Hi everyone!
I opened this thread because I'm a "newbie" on backup-strategies and this kind of stuff. Moreover I'm not a system-admin or a computer engineer ( I do a totally different job), so I also don't have a particular knowledge of linux-servers administration tasks, but I know by experience (I haved loss data in the past) the importance of having data safely stored and backed-up. For this reason about last year I started to look for information about nas-servers, in particular about openmediavault and (with the valuable help of the forum) I set-up my omv-server.
OMV is awsome and with the help of nextcloud and syncthing dockers the server fits perfectly all my needs but as many newbie I've been victim of misconception about RAID that have led me to become interested in real backup and backup strategies only recently.
That being said, last month I bought an additional hard-drive and an usb3 enclosure and started to manually backing-up my data daily with rsync ( as illustrated in the omv-getting started guide).
Having to do the backup manually is became tedious so today I started to think about automating the job and I've do the following:
1) Edit /etc/fstab adding the backup disk entry (I've copy the line generated by the WebUI when i manually mount the backup disk).
2) Created the related mountpoint : /srv/dev-disk-by-label-BACKUP
3) Wrote a bash script that do what I've done manually up to now. I'm totally new to bash (this is my first script, so be good, I do my best..) .
The script execute a daily incremental backup to the backup-drive. After checking that the drive is plugged-in and that the mountpoint exist, the backup drive is mounted, the rsync job is executed and the backup drive is unmounted. The previous backup is retained. (Daily Copy + Last Day One). In order to get the script work the drive is manually power on/off at the backup-time.
The script is the following:
#!/bin/bash
# DAILY- BACKUP-JOB: The script execute a daily incremental backup to an external USB-drive.
# After checking that the drive is plugged-in and that the mntpoint exist,
# the backup drive is mounted, the rsync job is executed and the backup drive
# is unmounted. The previous backup is retained. (Daily Copy + Last Day One).
# Preliminary Stuff
SECONDS=0
echo -e "\nBACKUP CRON-JOB LOG -- $(date +"%a %d %b %Y")"
echo -e "\n[$(date +"%T")]--Starting Backup-Job ..."
source_lbl="DATA"
destination_lbl="BACKUP"
destination_mntpoint="/srv/dev-disk-by-label-${destination_lbl}"
source_mntpoint="/srv/dev-disk-by-label-${source_lbl}"
# Check the presence of the backup drive
echo "Checking backup drive presence ..."
if findfs LABEL=${destination_lbl} > /dev/null 2>&1; then
echo "backup drive successfully found at: $(findfs LABEL=${destination_lbl})"
else
ELAPSED="Elapsed Time: $(($SECONDS / 3600))hrs-$((($SECONDS /60) % 60))min-$(($SECONDS %60))sec"
echo "error: backup drive not found."
echo "Backup-Job failed!"
echo -e "[$(date +"%T")]--Execution aborted.\n"
echo $ELAPSED
echo "---------------------------------------------------------"
echo -e "---------------------------------------------------------\n\n"
exit 0
fi
# Check the existence of the backup mountpoint
echo "Checking backup mountpoint presence ..."
if cd ${destination_mntpoint} > /dev/null 2>&1; then
echo -e "backup mountpoint successfully found at: ${destination_mntpoint}"
else
ELAPSED="Elapsed Time: $(($SECONDS / 3600))hrs-$((($SECONDS /60) % 60))min-$(($SECONDS %60))sec"
echo "error: backup mountpoint not found."
echo "Backup-Job failed!"
echo -e "[$(date +"%T")]--Execution aborted.\n"
echo $ELAPSED
echo "---------------------------------------------------------"
echo -e "---------------------------------------------------------\n\n"
exit 0
fi
# Mount the backup filesystem
echo "Mounting the backup filesystem..."
mount LABEL=${destination_lbl} ${destination_mntpoint} > /dev/null 2>&1
echo "backup filesystem successfully mounted."
# Rotating backup directories
echo "Rotating backup directories..."
mv ${destination_mntpoint}/daily.backup.0 ${destination_mntpoint}/daily.backup.2
mv ${destination_mntpoint}/daily.backup.1 ${destination_mntpoint}/daily.backup.0
mv ${destination_mntpoint}/daily.backup.2 ${destination_mntpoint}/daily.backup.1
echo "backup rotation successfully done."
# Executing rsync job
echo "Executing rsync backup job..."
rsync --archive --delete \
--human-readable --stats \
${source_mntpoint}/ ${destination_mntpoint}/daily.backup.0
echo -e "\nrsync backup-job successfully done.\n"
# Unmounting backup filesystem
echo "Unmounting backup filesystem..."
umount LABEL=${destination_lbl} ${destination_mntpoint} > /dev/null 2>&1
echo "backup filesystem successfully unmounted."
# Final Stuff
ELAPSED="Elapsed Time: $(($SECONDS / 3600))hrs-$((($SECONDS /60) % 60))min-$(($SECONDS %60))sec"
echo "Backup-Job succeed!"
echo -e "[$(date +"%T")]--Execution terminated.\n"
echo $ELAPSED
echo "---------------------------------------------------------"
echo -e "---------------------------------------------------------\n\n"
exit 0
Alles anzeigen
4) creating a cron-job in the Web-UI that execute the script daily and send me the output by e-mail.
I've tested the script and the cron-job and everything is good but I'm not fully convinced and satisfied about my backup setup and I'd like to have advices from the forum about the following:
Firstly I have a question on the backup strategy itself. The data source is a RAID1 array of 1TB size, the backup destination is an external 2TB hard drive. On the backup drive are stored two fully indipendent copy of the data: the daily copy and the previous-day one. Is it possible to increase the number of copy stored (going back for example of one week or possibly more) in order to make the most of the backup drive capacity and be able to reach, if needed, also the old versions of the files? Theoretically the idea is to edit the script to mantain only the modified/deleted file on the previous days folders. Is this doable with rsync? Do you have other ideas to reach the same goal?
Secondly I have a question about security. I've read that if one of the client get infected by a ransomware, the malware can reach also the nas-server and encrypt the shares.
Is it capable also to encrypt the backup disk? To minimize risks the backup disk is not shared and is manually power on/off and automatically mounted/unmounted by the script only for the backup-time.
Is it possible to automate also this action? the idea is to let the drive on and plugged-in 24h but to activate/deactivate the usb3 pci card with the backup script only for the backup-time or maybe by using hdparm. Any idea?
But, even if it were possible I'm not sure about safeness of this operation...if I could do it also a ransomware could do that, right?
The second idea is to buy a programmable light switch (timer) and physically connect the backup drive enclosure to it, program the timer to stay on only for about 1-2 hours in the night (the daily backup only takes few minutes in most cases) and execute the cron job in that interval of time. Doing that I'll expose the backup disk to risks for more time but in the night there are also much less probability that a client get infected (they sleep) .What do you think about it? Is a good idea?