Automating Rdiff-backup with Bash

By | 2021-Feb-26

Rdiff-backup is a robust and well-documented tool for performing reverse differential backups. It is particularly well suited for using Linux and SSH to perform incremental backups of remote Linux systems.

This onezeroone.dev script automates the use of rdiff-backup to perform incremental backups of one or more remote Linux systems over SSH to a dedicated local volume. When used properly, it will:

  • Mount a volume dedicated for rdiff-backup increments.
  • Execute rdiff-backup against the specified remote host, backing up a default set of directories along with any additional directories specified on a per host/job basis.
  • Remove increments older than the configured age.
  • Unmount the rdiff-backup volume.
  • Perform a weekly fsck of the rdiff-backup volume.

Setup Instructions

Local Host Setup

  1. Attach a volume or create a dedicated partition for rdiff-backup increments. This volume should be formatted with your preferred filesystem e.g., xfs or ext4.
  2. Use blkid to enumerate the UUID for your volume and add it to /etc/fstab as follows, substituting your UUID, preferred mount point, and filesystem type:

    UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /srv/rdiff xfs noauto 0 0

  3. Clone or download this onezeroone script and configuration example from GitHub where it is licensed under the GPL 2.0.
  4. Copy rdiff-backup.sh to /usr/local/sbin and make it executable with chmod 700 /usr/local/sbin/rdiff-backup.sh.
  5. Create your configuration files directory e.g., /etc/rdiff-backup.conf.d and copy in the example configuration file.
  6. Copy and edit the example configuration file to create a job configuration file for each remote host.
  7. Edit the USER DEFINABLE VARIABLES section of the script to update the rdiff-backup volume UUID, mount point, configuration files directory, default inclusions, default exclusions, and day to run fsck (with Sunday being 0 and Saturday being 6).
  8. As root, execute ssh-copy-id -i [HOSTNAME] for each remote host to permit your local root user to log in without a password.

Remote Host Setup

Install rdiff-backup:

  • RedHat/CentOS: # dnf install rdiff-backup
  • Debian/Ubuntu: # apt-get install rdiff-backup

In keeping with the principles of least privilege and least functionality, the use of the shared key on the remote host can be restricted to executing only the rdiff-backup client.

  1. Edit /root/.ssh/authorized_keys.
  2. Prepend the shared key with:

    command="/usr/bin/rdiff-backup --server --restrict-read-only /"

Executing the First Run

Running the job manually will create the initial backup and ensure that the job can execute without errors. Execute the following on the local host, substituting your configuration file:

# /usr/local/sbin/rdiff-backup.sh /etc/rdiff-backup.conf.d/rdiff-host.example.conf

Scheduling the Job

Use cron to schedule recurring jobs on the local host. For example, create /etc/cron.d/rdiff-backup containing the following to run the rdiff-host.example.com.conf job once per day at 04:00:

00 04  *  *  * root /usr/local/sbin/rdiff-backup.sh /etc/rdiff-backup.conf.d/rdiff-host.example.com.conf

Notes and Caveats

The fsck function runs in conjunction with a backup job, so it’s important to have at least one job scheduled on the day configured for FSCK_DAY.