Skip to content
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.
/ banana Public archive

Enterprise-grade, fully secured backuping system

Notifications You must be signed in to change notification settings

enix/banana

Repository files navigation

The banana project

Introduction

Banana is an enterprise-grade, fully secured, backuping system.

It has been developed as an alternative to backuppc which is quite powerful ... but may put your content at risk.

The Banana project aims to backup thousands of nodes, without requiring direct (centralized) access to them. All backups are ciphered prior to their push to a storage backend. All credentials or keys are managed through the usage of vault from HashiCorp.

We took extra hours to make sure that both the installation and usage of banana is as simple as it can be from an ergonomy standpoint. Please feel free to suggest any complex area we might have missed.

The current status of the project is alpha.

Features

  • Privilege separation
    • Storage only sees encrypted backups
    • Central components do not have access to storage and do not have access to any credentials
    • vault do not have access to storage, neither to nodes
    • Nodes can reach storage, vault and central components, the opposite is not true
  • Minimal security risks on nodes
    • Nodes push their status (excluding any credential) to a centralized component
    • Nodes get temporary backup ciphering key from vault
    • Nodes encrypts their backup prior to pushing them.
  • All Backups are monitored, including alerting, through central component
  • A Web UI provides consolidated information about all backup jobs and status
  • Support for various backup types through a plugin based implementation
    • FileSystem
    • Databases (Mysql, Etcd, ...)
  • Support for multiple storage backends: S3, Swift, NFS, Samba, ...
  • Encryption-at-rest on storage backends

Project composition

Banana is compound of :

  • bananaui: A centralised "watch tower"
  • bananagent: An agent to be launched on any node to backup
  • bananadm: An administrative configuration helper

Banana depends on other components in order to work :

  • At least one storage backend
  • A running vault instance (although bananadm can set it up for you)

Installation

If you're in a hurry, you can checkout the quickstart guide. Otherwise, feel free to explore the complete install guide to setup banana.

Upgrade

See the upgrade guide to upgrade banana.

Plugins

See the plugin reference to install or implement plugins.