Diff for "TechDocs/OfficeBackUp"

Differences between revisions 33 and 34
Revision 33 as of 2023-03-22 09:41:40
Size: 8867
Editor: linus
Comment:
Revision 34 as of 2024-01-04 11:18:52
Size: 8964
Editor: irakli
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
{{{#!wiki warning
'''This page has been moved to [[https://docs.fsfe.org|FSFE docs]]'''
}}}

This page has been moved to FSFE docs

#acl Group/Team:read,write,admin,delete,revert All:read

Backup Office Computers

This guide explains the recommended way to do backups for people working in the FSFE's office, so staff and interns. It can be useful for other groups as well but may require some modifications.

Currently, the programme we use to create backups is BorgBackup, often simply called borg. Its main features: great backup speed (even when using weak internet connections), space-efficiency, encryption by default, and clever ways for restoring data. It however lacks a stable graphical user interface so users are required to work on the command line for now. But don't be afraid: it is not hard!

The default setting for the backups is saving your home directory, so for example /home/LOCALUSER/ on your GNU/Linux computer, which is equivalent with ~. This is the place where all personal data and application configuration should be stored. Please refrain from storing important information outside of this directory – if you decide otherwise, make sure to include it in your backup schema.

Preparation

First, you will have to install the necessary software packages and think of a strong password. Then, you need to configure access to the remote destination your backups will be stored in. Afterwards, you will setup the script which makes the backup really simple.

In this guide we assume that your FSFE user name is FSFEUSER. Make sure to replace this throughout the guide accordingly.

Software Requirements (Graphical User Interface method - easy)

Make sure to install the software in the list below using your package manager. It should be existent in most GNU/Linux distributions.

  • ssh

  • borgbackup or borg (depending on your operating system it may have different names, see this overview)

  • vorta (either available directly in your system's normal package repositories. If not, head over the installation instructions or ask your colleagues for help by mentioning which operating system + version you use)

Software Requirements (Terminal method - advanced)

Make sure to install the software in the list below using your package manager. It should be existent in most GNU/Linux distributions.

  • ssh

  • borgbackup or borg (depending on your operating system it may have different names, see this overview)

  • borgmatic (either available directly in your system's normal package repositories. If not, head over the installation instructions or ask your colleagues for help by mentioning which operating system + version you use)

Set a backup password

Borg encrypts all your backups securely to protect your sensitive data. Therefore, their security heavily depends on the strength of your password and how well you protect it. If you lose the password, there is no way to recover your backups! This section will help you find a good password for borg, and how you can save it on your computer for (semi)-automated backups.

Finding a good password is not trivial, and there are many strategies. This famous XKCD comic suggests using combined words, but you can also use a password manager like pass, KeePass, or KeePassXC to auto-generate lots of loooong passwords protected with only one strong master password you have to remember. Whatever you choose for your backups, make sure you only use it for this purpose only and have a safe place to store it, even if your computer is stolen, burns to death, explodes or is kidnapped by evil aliens. Ask your colleagues and/or the internet for tipps.

Again, it is crucial that your password is securely stored somewhere else then on your work computer. You can only restore the backup with this password! So if you use a password manager, please make sure that you will be able to access its content if your computer, apartment, local backup disk explodes, is stolen, or kidnapped by aliens.

Create SSH key

You will backup your files to a remote place. In order to gain access to this space, you will have to set up a SSH key. Like a GnuPG key, this is a secure way to authenticate yourself.

  1. Check whether you already have an SSH key: Type ls -al ~/.ssh in your GNU/Linux terminal. If id_rsa and id_rsa.pub appears, you already have a SSH key. If not, continue with step 2.

  2. Generate a new SSH key by typing ssh-keygen -t rsa -b 4096 -C "FSFEUSER@fsfe.org". Omit typing in a password if you are sure that you can protect your SSH private key (it's like a house key!). If you set a password, consider using ssh-agent to avoid having to type in the SSH key's password each time you use it.

Request backup storage creation

Now it is time to create the remote backup storage. This is handled by our System Hackers.

Send an email to contact@fsfe.org asking for the backup store. Provide the following information:

  • Which folders would you like to have stored in your backup? By default, we save the whole home directory, but you can provide more if necessary
  • Attach your public SSH key id_rsa.pub. You will find it in ~/.ssh/. Make sure to send the file suffixed with .pub, the other one is your private key!

You can only continue with the next step as soon as you have received a reply.

Configure the backup (Graphical User Interface method)

It's probably easiest, if you simply watch the video that details all the steps using the graphical client called Vorta. You can find it on Nextcloud. Simple navigate to Staff > Tech Sessions > Tech Session 3 - Backups. There, you will find a short version (~ 20 minutes) in which everything you need to do in order to start making backups is shown.

Configure the backup (Terminal method)

In the reply, you will receive a configuration file for borgmatic. Borgmatic is a so-called wrapper for borg which makes initialisation and creation of backups easier for you. Let us configure borgmatic once:

  1. Save the file config.yaml in the directory ~/.config/borgmatic/. If this directory does not exist, please create it.

  2. Open the file and replace <REPLACE_WITH_PASSWORD> with the strong password you have chosen before

Now, you can initiate the borg repository. This only has to be done once.

  1. Open a terminal and run the following command: borgmatic -I -e repokey-blake2

  2. You will see something like The authenticity of host 'a3p79bh3.repo.borgbase.com (148.251.50.177)' can't be established.. Type yes to confirm.

  3. Then, you will see some information about your borg version and security considerations. If you see something completely different, reply back to the System Hacker you had contact with.

Run a backup (Terminal method)

Now you are set to run your first backup. Since you will send it to a remote server, it can take quite some time. In the Berlin office, an initial backup of 10 GB might well take ~1 hour. But all following backups will be much faster and a matter of a few minutes.

The first command creates a backup. You will see some progress and information about the running and finished backup. If it's finished, the last lines of the output will indicate clearly whether it has been successful or not. Afterwards, the second command cleans older backups according to the retention policy in order to save worthy backup space. This will keep daily backups for the last 7 days, a weekly backup for 4 weeks, a monthly backup for 12 months, and a yearly backup for 2 years. This is a well-known policy in system administration. Please run this command:

borgmatic --create --progress --stats

borgmatic --prune --stats

Getting help and Error messages (Terminal method)

If after the first try to run a backup there was an error message and the backup process did not start you can try the following:

  1. Open the config.yaml in the editor of your choice (e.g. vim, gedit, nano, ...)
  2. Replace the ~ in the source_directories with the folder you want to backup like /home/name_of_your_folder

If you would like to learn more about borg, the different commands and useful parameters, please have a look at the borg documentation. It is well written and continuously maintained. Other resources might be the wikis of your GNU/Linux distributions, so for instance UbuntuUsers or the Arch Linux Wiki.

The perspective of the System Hackers is explained here.

TechDocs/OfficeBackUp (last edited 2024-01-04 11:18:52 by irakli)