Rdiff-backup is a robust and well-documented tool for performing reverse differential backups. It is particularly well suited for using Linux and SSH to perform incremental backups of remote Linux systems.
This onezeroone.dev script automates the use of
rdiff-backup to perform incremental backups of one or more remote Linux systems over SSH to a dedicated local volume. When used properly, it will:
- Mount a volume dedicated for
rdiff-backupagainst the specified remote host, backing up a default set of directories along with any additional directories specified on a per host/job basis.
- Remove increments older than the configured age.
- Unmount the
- Perform a weekly
Local Host Setup
- Attach a volume or create a dedicated partition for
rdiff-backupincrements. This volume should be formatted with your preferred filesystem e.g.,
blkidto enumerate the UUID for your volume and add it to
/etc/fstabas follows, substituting your UUID, preferred mount point, and filesystem type:
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /srv/rdiff xfs noauto 0 0
- Clone or download this onezeroone script and configuration example from GitHub where it is licensed under the GPL 2.0.
/usr/local/sbinand make it executable with
chmod 700 /usr/local/sbin/rdiff-backup.sh.
- Create your configuration files directory e.g.,
/etc/rdiff-backup.conf.dand copy in the example configuration file.
- Copy and edit the example configuration file to create a job configuration file for each remote host.
- Edit the USER DEFINABLE VARIABLES section of the script to update the
rdiff-backupvolume UUID, mount point, configuration files directory, default inclusions, default exclusions, and day to run
fsck(with Sunday being 0 and Saturday being 6).
- As root, execute
ssh-copy-id -i [HOSTNAME]for each remote host to permit your local root user to log in without a password.
Remote Host Setup
# dnf install rdiff-backup
# apt-get install rdiff-backup
In keeping with the principles of least privilege and least functionality, the use of the shared key on the remote host can be restricted to executing only the rdiff-backup client.
- Prepend the shared key with:
command="/usr/bin/rdiff-backup --server --restrict-read-only /"
Executing the First Run
Running the job manually will create the initial backup and ensure that the job can execute without errors. Execute the following on the local host, substituting your configuration file:
# /usr/local/sbin/rdiff-backup.sh /etc/rdiff-backup.conf.d/rdiff-host.example.conf
Scheduling the Job
Use cron to schedule recurring jobs on the local host. For example, create
/etc/cron.d/rdiff-backup containing the following to run the
rdiff-host.example.com.conf job once per day at 04:00:
00 04 * * * root /usr/local/sbin/rdiff-backup.sh /etc/rdiff-backup.conf.d/rdiff-host.example.com.conf
Notes and Caveats
The fsck function runs in conjunction with a backup job, so it’s important to have at least one job scheduled on the day configured for FSCK_DAY.