Skip to content
jdimatteo edited this page Oct 7, 2013 · 61 revisions

Gmail

Jenkins

  • install documented at misc-2
  • ssh tunneling (great for remote system admin) example:
  • only the bradneradmin user currently has permission to create/configure jobs
  • the jenkins user has sudo permission to run some backup scripts in /root/backup-scripts/ ** the jenkins user should still be safe to use for other jobs, and it would be fine to allow any authenticated user access to configure/create jenkins jobs *** I was careful to not allow the jenkins user to run arbitrary backup commands (which would allow a user to backup files they don't have access to to arbitrary locations, or restore files they wouldn't normally have access to)

Backups

Backups are not yet running -- below is the intended and incomplete configuration documentation!

  • weekly rdiff-backup incremental backups to /crusader
  • mysql backup
    • probably will use automysqlbackup to backup to crusader directly (e.g. table foo backed up to /crusader/backup/automysqlbackup/foo.tar.gz) with last 5 backups stored as well
  • backed up file paths:
TOD Path Backup Path
/ark /crusader/backup/rdiff-backup/ark/
/raider /crusader/backup/rdiff-backup/raider
/mnt/d0-0/share/bradnerlab/ /crusader/backup/rdiff-backup/mnt/d0-0/share/bradnerlab/
/ifs/labs/bradner/ /crusader/backup/rdiff-backup/ifs/labs/bradner/
/ --exclude /proc --exclude /sys --exclude /tmp --exclude /media --exclude /ark --exclude /raider --exclude /mnt --exclude /ifs --exclude /crusader /crusader/backup/rdiff-backup/root_directory/
  • background on rdiff-backup: http://www.backupcentral.com/wiki/index.php/Rdiff-backup
  • backups will be scheduled by Jenkins
    • there will be an backup-full job that triggers 6 other jobs: one for the mysql backup, and one for each of the 5 paths
      • the jobs can run in parellel
      • if any jobs fail, Charles and John will be emailed
    • I will create scripts that run the rdiff-backup commands, and give the jenkins user sudo permissions to run the scripts -- this will permit the backups to run as root so that all files will be backed up regardless of permission, while also not allowing the jenkins user to run arbitrary rdiff-backup commands as root. /crusader/backup/ will only be readable by root. Charles suggested that /crusader has good physical security, so this should be secure enough
    • there should also be a job run monthly to transfer a backup to Amazon glacier, probably using duplicity

Clone this wiki locally