--- title: Using OVH PCA with backupninja description: Accessing the OVH Public cloud archive with the automated backup tool backupninja using its duplicity backend date: 2022-03-03 --- ## motivation OVH provides a cheap way for longterm storing backup data, the Public Cloud Archive (PCA). As this is for write-once data (cold data store), it needs to be used together with a little bit more expensive hot data store for meta data when used for sequential backups. The backup solution [duplicity](https://duplicity.gitlab.io/duplicity-web/) is capable of using such multi backends. [backupninja](https://0xacab.org/liberate/backupninja) provides a nice solution for a standardized configuration of duplicity and running it automatically. ## Prerequisites ### On system - Enable email sending for backup status mails by [installing a mta](/msmtp-on-debian/). - Install system dependencies - `apt install librsync-dev gpg backupninja` #### GPG - Create a new secret key. Note the password. - `gpg --quick-generate-key cloud@freedomhost.de` - `gpg --export-secret-key keyid > private.key` - Copy the key to the server - `scp private.key server:` - Import it in the local keyring on server - `gpg --allow-secret-key-import --import private.key` - Increase trust level: ``` # gpg --edit-key KEY_ID > trust > 5 > quit ``` ### On OVH - Create a new user unter Cloud Archive → Project Management → Users & Roles - Give the user the Role `ObjectStore operator` - Note username and **password** - Get TenandID - click 3 dots on the right of the users row. Click Download OpenStack's RC file. Here you can select a region where the PCA should be set up - Note the `OS_TENANT_ID`, here you also can extract `OS_USERNAME` and `OS_REGION_NAME` ## Installation - Be sure to have at least version 0.8.21 of duplicity - `pip3 install duplicity>=0.8.21 python-swiftclient python-keystoneclient` ## Configuration - 3 files are used for this: - `/etc/backupninja.conf`: Here you can set the time of day when the backup should be run, and to whom to send status emails. This file is pre-installed and quite self-explaining - `/etc/ovh-config.json` for holding the OVH credentials - `/etc/backup.d/20_ovh_pca.dup` for configuring duplicity for backupninja usage ### `/etc/backup.d/20_ovh_pca.dup` - There is a full example for duplicity configuration in `/usr/share/doc/backupninja/examples/example.dup` find a slightly pre configured version [here](/texts/20_ovh_pca.dup) - most important options are: ``` options = --volsize 200 --archive-dir /tmp --file-prefix-manifest 'hot_' --file-prefix-signature 'hot_' --file-prefix-archive 'cold_' testconnect = no [gpg] sign = yes encryptkey = GPGKEY password = GPGKEYPASSWORD [source] include = SOMEDIR include = SOMEOTHERDIR [dest] desturl = 'multi:///etc/ovh-config.json?mode=mirror&onfail=abort' ``` ### `/etc/ovh-config.json` - get this [template](/texts/ovh-config.json) - adapt the `url` keys to something meaningful ex. `backedupserver1_cold` and `backedupserver2_hot`. This will be the names of the Cloud Archives resp. Object Stores - change `PCA_TENANTID` and `SWIFT_TENANTID` to noted `OS_TENANT_ID` - change `PCA_USERNAME` and `SWIFT_USERNAME` to noted `OS_USERNAME` - do the same for Password and Regionname ## testing - do a test run - `backupninja -d -n`