CNT5605 - 2009 Fall
Group Assignment 4
Printed Journals Due Tuesday, September 28, at the beginning of class.

Assignment: Backups

Objectives:

  1. If you haven't already done so, please read chapter 9 in LAH.
  2. Install from source the current stable version 1.2.8 of rdiff-backup on all three of your servers. Note that while there is an older version in the yum repositories, it's not the correct one for this assignment. Also, use the --prefix option to configure this install to go to /usr/local.
  3. Configure machines A and B to trust ssh from C.
  4. Configure machine C as your backup server using rdiff-backup running over ssh.
  5. Set-up a cron job to start your backups each day at 2:00am.
  6. Do a "task" write-up on the dokuwiki for this assignment at the rdiff-backup writeup page.

Installation

(Yes, it's actually necessary to install the same rdiff-backup on all three machines.) Installation of rdiff-backup from source is not difficult, but you will probably have to use yum to find and install some dependencies. Use the --prefix option to configure this installation to /usr/local. For your convenience, the link to the correct source code is http://savannah.nongnu.org/download/rdiff-backup/rdiff-backup-1.2.8.tar.gz.

Trusting remote ssh

This is very easy to do. From the ssh man page:

The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication. The client proves that it has access to the private key and the server checks that the corresponding public key is authorized to accept the account.

The user creates his/her key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol 2 DSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user’s home directory. The user should then copy the public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine. The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log in without giving the password.

Always make sure that A and B only have the public key of the trusted machine. C's private key should never be on A and B, only on C. Also, note that permissions on the .ssh directory are interpreted in a finicky fashion. (Note that I haven't used any account names with this — please consider all of your options for what account(s) you might want to use for this trust relationship, and document your thought processes.)

Configuration

I will leave the structure of the target backups to you — but please don't forget to consider the amount of disk space in the target partition(s)/logical volume(s). Please document in both of your write-ups all of your considerations as to the structure of your targets: userids, groupids, databases, and sparse files should all be mentioned in your consideration.

As to the source, I want you to backup these four directories from both machines A and B:

If you want to backup more directories (such as /var/lib, for instance), that's fine but please enumerate your reasoning for each additional directory that you include in your write-up.

Scheduling

Please use cron (not anacron) to set up your back-ups to start at 2:00am local time every day. (See chapter 8 of LAH for a good overview of cron.)



A journal is due for this assignment. Make sure that you document in your journal all of the steps that you went through, following the guidelines on the class home page. Please share the workload so that all team members get experience with all aspects of the work. PLEASE DON'T FORGET TO PUT YOUR TEAM NUMBER ON THE ASSIGNMENT.

Please turn in a printed copy of this assignment at the beginning of class on Tuesday, September 28th.

Don't forget to update the dokuwiki with new information about your systems' configurations.