Installation of Tartarus
When you are using Ubuntu, tartarus can be installed as a package via APT. Get the most recent definition of the APT repository directly from Wertarbyte:
curl http://wertarbyte.de/apt/wertarbyte-apt.list > /etc/apt/sources.list.d/tartarus.list
Or just create a new file /etc/apt/sources.list.d/tartarus.list and add the following line to it:
deb http://wertarbyte.de/apt/ ./
To import the GPG key used to sign the packages and the repository content (not sure if this is really necessary):
curl http://wertarbyte.de/software-key.gpg | apt-key add -
Now, update APT and install tartarus:
apt-get update
apt-get install tartarus
In order to work tartarus uses tar, find, perl, curl (for storing the backup on an FTP site) and GnuPG (for encryption), so make sure these packages are installed.
Configuration
The configuration files of tartarus are stored in /etc/tartarus. Disable access to this directory for non-root users.
mkdir /etc/tartarus
chmod 700 /etc/tartarus
After creating a new file in this directory, don’t forget to set the file permissions:
chmod 600 /etc/tartarus/new_config_file.conf
It is common practice to create a general configuration file that can be used by specific configuration files with the source command.
General configuration:
#
# /etc/tartarus/generic.inc
#
# General settings to store the backup on a FTP server ("FILE", "FTP", "SIMULATE", "CUSTOM")
STORAGE_METHOD="FTP"
# Address of the FTP server
STORAGE_FTP_SERVER="hostname_or_ipaddress"
# FTP login data
STORAGE_FTP_USER="username"
STORAGE_FTP_PASSWORD="password"
# Location of the backup directory on the server
STORAGE_FTP_DIR="/backups/"
# Encrypt transfer using SFTP
STORAGE_FTP_USE_SFTP="yes"
# Set the compression method ("gzip", "bzip2", leaving it blank disables compression)
COMPRESSION_METHOD="bzip2"
# Size of the LVM snapshots
#LVM_SNAPSHOT_SIZE="1000M"
# Symmetric encruyption of the backup data
#ENCRYPT_SYMMETRICALLY="yes"
# Location of the password to use for encryption
#ENCRYPT_PASSPHRASE_FILE="/etc/tartarus/backup.sec"
# Prevent the backup process to traverse into directories on different filesystems/partitions
STAY_IN_FILESYSTEM="yes"
# Do not check for a software update of Tartarus
CHECK_FOR_UPDATE="no"
If the backups should be stored on the fileserver (instead of on a remote FTP server) you can use the following parameters:
STORAGE_METHOD="FILE"
STORAGE_FILE_DIR="/path/to/backups"
and remove the STORAGE_FTP_* parameters.
Specific configuration:
#
# /etc/tartarus/home.conf
#
# Include the general settings
source /etc/tartarus/generic.inc
# Name of this backup profile
NAME="home"
# Directory to backup (only a single directory is allowed)
DIRECTORY="/home/"
# Directories to exclude from the backup
EXCLUDE="/home/tmp/"
# File to use a reference point for incremental backups
INCREMENTAL_TIMESTAMP_FILE="/var/spool/tartarus/timestamps/home"
Now, to create a backup of the /home directory:
tartarus /etc/tartarus/home.conf
In order to create a incremental backup we must define a reference point. First make sure the directory that will hold the reference points exists:
mkdir -p /var/spool/tartarus/timestamps/
touch /var/spool/tartarus/timestamps/home
Also, make sure the INCREMENTAL_TIMESTAMP_FILE parameter is defined (as in the example above). Call the backup command with the -i argument:
tartarus -i /etc/tartarus/home.conf
Scheduling backups
In order to create backups for all profiles in /etc/tartarus/ you can use this script:
#!/bin/sh
# /opt/scripts/create_backups.sh
# Run all backup profiles found in /etc/tartarus/ and pass
# the command line arguments on to tartarus (e.g. -i)
for profile in /etc/tartarus/*.conf; do
/usr/sbin/tartarus $* "$profile"
done
This script can be called with or without arguments (i.e. using incremental backup or not):
/opt/scripts/create_backups.sh # Full backup
/opt/scripts/create_backups.sh -i # Incremental backup
And when the following lines are added to the crontab of root, a full backup will be made each sunday, with incremental backups during the rest of the week:
PATH=/bin/:/sbin/:/usr/bin/:/usr/sbin/:/usr/local/sbin/:/usr/local/bin
# m h dom mon dow command
0 1 * * sun /opt/scripts/create_backups.sh
0 1 * * mon-sat /opt/scripts/create_backups.sh -i
Using specific configuration files for each virtual host or website will allow for making and restoring backups on a per site basis.
Create config files on-the-fly
Normally you would like to backup all mail-accounts without having to create explicitly a config file. We can use the following script to dynamically create config files on-the-fly:
#!/bin/bash
# /opt/scripts/generate_tartarus_config_files.sh
# Create a config file for each of the subdirectories in the main
# directory that will be backed up.
TARTARUS_DIR="/etc/tartarus"
CONTENT_DIR="/home/vmail"
SKELETON=$TARTARUS_DIR/skeleton_config.txt
# Find all domains in the content directory.
for directory in `find $CONTENT_DIR -maxdepth 1 -type d`; do
# Get the basename and check if it is valid:
# not 'vmail' or empty.
domain=`basename $directory`
if [[ $domain && "$domain" != "vmail" ]]; then
# Check if the config file exists.
# Otherwise create it using the skeleton file.
CONFIG=$TARTARUS_DIR/$domain.conf
if [ ! -f $CONFIG ]; then
cp $SKELETON $CONFIG.tmp
perl -pi -w -e "s/{DOMAIN}/$domain/g;" $CONFIG.tmp
mv $CONFIG.tmp $CONFIG
echo "$domain: config file created ($CONFIG)"
fi
fi
done
This script will look in the content directory (for example /home/vmail) and will check for each of the first-level subdirectories if a tartarus config file exists. If not, it will create it using the skeleton file /etc/tartarus/skeleton_config.txt:
#
# /etc/tartarus/{DOMAIN}.conf
#
# Include the general settings
source /etc/tartarus/generic.inc
# Name of this backup profile
NAME="{DOMAIN}"
# Directory to backup (only a single directory is allowed)
DIRECTORY="/home/vmail/{DOMAIN}/"
# Directories to exclude from the backup
#EXCLUDE="/tmp/"
# File to use a reference point for incremental backups
INCREMENTAL_TIMESTAMP_FILE="/var/spool/tartarus/timestamps/{DOMAIN}"
If the script is executed before the first full backup everything should work fine. Add the following line to the `crontab`:
50 0 * * sun /opt/scripts/generate_tartarus_config_files.sh
Restoring backups
Since tartarus is based on simple Unix-commands, a backup can easily be restored with the following command:
curl ftp://USER:PASS@YOURSERVER/home-20080411-1349.tar.bz2.gpg | gpg --decrypt | tar tpvj
In the example above the backup file is decrypted using gpg, if no encryption was used, just leave this part out of the piped command.
To extract the backup archive to a specific directory:
curl ftp://USER:PASS@YOURSERVER/home-20080411-1349.tar.bz2.gpg | gpg --decrypt | tar xpvj -C /mnt/restore
Cleaning up old backups
The FTP server where the backups are saved eventually will run out of space. Therefore it is important to remove old backups. We can use the script charon.ftp for this. The following example will remove all backups from the home profile that are older than 7 days (using the dry-run parameter no files will actually be removed).
/usr/sbin/charon.ftp --host 1.2.3.4
--user USERNAME
--password PASSWORD
--profile home
--maxage 7
--dry-run
Charon will remove all data older than 7 days, except if any incremental backups are based on this file.
After each successful backup cycle it is possible to clean up the FTP server automatically using a tartarus hook. When the following lines are added to the general settings the risk you run out of disk space will be minimized:
# Clean up the FTP server after the backup
TARTARUS_POST_PROCESS_HOOK() {
echo -n "$STORAGE_FTP_PASSWORD" | /usr/sbin/charon.ftp
--host "$STORAGE_FTP_SERVER"
--user "$STORAGE_FTP_USER" --readpassword
--maxage 7
--dir "$STORAGE_FTP_DIR" --profile "$NAME"
}
The readpassword parameter is used to prevent the password from showing up in the process list.