[Leaplist] duplicity recommendation - with a twist

Kevin Anderson kanderson at digital-adrenaline.com
Mon Jan 14 00:43:06 GMT 2008 

If you're OK with the idea, rsync can be configured so that 
ServerBehindFirewall initiates the connection and pushes the data to 
LocalLinux.

I won't lie, I've missed part of this thread, but if that works, it can 
certainly happen.  Rsync works about like scp.

rsync [switches] machine1:path machine2:path.

1 or (I believe) 2 of the machines can be remote.  You don't NEED to 
have it happen locally.  Heck.  You COULD likely install rsync on the 
firewall and have it do the copy.  I don't recommend it, but it would 
allow you to leave all the ports closed and pass the data...

Kev.



Chris wrote:
> John Simpson wrote:
>
>> On 2008-01-12, at 1538, Dan Cherry wrote:
>>
>>>
>>> I've been doing my backups with tar over ssh, and started looking  
>>> into rsync.
>>> Debian admin mentioned a pkg called 'duplicity' which uses rsync.
>>> Anyone with experience using 'duplicity', care to comment on 
>>> whether  it's
>>> worked for them, or if there are any drawbacks (or showstoppers)?
>>
>>
>> no... i'm using rsync within ssh. 
>> http://www.jms1.net/code/rsync-backup.shtml  has the details. (this 
>> page has been sitting there, half-written,  for months... your 
>> question prompted me to finally finish it. thank  you.)
>>
>> i remember looking at duplicity in the past. for me, the big 
>> advantage  would be the encryption of the backups. however, since i 
>> control both  the machine being backed up AND the machine which is 
>> pulling the  backups, i don't have a real need for encrypted backups.
>>
>> i also like the fact that, if i have a real need, i can ssh to the  
>> backup machine (which is in my house) and access individual files 
>> from  within the backed-up image. this allows me to quickly restore  
>> individual files, as well as access large files from the server  
>> without having to scp them back across the wire again- they're 
>> already  inside the house, so i can access them at 100Mb ethernet speed.
>>
>> one advantage of doing what i'm doing is that i'm "pulling" the  
>> backups using a script on the backup repository machine, rather than  
>> the server itself "pushing" the backups to some other box. looking 
>> at  the documentation...
>>
>> from http://duplicity.nongnu.org/duplicity.1.html , "Examples",  
>> example #4:
>>
>>> Duplicity enters restore mode because the URL comes before the 
>>> local  directory.
>>
>>
>>
>> to me, this says that the URL (i.e. the remote server) MUST BE the  
>> backup archive, and the local directory MUST BE the files you with 
>> to  back up.
>>
>> the way i do it, the scripting runs on the backup repository 
>> machine-  the only thing it requires on the production servers is 
>> sshd and the  rsync package. my script "pulls" the files, which means 
>> that the  backup server has access to the live server. to me it makes 
>> more  sense, and "feels" more secure, because the backup server can 
>> be  behind a NAT'ed cable modem connection somewhere, where the 
>> outside  world can't get into it. the live server has to be on the 
>> outside in  order to do its job- a dedicated backup machine doesn't.
>>
>> ----------------------------------------------------------------
>> | John M. Simpson    ---   KG4ZOW   ---    Programmer At Large |
>> | http://www.jms1.net/                         <jms1 at jms1.net> |
>> ----------------------------------------------------------------
>> | http://video.google.com/videoplay?docid=-1656880303867390173 |
>> ----------------------------------------------------------------
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Leaplist mailing list
>> Leaplist at leap-cf.org
>> http://lists.leap-cf.org/mailman/listinfo/leaplist
>>  
>>
> Thanks for the writeup - coincidently, I'm trying to solve a similar
> problem this weekend, but I have one additional complexity - a
> firewall.
>
> Looks like this:
> LocalLinux<--->RemoteBSDFirewall<--->ServerBehindFirewall
>
> I need to back up ServerBehindFirewall to LocalLinux, but I
> haven't figured out how to slide ssh through RemoteBSDFirwall.
>
> I have root access on all three machines, so it should be easy,
> sort of, but I haven't figured out how to put all the pieces together.
>
> One less-than optimal solution might be to configure port forwarding
> on RemoteBSDFirewall to slide all ssh packets directly between
> ServerBehindFirewall. That seems a bit like using a sledgehammer
> to drive a thumbtack, but...
>
> This can't be a unique scenario, but I still haven't stumbled across
> the right documentation.
>
> Any clues, cookie crumbs appreciated.
>
> Cheers,
>
> Chris
>
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist

More information about the Leaplist mailing list