SYNOPSIS
rsbackup [OPTIONS] [--] [SELECTOR...]rsbackup --retire [OPTIONS] [--] [SELECTOR...]
rsbackup --retire-device [OPTIONS] [--] DEVICE...
DESCRIPTION
Backs up files from one or more (remote) destinations to a single backup storage directory, preserving their contents, layout, ownership, permissions, timestamps and hardlink structure.Incremental backups are achieved by hard-linking identical files within successive backups of the same files.
OPTIONS
Action Options
At least one of these options must be specified. When multiple actions are specified, they are executed in the order shown below.- --backup, -b
- Make a backup of the selected volumes. At most one backup of a given volume will be made per day.
- --retire-device
- Retire the named devices. Retiring a device only means deleting the records of it. Files on the device itself are not touched.
- If the device is still listed in the configuration file then you will be asked whether you really want to retire it; you can suppress this check with the --force option.
- --retire
- Retire the named hosts and volumes. Retiring a volume means deleting any available backups for the volume and the records of them. Records corresponding to backups on unavailable devices are not removed.
- If you just want to remove backup records for retired volumes but want to keep the backups, you should either manually remove the records (see SCHEMA below), or rename it within the volume.
- If the volume is still listed in the configuration file then you will be asked whether you really want to retire it; you can suppress this check with the --force option.
- --prune, -p
- Prune old backups of selected volumes. See PRUNING below.
- --prune-incomplete,-P
- Prune incomplete backups of selected volumes. Any backups that failed before completion will be removed.
- --html PATH, -H PATH
- Write an HTML report to PATH. The report covers all volumes, not just selected ones. PATH can be - to write to standard output.
- --text PATH, -T PATH
- Write a plain text report to PATH. The report covers all volumes, not just selected ones. PATH can be - to write to standard output.
- --email ADDRESS, -e ADDRESS
- Email a report to ADDRESS. The contents is equivalent to the output of --text and --html.
- --dump-config
- Writes the parsed configuration file to standard output. Must not be combined with any other action option.
- With --verbose, the configuration file is annotated with descriptive comments.
General Options
- --config PATH, -c PATH
- The path to the configuration file. The default is /etc/rsbackup/config.
- --store PATH, -s PATH
- Specify the destination directory to back up to. Using this option (possibly more than once) is equivalent to removing the store directives from the configuration file and replacing them with the paths give in --store options.
- This option implicitly enables the --warn-store option.
- --verbose, -v
- Enable verbose mode. Various messages will be displayed to report progress and the rsync --quiet option is suppressed.
- --dry-run, -n
- Enable dry-run mode. Commands will be displayed but nothing will actually be done.
- --force, -f
- Suppress checks made when retiring devices and volumes.
- --wait, -w
- Waits rather than giving up if another copy of rsbackup is running.
- --database, -D PATH
- Override the path to the backup database.
- --help, -h
- Display a usage message.
- --version, -V
- Display the version number.
Report Verbosity
- --logs VERBOSITY
-
Controls which logfiles for a given volume/device pair to include in
the report.
The possible values of VERBOSITY are:
-
- all
- Includes all nonempty logfiles, even if the backup succeeded.
- errors
- Includes all error logfiles.
- recent
- Includes only the most recent error logfile.
- latest
- Includes only the latest logfile, even if the backup succeeded.
- failed
- Includes only the most recent logfile but only if that attempt failed. This is the default.
-
Warning Options
- --warn-unknown
- Display warnings for unknown devices, hosts and volumes. (Warnings will always be included in the report, this refers to runtime error output.)
- --warn-store
- Display warnings for unsuitable store directories and unavailable devices.
- --warn-unreachable
- Display warnings for unreachable hosts.
- --no-warn-partial
- Suppress warnings for rsync "partial transfer" diagnostics (which are on by default).
- --warn-all, -W
- Enable all --warn- options.
- --no-errors
- Suppress display of errors from rsync.
Volume Selection
The list of selectors on the command line determines what subset of the known volumes are backed up, pruned or retired. The following selectors are possible:- HOST
- Select all volumes for the host.
- HOST:VOLUME
- Select the volume.
- -HOST
- Deselect all volumes for the host.
- -HOST:VOLUME
- Deselect the volume.
- *
- Select all volumes.
If no hosts or volumes are specified on the command line then all volumes are selected for backing up or pruning. For retiring, you must explicitly select hosts or volumes to retire and only positive selections are possible.
CONFIGURATION FILE
The config file contains global directives and a series of host stanzas. Each host stanze in turn contains host directives and volume stanzas. Although it is not enforced it is suggested that host and volume stanzas are indented.Comments are introduced by an initial "#".
Command arguments may be quoted, using "double quotes". Quotes and backslashes within quoted strings are escaped with backslashes.
Global Directives
Global directives control some general aspect of the program.- colors GOOD BAD
- The colors used to represent good states (a recent backup) and bad states (no sufficiently recent backup).
- GOOD and BAD are integer values representing RGB triples. It is most convenient to write them in hex, e.g. as 0xRRGGBB. For example, black is 0x000000, red is 0xFF0000, and so on.
- device DEVICE
- Names a device. This can be used multiple times. The store must have a file called STORE/device-id which contains a known device name. Backups will only be made to known devices.
- When a device is lost or destroyed, remove its device entry and use the --prune-unknown option to delete records of backups on it.
- Device names may contain letters, digits, dots and underscores.
- include PATH
- Include another file as part of the configuration. If PATH is a directory then the files within it are included (excluding dotfiles, backup and recovery files).
- keep-prune-logs DAYS
- The number of days to keep records of pruned backups for. The default is 31.
- lock PATH
- Enable locking. If this directive is present then PATH will be used as a lockfile for operations that change anything (--backup, --prune, etc).
- The lock is made by opening PATH and calling flock(2) on it with LOCK_EX.
- logs PATH
- The directory to store logfiles and backup records. The default is /var/log/backup.
- post-access-hook COMMAND...
- A command to execute after all backup and prune operations. This is executed only once per invocation of rsbackup. A backup is still considered to have succeeded even if the post-access hook fails (i.e. exits nonzero). See HOOKS below.
- pre-access-hook COMMAND...
- A command to execute before anything that accesses any backup devices (i.e. backup and prune operations). This is executed only once per invocation of rsbackup and if it fails (i.e. exits nonzero) then rsbackup terminates immediately. See HOOKS below.
- public true|false
- If true, backups are public. Normally backups must only be accessible by the calling user. This option suppresses the check.
- report-prune-logs DAYS
- The number of days of pruning logs to put in hte report. The default is 3.
- sendmail PATH
- The path to the executable to use for sending email. The default is platform-dependent but typically /usr/sbin/sendmail. The executable should support the -t, -oee, -oi and -odb options.
- store PATH
- A path at which a backup device may be mounted. This can be used multiple times.
- store-pattern PATTERN
- A glob(7) pattern matching paths at which a backup device may be mounted. This can be used multiple times.
- stylesheet PATH
- The path to the stylesheet to use in the HTML report. If this is absent then a built-in default stylesheet is used.
Inheritable Directives
Inheritable directives control an aspect of one or more backups. They can be specified at the global level or in a host or volume stanza (see below). If one appears in multiple places then volume settings override host settings and host settings override global settings.- hook-timeout SECONDS
- How long to wait before concluding a hook has hung, in seconds. The default is 0, which means to wait indefinitely.
- max-age DAYS
- The maximum age of the most recent backup before you feel uncomfortable. The default is 3, meaning that if a volume hasn't been backed up in the last 3 days it will have red ink in the HTML report.
- min-backups COUNT
- The minimum number of backups for each volume to keep on each store, when pruning. The default is 1.
- (This is an alias for prune-parameter min-backups and will be removed in a future version.)
- post-backup-hook COMMAND...
- A command to execute after finishing a backup, or after it failed. A backup is still considered to have succeeded even if the post-backup hook fails (exits nonzero). See HOOKS below.
- pre-backup-hook COMMAND...
- A command to execute before starting a backup. If this hook fails (i.e. exits nonzero) then the backup is not made and the post-backup hook will not be run. See HOOKS below.
- This hook can override the source path for the backup by writing a new source path to standard output.
- prune-age DAYS
- The age at which a backup may be pruned. The default is 366, meaning a backup will never be pruned until it is at least a whole year old.
- (This is an alias for prune-parameter prune-age and will be removed in a future version.)
- prune-parameter NAME VALUE
- Set a parameter for the pruning policy. See PRUNING below.
- prune-parameter --remove NAME
- Remove a parameter for pruning policy.
- prune-policy NAME
- The pruning policy to use. See PRUNING below.
- rsync-timeout SECONDS
- How long to wait before concluding rsync has hung, in seconds. The default is 0, which means to wait indefinitely.
- ssh-timeout SECONDS
- How long to wait before concluding a host is down, in seconds. The default is 60.
Host Directives
A host stanza is started by a host directive.- host HOST
- Introduce a host stanza. The name is used for the backup directory for this host.
The following directives, and volume stanzas (see below), can appear in a host stanza:
- always-up true|false
- If true, the host is expected to always be available. If it is not then a warning will be issued when making a backup if it is not. Failed attempts to make a backup will also be recorded as failures for always-up hosts (normally hosts that cannot be reached are silently skipped).
- devices PATTERN
- A glob(3) pattern restricting the devices that this host will be backed up to.
- Note that only backup creation honors this restriction. Pruning and retiring do not.
- hostname HOSTNAME
- The SSH hostname for this host. The default is the name from the host stanza.
- The hostname localhost is treated specially: it is assumed to always be identical to the local system, so files will be read from the local filesystem.
- priority INTEGER
- The priority of this host. Hosts are backed up in descending priority order. The default priority is 0.
- user USERNAME
- The SSH username for this host. The default is not to supply a username.
In addition, inheritable directives can appear in a host stanza, and override any appearance of them at the global level.
Conventionally the contents of a host stanza are indented.
Remote hosts are accessed by SSH. The user rsbackup runs as must be able to connect to the remote host (and without a password being entered if it is to be run from a cron job or similar).
Volume Directives
A volume stanza is started by a volume directive.- volume VOLUME PATH
- Introduce a volume stanza. The name is used for the backup directory for this volume. The path is the absolute path on the host.
The following directives can appear in a volume stanza:
- check-file PATH
- Checks that PATH exists before backing up the volume. PATH may be either an absolute path or a relative path (to the root of the volume). It need not be inside the volume though the usual use would be to check for a file which is always present there.
- This check is done before executing the pre-backup-hook, so it applies to the real path to the volume, not the rewritten path.
- check-mounted true|false
- If true, checks that the volume's path is a mount point before backing up the volume.
- This check is done before executing the pre-backup-hook, so it applies to the real path to the volume, not the rewritten path.
- Note that if multiple check- options are used, all checks must pass for the volume to be backed up.
- exclude PATTERN
- An exclusion for this volume. The pattern is passed to the rsync --exclude option. This directive may appear multiple times per volume.
- See the rsync man page for full details.
- traverse true|false
- If true, traverse mount points. This suppresses the rsync --one-file-system option.
In addition, inheritable directives can appear in a volume stanza, and override any appearance of them at the host or global level.
Conventionally the contents of a volume stanza are indented.
PRUNING
This is process of removing old backups (using the --prune option). The pruning policy used to determine which backups to remove is set with the inheritable prune-policy directive, and parameters to the policy set via the prune-parameter directive.The available policies are listed below. The default policy is age.
age
This policy deletes backups older than a minimum age, provided a minimum number of backups on a device remain available. The following pruning parameters are supported:- min-backups
- The minimum number of backups of the volume to maintain on the device. Pruning will never cause the number of backups to fall below this value. The default (and minimum) is 1.
- prune-age
- The age after backups become eligible for pruning, in days. Only backups more than this many days old will be pruned. The default is 366 and the minimum is 1.
For backwards compatibility, these values can also be set using the directives of the same name. This will be disabled in a future version.
decay
This policy thins out backups older than a minimum age, using a configurable decay pattern that arranges to keep a declining number of backups with age. The following pruning parameters are supported:- decay-start
- The age after backups become eligible for pruning, in days. Only backups more than this many days old will be pruned. The default is 1 and the minimum is 1.
- decay-limit
- The age after which backups are always pruned, in days. Backups older than this will always be pruned unless this would leave no backups at all. The default is 366 and the minimum is 1.
- decay-scale
- The scale at which the decay window is expanded. The default is 2 and the minimum is 2.
- decay-window
- The size of the decay window. The default is 1 and the minimum is 1.
exec
This policy executes a subprogram with parameters and additional information supplied in the environment.The following parameters are supported:
- path
- The path to the subprogram to execute.
Any additional parameters are supplied to the subprogram via environment variables, prefixed with PRUNE_. Additionally the following environment variables are set:
- PRUNE_DEVICE
- The name of the device containing the backup.
- PRUNE_HOST
- The name of the host.
- PRUNE_ONDEVICE
- The list of backups on the device, by age in days. This list excludes any that have already been scheduled for pruning, and includes the backup under consideration (i.e. the value of BACKUP_AGE will appear in this list).
- PRUNE_TOTAL
- The total number of backups of this volume on any device. Note that it does not include backups on other devices that have just been selected for pruning by another call to the subprogram.
- PRUNE_VOLUME
- The name of the volume.
These environment variables all override any parameters with clashing names.
The output should be a list of backups to prune, one per line (in any order). Each line should contain the age in days of the backup to prune (i.e. the same value as appeared in PRUNE_ONDEVICE), followed by a colon, followed by the reason that this backup is to be pruned.
As a convenience, if the argument to prune-policy starts with / then the exec policy is chosen with the policy name as the path parameter.
never
This policy never deletes any backups.HOOKS
A hook is a command executed by rsbackup just before or just after some action. The command is passed directly to execvp(3); to use a shell command, therefore, either wrap it in a script or invoke the shell with the -c option.All hooks are run in --dry-run mode. Hook scripts must honor RSBACKUP_ACT which will be set to false in this mode and true otherwise.
Access Hooks
Access hooks are executed (once) before doing anything that will access backup devices (even just to read them).The following environment variables are set when an access hook is executed:
- RSBACKUP_ACT
- Set to false in --dry-run mode and true otherwise.
- RSBACKUP_DEVICES
- A space-separated list of known device names.
- RSBACKUP_HOOK
- The name of the hook (i.e. pre-access-hook, etc). This allows a single hook script to serve as the implementation for multiple hooks.
Backup Hooks
Backup hooks are executed just before or just after a backup is made.The following environment variables are set when a backup hook is executed:
- RSBACKUP_ACT
- Set to false in --dry-run mode and true otherwise.
- RSBACKUP_DEVICE
- The target device name for the backup.
- Note that this may be removed in a future version.
- RSBACKUP_HOOK
- The name of the hook (i.e. pre-backup-hook, etc). This allows a single hook script to serve as the implementation for multiple hooks.
- RSBACKUP_HOST
- The name of the host.
- RSBACKUP_SSH_HOSTNAME
- The SSH hostname of the host.
- Recall that rsbackup treats the hostname localhost specially. If the hook also needs to do so then it must duplicate this logic.
- RSBACKUP_SSH_TARGET
- The SSH hostname and username combined for passing to ssh(1).
- This will be username@hostname or just hostname depending on whether a SSH username was set.
- RSBACKUP_SSH_USERNAME
- The SSH username of the host. If no SSH username was set, this variable will not be set.
- RSBACKUP_STATUS
- (Only for post-backup-hook). Either ok or failed.
- RSBACKUP_STORE
- The path to the store directory where the device is mounted.
- RSBACKUP_VOLUME
- The name of the volume.
- RSBACKUP_VOLUME_PATH
- The path to the volume.
The error output from backup hooks is stored in the same backup record as the output from rsync.
NOTE: The current behavior is that the pre/post backup hooks are run separately for each backup. In a future version, they may be run only once for all backups of a given volume, in which case RSBACKUP_DEVICE will no longer be set.
See rsbackup-snapshot-hook(1) for a hook program that can be used to back up from Linux LVM snapshots.
BACKUP LIFECYCLE
Adding A New Host
To add a new host create a host entry for it in the configuration file.To back up the local host, specify hostname localhost. Otherwise you can usually omit hostname.
You may want to set host-wide values for prune-age, max-age and min-backups.
A host with no volumes has no effect.
Adding A New Volume
To add a new volume create a volume entry for it in the relevant host section of the configuration file.Add exclude options to skip files you don't want to back up. This might include temporary files and the contents of "trash" directories.
If the volume contains mount points, and you want to back up the contents of the subsiduary filesystems, then be sure to include the traverse option.
You may want to set per-volume values for prune-age, max-age and min-backups.
Adding A New Device
To add a new device, format and mount it and create a device-id file in its top-level directory. Add a device entry for it in the configuration file and a store entry mentioning its usual mount point.Under normal circumstances you should make sure that the backup filesystem is owned by root and mode 0700.
Making Backups
To backup up all available volumes to all available devices:rsbackup --backupYou will probably want to automate this. To only back up a limited set of volumes specify selection arguments on the command line.
Pruning Backups
To prune old backups:rsbackup --prune --prune-incompleteYou will probably want to automate this.
An "incomplete backup" occurs when a backup of a volume fails or is interrupted before completion. They are not immediately deleted because rsync may be able to use the files already transferred to save effort on subsequent backups on the same day, or (if there are no complete backups to use for this purpose) later days.
Retiring A Host
Retiring a host means removing all backups for it. The suggested approach is to remove configuration for it and then use rsbackup --retire HOST to remove its backups too. You can do this the other way around but you will be prompted to check you really meant to remove backups for a host still listed in the configuration file.If any of the backups for the host are on a retired device you should retire that device first.
Retiring A Volume
Retiring a volume means removing all backups for it. It is almost the same as retiring a whole host but the command is rsbackup --retire HOST:VOLUME.You can retire multiple hosts and volumes in a single command.
Retiring A Device
Retiring a device just means removing the records for it. Use rsbackup --retire-device DEVICE to do this. The contents of the device are not modified; if you want that you must do it manually.You can retire multiple devices in a single command.
RESTORING
Restore costs extra l-)Manual Restore
The backup has the same layout, permissions etc as the original system, so it's perfectly possible to simply copy files from a backup directory to their proper location.Be careful to get file ownership right. The backup is stored with the same numeric user and group ID as the original system used.
Until a backup is completed, or while one is being pruned, a corresponding .incomplete file will exist. Check for such a file before restoring any given backup.
Restoring With rsync
Supposing that host chymax has a volume called users in which user home directories are backed up, and user rjk wants their entire home directory to be restored, an example restore command might be:rsync -aSHz --numeric-ids /store/chymax/users/2010-04-01/rjk/. chymax:~rjk/.
You could add the --delete option if you wanted to restore to exactly the status quo ante, or at the opposite extreme --existing if you only wanted to restore files that had been deleted.
You might prefer to rsync back into a staging area and then pick files out manually.
Restoring with tar
You could tar up a backup directory (or a subset of it) and then untar it on the target. Remember to use the --numeric-owner option to tar.STORE VALIDITY
A store may be in the following states:- available
- The store can be used for a backup.
- unavailable
- The store cannot be used for a backup. Normally this does not generate an error but --warn-store
can be used to report warnings for all unavailable stores, and if no store is available then the problems with the unavailable stores are described.- bad
- The store cannot be used for a backup. This always generates an error message, but does not prevent backups to other stores taking place.
- fatally broken
- The store cannot be used for a backup. The program will be terminated.
The states are recognized using the following tests (in this order):
- If the store path does not exist, the store is bad.
- If the store does not have a device-id file then it is unavailable. If it has one but reading it raises an error then it is bad.
- If the store's device-id file contains an unknown device name then it is bad.
- If the store's device-id file names the same device as some other store then it is fatally broken.
- If the store is not owned by root then it is bad. This check can be overridden with the public directive.
- If the store can be read or written by group or world then it is bad. This check can be overridden with the public directive.
FILES
- /etc/rsbackup/config
- Configuration file.
- LOGS/backups.db
- The backup records. See SCHEMA below.
- STORE/HOST/VOLUME/YYYY-MM-DD
- One backup for a volume.
- STORE/HOST/VOLUME/YYYY-MM-DD.incomplete
- Flag file for an incomplete backup.
SCHEMA
backups.db is a SQLite database. It contains a single table with the following definition:CREATE TABLE backup ( host TEXT, volume TEXT, device TEXT, id TEXT, time INTEGER, pruned INTEGER, rc INTEGER, status INTEGER, log BLOB, PRIMARY KEY (host,volume,device,id) )Each row represents a completed backup. The meanings of the fields are as follows:
- host
- The name of the host the backup was taken from.
- volume
- The name of the volume the backup was taken from.
- device
- The name of the device the backup was written to.
- id
- The unique identifier for the backup. Currently this is the date the backup was made, in the format YYYY-MM-DD but this may be changed in the future.
- time
- The time that the backup was started, as a time_t.
- pruned
- The time that backup pruning started (if it is underway) or finished (if it is complete), as a time_t.
- rc
- The exit status of the backup process. 0 means success.
- status
- Status of this backup. See below.
- log
- The log output of rsync(1) and hooks. If the backup status is pruning or pruned (see below) then this contains the reason for the pruning.
Possible status values are:
- 0
- Unknown status. Not normally seen.
- 1
- Internally this means the backup is underway. If seen externally after rsbackup terminates it means the backup is incomplete.
- 2
- Backup is complete.
- 3
- Backup has failed.
- 4
- Pruning has started.
- 5
- Pruning has completed.
rsbackup is not designed with concurrent access to this table in mind. Therefore it is recommended that you only modify its contents when the program is not running.
HISTORICAL BEHAVIOR
Older versions of rsbackup stored the logs for each backup in a separate file. If such files are encountered then rsbackup will automatically populate backups.db from them and then delete them.Older versions of rsbackup logged pruning information to a pruning logfile. These files will be deleted at the same rate as records of pruned backups in the database. They are not included in the report.