diff --git a/README.md b/README.md index 41cce07..d45b5a6 100644 --- a/README.md +++ b/README.md @@ -1,70 +1,70 @@ -# miyagi-pbs-zfs -Secure Proxmox PVE with Proxmox Backup Server PBS and ZFS Pull Replication with a mostly turned off System -Optimize Processes without colliding Replications, Backups, Monitorings or Scrubs -Save lot of Money with less performant Hardware - -Start it with bash miyagi-pbs-zfs -c configfile - -There are german payed Lessons here: -14. + 16.05.2024 (13-17h) - Replikationen und Backups Trojanersicher (V2) - on https://cloudisevil.com - -You also can searh vor sysops.tv or zfs. rocks on YouTube #miyagi - an english Tutorial will follow! - -What it does -Miyagi said, best defense, no be there - -Usecase -Proxmox Backupserver is running unnecessarly 24/7 -ZFS Replication is usually done by a zfs send, so its a push - -What if our Backup/Replicaserver is turned off most the time, nobody can attack it - -Consider not using a Gateway, use Routes! - -Prerequisites - -Proxmox with ZFS on Host to Backup/Replicate - we recommend check_mk Agent for automaticly added Tests -Proxmox with ZFS on Target Machine - it´s WOL MAC Address -Proxmox Backup Server as a VM oder better PCT on Target machine -Proxmox Backup Server Datastore has to be Setup on Source -Your contet of your Public Key of the Target Host .ssh/id_rsa.pub added to - Host to Backup .ssh/authorized_keys - Proxmox Backup Server on Target Host .ssh/authorized_keys -ssh one from your Target Host to Source Host and PBS to confirm Host Key with a yes - -At all Proxmox 'apt install zfs-auto-snapshot -y' -Target Hosts needs the following tools to be installed - - https://github.com/bashclub/zsync - https://github.com/bashclub/check-zfs-replication - -Any Host waking up the Target Host or a daily Cronjob - -What we do... - -Turning on the Computer with a @reboot Cron - -@reboot /root/pbs-zfs-daily.sh -c 200-ssd.conf && /root/pbs-zfs-daily.sh -c 200-hdd.conf - -So Miyagi at this point can pull two ZFS-Datastores to one Target Datastore, using the full Path of ZFS for Naming. -If you have multiple Target Datasets, please run multiple Configs and disable Proxmox Backup Server! -Miyagi will tag your Source for Replication with Zsync! - -Replicating by a Pull with https://github.com/bashclub-zsync -Pushing a Report to Proxmox Source Host, monitored by Check_MK unsing https://github.com/bashclub/checkzfs -The Report will be found by Check_MK´s built in Autdiscovery for new Services. -Data will be valid vor about one Day (90000s) bevore it expires. -So there nothing can go wrong! - -Regarding to the Weekday doing Maintenance on Proxmox Backup Server for getting more free Space. -Triggering a Push Backup with PBS (only Way to do) Backup to PBS and checking Exitcode for Report -Reporting PBS Result with 100% certainty in compact OK/WARN State to backuped PVE Host using Check_MK - -Verifying older Backups -Protecting the PBS Backups with a ZFS Snapshot -Updating the Host and PBS - -TURNING OFF THE MACHINE!!! -Test Targets Tank if less than 75% free, otherwise report to Check_MK -Test Disks after PBS Maintenance, before shutdown with SmartCTL Short Test and report to Check_MK -Support multiple Sources +# miyagi-pbs-zfs +Secure Proxmox PVE with Proxmox Backup Server PBS and ZFS Pull Replication with a mostly turned off System +Optimize Processes without colliding Replications, Backups, Monitorings or Scrubs +Save lot of Money with less performant Hardware + +Start it with bash miyagi-pbs-zfs -c configfile + +There are german payed Lessons here: +14. + 16.05.2024 (13-17h) - Replikationen und Backups Trojanersicher (V2) - on https://cloudisevil.com + +You also can searh vor sysops.tv or zfs. rocks on YouTube #miyagi - an english Tutorial will follow! + +What it does +Miyagi said, best defense, no be there + +Usecase +Proxmox Backupserver is running unnecessarly 24/7 +ZFS Replication is usually done by a zfs send, so its a push + +What if our Backup/Replicaserver is turned off most the time, nobody can attack it + +Consider not using a Gateway, use Routes! + +Prerequisites + +Proxmox with ZFS on Host to Backup/Replicate - we recommend check_mk Agent for automaticly added Tests +Proxmox with ZFS on Target Machine - it´s WOL MAC Address +Proxmox Backup Server as a VM oder better PCT on Target machine +Proxmox Backup Server Datastore has to be Setup on Source +Your contet of your Public Key of the Target Host .ssh/id_rsa.pub added to + Host to Backup .ssh/authorized_keys + Proxmox Backup Server on Target Host .ssh/authorized_keys +ssh one from your Target Host to Source Host and PBS to confirm Host Key with a yes + +At all Proxmox 'apt install zfs-auto-snapshot -y' +Target Hosts needs the following tools to be installed + + https://github.com/bashclub/zsync + https://github.com/bashclub/check-zfs-replication + +Any Host waking up the Target Host or a daily Cronjob + +What we do... + +Turning on the Computer with a @reboot Cron + +@reboot /root/pbs-zfs-daily.sh -c 200-ssd.conf && /root/pbs-zfs-daily.sh -c 200-hdd.conf + +So Miyagi at this point can pull two ZFS-Datastores to one Target Datastore, using the full Path of ZFS for Naming. +If you have multiple Target Datasets, please run multiple Configs and disable Proxmox Backup Server! +Miyagi will tag your Source for Replication with Zsync! + +Replicating by a Pull with https://github.com/bashclub-zsync +Pushing a Report to Proxmox Source Host, monitored by Check_MK unsing https://github.com/bashclub/checkzfs +The Report will be found by Check_MK´s built in Autdiscovery for new Services. +Data will be valid vor about one Day (90000s) bevore it expires. +So there nothing can go wrong! + +Regarding to the Weekday doing Maintenance on Proxmox Backup Server for getting more free Space. +Triggering a Push Backup with PBS (only Way to do) Backup to PBS and checking Exitcode for Report +Reporting PBS Result with 100% certainty in compact OK/WARN State to backuped PVE Host using Check_MK + +Verifying older Backups +Protecting the PBS Backups with a ZFS Snapshot +Updating the Host and PBS + +TURNING OFF THE MACHINE!!! +Test Targets Tank if less than 75% free, otherwise report to Check_MK +Test Disks after PBS Maintenance, before shutdown with SmartCTL Short Test and report to Check_MK +Support multiple Sources \ No newline at end of file diff --git a/config.example b/config.example index dc5d43f..ede3e11 100644 --- a/config.example +++ b/config.example @@ -4,6 +4,7 @@ SSHPORT='22' #SSH Port, usually default 22 internally BACKUPSERVER=no #use yes for triggering Proxmox Backup to Store MAINTDAY=7 #1 Monday to 7 Sunday, dont start your System too late SHUTDOWN=no #No be there anymore +UPDATES=yes #Do PVE and PBS Updates after run SOURCEHOST='192.168.50.200' # IP from Proxmox VE System to be backuped and replicated daily SOURCEHOSTNAME='pve3' #Hostname of Proxmox VE System to be backuped and replicated daily diff --git a/dynroute.sh b/dynroute.sh new file mode 100644 index 0000000..6330417 --- /dev/null +++ b/dynroute.sh @@ -0,0 +1,18 @@ +# DDNS Name und Gateway +# usage dynroute.sh ddnsname yourgatewayrouter +# assuming a shutdown after usage, old routes will "not" be deleted +DDNS_HOSTNAME=$1 +GATEWAY=$2 + +#DNS via One +ip route add 1.1.1.1 via 192.168.66.1 +echo "nameserver 1.1.1.1" > /etc/resolv.conf + +# ddns auflösen +CURRENT_IP=$(dig +short $DDNS_HOSTNAME) +if [[ -z "$CURRENT_IP" ]]; then + echo "Failed to resolve IP for $DDNS_HOSTNAME" + exit 1 +fi +# route setzen +ip route add $CURRENT_IP via $GATEWAY diff --git a/pbs-zfs-daily.sh b/pbs-zfs-daily.sh index 1ddf8d1..af5c9f1 100644 --- a/pbs-zfs-daily.sh +++ b/pbs-zfs-daily.sh @@ -28,8 +28,10 @@ echo "zfs_auto_snapshot_label=$ZPUSHLABEL" >> /etc/bashclub/$SOURCEHOST.conf /usr/bin/bashclub-zsync -d -c /etc/bashclub/$SOURCEHOST.conf +CHECKZFS=$(which checkzfs) + # So one Day has 1440 Minutes, so we go condition Yellow on 1500 -/usr/local/bin/checkzfs --source $SOURCEHOST --replicafilter "$ZFSTRGT/" --filter "#$ZFSROOT/|#$ZFSSECOND/" --threshold 1500,2000 --output checkmk --prefix pull-$(hostname):$ZPUSHTAG> /tmp/cmk_tmp.out && ( echo "<<>>" ; cat /tmp/cmk_tmp.out ) > /tmp/90000_checkzfs +$CHECKZFS --source $SOURCEHOST --replicafilter "$ZFSTRGT/" --filter "#$ZFSROOT/|#$ZFSSECOND/" --threshold 1500,2000 --output checkmk --prefix pull-$(hostname):$ZPUSHTAG> /tmp/cmk_tmp.out && ( echo "<<>>" ; cat /tmp/cmk_tmp.out ) > /tmp/90000_checkzfs scp /tmp/90000_checkzfs $SOURCEHOST:/var/lib/check_mk_agent/spool/90000_checkzfs_$(hostname)_$ZPOOLSRC @@ -84,8 +86,15 @@ scp /tmp/90000_checkpbs root@$SOURCEHOST:/var/lib/check_mk_agent/spool #doing updates without regeret -apt dist-upgrade -y -ssh $PBSHOST apt dist-upgrade -y +if [[ "$UPDATES" == "yes" ]] +then + apt dist-upgrade -y + ssh $PBSHOST apt dist-upgrade -y + else + echo no Updates configured - Consider updating more often! + +fi + if [[ "$SHUTDOWN" == "yes" ]] then