rattail/rattail-manual
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add docs for rattail backup command

Browse source
This commit is contained in:
Lance Edgar 2021-10-31 21:18:04 -05:00
parent 47fb1e451a
commit 25d1c1b739
10 changed files with 667 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/backup/borg.rst
View file

@ -1,5 +0,0 @@
Borg
====
TODO

149
docs/backup/config.rst Normal file
View file

@ -0,0 +1,149 @@
.. highlight:: ini
===============
Configuration
===============
The backup "app" you have installed is really just Rattail proper, so
the config we will describe adheres to normal Rattail conventions.
See :doc:`/base/config/index` for more background on that.
We put all pertinent config in one file at
``/srv/envs/backup/app/rattail.conf`` and this will control behavior
of the ``rattail backup`` command.
Config File: ``rattail.conf``
=============================
This is the primary config file for the backup app. Out of necessity
it will vary for different people and the different machines they need
to backup. As such there is no "official" copy to be deployed by
Fabric.
So create the file at ``/srv/envs/backup/app/rattail.conf`` and in it
put these contents as your starting point::
############################################################
#
# config for backups
#
############################################################
##############################
# rattail
##############################
[rattail]
timezone.default = America/Chicago
[rattail.config]
configure_logging = true
[rattail.backup]
dbdump = true
rsync = false
borg.enabled = false
##############################
# logging
##############################
[loggers]
keys = root
[handlers]
keys = file, console
[formatters]
keys = generic, console
[logger_root]
handlers = file, console
level = DEBUG
[handler_file]
class = handlers.RotatingFileHandler
args = ('/srv/envs/backup/app/log/rattail.log', 'a', 1000000, 20, 'utf_8')
formatter = generic
[handler_console]
class = StreamHandler
args = (sys.stderr,)
formatter = console
[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(funcName)s: %(message)s
datefmt = %Y-%m-%d %H:%M:%S
[formatter_console]
format = %(levelname)-5.5s [%(name)s][%(threadName)s] %(funcName)s: %(message)s
.. caution::
It is a good idea to "lock down" this file. There are no secrets
(passwords etc.) in the example above, but it's possible you may
need to add them in the future, e.g. Borg encryption passphrase.
So it's recommended that you go ahead and lock this down now:
.. code-block:: sh
sudo chown rattail: /srv/envs/backup/app/rattail.conf
sudo chmod 0600 /srv/envs/backup/app/rattail.conf
The above config file says the following:
* declares local time zone to be ``America/Chicago``
* tells Rattail that it should configure logging
* logging should be written to file at ``/srv/envs/backup/app/log/rattail.log``
* log file should be rotated when it reaches ~1MB
* logging also should go to console
* when ``rattail backup`` runs, it should:
* dump all databases to file (for postgres and mysql)
* do *not* run ``rsync``
* do *not* run ``borg create``
Later on we'll describe how to enable more features etc. But it's
recommended to follow along in order, and get the basics working
first.
Config File: ``silent.conf``
============================
The convention is to make ``rattail.conf`` specify ``DEBUG`` as the
main log level, not only for logging to file but also to console. For
instance that is what the above example does.
So the convention also is to add a ``silent.conf`` file which
suppresses "normal" noise for the console logging. Warnings and
errors will still make it through, so "silent" does not mean "silent
failure" - just "no ambient noise".
Rattail can create this file for you:
.. code-block:: sh
cd /srv/envs/backup
sudo -u rattail bin/rattail -c app/rattail.conf make-config -T silent -O app
After that you can specify ``app/silent.conf`` for your commands when
you want them to be "silent" - e.g. when running overnight:
.. code-block:: sh
cd /srv/envs/backup
sudo -u rattail bin/rattail -c app/silent.conf backup --help
Note that ``silent.conf`` inherits from ``rattail.conf`` so all config
from that file will still be in effect.
.. note::
When you run e.g. the default ``backup-everything`` script, if you
pass the ``--verbose`` flag then it will use ``rattail.conf`` but
if you do not then it will use ``silent.conf`` instead.

100
docs/backup/features/borg.rst Normal file
View file

@ -0,0 +1,100 @@
.. highlight:: ini
======
Borg
======
Rattail can invoke the ``borg create`` command, to make one or more
Borg archives at configured locations. For more about Borg, see
`<https://www.borgbackup.org/>`_.
This allows for multiple destinations so that to be extra super safe,
you can e.g. make archives at each of:
* second drive attached to local machine
* path on remote machine on local network
* path on remote machine in the cloud
Rattail also will invoke the ``borg prune`` command to keep the
archive repositories from growing too large etc.
Configuration
=============
You can enable the borg feature like so::
[rattail.backup]
borg.enabled = true
The borg feature is *disabled* by default but you can make that
explicit::
[rattail.backup]
borg.enabled = false
Destination(s)
--------------
Rattail supports multiple destinations for Borg archives; it will run
``borg create`` (and also ``borg prune``) separately for each defined.
As an example we'll show config with 3 destinations; hopefully from
here you can figure out how to do what you need::
[rattail.backup]
borg.remotes =
mydrive
otherserver
cloudserver
borg.remote.mydrive.repo = /mnt/mydrive/borg-storage/myserver
borg.remote.mydrive.passphrase = sooperseekrit
borg.remote.otherserver.repo = borguser@otherserver:/srv/borg-storage/myserver
borg.remote.otherserver.passphrase = sooperseekrit
borg.remote.cloudserver.repo = borguser@cloudserver:/srv/borg-storage/myserver
borg.remote.cloudserver.passphrase = sooperseekrit
The above uses the same Borg encryption passphrase for all 3
repositories but they could be different if you wanted.
If destination is on another server, in some cases you must tell
Rattail where the Borg binary lives on that server, e.g.::
[rattail.backup]
borg.remotes = cloudserver
borg.remote.cloudserver.repo = borguser@cloudserver:/srv/borg-storage/myserver
borg.remote.cloudserver.passphrase = sooperseekrit
borg.remote.cloudserver.borg = /path/to/borg
Files to Backup
---------------
This works the same way as for rsync; see
:ref:`rsync-include-exclude`.
However the actual config option names can vary in the following way:
If you prefer, or need to differentiate, you can specify the include
and exclude options with ``borg`` prefix::
[rattail.backup]
borg.include = /home
borg.exclude = /home/ignoreme
If you do specify them that way, Rattail will honor them. But if you
do not, it also will honor the same options with ``rsync`` prefix::
[rattail.backup]
rsync.include = /home
rsync.exclude = /home/ignoreme
This is because anyone using both rsync *and* borg will likely want
the same set of files backed up both ways. Also because the rsync
feature came first...

63
docs/backup/features/dbdump.rst Normal file
View file

@ -0,0 +1,63 @@
.. highlight:: ini
================
Database Dumps
================
Rattail can dump all of your databases to file so that they can be
included in the filesystem backup that happens via ``rsync`` and/or
``borg create``.
It only supports PostgreSQL and MySQL/MariaDB but those should work
out of the box. It will figure out which databases are present, then
dump each to its own file. Note that it puts them all in the
``/root/data`` folder by default.
Configuration
=============
You can enable the database dump feature like so::
[rattail.backup]
dbdump = true
Note that the dbdump feature is *enabled* by default; you can disable
like so::
[rattail.backup]
dbdump = false
If you don't like ``/root/data`` then you can change output folder::
[rattail.backup]
dbdump.output = /my/preferred/folder
Exclude certain databases which you do not need backed up (note, it
does not matter if these live in PostgreSQL or MySQL, Rattail will
just ignore these regardless where they're found)::
[rattail.backup]
dbdump.exclude = mytestdb, anotherdb
Alternate syntax for that, useful for longer lists::
[rattail.backup]
dbdump.exclude =
mytestdb
anotherdb
Or, *only* include certain databases and exclude all others::
[rattail.backup]
dbdump.include =
importantdb
anotherdb
If you want, Rattail can dump *all* tables individually as well as
dumping the databases themselves. Each database file will be
accompanied by a folder which will contain the table files::
[rattail.backup]
dbdump.dump_tables = true

22
docs/backup/features/index.rst Normal file
View file

@ -0,0 +1,22 @@
==========
Features
==========
As mentioned earlier, Rattail's backup logic can do the following:
* dump databases to file
* run ``rsync`` to copy files somewhere
* run ``borg create`` to make Borg archive(s) somewhere
Note that the database dump always happens first, so that the
resulting files can be included in the ``rsync`` or ``borg create``
runs (if applicable).
.. toctree::
:maxdepth: 3
:caption: Contents:
dbdump
rsync
borg

95
docs/backup/features/rsync.rst Normal file
View file

@ -0,0 +1,95 @@
.. highlight:: ini
=======
Rsync
=======
Rattail can invoke the ``rsync`` command to copy relevant portions of
the file system to another location.
The main disadvantage to rsync is that the "backup" is competely
replaced every time the command runs. So you always have just one
"most recent" backup.
Doing so is almost certainly better than nothing, but Borg is really a
superior solution in every way it seems. You are encouraged to use
that instead.
Configuration
=============
You can enable the rsync feature like so::
[rattail.backup]
rsync = true
The rsync feature is *disabled* by default but you can make that
explicit::
[rattail.backup]
rsync = false
By default Rattail will run ``rsync`` before it runs ``borg create``,
but you can reverse that sequence if you need to::
[rattail.backup]
rsync.last = true
Destination
-----------
Rattail only supports a single "destination" for rsync. This can be
either a "local" path, e.g. a backup drive mounted to the main
filesystem, or can be a remote path accessible via SSH.
Here is what a "local" path would look like, e.g. if we want rsync to
write files in the ``/mnt/mydrive/server-backup`` folder::
[rattail.backup]
rsync.remote_prefix = /mnt/mydrive/server-backup
And if we instead wanted rsync to write to the ``/srv/server-backup``
folder on the ``otherserver`` remote machine::
[rattail.backup]
rsync.remote_host = otherserver
rsync.remote_prefix = /srv/server-backup
.. _rsync-include-exclude:
Files to Backup
---------------
Rattail will by default only include certain folders in the rsync run,
and avoid things like the ``/tmp`` folder etc. You can override this
as needed, but here is the default list of what it includes::
[rattail.backup]
rsync.include =
/etc
/home
/opt
/root
/srv
/usr/local
/var
Rattail will also exclude some things by default; again override as
needed but here is that default list. Note that the convention used
is to specify trailing slash for folders, and not for files. These
values are passed directly to the ``rsync`` command so ultimately it
will be interpreting them::
[rattail.backup]
rsync.exclude =
/var/cache/
Note that it is only necessary to *exclude* things which fall "within"
folders which are *included* ..e.g. no reason to explicitly exclude
the ``/tmp`` folder since it wasn't included. But since ``/var`` is
included we must exclude ``/var/cache`` or else it would be backed up
along with the rest.

17
docs/backup/index.rst
View file

@ -2,9 +2,24 @@
Backup Layer
============
Rattail provides a command (``rattail backup``) to orchestrate the
backup of Linux machines (sorry, no Windows support). That is what
we'll discuss here.
Note that this can be used to backup "any" Linux machine, if you
install the utilities described. In other words it's not just for
backing up a "Rattail server" per se.
In fact even if you *do* have a Rattail app server, it's recommended
that you install the "backup app" separately and do not put your
existing Rattail app in charge of backups.
.. toctree::
:maxdepth: 2
:caption: Contents:
overview
borg
install
config
running
features/index

162
docs/backup/install.rst Normal file
View file

@ -0,0 +1,162 @@
.. highlight:: sh
==============
Installation
==============
As usual there is more than one way to go about this. You basically
have these 2 options out of the gate:
* manual install
* scripted install via Fabric
Choice is yours. If you are interested in Fabric, see
:doc:`/deploy/index` and the ``rattail_fabric2.backup`` module for
more info. That (rattail-fabric2) package is available on PyPI, or
can peek at the `module source`_.
.. _module source: https://kallithea.rattailproject.org/rattail-project/rattail-fabric2/files/master/rattail_fabric2/backup.py
Here we will only describe the manual installation.
The following links offer more background should you want it. But
we'll provide the basic commands you need, further below.
* :doc:`/base/reqs`
* :doc:`/base/venv`
* :doc:`/base/install/index`
Note also, the steps below are "established convention" so to speak,
but only in the Rattail world. If you follow along exactly then
things should work, but you of course can tweak as needed.
Virtual Environment
===================
If you don't already have one, make a home for virtual environments.
Note that we assume this folder should be owned by the ``rattail``
user account. If you don't have that, specify a different owner::
sudo mkdir -p /srv/envs
sudo chown rattail: /srv/envs
Then make your ``backup`` virtual environment::
sudo -u rattail python3 -m venv /srv/envs/backup
Backup App
==========
Install the Rattail package to the virtual environment. Note that we
specify ``rattail[backup]`` which causes it to also install Borg::
cd /srv/envs/backup
sudo -u rattail bin/pip install rattail[backup]
You can just use ``pip install rattail`` instead if you do not want Borg.
We then invoke Rattail to create our ``app`` folder, which is where
config will live::
cd /srv/envs/backup
sudo -u rattail bin/rattail make-appdir
And that's it for the software, unless you also want ``rsync``::
sudo apt install rsync
Backup Scripts
==============
It is suggested that you also create the following scripts, for
convenience.
Note that these scripts will *not* work properly until you add config
files; see :doc:`config`. But it's fine to get the scripts in place
first since they probably won't need to change later on.
Note also that these scripts are designed to be ran only by the
``root`` user. They will warn and not take action, when ran by anyone
else.
Script: ``rattail-backup``
--------------------------
The purpose of this script is simply to wrap the underlying ``rattail
backup`` command, specifying the appropriate config file etc. Any
arguments you pass to it will be passed on to the command.
Instead of listing the contents of this file here, we will direct you
to the "official" copy which can be deployed via Fabric:
`<https://kallithea.rattailproject.org/rattail-project/rattail-fabric2/rawfile/master/rattail_fabric2/deploy/backup/rattail-backup.mako>`_
You will need to (globally) replace the text ``${envname}`` with
``backup`` but otherwise that can be used as-is.
Place this file at ``/usr/local/bin/rattail-backup`` and make it
executable::
sudo chmod 0755 /usr/local/bin/rattail-backup
Run it like so; note that ``--help`` is not interpreted by the script
but rather is passed on to the underlying command::
sudo -H rattail-backup --help
If you were to run the "same" command but without the wrapper script,
it would look like::
cd /srv/envs/backup
sudo -H bin/rattail -c app/rattail.conf backup --help
Script: ``backup-everything``
-----------------------------
The purpose of this script is to give the admin user a single "entry
point" for running backups on "all" machines regardless of their
configuration details.
Really the ``rattail-backup`` script could be used for this too, but
``backup-everything`` just has a more authoritative sound to it.
Again instead of listing the file contents we will direct you to the
"official" copy which can be deployed via Fabric:
`<https://kallithea.rattailproject.org/rattail-project/rattail-fabric2/rawfile/master/rattail_fabric2/deploy/backup/backup-everything.mako>`_
Again you will need to (globally) replace the text ``${envname}`` with
``backup`` but you also should comment-out the line which tries to
invoke ``app/upgrade.sh`` (unless you have that and want to use it).
Place this file at ``/usr/local/bin/backup-everything`` and make it
executable::
sudo chmod 0755 /usr/local/bin/backup-everything
This script also wraps the underlying ``rattail backup`` command.
Note that it does *not* wrap the ``rattail-backup`` script (from
previous section).
Really unless you modify this script, it will *just* run the ``rattail
backup`` command, again with the appropriate config file, but without
any other arguments, so any extra ones you specify will *not* be
passed on to the underlying command.
Run it like so; note that it only takes one optional argument,
``--verbose``::
sudo -H backup-everything [--verbose]
If you were to run the "same" command but without the wrapper script,
it would look like::
cd /srv/envs/backup
sudo -H bin/rattail -c app/rattail.conf backup

15
docs/backup/overview.rst
View file

@ -2,4 +2,17 @@
Overview
========
TODO
The ``rattail backup`` command can do a few things, any or all of the
following based on how you configure and/or invoke it:
* dump database(s) to file (supports PostgreSQL and MySQL/MariaDB)
* run ``rsync`` for certain folders, copying to local or (via SSH) remote path
* run ``borg create`` to make a Borg backup archive, on local or remote path
Recommended practice is to create a ``backup-everything`` script which
hides the invocation details. The idea being, on "any" machine you
should be able to just do this and everything should work:
.. code-block:: sh
sudo -H backup-everything --verbose

46
docs/backup/running.rst Normal file
View file

@ -0,0 +1,46 @@
.. highlight:: sh
=====================
Running the Command
=====================
If you have installed and configured the backup app, you can run it
like so::
cd /srv/envs/backup
sudo -H bin/rattail -c app/rattail.conf backup
Overnight tasks should probably use ``app/silent.conf`` instead::
cd /srv/envs/backup
sudo -H bin/rattail -c app/silent.conf backup
Either of those will cause Rattail to invoke its backup logic. Since
neither of those passes any extra args to the backup command, the
behavior will be determined only by the config file.
If you are following along in order, and only have the "sample"
``rattail.conf`` file in place, that tells Rattail to:
* dump all databases to file (for postgres and mysql)
* do *not* run ``rsync``
* do *not* run ``borg create``
But of course that is just for the sample; your config file may tell
Rattail to do something else.
Command Parameters
==================
The above shows "normal" use, when you just run ``rattail backup`` and
do not specify any params. But there are some available, e.g. so you
can run just the ``rsync`` part but nothing else, despite what config
says.
They are not yet documented here; for now please see the built-in
help::
cd /srv/envs/backup
sudo -H bin/rattail -c app/rattail.conf backup --help