Solved ZFS backup script

fred974

Daemon

Reaction score: 37
Messages: 1,598

Hi all,

I use the script bellow to do a differential backup and sent the snapshots to an external server...
Could anyone please tell me if this can be achieve as non root user? ssh root@$host......
Code:
#!/bin/sh
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:
pool="zprod"
destination="zback/zprod"
host="62.30.xxx.xxx"

if [ -f /tmp/backupscript.lock ]; then
        logger -p local5.notice "Backup did not complete yesterday FAILED"
    echo  "Backup did not complete yesterday FAILED" | /usr/bin/mail -s "Backup Report" root
        exit 1
else
        touch /tmp/backupscript.lock
fi

today=`date +"$type-%Y-%m-%d"`
yesterday=`date -v -1d +"$type-%Y-%m-%d"`
day=`date -v -30d +"$type-%Y-%m-%d"`

# create today snapshot
snapshot_today="$pool@$today"

# look for a snapshot with this name
if zfs list -H -o name -t snapshot | sort | grep "$snapshot_today$" > /dev/null; then
        logger -p local5.notice "snapshot, $snapshot_today, already exists skipping"
else
        logger -p local5.notice "Taking todays snapshot, $snapshot_today"
        zfs snapshot -r $snapshot_today
fi

# look for yesterday snapshot
snapshot_yesterday="$pool@$yesterday"
if zfs list -H -o name -t snapshot | sort | grep "$snapshot_yesterday$" > /dev/null; then

        if zfs send -R -i $snapshot_yesterday $snapshot_today | mbuffer -q -v 0 -s 128k -m 1G | ssh root@$host "mbuffer -s 128k -m 1G | zfs receive -Fdu $destination" > 0; then
                logger -p local5.notice "Backup OK"
        echo  "Backup OK" | /usr/bin/mail -s "Backup Report" root
        else
                logger -p local5.error "Backup FAILED"
        echo  "Backup FAILED" | /usr/bin/mail -s "Backup Report" root
        exit 1
        fi
        rm /tmp/backupscript.lock
        zfs destroy -r $day
        exit 0
else
        logger -p local5.error "missing yesterday snapshot Backup FAILED"
    exit 1
fi
 
OP
OP
fred974

fred974

Daemon

Reaction score: 37
Messages: 1,598

/etc/ssh/sshd_config
Code:
Match Address 196.12.xxx.xxx
        PermitRootLogin yes
 

ralphbsz

Daemon

Reaction score: 1,270
Messages: 2,039

You want to run this as a non-root user? I think the following would work: Use sudo to start it. You could even create a short wrapper script, containing just the sudo, to make it more user-friendly.
 

phoenix

Administrator
Staff member
Administrator
Moderator

Reaction score: 1,264
Messages: 4,099

For our backups we use a separate non-root account with a password-less SSH key for logins, configured to run rsync via password-less sudo.

That way, root password is never transmitted anywhere, root logins are not enabled anywhere, password-based logins aren't used, and only a single command is allowed to be executed as root.
 
Top