astrails-safe 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/README.markdown +160 -0
  2. data/VERSION.yml +1 -1
  3. metadata +3 -3
  4. data/README.rdoc +0 -132
data/README.markdown ADDED
@@ -0,0 +1,160 @@
1
+ astrails-safe
2
+ =============
3
+
4
+ Simple mysql and filesystem backups with S3 support (with optional encryption)
5
+
6
+ Motivation
7
+ ----------
8
+
9
+ We needed a backup solution that will satisfy the following requirements:
10
+
11
+ * opensource
12
+ * simple to install and configure
13
+ * support for simple ‘tar’ backups of directories (with includes/excludes)
14
+ * support for simple mysqldump of mysql databases
15
+ * support for symmetric or public key encryption
16
+ * support for local filesystem and Amazon S3 for storage
17
+ * support for backup rotation. we don’t want backups filling all the diskspace or cost a fortune on S3
18
+
19
+ And since we didn't find any, we wrote our own :)
20
+
21
+ Usage
22
+ -----
23
+
24
+ Usage:
25
+ astrails-safe [OPTIONS] CONFIG_FILE
26
+ Options:
27
+ -h, --help This help screen
28
+ -v, --verbose be verbose, duh!
29
+ -n, --dry-run just pretend, don't do anything.
30
+ -L, --local skip S3
31
+
32
+ Note: CONFIG_FILE will be created from template if missing
33
+
34
+ Encryption
35
+ ----------
36
+
37
+ If you want to encrypt your backups you have 2 options:
38
+ * use simple password encryption
39
+ * use GPG public key encryption
40
+
41
+ For simple password, just add password entry in gpg section.
42
+ For public key encryption you will need to create a public/secret keypair.
43
+
44
+ We recommend to create your GPG keys only on your local machine and then
45
+ transfer your public key to the server that will do the backups.
46
+
47
+ This way the server will only know how to encrypt the backups but only you
48
+ will be able to decrypt them using the secret key you have locally. Of course
49
+ you MUST backup your backup encryption key :)
50
+ We recommend also pringing the hard paper copy of your GPG key 'just in case'.
51
+
52
+ The procedure to create and transfer the key is as follows:
53
+
54
+ 1. run 'gpg --gen-gen' on your local machine and follow onscreen instructions to create the key
55
+ (you can accept all the defaults).
56
+
57
+ 2. extract your public key into a file (assuming you used test@example.com as your key email):
58
+ gpg -a --export test@example.com > test@example.com.pub
59
+
60
+ 3. transfer public key to the server
61
+ scp backup@example.com root@example.com:
62
+
63
+ 4. import public key on the remote system:
64
+ <pre>
65
+ $ gpg --import test@example.com.pub
66
+ gpg: key 45CA9403: public key "Test Backup <test@example.com>" imported
67
+ gpg: Total number processed: 1
68
+ gpg: imported: 1
69
+ </pre>
70
+
71
+ 5. since we don't keep the secret part of the key on the remote server, gpg has
72
+ no way to know its yours and can be trusted.
73
+ To fix that we can sign it with other trusted key, or just directly modify its
74
+ trust level in gpg (use level 5):
75
+
76
+ <pre>
77
+ $ gpg --edit-key test@example.com
78
+ ...
79
+ Command> trust
80
+ ...
81
+ 1 = I don't know or won't say
82
+ 2 = I do NOT trust
83
+ 3 = I trust marginally
84
+ 4 = I trust fully
85
+ 5 = I trust ultimately
86
+ m = back to the main menu
87
+
88
+ Your decision? 5
89
+ ...
90
+ Command> quit
91
+ </pre>
92
+
93
+ 6. export your secret key for backup
94
+ (we recommend to print it on paper and burn to a CD/DVD and store in a safe place):
95
+
96
+ > gpg -a --export-secret-key test@example.com > test@example.com.key
97
+
98
+
99
+ Example configuration
100
+ ---------------------
101
+ <pre>
102
+ safe do
103
+ local :path => "/backup/:kind/:id"
104
+
105
+ s3 do
106
+ key "...................."
107
+ secret "........................................"
108
+ bucket "backup.astrails.com"
109
+ path "servers/alpha/:kind/:id"
110
+ end
111
+
112
+ gpg do
113
+ # symmetric encryption key
114
+ # password "qwe"
115
+
116
+ # public GPG key (must be known to GPG, i.e. be on the keyring)
117
+ key "backup@astrails.com"
118
+ end
119
+
120
+ keep do
121
+ local 2
122
+ s3 2
123
+ end
124
+
125
+ mysqldump do
126
+ options "-ceKq --single-transaction --create-options"
127
+
128
+ user "root"
129
+ password "............"
130
+ socket "/var/run/mysqld/mysqld.sock"
131
+
132
+ database :blog
133
+ database :servershape
134
+ database :astrails_com
135
+ database :secret_project_com
136
+
137
+ end
138
+
139
+ tar do
140
+ archive "git-repositories", :files => "/home/git/repositories"
141
+ archive "dot-configs", :files => "/home/*/.[^.]*"
142
+ archive "etc", :files => "/etc", :exclude => "/etc/puppet/other"
143
+
144
+ archive "blog-astrails-com" do
145
+ files "/var/www/blog.astrails.com/"
146
+ exclude ["/var/www/blog.astrails.com/log", "/var/www/blog.astrails.com/tmp"]
147
+ end
148
+
149
+ archive "astrails-com" do
150
+ files "/var/www/astrails.com/"
151
+ exclude ["/var/www/astrails.com/log", "/var/www/astrails.com/tmp"]
152
+ end
153
+ end
154
+ end
155
+ </pre>
156
+
157
+ Copyright
158
+ ---------
159
+
160
+ Copyright (c) 2009 Astrails Ltd. See LICENSE for details.
data/VERSION.yml CHANGED
@@ -1,4 +1,4 @@
1
1
  ---
2
- :patch: 3
2
+ :patch: 4
3
3
  :major: 0
4
4
  :minor: 1
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: astrails-safe
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Astrails Ltd.
@@ -30,10 +30,10 @@ extensions: []
30
30
 
31
31
  extra_rdoc_files:
32
32
  - LICENSE
33
- - README.rdoc
33
+ - README.markdown
34
34
  files:
35
35
  - LICENSE
36
- - README.rdoc
36
+ - README.markdown
37
37
  - Rakefile
38
38
  - VERSION.yml
39
39
  - bin/astrails-safe
data/README.rdoc DELETED
@@ -1,132 +0,0 @@
1
- = astrails-safe
2
-
3
- Simple mysql and filesystem backups with S3 support (with optional encryption)
4
-
5
- Usage:
6
- astrails-safe [OPTIONS] CONFIG_FILE
7
- Options:
8
- -h, --help This help screen
9
- -v, --verbose be verbose, duh!
10
- -n, --dry-run just pretend, don't do anything.
11
- -L, --local skip S3
12
-
13
- Note: CONFIG_FILE will be created from template if missing
14
-
15
- If you want to encrypt your backups you have 2 options:
16
- * use simple password encryption
17
- * use GPG public key encryption
18
-
19
- For simple password, just add password entry in gpg section.
20
- For public key encryption you will need to create a public/secret keypair.
21
-
22
- We recommend to create your GPG keys only on your local machine and then
23
- transfer your public key to the server that will do the backups.
24
-
25
- This way the server will only know how to encrypt the backups but only you
26
- will be able to decrypt them using the secret key you have locally. Of course
27
- you MUST backup your backup encryption key :)
28
- We recommend also pringing the hard paper copy of your GPG key 'just in case'.
29
-
30
- The procedure to create and transfer the key is as follows:
31
-
32
- 1. run 'gpg --gen-gen' on your local machine and follow onscreen instructions to create the key
33
- (you can accept all the defaults).
34
-
35
- 2. extract your public key into a file (assuming you used test@example.com as your key email):
36
- gpg -a --export test@example.com > test@example.com.pub
37
-
38
- 3. transfer public key to the server
39
- scp backup@example.com root@example.com:
40
-
41
- 4. import public key on the remote system:
42
- $ gpg --import test@example.com.pub
43
- gpg: key 45CA9403: public key "Test Backup <test@example.com>" imported
44
- gpg: Total number processed: 1
45
- gpg: imported: 1
46
-
47
- 5. since we don't keep the secret part of the key on the remote server, gpg has
48
- no way to know its yours and can be trusted.
49
- To fix that we can sign it with other trusted key, or just directly modify its
50
- trust level in gpg (use level 5):
51
-
52
- $ gpg --edit-key test@example.com
53
- ...
54
- Command> trust
55
- ...
56
- 1 = I don't know or won't say
57
- 2 = I do NOT trust
58
- 3 = I trust marginally
59
- 4 = I trust fully
60
- 5 = I trust ultimately
61
- m = back to the main menu
62
-
63
- Your decision? 5
64
- ...
65
- Command> quit
66
-
67
- 6. export your secret key for backup
68
- (we recommend to print it on paper and burn to a CD/DVD and store in a safe place):
69
-
70
- gpg -a --export-secret-key test@example.com > test@example.com.key
71
-
72
-
73
- Example configuration:
74
-
75
- safe do
76
- local :path => "/backup/:kind/:id"
77
-
78
- s3 do
79
- key "...................."
80
- secret "........................................"
81
- bucket "backup.astrails.com"
82
- path "servers/alpha/:kind/:id"
83
- end
84
-
85
- gpg do
86
- # symmetric encryption key
87
- # password "qwe"
88
-
89
- # public GPG key (must be known to GPG, i.e. be on the keyring)
90
- key "backup@astrails.com"
91
- end
92
-
93
- keep do
94
- local 2
95
- s3 2
96
- end
97
-
98
- mysqldump do
99
- options "-ceKq --single-transaction --create-options"
100
-
101
- user "root"
102
- password "............"
103
- socket "/var/run/mysqld/mysqld.sock"
104
-
105
- database :blog
106
- database :servershape
107
- database :astrails_com
108
- database :secret_project_com
109
-
110
- end
111
-
112
-
113
- tar do
114
- archive "git-repositories", :files => "/home/git/repositories"
115
- archive "dot-configs", :files => "/home/*/.[^.]*"
116
- archive "etc", :files => "/etc", :exclude => "/etc/puppet/other"
117
-
118
- archive "blog-astrails-com" do
119
- files "/var/www/blog.astrails.com/"
120
- exclude ["/var/www/blog.astrails.com/log", "/var/www/blog.astrails.com/tmp"]
121
- end
122
-
123
- archive "astrails-com" do
124
- files "/var/www/astrails.com/"
125
- exclude ["/var/www/astrails.com/log", "/var/www/astrails.com/tmp"]
126
- end
127
- end
128
- end
129
-
130
- == Copyright
131
-
132
- Copyright (c) 2009 Astrails Ltd. See LICENSE for details.