Differenze tra le versioni di "Server/horror/Technical documentation"
(policy) |
(more stuff) |
||
Riga 5: | Riga 5: | ||
Server administrators can be authorized to enter with a dedicated account using SSH. | Server administrators can be authorized to enter with a dedicated account using SSH. | ||
+ | |||
+ | ; You need: A good reason. | ||
+ | |||
+ | ; Instructions | ||
<pre> | <pre> | ||
Riga 19: | Riga 23: | ||
A system administrator with [[#Server access]] and enough privileges can login in the server via SSH. | A system administrator with [[#Server access]] and enough privileges can login in the server via SSH. | ||
+ | |||
+ | ; You need: sysadmin experience with GNU/Linux. | ||
+ | |||
+ | ; Instructions | ||
All recent backups are here: | All recent backups are here: | ||
Riga 43: | Riga 51: | ||
If it does not work, make sure to have the right [[#Server access]] privileges. | If it does not work, make sure to have the right [[#Server access]] privileges. | ||
− | == Filesystem | + | == Filesystem policies == |
+ | |||
+ | Here is a summary of the main filesystem pathnames | ||
{| class="wikitable" | {| class="wikitable" | ||
! Path | ! Path | ||
− | ! | + | ! owner:group |
− | ! | + | ! Permissions |
! Description | ! Description | ||
|- | |- | ||
Riga 70: | Riga 80: | ||
| The user ''project'' must be the only one allowed to access in its sub-directory. | | The user ''project'' must be the only one allowed to access in its sub-directory. | ||
|} | |} | ||
+ | |||
+ | == Add a project under the backup umbrella == | ||
+ | |||
+ | ; You need | ||
+ | |||
+ | * a GNU/Linux server (''foo'') with some files to be saved | ||
+ | * SSH access to server ''foo'' | ||
+ | * SSH access to server {{Server link|horror}} ([[#Server access]]) and <code>sudo</code> | ||
+ | * knowledge of SSH keys | ||
+ | * knowledge of data transfers over SSH (e.g. using rsync) | ||
+ | |||
+ | ; Instructions | ||
+ | |||
+ | In short you just need to create a directory on server {{Server link|horror}} and a dedicated user able to read/write in that directory. Then, you can push backups on that directory. | ||
+ | |||
+ | Some pseudo-instructions to be executed from server {{server link|horror}} to create a new project ''foo'' to be added under its backup umbrella: | ||
+ | |||
+ | <pre> | ||
+ | USERNAME=foo | ||
+ | PROJECT=foo.wikimedia.it | ||
+ | |||
+ | sudo adduser --disabled-password $USERNAME | ||
+ | |||
+ | sudo mkdir --parents /var/backups/wmi/"$PROJECT" | ||
+ | sudo chown $USERNAME:$USERNAME /var/backups/wmi/"$PROJECT" | ||
+ | </pre> | ||
+ | |||
+ | The final purpose is to execute this command daily <u>from you server ''foo''</u>: | ||
+ | |||
+ | rsync /my/important/pathname foo@horror.wikimedia.it:/var/backups/wmi/foo.wikimedia.it | ||
+ | |||
+ | For example using a crontab. | ||
+ | |||
+ | It's that simple. | ||
+ | |||
+ | If want to have don't want to manually run an rsync to push backups but you want some syntax sugar or you want to also do dumps or start/stop services, here some useful backup scripts which can be used to make on-site backups, and then send the copy to server {{Server link|horror}}: | ||
+ | |||
+ | * https://gitpull.it/source/micro-backup-script/ | ||
+ | * ... |
Versione delle 16:29, 8 mar 2022
Public technical documentation for the server ⚙️ horror
, dedicated to off-site backups.
Server access
Server administrators can be authorized to enter with a dedicated account using SSH.
- You need
- A good reason.
- Instructions
ssh name-surname@horror.wikimedia.it
Be sure to be authorized before trying. Do not try random attempts or you will be blocked.
Request access policy:
Overview
A system administrator with #Server access and enough privileges can login in the server via SSH.
- You need
- sysadmin experience with GNU/Linux.
- Instructions
All recent backups are here:
/var/backups/wmi
Older copies can be obtained adding a numeric suffix. For example the 2-days-old backups are here:
/var/backups/wmi.2
Note that all sub-directories can be accessed only if you are its dedicated user.
For example all of these are owned by the user lessema
:
/var/backups/wmi/lessema.wikimedia.it /var/backups/wmi.1/lessema.wikimedia.it /var/backups/wmi.2/lessema.wikimedia.it /var/backups/wmi.3/lessema.wikimedia.it
So to get these copies do something like this:
rsync lessema@horror.wikimedia.it:/var/backups/wmi/lessema.wikimedia.it .
If it does not work, make sure to have the right #Server access privileges.
Filesystem policies
Here is a summary of the main filesystem pathnames
Path | owner:group | Permissions | Description |
---|---|---|---|
/var/backups/wmi | root:root | 755 | Everyone should be allowed to list its sub-directories to list the available latest backups.
|
/var/backups/wmi.* | root:root | 750 | Everyone should be allowed to list its sub-directories to know the available old backups.
|
/var/backups/wmi/project | project:project | 750 | The user project must be the only one allowed to access in its sub-directory. |
Add a project under the backup umbrella
- You need
- a GNU/Linux server (foo) with some files to be saved
- SSH access to server foo
- SSH access to server
⚙️ horror
(#Server access) andsudo
- knowledge of SSH keys
- knowledge of data transfers over SSH (e.g. using rsync)
- Instructions
In short you just need to create a directory on server ⚙️ horror
and a dedicated user able to read/write in that directory. Then, you can push backups on that directory.
Some pseudo-instructions to be executed from server ⚙️ horror
to create a new project foo to be added under its backup umbrella:
USERNAME=foo PROJECT=foo.wikimedia.it sudo adduser --disabled-password $USERNAME sudo mkdir --parents /var/backups/wmi/"$PROJECT" sudo chown $USERNAME:$USERNAME /var/backups/wmi/"$PROJECT"
The final purpose is to execute this command daily from you server foo:
rsync /my/important/pathname foo@horror.wikimedia.it:/var/backups/wmi/foo.wikimedia.it
For example using a crontab.
It's that simple.
If want to have don't want to manually run an rsync to push backups but you want some syntax sugar or you want to also do dumps or start/stop services, here some useful backup scripts which can be used to make on-site backups, and then send the copy to server ⚙️ horror
: