[Mageia-sysadm] Backups

Michael Scherer misc at zarb.org
Mon Nov 15 18:35:20 CET 2010 

Hi ( again ),

While doing some unrelated work, I have see that we do not have a backup
strategy at the moment. 

While a server is planned to be setup for this ( fiona ), we do not have
it at the moment ( as this requires money, that requires a bank account,
that requires feedback from french administration ).

So, in order to decide, we need to know :
- what do we backup ?
  - ldap
  - sql dump of the database
  - svn dump ( which will lead to my next mail )
  - /etc/ /usr/local/, in case someone forget to add something to puppet
  - CA certificate, once we will have them
  - gpg keys, once we have them
  - logs, as required by french laws ( 1 year of logs, no precision
about the amount of data in it ). My own experience with law enforcement
agency showed me that it doesn't change much usually
  - mail archives
  - irc logs 

See also with others teams if something was forbidden ( but since we
should be the only one to have access to servers, this should not be a
issue ).


This requires some work, first to estimate the required ressources and
the projected growth, then to decide the required strategy
( incremential, full, etc ).
 
I would also highlight the need to have encrypted backups for the more
sensible set of data, to be sure that passwords keys and others do not
leave valstar in cleartext, and are not stored in form that someone
could decipher.

Of course, the usual free/packaged/maintained/no-ressource-hog stanza
apply for the software we will use.

Any volunteer for the tasks :

- evaluate the needs
  - discuss with all teams to check we do not forget anything
- propose and document a backup strategy, based on what we have and what
we need
  - off site backup is nice, but we may not have the choice
  - take in account that a new server is planned, so check with dams
( who was taked of taking care of this ) for the requirement

- setup the backups 
- setup some kind of monitoring of the backup ( disc space )
  
- check the backups are secure ( I can help on this part )

- write a clear documentation about backup restauration 
- do regular testing of the previous procedure

ideally, a test of a emergency restoration would be nice ( ie, let's
assume that alamut exploded and is unusable and need to be restored ),
but this would requires a spare computer, lots of disk, bandwidth and
time.

-- 
Michael Scherer

More information about the Mageia-sysadm mailing list