Backup Script to remote server

Community Builds, Projects & Packages
1

I wrote a simple process/script for backing up to a remote system using SSH.
This does not write a local backup file but sends it without writing to the storage.

This is great for limited storage systems or when you want to limit writes to an SD card. You will need a remote system with SSH and a user identity on that system.

First, create a directory called "bkupscript" in your /root/ directory:
mkdir /root/bkupscript

Next, generate a dropbear SSH key on the openwrt system, and then display the public key:
dropbearkey -t rsa -f /root/bkupscript/id_rsa -s 4096
dropbearkey -f /root/bkupscript/id_rsa -y

The public key displayed will need to be placed on the remote system. This will go in the user's authorized_keys file. Test SSH to the remote system and make sure it is working with no key warnings and does not require a password.

Now create a script file in your backup script directory that will be executed on the openwrt system.
touch backup_script.sh && chmod +x backup_script.sh

Edit the file and insert and edit the following lines. If you are into short instead of descriptive you can simplify and skip the variables, but the method of using variables makes it easier to modify in the future, IMO.

#!/bin/sh

SSHKEY="/root/bkupscript/id_rsa"
DESTUSER="openwrtbak"
DESTSVR="10.10.10.10"
DESTFILEPREFIX="/home/openwrtbak/backups/openwrt_backup_"

####

date=$(TZ=America/Denver date +%Y%m%d-%H%M)

###

# Backup command

tar cfvz - $(sysupgrade -l) $SSHKEY $0 | ssh -i $SSHKEY $DESTUSER@$DESTSVR "cat > $DESTFILEPREFIX$date.tar.gz"

Now schedule this in cron to a frequency of your liking:
0 21 * * 1,3,5 /root/bkupscript/backup_script.sh

The script uses the command "sysupgrade -l" that would provide the list of files that would be backed up and appends the SSH key file and the backup script itself. This is provided to the tar create/compress command, piped through SSH and stored on the remote system, never written to the storage on the openwrt system. It's simple! I tried doing it all with the "sysupgrade -b" command but there is no quiet mode that would allow for a STDOUT/STDIN method to transfer it.

Thoughts?

2

Would not work with most routers, as the bash shell is not installed. Just use the normal /bin/sh shebang.

2 Likes
3

Storing the file to /tmp ramdisk and then copying it with scp should also work?
That might be more intuitive than using the stdout and remote cat approach.

3 Likes
4

Easy fix! Script does not use anything bash-specific

5

I appreciate the feedback and suggestions!

This is opinion, but why store a file locally and then transfer and then remove if you don't need it?

To me this is easy and a better than local writes, but it is a probably a preference choice. In ~25 years of administering *nix systems I have seen local writes fail and wished I could have gotten one last backup. More than likely if local write failed you are really hosed, but there is a chance it could work. Writing to the RAM disk is probably safest considering the size but skipping that step is best in my opinion.

My next step is to also do a periodic bare-metal restore disk image using dd through SSH pipe and that definitely should not be written to local system.

6

Probably not that practical with nand flash (found in most current routers). Worked better with the old nor flash. With nand, the bad blocks and ubifs will change the picture...

You might look into the ROM + overlay, that is in most OpenWrt routers. It makes no sense to read and backup the static firmware image, which you already should have on the PC form which used flashed the image. Usually it is enough to backup all your changes from /overlay/upper.

Disregard the advice if you are using a x86 with SSD, something with sdcard or so. But if you are talking about a normal router, you might first look more closely to the file systems in use.

7

Checking help of sysupgrade provides this information:

backup-command:
	-b | --create-backup <file>
	             create .tar.gz of files specified in sysupgrade.conf
	             then exit. Does not flash an image. If file is '-',
	             i.e. stdout, verbosity is set to 0 (i.e. quiet).

My interpretation is that there's a quiet mode.