update docs

3e2a7949 · Hahn Axel (hahn) · 2a260f08 · 3e2a7949 · 3e2a7949 · 3e2a7949
Commit 3e2a7949 authored 3 years ago by Hahn Axel (hahn)
--- a/docs/20_Installation.md
+++ b/docs/20_Installation.md
+# Installation
-# Installation #
 - Uncompress / clone the client to a local directory
- go to jobs directory to copy the *.job.dist files to *.job
+- create a backup target (once for all systems that write their backup there)
+- go to jobs directory to copy the *.job.dist files to*.job
 - configure *.job files
 - manual test run
 - create a cronjob
-## Uncompress client ##
+## Uncompress client
 To put all files into a directory i.e.
-    /opt/imlbackup/client
+```text
+/opt/imlbackup/client
+```
 then use the **root** user and follow these steps:
-```
+```shell
 # Create the directory level above
 mdir -p /opt/imlbackup/
@@ -30,6 +32,48 @@ mv iml-backup-master client
 # remove downloaded file
 rm -f iml-backup-master.tar.gz
-# to set pwd to /opt/imlbackup/client:
+# to set working directory to /opt/imlbackup/client:
 cd client
 ```
+## Create backup target
+My scenario is a backup target within my company network.
+To store all backup data you need diskspace that is mounted on a server (=backup target server).
+Maybe you mount a volume of a Ceph cluster or mount an NFS share of a storage system.
+The size depends on the count of systems and how many backup sets you want to store.
+Restic and Duplicity support several backends.
+### Initialize server backup via SSH/ SFTP/ RSync
+The backup target server needs a running ssh service.
+- As root:
+  - create an unprivileged user "imlbackup".
+  - allow write permissions for "imlbackup" on /mnt/backupdata
+  - Test write permissions:
+```shell
+su - imlbackup
+touch /mnt/backupdata/hello && echo OK
+rm -f  /mnt/backupdata/hello
+```
+* Create an SSH keypair for user "imlbackup"
+```
+ssh-keygen
+```
+Now it is time to test access from another system
+* copy the created private key (~imlbackup/.ssh/id_rsa) on backup target server to /opt/imlbackup/client/keys/imlbackup@backup-target.example.com
+* Open ssh shell with referencing that key
+```
+ssh -i keys/imlbackup@backup-target.example.com imlbackup@backup-target.example.com
+```
--- a/docs/30_Configuration/20_Filetransfer.md
+++ b/docs/30_Configuration/20_Filetransfer.md
+The file transfer describes how local directories will be backed up
+* choose backup tool
+* where to write data (backup target)
+* incremental or full backup
+* how to delete backup data
+Details to the the given config entries you find in the description for
+[transfer.job](50_File_transfer.job.md).
+## Backup tool ##
+You can decide between Restic (Default) and Duplicity.
+`bin = ...`
+```text
+bin = restic
+type = auto
+```
+If you use Duplicity for servers it is suggested to run (daily) incremental
+backups and full backups on a specific day.
+```text
+bin = duplicity
+type = inc
+full = WDM:3rd Fri
+start-time-full = 23:0.
+```
+If you use Duplicity on a desktop client you maybe want to run incremental backups
+and a full backup if the last one is older than a wanted time.
+```text
+bin = duplicity
+type = auto
+auto = 1M
+```
+## Backup target ##
+The definition of a backup target depends on the used backup tool (restic|duplicity).
+You need a bit knowledge about these tools.
+We have tested the following targets
+* local directory/ mounted filesystem i.e. Samba share
+  * Restic: `/mnt/mounted_directory`
+  * Duplicity: `file:///mnt/mounted_directory`
+* ssh target (scp or rsync)
+  * Restic: `sftp:imlbackup@backup-target.example.com:/mnt/backupdata`
+  * Duplicity: `rsync://imlbackup@backup-target.example.com//mnt/backupdata`
+  * Duplicity: `scp://imlbackup@backup-target.example.com//mnt/backupdata`
+* https
+  * Restic: `rest:https://user:pass@backup-target.example.com:8000/user/`
+Set your value in `storage = ...`
+Example for Restic with SFTP transfer
+`storage = sftp:imlbackup@backup-target.example.com:/mnt/backupdata`
+## Local encryption ##
+Restic an Duplicity encrypt local data with a password before transferring them.
+Deploy a host specific password with an orchestration tool (Ansible, Puppet, ...)
+or on a manual installation keep a copy of it on a safe place. Without the password
+you cannot decrypt backup data after a filesystem crash.
+`passphrase = EnterYourSecretHere`
+## More options ##
+Automatic backup of samba shares - it works only if samba shares were detected.
+If no samba config is available it has no effect and shows no error.
+`sambashares = 1`
+When restoring data ... this is the path for restored files:
+`restore-path = /restore`
--- a/docs/config.json
+++ b/docs/config.json
 {
    "title": "IML Backup",
    "author": "Axel Hahn",
-    "tagline": "Automatic decentral linux backups.",
+    "tagline": "Automatic decentral  backups.",
    "ignore": {
        "files": ["30_PHP-client/Plugins/Checks/_skeleton.md"],
        "folders": ["99_Not_Ready"]