- Install system dependencies
|
||
|
- `apt install librsync-dev gpg backupninja`
|
||
|
|
||
|
#### GPG
|
||
|
- Create a new secret key. Note the password.
|
||
|
- `gpg --quick-generate-key cloud@freedomhost.de`
|
||
|
- `gpg --export-secret-key keyid > private.key`
|
||
|
- Copy the key to the server
|
||
|
- `scp private.key server:`
|
||
|
- Import it in the local keyring on server
|
||
|
- `gpg --allow-secret-key-import --import private.key`
|
||
|
- Increase trust level:
|
||
|
|
||
|
```
|
||
|
# gpg --edit-key KEY_ID
|
||
|
> trust
|
||
|
> 5
|
||
|
> quit
|
||
|
```
|
||
|
|
||
|
|
||
|
|
||
|
### On OVH
|
||
|
- Create a new user unter Cloud Archive → Project Management → Users & Roles
|
||
|
- Give the user the Role `ObjectStore operator`
|
||
|
- Note username and **password**
|
||
|
- Get TenandID
|
||
|
- click 3 dots on the right of the users row. Click Download OpenStack's RC file. Here you can select a region where the PCA should be set up
|
||
|
- Note the `OS_TENANT_ID`, here you also can extract `OS_USERNAME` and `OS_REGION_NAME`
|
||
|
|
||
|
|
||
|
## Installation
|
||
|
- Be sure to have at least version 0.8.21 of duplicity
|
||
|
- `pip3 install duplicity>=0.8.21 python-swiftclient python-keystoneclient`
|
||
|
|
||
|
## Configuration
|
||
|
- 3 files are used for this:
|
||
|
- `/etc/backupninja.conf`: Here you can set the time of day when the backup should be run, and to whom to send status emails. This file is pre-installed and quite self-explaining
|
||
|
- `/etc/ovh-config.json` for holding the OVH credentials
|
||
|
- `/etc/backup.d/20_ovh_pca.dup` for configuring duplicity for backupninja usage
|
||
|
|
||
|
|
||
|
### `/etc/backup.d/20_ovh_pca.dup`
|
||
|
- There is a full example for duplicity configuration in `/usr/share/doc/backupninja/examples/example.dup` find a slightly pre configured version [here](/texts/20_ovh_pca.dup)
|
||
|
- most important options are:
|
||
|
|
||
|
```
|
||
|
options = --volsize 200 --archive-dir /tmp --file-prefix-manifest 'hot_' --file-prefix-signature 'hot_' --file-prefix-archive 'cold_'
|
||
|
testconnect = no
|
||
|
|
||
|
[gpg]
|
||
|
sign = yes
|
||
|
encryptkey = GPGKEY
|
||
|
password = GPGKEYPASSWORD
|
||
|
|
||
|
[source]
|
||
|
include = SOMEDIR
|
||
|
include = SOMEOTHERDIR
|
||
|
|
||
|
[dest]
|
||
|
desturl = 'multi:///etc/ovh-config.json?mode=mirror&onfail=abort'
|
||
|
```
|
||
|
|
||
|
|
||
|
### `/etc/ovh-config.json`
|
||
|
- get this [template](/texts/ovh-config.json)
|
||
|
- adapt the `url` keys to something meaningful ex. `backedupserver1_cold` and `backedupserver2_hot`. This will be the names of the Cloud Archives resp. Object Stores
|
||
|
- change `PCA_TENANTID` and `SWIFT_TENANTID` to noted `OS_TENANT_ID`
|
||
|
- change `PCA_USERNAME` and `SWIFT_USERNAME` to noted `OS_USERNAME`
|
||
|
- do the same for Password and Regionname
|
||
|
|
||
|
## testing
|
||
|
- do a test run
|
||
|
- `backupninja -d -n`
|