@ -12,11 +12,14 @@ OVH provides a cheap way for longterm storing backup data, the Public Cloud Arch
- Enable email sending for backup status mails by [installing a mta](/msmtp-on-debian/).
- Install system dependencies
- `apt install librsync-dev gpg backupninja`
- Make sure to have disk encryption enabled for all files containing **secrets**
#### GPG
- Create a new secret key. Note the password.
- Create a new secret key. Note the password. Keep this private and on **encrypted filesystems only**!
- `gpg --quick-generate-key cloud@freedomhost.de`
- `gpg --export-secret-key keyid > private.key`
- Make sure that `~/.gnupg` folder is on an encrypted filesystem on the server
- Copy the key to the server
- `scp private.key server:`
- Import it in the local keyring on server
@ -48,8 +51,8 @@ OVH provides a cheap way for longterm storing backup data, the Public Cloud Arch
## Configuration
- 3 files are used for this:
- `/etc/backupninja.conf`: Here you can set the time of day when the backup should be run, and to whom to send status emails. This file is pre-installed and quite self-explaining
- `/etc/ovh-config.json` for holding the OVH credentials
- `/etc/backup.d/20_ovh_pca.dup` for configuring duplicity for backupninja usage
- `/etc/ovh-config.json` for holding the OVH **credentials**
- `/etc/backup.d/20_ovh_pca.dup` for configuring duplicity for backupninja usage contains **gnupg secrets**.
- This is the **credentials** file for OVH. Get this [template](/texts/ovh-config.json)
- adapt the `url` keys to something meaningful ex. `backedupserver1_cold` and `backedupserver2_hot`. This will be the names of the Cloud Archives resp. Object Stores
- change `PCA_TENANTID` and `SWIFT_TENANTID` to noted `OS_TENANT_ID`
- change `PCA_USERNAME` and `SWIFT_USERNAME` to noted `OS_USERNAME`
- do the same for Password and Regionname
- Make sure minimal access rights with `chmod 600`
yova
2 years ago