a while back i mentioned that i had modded some existing backup scripts to make
one that supports encryption of dumps using gpg. i would appreciate any
suggestions on how to make the script better and hope that others find it to be
useful. i'm using it to do backups for a couple groups of machines for ~2 months
and it's been working fine.
change the variables at the top of the script to match your setup.
here it is:
#!/bin/ksh
# original scripts by Nicholas Marriott and Todd Fries
# further modifications by Jacob Yocom-Piatt
# NOTES
#
# - this script is for making incremental backups of host machines on
# a network to a single backup host; this script runs on the backup
# host
#
# - put this script in /etc and add a line calling the script
# to /etc/daily.local like so:
# ./backup.ksh host1.example.com host2.example.com ...
#
# - encryption of dumps via gnupg is optional
#
# - uses gzip compression to keep processor load low on the backup
# host; replace with other compression algos if you like
#
# - works fine for a SOHO setup and may not scale well for large numbers of
# hosts, YMMV
#
# - known to work for backing up both openbsd and netbsd hosts; untested
# for other *nix OSes, but will likely work
#
# - change the variables to suit your particular setup and make sure to
# READ THE SCRIPT
# email for backup admin's gpg key; use empty string for no encryption
ADMIN='[EMAIL PROTECTED]'
# home directory for gpg keyring; needed since /var/log is assumed
HOMEDIR='/root/.gnupg'
# path to backup destination on backup server
ROOT=/home/dump
# user for making dumps on remote hosts; this user should be a member of group
# operator
OP_USER=backup
# percentage full for ROOT that elicits a warning
WARN_PERC=95
# directories and mountpoints that you want to dump by default;
# add additional non-standard mountpoints to dump to the file
# 'list' in the backup directory for a given host
SOURCES='/ /var /usr /home'
# dump sequence. FULL is 0, RESET is 1, and PATTERN is followed between RESETs
FULL=20
RESET=10
# modified Tower of Hanoi algorithm
set -A PATTERN 3 2 5 4 7 6 9 8 9 9
# hostname
HN=$(hostname)
THISHOST=${hn%%.*}
# get the previous day
if [ -f $ROOT/day ]; then
DAY=$( $ROOT/day)
else
DAY=0
fi
if [ $(($DAY % $FULL)) -eq 0 ]; then
LEVEL=0
DAY=0
elif [ $(($DAY % $RESET)) -eq 0 ]; then
LEVEL=1
else
LEVEL=${PATTERN[$(((DAY % $RESET) - 1))]}
fi
# check free space
USED=`df $ROOT|awk '/^\// { print substr($5, 0, length($5) - 1) }'`
if [ $USED -gt $WARN_PERC ]; then
echo ---
echo LOW ON AVAILABLE DISK SPACE
echo ---
df -h $ROOT
exit
fi
echo Starting $0..
# calls dossh and accepts piped commands
dormt() {
dossh -2 -c blowfish-cbc,aes256-ctr,aes256-cbc $1 sh | gzip -d
return $?
}
# executes ssh plus options passed by dormt
dossh() {
err=255
while [ $err -ne 0 ]
do
#echo ssh $@ /dev/tty
ssh $@
err=$?
done
return $err
}
[ $1 ] || {
echo No host specified on cmdline, please specify at least one
exit 1
}
# loop through hosts listed as arguments to script
while [ $1 ]
do
HOST=$1
# if we can't reach it, dont try and print notification
if ! ping -c 3 $HOST /dev/null 21 ; then
if ! ping6 -c 3 $HOST; then
print cannot reach $HOST, giving up
shift
continue
fi
fi
shift
# create the list of filesystems to dump if it doesn't exist
[ -f $ROOT/$HOST/list ] || {
mkdir -p $ROOT/$HOST
# default FSes to backup in SOURCES, put each FS on a line
echo $SOURCES | awk '{
i=1
while ( $i != ) {
print $(i++)
}
}' $ROOT/$HOST/list
}
# read lines from list and perform dumps
while read line
do
FN=${HOST}$(echo $line | sed 's/\//_/g')-${LEVEL}.dmp.gz
echo $FN
case $HOST in
$THISHOST)
dump -${LEVEL}au -f - $line
ret=$?
;;
*)
echo /sbin/dump -${LEVEL}au -f - $line|gzip -1|dormt
[EMAIL PROTECTED]
ret=$?
;;
esac | gzip -9 $ROOT/$HOST/.$FN
echo return is: $ret
mv $ROOT/$HOST/.$FN $ROOT/$HOST/$FN
# encrypt each dump and remove the original
if [ -n $ADMIN ]; then
echo encrypting $FN
if [ -f $ROOT/$HOST/$FN.gpg ]; then
