Now that I’m in charge of a rack full of servers, one of the most important considerations is backup strategy. There are a number of open source solutions around, but the one that really caught my eye was rdiff-backup.

The main things that I liked about rdiff-backup that i like are:

  • easy to install, zero config
  • one liner to run and restore
  • backups stored as a normal file tree so you can browse a backed up system, and even mount it if need be
  • all diffs etc. stored as gz format, and in a browsable file structure, good for “if all else fails” situations
  • runs over ssh so I can just use keychain and ssh keys and cron to automate it (rather than having to learn how to use/configure daemon processes on a machine)

It’s not perfect, of course, and I’ve seen a few bugs show up in the mailing lists to do with backing up OSX and Windows file systems, but that’s not something I will ever have to worry about.

I’ve also seen some issues with ACL (Access Control Lists) permissions which I’m not too worried about as I don’t use them anyway.

So all I had to do was install the FreeBSD port for 1.5.3 (which has the added –preserve-numerical-ids switch) which, at the time of this writing, is in /usr/ports/sysutils/rdiff-backup-devel and I was ready to roll.

I put the following in the root crontab:

@daily /root/backup.sh

And then I made this script (paths and passwords removed for brevity and security, line breaks added for readability denoted by “\”):

#!/bin/sh
mysqldump -q -u root --password=PASS --all-databases > /root/full_mysql_dump.sql

/usr/local/bin/rdiff-backup --preserve-numerical-ids --exclude /usr/src \
--exclude /usr/obj --exclude /usr/ports --exclude /tmp --exclude /var/tmp \
--exclude /dev/ --exclude /proc --exclude /home/dev \
--exclude /usr/home/dev / backup@server::/backup/hostname 

I also created a restore.sh script:

#!/bin/sh
rdiff-backup --restore-as-of $1 backup@serrver::/backup/hostname$2 $2

Which can be used as follows:

#restore a file to the most recent backup,
#move the file out of the way first to preserve it
restore.sh now /path/to/local/file

#restore a file as it was 5 days ago
restore.sh 5d /path/to/local/file

This is all backing up to another machine in the same rack, to a single, large IDE drive. I then do a remote backup (just rsync, no incremental backups required) to machines at two remote locations to external USB IDE drives that are encrypted using FreeBSD’s GBDE hard drive encryption.

The combination of rdiff-backup, rsync and GBDE have given me a robust, easy to install and configure, fast to restore and above all very cost effective backup solution. No tapes, no NAS, no RAID, no security holes (I think!!).