On some workloads, a process creating backups should not become so
aggressive on resources that it prevents normal activity of a machine
from running. It is especially important when writing to disk.
One way to make backups have less impact on the main workload is to
force backups to a lower ionice level.
With the new ionicelevel configuration, it becomes possible for users to
activate the use of ionice and to define the level within the
best-effort class to better suit their needs.
Since the luks headers backup was introduced in the handler, cryptsetup
has gained the "luksHeaderBackup" command. We should use this instead
of dd, as it is likely more reliable. Plus, it supports backing up luks
version 2 headers, which the current code doesn't handle.
The previous sfdisk-based command would also list partitions, leading to
partition-based luks volumes being duplicated. Instead, reuse the same
command used in the partition backup component.
The check for the string length in the condition for appending the $create_options fails because it isn't a string. Fixed with quoting the variable.
Change-Id: I6bdacb81f25cf924dc61e3aa6f4b8ebfbe09da65
Signed-Off-By: Emil Breiner <emil.breiner@krumedia.com>
borg will by default create its cache directory in ~/.cache/borg. This
means that during backup runs, borg will read and write quite
extensively from/to this directory.
In some situations, it is rather undesirable to have this amount of IO
activity in this location and it would make sense to tell borg to place
its cache elsewhere. This can help for example with placing the cache on
a hard drive where the added IO load will not have as big of an impact
on other running activity for the system.
This change also makes sure that the cache directory environment
variable is cleared out when the configuration option is unset. This
should avoid unpleasant surprises when this environment variable is set
to some unknown value in the context where backupninja is called, which
could lead to borg reading and writing to random places on the system.
This enables the handlers to be used for hosts which use a non-standard
port, such as is offered by some commercial services. Default to port
22, so it's optional and backwards-compatible.
It seems like only the short output of hwinfo --disk is provided to hardware.txt. I'd suggest we also add disk to the flags for the "complete" output.
That's especially useful when you need to indicate the serial number of a dead drive in order for it to be replaced. Once the disk is dead, using hardware.txt can be the only way to retrieve this info.
Removing the quote and semicolon characters should be sufficient to
prevent breaking out of the shell command, but this may need reviewed
by someone more knowlegeable in shell scripting.
This allows the handler to fully make use of the advanced command-line
options for "borg create", such as the replaced "exclude*" options and
others like "--read-special" and "--numeric-owner".
The effect of "keep*" options is not straightforward to understand, so
replacing it with a simpler "keep" option, which replicates the
functionality of other backupninja handlers. This also simplifies the
helper, as the use is then only asked how many days of backups to keep.
At the same time, we add "prune_options" which allows for the use of the
"keep*" options as well as other useful prune options, like "--prefix".
Archive names must be unique, so if the backup runs more than once per
day with the previous default, it will throw and error because of the
duplicate archive name. This is also consistent with the addition of
the keephourly prune option.
Without this change, e.g. 0.5.20 would not get --extra-clean, while it should.
Granted, the new test is buggy too, e.g. 0.7.1 will get --extra-clean,
while it should not. Will report that to Redmine.
duplicity >=0.6.20 now correctly removes useless signature files and
therefore the cache directory doesn't grow infinitely any more. Using
--extra-clean removes all signatures except from the last chain and so
renders older chains unusable, don't use it by default any more.
See: https://bugs.launchpad.net/duplicity/+bug/519948
A fix for debian #677410 on commit 29dcdbae introduces a new issue on wheezy
machines where some rsync_options gets out of the rsync command quotes when
invoked by su.
As reported, running backupninja through `bash -x` shows that the `--delete`
option from the rsync command is not included in the single quote for the `su
-c` command:
nice -n 0 su -c '/usr/bin/rsync -av' --delete '--recursive
--delete-excluded //home/ /tmp/test//home//'
This patch attempt to solve that issue by using the intermediary variable
$command.
previously the code was modeled off of the partition backup methodology, this resulted in the code only attempting to detect luks on actual devices, and not on partitions. The code would step through every disk on the system (sda, sdb, etc.) and do a 'cryptsetup isLuks' on that device, and then based on that output save the luks header for any device that had one. Unfortunately, in many cases, luks headers are found on the partitions of those disks. So we were failing to detect any luks partitions and thus failing to backup their luks headers.
this commit changes that, it now will look for luks headers on the devices themselves (for cases where a full disk is used without partitions), and on any partitions that are detected