#language en #refresh 999999 ## nearly two weeks until an update occurs [[TableOfContents(2)]] = Overview = == Basic data == || Hostname || `b.fluid.tuwien.ac.at` || || Purpose || backup server || || Operating system || Debian Stretch || || Management interface || http://mb.fluid.tuwien.ac.at || || Backup storage capacity || 70TB || || Client data storage capacity || 3.5TB || || Authentication options || local accounts, TU password || || Manuals || [attachment:QRG-1785.pdf Quick Reference Sheet], [attachment:MNL-1785.pdf User Manual] || == Admins == * Thomas Loimer * Iris Fula * Francesco Zonta * Rudolf Ladner (ZID) * Sebastian Boehm (ZID) = Backups = * Clients synchronise data to `/home` on `b.fluid` using `rsync`. * A daily cronjob on `b.fluid` saves versioned backups of all data in `/home` to `/mnt/backups`. * The daily backup is performed using [http://borgbackup.readthedocs.io Borg]. * Daily backups are kept for a week, weekly backups are kept for a month, monthly backups are kept for a year. Data older than one year will be discarded at the discretion of the admins. * Due to the amount of data on `s15.fluid` and `s16.fluid`, these hosts do not use `rsync`, but directly target `/mnt/backups` using `borg` instead. == Directory structure == {{{ /mnt/backup/ ├── b │ └── home ├── gs2 ├── s15 │ └── home ├── s16 │ ├── data │ └── home ├── user1 │ ├── pc1 │ └── pc2 └── user2 └── pcname }}} = Configuration = == Basic shell setup, etckeeper == {{{ cat > /etc/etckeeper.conf < /etc/apt/sources.list.d/grml.list < /etc/apt/preferences.d/grml-pin << EOF Package: * Pin: release a=grml-stable Pin-Priority: 200 EOF apt-key --keyring /etc/apt/trusted.gpg.d/grml.gpg adv \ --keyserver keyserver.ubuntu.com \ --recv-keys ECDEA787 apt-get update apt-get -y install grml-etc-core grml-debian-keyring wget https://raw.githubusercontent.com/sometimesfood/chef-admin-essentials/master/files/default/tmux.conf -O /etc/tmux.conf chsh -s /bin/zsh chsh -s /bin/zsh oswat touch ~oswat/.zshrc cat > /etc/default/locale < /etc/apt/sources.list.d/hwraid.list < /etc/nslcd.conf < /dev/null || useradd -mr -d /mnt/backup/s15 s15-root id -u s16-root &> /dev/null || useradd -mr -d /mnt/backup/s16 s16-root useradd -mr -d /mnt/backup/gs2 gs2-root mkdir -p ~s15-root/.ssh/ mkdir -p ~s16-root/.ssh/ runuser -u gs2-root -- mkdir -m 700 ~gs2-root/.ssh cat > ~s15-root/.ssh/authorized_keys << EOF command="borg serve --restrict-to-path /mnt/backup",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwa/VwQXhMtDU6YLDdP5qsb0dyp4grUnipuQ43ouihd root@s15 EOF cat > ~s16-root/.ssh/authorized_keys << EOF command="borg serve --restrict-to-path /mnt/backup",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODF3X5KE0P66SYdOfmePdK/Wp2puusNQsX1HbMBjv5V root@s16 EOF chown s15-root:s15-root ~s15-root/.ssh/authorized_keys chown s16-root:s16-root ~s16-root/.ssh/authorized_keys chmod 600 ~s15-root/.ssh/authorized_keys chmod 600 ~s16-root/.ssh/authorized_keys mkdir -p /mnt/backup/s15/home mkdir -p /mnt/backup/s16/{home,data} mkdir -p /mnt/backup/b/home chown -R s15-root:s15-root /mnt/backup/s15 chown -R s16-root:s16-root /mnt/backup/s16 }}} == Backup of home directories == {{{ [[ -d /opt/borgscripts ]] || git clone oswat@b.fluid.tuwien.ac.at:backup-scripts.git /opt/borgscripts cat > /etc/cron.d/borg-backup < /etc/cron.d/borg-prune < /etc/systemd/timesyncd.conf </etc/cron.d/find-old-backups <