Short blog post to post a script I wrote to backup LXC containers with encryption and push notifications. 🙂
Manually backing up LXC containers was a pain and I wrote a script in some free time that I had to automate all of this. Plus it pushes updates to Twitter, Pushbullet and email and encrypts everything.
I’m using Backblaze B2 for storage. You might want to check out this post I had written.
Import and trust your PGP key
Instead of using passwords for encryption, it is a good idea to encrypt the backups with your public key. Use gpg –import publickey.txt to import and gpg –edit-key XXXXXXXX to change trust to ultimate, where XXXXXXXX is your PGP key ID.
Backing up LXC containers
We need to stop the container, take backup and restart the container. containername is the name of my container here. lxc-stop -n containername , cd /var/lib/lxc/containername/ && tar –numeric-owner -czvf backup.tar.gz ./* and lxc-start -n containername -d is enough to do that. –numeric-owner is very important. Otherwise UIDs/GIDs can get messed up.
Next you have to transfer the backup somewhere. Rsync, SFTP, Backblaze B2 are all good options. I chose to go with Backblaze B2. rsync -avh backup.tar.gz user@server:/home/user/backuplocation can be used to transfer the backup via rsync. Use gpg –yes –batch -r youremail@address.com -e -o containername.gpg containername to encrypt the container before transferring it if you want to.
Here is the final script.
#!/bin/bash
START=$(date +%s.%N)
NAME=life-project-1
BACKUP=backup-`date +%s`.tar.gz
BBBUCKET=lxc-backup
for name in containername1 containername2 containername3; do
lxc-stop -n ${name}
cd /var/lib/lxc/${name}/
tar --numeric-owner -czvf $BACKUP ./*
mv $BACKUP /home/lxcbackup/
cd /home/lxcbackup/
lxc-start -n ${name} --daemon
gpg --yes --batch -r me@varunpriolkar.com -e -o $BACKUP.gpg $BACKUP
SHA=`sha1sum $BACKUP.gpg | awk '{print $1}'`
rm -rf $BACKUP
b2 upload_file --sha1 $SHA $BBBUCKET $BACKUP.gpg ${name}/$BACKUP.gpg
rm -rf $BACKUP.gpg
done
END=$(date +%s.%N)
DIFF=$(echo "$END - $START" | bc)
curl "http://api.pushingbox.com/pushingbox?devid=vC05489GH3938G74&time=$DIFF"
The script should be self explanatory. If you didn’t understand something, it might be useful to check out my earlier post linked above. Also replace containername1, containername2, containername3 with containers you want to backup. You can add in as many containers as you want. You might be wondering about the last line. Let me explain.
Automated status updates
Yesterday my friend told me about PushingBox. It essentially allows you to send notifications to configured services without any charges for small usage. So I thought it would be nice to add in that as well. After signing up, set up services you may like in from the My Services menu. Then head on over to My Scenarios menu, create a new scenario and click manage.
The PushingBox service is really nice
Note the device ID and use $time$ to send the time variable to the service. The API info is here. That’s about it. Use curl “http://api.pushingbox.com/pushingbox?devid=vC05489GH3938G74&time=1234” to test, where vC05489GH3938G74 is the device ID. This is what the tweet looks like. Email, Pushbullet worked for me too.
Varun bot: All LXC containers on @ContaboCom backed up to @backblaze B2. Time taken: 1824.416336502 seconds. (04:23:58)
— Varun Priolkar (@thebluehue_) December 1, 2016
Automating everything with cron
I use cron to automate the script to run every 3 days at midnight server time, which works out to 4.30 AM IST, doesn’t slow down the site for most of the viewers. Type in crontab -e and put in 0 0 */3 * * /home/lxc.sh , where /home/lxc.sh is the path to the script. Make sure you do chmod +x lxc.sh too.
Restoring the backup
To restore the backup, transfer the backup to the intended location, decrypt the encrypted backup with gpg –decrypt backup.tar.gz.gpg > backup.tar.gz, run mkdir /var/lib/lxc/containername/ && cd /var/lib/lxc/containername/ to create the LXC directory and finally run && tar –numeric-owner -xzvf backup.tar.gz ./* after copying backup.tar.gz to /var/lib/lxc/containername directory.
Like with any backup, please do try out a restore before you can completely trust it.
Do let me know if you have any queries or if it isn’t working for you.
I’ve been browsing online greater than 3 hours nowadays, but I by no
means found any attention-grabbing article like yours.
It is lovely worth sufficient for me. Personally,
if all web owners and bloggers made good content material as
you probably did, the net will be a lot more helpful than ever before.