111 lines
2.3 KiB
Django/Jinja
111 lines
2.3 KiB
Django/Jinja
#!/bin/bash
|
|
|
|
# how to resize:
|
|
# https://ruderich.org/simon/notes/encrypted-remote-backups
|
|
|
|
lockfile -r 0 /var/run/sdfbackup.lock || exit 2
|
|
|
|
NAME={{ inventory_hostname.split('.')[0] }}
|
|
SRC={{ rsnapshot_root }}/alpha.0
|
|
#SRC=/backups/endor-rsnapshot/alpha.0
|
|
|
|
# and edit cron job
|
|
|
|
KEYFILE=/root/sdf_backup_lukskey
|
|
SDF={{ sdf_metaarray }}
|
|
VERBOSE=true
|
|
|
|
print () {
|
|
if [ "$VERBOSE" = "true" ]; then echo `date +"%F %R:"` "$*" ; fi
|
|
}
|
|
|
|
mkdir -p /metaarray
|
|
|
|
# mount sshfs
|
|
mkdir -p /sshfs/metaarray
|
|
sshfs -o idmap=user $SDF:metaarray/ /sshfs/metaarray
|
|
|
|
if [ ! -f /sshfs/metaarray/$NAME ]; then
|
|
print "luks file '/sshfs/metaarray/$NAME' not found"
|
|
exit 1
|
|
|
|
elif [ ! -f /sshfs/metaarray/.metaarray_plain ]; then
|
|
print "metarray not mounted, .metarray_plain not found"
|
|
exit 2
|
|
|
|
elif [ ! -f $SRC/.metaarray_allowed ]; then
|
|
print "$SRC/.metaarray_allowed missing"
|
|
exit 3
|
|
fi
|
|
|
|
|
|
print 'opening LUKS'
|
|
/usr/sbin/cryptsetup luksOpen /sshfs/metaarray/$NAME metaarray-$NAME --key-file=$KEYFILE
|
|
cryptsetup_rc=$?
|
|
|
|
if [ $cryptsetup_rc -ne 0 ]; then
|
|
exit 4
|
|
fi
|
|
|
|
if ! `mkdir /metaarray/backup`; then
|
|
exit 5
|
|
fi
|
|
|
|
mount /dev/mapper/metaarray-$NAME /metaarray/backup
|
|
|
|
if [ ! -f /metaarray/backup/.metaarray_present ]; then
|
|
print "metaarray not decrypted or mounted"
|
|
exit 6
|
|
fi
|
|
|
|
print "df of metaarray luks volume:"
|
|
df -h /metaarray/backup | tail -n 1
|
|
|
|
print "starting 'rsync -a $SRC /metaarray/backup --delete'"
|
|
# add a configurable --exclude here
|
|
rsync -a $SRC /metaarray/backup --delete
|
|
rsync_rc=$?
|
|
|
|
print "rsync exited, napping for 10s"
|
|
sleep 10
|
|
|
|
print "starting 'sync'"
|
|
sync
|
|
|
|
if [ $rsync_rc -ne 0 ]; then
|
|
print "rsync failed"
|
|
exit 7
|
|
fi
|
|
|
|
sleep 60
|
|
|
|
print "df of metaarray luks volume (after):"
|
|
df -h /metaarray/backup | tail -n 1
|
|
|
|
# mark last succesful backup
|
|
/usr/bin/date >> /metaarray/backup/.metaarray_present
|
|
|
|
sleep 3
|
|
|
|
print "unmounting /metaarray/backup"
|
|
umount /metaarray/backup
|
|
#umount -f /metaarray/backup
|
|
#umount -l /metaarray/backup # nuclear option
|
|
rmdir /metaarray/backup
|
|
sleep 5
|
|
|
|
# and close the encryption
|
|
print 'closing LUKS'
|
|
/usr/sbin/cryptsetup luksClose metaarray-$NAME
|
|
sleep 5
|
|
|
|
# and unmount sshfs connection but we're not
|
|
#fusermount -u /sshfs/metaarray
|
|
umount /sshfs/metaarray
|
|
#umount -f /sshfs/metaarray
|
|
rmdir /sshfs/metaarray
|
|
|
|
|
|
print "removing lockfile"
|
|
rm -f /var/run/sdfbackup.lock
|