websites
/
wntr
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '87a8b1f1d5'
${ noResults }
wntr/content/blog/ovh-pca-backupninja-duplici...

3.3 KiB
Raw Blame History

title description date
Using OVH PCA with backupninja Accessing the OVH Public cloud archive with the automated backup tool backupninja using its duplicity backend 2022-03-03

motivation

OVH provides a cheap way for longterm storing backup data, the Public Cloud Archive (PCA). As this is for write-once data (cold data store), it needs to be used together with a little bit more expensive hot data store for meta data when used for sequential backups. The backup solution duplicity is capable of using such multi backends. backupninja provides a nice solution for a standardized configuration of duplicity and running it automatically.

Prerequisites

On system

  • Enable email sending for backup status mails by installing a mta.
  • Install system dependencies
    • apt install librsync-dev gpg backupninja

GPG

  • Create a new secret key. Note the password.
    • gpg --quick-generate-key cloud@freedomhost.de
    • gpg --export-secret-key keyid > private.key
  • Copy the key to the server
    • scp private.key server:
  • Import it in the local keyring on server
    • gpg --allow-secret-key-import --import private.key
  • Increase trust level:
# gpg --edit-key KEY_ID
> trust
>  5
> quit

On OVH

  • Create a new user unter Cloud Archive → Project Management → Users & Roles
    • Give the user the Role ObjectStore operator
    • Note username and password
  • Get TenandID
    • click 3 dots on the right of the users row. Click Download OpenStack's RC file. Here you can select a region where the PCA should be set up
    • Note the OS_TENANT_ID, here you also can extract OS_USERNAME and OS_REGION_NAME

Installation

  • Be sure to have at least version 0.8.21 of duplicity
    • pip3 install duplicity>=0.8.21 python-swiftclient python-keystoneclient

Configuration

  • 3 files are used for this:
    • /etc/backupninja.conf: Here you can set the time of day when the backup should be run, and to whom to send status emails. This file is pre-installed and quite self-explaining
    • /etc/ovh-config.json for holding the OVH credentials
    • /etc/backup.d/20_ovh_pca.dup for configuring duplicity for backupninja usage

/etc/backup.d/20_ovh_pca.dup

  • There is a full example for duplicity configuration in /usr/share/doc/backupninja/examples/example.dup find a slightly pre configured version here
  • most important options are:
options = --volsize 200 --archive-dir /tmp --file-prefix-manifest 'hot_' --file-prefix-signature 'hot_' --file-prefix-archive 'cold_'
testconnect = no

[gpg]
sign = yes
encryptkey = GPGKEY
password = GPGKEYPASSWORD

[source]
include = SOMEDIR
include = SOMEOTHERDIR

[dest]
desturl = 'multi:///etc/ovh-config.json?mode=mirror&onfail=abort'

/etc/ovh-config.json

  • get this template
    • adapt the url keys to something meaningful ex. backedupserver1_cold and backedupserver2_hot. This will be the names of the Cloud Archives resp. Object Stores
    • change PCA_TENANTID and SWIFT_TENANTID to noted OS_TENANT_ID
    • change PCA_USERNAME and SWIFT_USERNAME to noted OS_USERNAME
    • do the same for Password and Regionname

testing

  • do a test run
    • backupninja -d -n