Rdiff-backup
is a robust and well-documented tool for performing reverse differential backups. It is particularly well suited for using Linux and SSH to perform incremental backups of remote Linux systems.
This onezeroone.dev script automates the use of rdiff-backup
to perform incremental backups of one or more remote Linux systems over SSH to a dedicated local volume. When used properly, it will:
- Mount a volume dedicated for
rdiff-backup
increments. - Execute
rdiff-backup
against the specified remote host, backing up a default set of directories along with any additional directories specified on a per host/job basis. - Remove increments older than the configured age.
- Unmount the
rdiff-backup
volume. - Perform a weekly
fsck
of therdiff-backup
volume.
Setup Instructions
Local Host Setup
- Attach a volume or create a dedicated partition for
rdiff-backup
increments. This volume should be formatted with your preferred filesystem e.g.,xfs
orext4
. - Use
blkid
to enumerate the UUID for your volume and add it to/etc/fstab
as follows, substituting your UUID, preferred mount point, and filesystem type:UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /srv/rdiff xfs noauto 0 0
- Clone or download this onezeroone script and configuration example from GitHub where it is licensed under the GPL 2.0.
- Copy
rdiff-backup.sh
to/usr/local/sbin
and make it executable withchmod 700 /usr/local/sbin/rdiff-backup.sh
. - Create your configuration files directory e.g.,
/etc/rdiff-backup.conf.d
and copy in the example configuration file. - Copy and edit the example configuration file to create a job configuration file for each remote host.
- Edit the USER DEFINABLE VARIABLES section of the script to update the
rdiff-backup
volume UUID, mount point, configuration files directory, default inclusions, default exclusions, and day to runfsck
(with Sunday being 0 and Saturday being 6). - As root, execute
ssh-copy-id -i [HOSTNAME]
for each remote host to permit your local root user to log in without a password.
Remote Host Setup
Install rdiff-backup:
- RedHat/CentOS:
# dnf install rdiff-backup
- Debian/Ubuntu:
# apt-get install rdiff-backup
In keeping with the principles of least privilege and least functionality, the use of the shared key on the remote host can be restricted to executing only the rdiff-backup client.
- Edit
/root/.ssh/authorized_keys
. - Prepend the shared key with:
command="/usr/bin/rdiff-backup --server --restrict-read-only /"
Executing the First Run
Running the job manually will create the initial backup and ensure that the job can execute without errors. Execute the following on the local host, substituting your configuration file:
# /usr/local/sbin/rdiff-backup.sh /etc/rdiff-backup.conf.d/rdiff-host.example.conf
Scheduling the Job
Use cron to schedule recurring jobs on the local host. For example, create /etc/cron.d/rdiff-backup
containing the following to run the rdiff-host.example.com.conf
job once per day at 04:00:
00 04 * * * root /usr/local/sbin/rdiff-backup.sh /etc/rdiff-backup.conf.d/rdiff-host.example.com.conf
Notes and Caveats
The fsck function runs in conjunction with a backup job, so it’s important to have at least one job scheduled on the day configured for FSCK_DAY.