Rsync your backups
Rsync your backups
This is a quick guide on how to setup rsync to replicate your backups made using the backup script to other servers across the Internet. Why would you do this? Lets say that you're already making backups using the backup script. Now lets say the hard drive physically fails. How do you get all of your emails, accounts, domains, etc. back? You don't. Start rebuilding them by hand.
Enter rsync. It's an easy way to allow you to copy/move your files across the Internet. In this example, we're going to do this over an SSH tunnel for security. There are other ways to do this, such as setting up NFS and a share to copy the archives to, so do your research and planning for what will provide you with the features you need.
This example does not allow you to create a cluster system. The only thing it does is put a copy of your backup files on another machine so that in the event of a physical failure you can restore your system. This backup will not be an instantaneous copy of your system; it will only be a copy of the QMail-Toaster system at the time the backu script was run. Nothing more, nothing less. With that said, here we go:
First thing we should do is log into the machine that we're going to send the archives to. In this example, we'll call the machine that QMail-Toaster is currently running on qt1.example.com, and the machine that we're sending the backup to as bak1.example.com. We're also going to assume that you will be using your root account on both machines; this is not the most secure method, so if you are ultra-paranoid you may want to search the Internet a little to see how to accomplish this with unprivileged accounts, or use a keychain daemon. The bulk of this example will still apply. So from qt1.example.com, execute this (assuming you have not changed your SSH ports):
If this is the first time this macine has logged into bak1.example.com, it should warn you that the fingerprint is not on file, and ask if you want to create it. Answer yes, and login with your password. You have now cached the fingerprint of the machine. Go ahead and type
to log out of bak1.example.com and you should now be back in qt1.example.com.
Next we're going to go ahead and create a RSA key to allow qt1.example.com to create SSH tunnels to bak1.example.com without having to use a password. Why? To create CRON jobs that allow you to copy your backup files to bak1.example.com without you having to actually monitor the process or be there.
Okay, on qt1.example.com, type this to create the RSA key:
ssh-keygen -t rsa
Just hit enter when it asks for a passphrase, or look at a keychain daemon.
And now you can either view the contents of the file and paste it on bak1.example.com, or use scp to copy the file to bak1.example.com:
scp ~/.ssh/id_rsa.pub bak1.example.com:
And enter your password again. Now we just need to move the RSA key into the proper location on bak1.example.com:
cat id_pub.rsa >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
And that should be it.
out of bak1.example.com, and now try to SSH to it; it should not ask you for a password now. Whoopie! Okay,
back out of bak1.example.com, and let's create a cron job to send your backup of QMail-Toaster to a folder called /root/qmtbackup on bak1.example.com created in the previous step. Type:
This will put you in (default) vi for editing the cron tabs. Hit i to begin inserting text.
0 1 * * * qmail-backup.sh
This tells your system to run the qmail-backup.sh script (qtp-backup.sh if installed via QTPlus) at 1:00am every night. Adjust to your taste; I try and run my during "slow" times. Depending on the size of your system (and mail) it can take anywhere from 3 minutes to run, to over 3 hours. You may want to run the command manually once to see how long it will take on your system. We're going to assume it take 15 minutes to run in this example. Since we have this vital information, let's go ahead and tell the system to send the backup to bak1.example.com, over a SSH tunnel and compress the data during transit to minimize bandwidth and time, as well as deleting any old copies of the backup:
15 2 * * * rsync -az --delete -e ssh /backup/qmailbackup/ email@example.com:~/qmtbackup/
This crontab tells your system to copy the backup to bak1.example.com at 2:15am (I gave it an extra hour to complete the backup, just in case), and to remove any old copies. Okay, what it's actually doing is syncing the dirs between the two systems, so whatever is in /backup/qmailbackup on qmt1.example.com will mirror (sync) to ~/qmtbackup on bak1.example.com every night at 2:15am. If you put other files in /backup/qmailbackup on qt1.example.com, it will also get copied to ~/qmtbackup on bak1.example.com. Whatever gets deleted from /backup/qmailbackup on qt1.example.com will also be deleted from ~/qmtbackup on bak1.example.com. If you don't want to remove any files, just remove the --delete directive from the crontab. Okay, let's wrap it up. crontab -e normally uses vi as it's editor, so hit escape to get out of insert mode, then enter:
To write the file and exit out of vi. That's it. It will now do a backup of your mail server at 1am, and copy the backup file to your backup machine at 2:15am in the event that you need to restore from a backup.