Backups, chapter 1
(Photo by Miguel Á. Padriñán: https://www.pexels.com/photo/close-up-shot-of-keyboard-buttons-2882506/)
Backups, chapter 1
What follows is mainly an aide-memoire for my future self. However, it may help someone out. Who knows?
Following the (re)birth of my Diaspora✳︎ pod, I wanted to make sure it was backed up regularly and properly. It lives on an Ubuntu 22.04 Server VM running on VirtualBox1 on my main server (also Ubuntu 22.04 Server).
Linux of course has a rich set of tools for getting the job done, but the philosophy of it is sometimes difficult. The backup process for this particular machine focuses on backing up the following:
- the MySQL database (duh!)
- the entire /home/$USER folder (all the config files, html and Ruby stuff is in here)
If you ask a room full of people the best way to go about this, you’ll probably get as many different answers. However, here’s my approach.
- Dump a timestamped MySQL database to
- Create timestamped zipped tar archive of
/home/$USER/backups,but obviously excluding
- rsync contents of
--deleteswitch to clear out old backups
- If all return codes 0, clear out contents of /home/$USER/backups on local host
These steps are done via a
cron script at the top of every hour.
Additionally, the contents of $REMOTE_HOST/home/$USER/backups/vm-diaspora are picked up at half past the hour (plenty of time) by
duplicati (also running on $REMOTE_HOST) and stored in a bucket with smart backup retention.
I think this covers all my bases. I the event of a pod-related disaster I just need to spin up another VM, restore the latest backup to it and be on my way.
As I write this I can think of a couple of improvements I could implement in the near future:
- Have the duplicati server on its own machine (I have a couple of spare old boxes for this, doesn’t need much transient storage).
- Also backup the /usr/local/src folder as that’s where the OpenSSL v1 stuff is.
- I also have a Hetzner storage box that I use for borg backups. It makes more sense to use this, taking the duplicati dependency away.
I’m not an expert in Linux, networking or security so would love to know if there’s anything in addition to or in place of the above improvements to simplify and/or make this process better. 🙂