wntr/content/blog/ovh-pca-backupninja-duplici...

---
title: Using OVH PCA with backupninja
description: Accessing the OVH Public cloud archive with the automated backup tool backupninja using its duplicity backend
date: 2022-03-03
---

## motivation
OVH provides a cheap way for longterm storing backup data, the Public Cloud Archive (PCA). As this is for write-once data (cold data store), it needs to be used together with a little bit more expensive hot data store for meta data when used for sequential backups. The backup solution [duplicity](https://duplicity.gitlab.io/duplicity-web/) is capable of using such multi backends. [backupninja](https://0xacab.org/liberate/backupninja) provides a nice solution for a standardized configuration of duplicity and running it automatically.  

## Prerequisites
### On system
- Enable email sending for backup status mails by [installing a mta](/msmtp-on-debian/).
- Install system dependencies
  - `apt install librsync-dev gpg backupninja`

#### GPG
- Create a new secret key. Note the password.
  - `gpg --quick-generate-key cloud@freedomhost.de`
  - `gpg --export-secret-key keyid > private.key`
- Copy the key to the server
  - `scp private.key server:`
- Import it in the local keyring on server
  - `gpg --allow-secret-key-import --import private.key`
- Increase trust level:

```
# gpg --edit-key KEY_ID
> trust
>  5
> quit
```


### On OVH  
- Create a new user unter Cloud Archive → Project Management → Users & Roles
  - Give the user the Role `ObjectStore operator`
  - Note username and **password**
- Get TenandID
  - click 3 dots on the right of the users row. Click Download OpenStack's RC file. Here you can select a region where the PCA should be set up
  - Note the `OS_TENANT_ID`, here you also can extract `OS_USERNAME` and `OS_REGION_NAME`


## Installation
- Be sure to have at least version 0.8.21 of duplicity
    - `pip3 install duplicity>=0.8.21 python-swiftclient python-keystoneclient`

## Configuration
- 3 files are used for this:
  - `/etc/backupninja.conf`: Here you can set the time of day when the backup should be run, and to whom to send status emails. This file is pre-installed and quite self-explaining
  - `/etc/ovh-config.json` for holding the OVH credentials
  - `/etc/backup.d/20_ovh_pca.dup` for configuring duplicity for backupninja usage


### `/etc/backup.d/20_ovh_pca.dup`
- There is a full example for duplicity configuration in `/usr/share/doc/backupninja/examples/example.dup` find a slightly pre configured version [here](/texts/20_ovh_pca.dup)
- most important options are:

```
options = --volsize 200 --archive-dir /tmp --file-prefix-manifest 'hot_' --file-prefix-signature 'hot_' --file-prefix-archive 'cold_'
testconnect = no

[gpg]
sign = yes
encryptkey = GPGKEY
password = GPGKEYPASSWORD

[source]
include = SOMEDIR
include = SOMEOTHERDIR

[dest]
desturl = 'multi:///etc/ovh-config.json?mode=mirror&onfail=abort'
```


###  `/etc/ovh-config.json`
- get this [template](/texts/ovh-config.json)
  - adapt the `url` keys to something meaningful ex. `backedupserver1_cold` and `backedupserver2_hot`. This will be the names of the Cloud Archives resp. Object Stores
  - change `PCA_TENANTID` and `SWIFT_TENANTID` to noted `OS_TENANT_ID`
  - change `PCA_USERNAME` and `SWIFT_USERNAME` to noted `OS_USERNAME`
  - do the same for Password and Regionname

## testing
- do a test run
  - `backupninja -d -n`
add backup solution 2 years ago			`---`
			`title: Using OVH PCA with backupninja`
			`description: Accessing the OVH Public cloud archive with the automated backup tool backupninja using its duplicity backend`
			`date: 2022-03-03`
			`---`

			`## motivation`
			OVH provides a cheap way for longterm storing backup data, the Public Cloud Archive (PCA). As this is for write-once data (cold data store), it needs to be used together with a little bit more expensive hot data store for meta data when used for sequential backups. The backup solution [duplicity](https://duplicity.gitlab.io/duplicity-web/) is capable of using such multi backends. [backupninja](https://0xacab.org/liberate/backupninja) provides a nice solution for a standardized configuration of duplicity and running it automatically.

			`## Prerequisites`
			`### On system`
			`- Enable email sending for backup status mails by [installing a mta](/msmtp-on-debian/).`
			`- Install system dependencies`
			- `apt install librsync-dev gpg backupninja`

			`#### GPG`
			`- Create a new secret key. Note the password.`
			- `gpg --quick-generate-key cloud@freedomhost.de`
			- `gpg --export-secret-key keyid > private.key`
			`- Copy the key to the server`
			- `scp private.key server:`
			`- Import it in the local keyring on server`
			- `gpg --allow-secret-key-import --import private.key`
			`- Increase trust level:`

			```
			`# gpg --edit-key KEY_ID`
			`> trust`
			`> 5`
			`> quit`
			```



			`### On OVH`
			`- Create a new user unter Cloud Archive → Project Management → Users & Roles`
			- Give the user the Role `ObjectStore operator`
			`- Note username and password`
			`- Get TenandID`
			`- click 3 dots on the right of the users row. Click Download OpenStack's RC file. Here you can select a region where the PCA should be set up`
			- Note the `OS_TENANT_ID`, here you also can extract `OS_USERNAME` and `OS_REGION_NAME`


			`## Installation`
			`- Be sure to have at least version 0.8.21 of duplicity`
			- `pip3 install duplicity>=0.8.21 python-swiftclient python-keystoneclient`

			`## Configuration`
			`- 3 files are used for this:`
			- `/etc/backupninja.conf`: Here you can set the time of day when the backup should be run, and to whom to send status emails. This file is pre-installed and quite self-explaining
			- `/etc/ovh-config.json` for holding the OVH credentials
			- `/etc/backup.d/20_ovh_pca.dup` for configuring duplicity for backupninja usage


			### `/etc/backup.d/20_ovh_pca.dup`
			- There is a full example for duplicity configuration in `/usr/share/doc/backupninja/examples/example.dup` find a slightly pre configured version [here](/texts/20_ovh_pca.dup)
			`- most important options are:`

			```
			`options = --volsize 200 --archive-dir /tmp --file-prefix-manifest 'hot_' --file-prefix-signature 'hot_' --file-prefix-archive 'cold_'`
			`testconnect = no`

			`[gpg]`
			`sign = yes`
			`encryptkey = GPGKEY`
			`password = GPGKEYPASSWORD`

			`[source]`
			`include = SOMEDIR`
			`include = SOMEOTHERDIR`

			`[dest]`
			`desturl = 'multi:///etc/ovh-config.json?mode=mirror&onfail=abort'`
			```


			### `/etc/ovh-config.json`
			`- get this [template](/texts/ovh-config.json)`
			- adapt the `url` keys to something meaningful ex. `backedupserver1_cold` and `backedupserver2_hot`. This will be the names of the Cloud Archives resp. Object Stores
			- change `PCA_TENANTID` and `SWIFT_TENANTID` to noted `OS_TENANT_ID`
			- change `PCA_USERNAME` and `SWIFT_USERNAME` to noted `OS_USERNAME`
			`- do the same for Password and Regionname`

			`## testing`
			`- do a test run`
			- `backupninja -d -n`