Merge branch 'dev' into main

README.md

@@ -1,20 +0,0 @@
-# miyagi-pbs-zfs
-Secure Proxmox PVE with Proxmox Backup Server PBS and ZFS Pull Replication with a mostly turned off System
-
-What it does Miyagi says, best Defense, not be present
-
-Proxmox Backupserver is running unnecessarly 24/7 ZFS Replication is usually done by a zfs send, so its a push
-
-What if our Backup/Replicaserver is turned off most the time, nobody can attack it
-
-Consider not using a Gateway, use Routes!
-
-What we do...
-
-Turning on the Computer with a @reboot Cron Pulling all Datasets with ZFS Reporting ZFS Replication with 100% certainty to backuped PVE Host using Check_MK and checkzfs.py from #bashclub
-
-Regarding to the Weekday doing Maintenance on Proxmox Backup Server for getting Space Triggering a Push (only Way to do) Backup to PBS and checking Exitcode for Report Reporting PBS Result with 100% certainty in compact OK/WARN State to backuped PVE Host using Check_MK
-
-Verifying older Backups Protecting the PBS Backups with a ZFS Snapshot
-
-TURNING OFF THE MACHINE!!!

config.example

@@ -0,0 +1,27 @@
+SOURCEHOST='192.168.50.200' # IP from Proxmox VE System to be backuped and replicated daily
+SOURCEHOSTNAME='pve3' #Hostname of Proxmox VE System to be backuped and replicated daily
+
+ZFSROOT='rpool/data' #First Dataset/Datastoresourcepath from Proxmox VE System to be backuped and replicated daily
+ZFSSECOND='rpool-hdd/data' #Optional second Dataset
+ZFSTRGT='rpool-ssd1/repl/pve200' #This pulling Machines Target ZFS Sourcepath
+ZPOOLSRC=rpool #First Pool/Tank from Proxmox VE System to be backuped and replicated daily
+ZPOOLDST=rpool #This pulling Machines Pool/Tank
+ZPUSHTAG=bashclub:zsync-198-ssd #ZFS User parameter will be set on ZFSROOT and ZFSSECOND to select.
+ZPUSHMINKEEP=3 #Keep min x Snapshots on all Source Datasets to resume Replication
+ZPUSHKEEP=14 #Number of Snapshots with ZPUSHLABEL
+ZPUSHLABEL=zsync-rz #Suffix for ZFS-Auto-Snapshot Engine
+ZPUSHFILTER="" #ZPUSHLABEL will be replicated. So you can add more Patterns from ZFS, line hourly, daily, weekly, monthly.
+
+PBSHOST='192.168.50.199' #IP from your Proxmox Backupserver - dont forget to add your hosts public key to PBS authorized keys
+BACKUPSTORE=backup #Datastorename configured in your  Proxmox VE System to be backuped and replicated daily
+BACKUPSTOREPBS=backup #Datastorename configured in your Proxmox Backup Server 
+BACKUPEXCLUDE='124,3021,3022,3023,3251,3252,3253,3254' #Machines to be excluded from Proxmox Backup
+REPLEXCLUDE=$BACKUPEXCLUDE
+
+SSHPORT='22' #SSH Port, usually default 22 internally
+
+BACKUPSERVER=no
+
+MAINTDAY=7
+
+SHUTDOWN=no

pbs-zfs-daily.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+
+#Requirements for Myiagi ultimate Backup found in README! Always use a Config File!
+
+while getopts "c:" arg; do
+  case $arg in
+    c)
+      configfile=$OPTARG
+      echo $configfile
+      ;;
+esac
+done
+
+source $configfile
+
+ssh root@$SOURCEHOST zfs set $ZPUSHTAG=subvols $ZFSROOT
+
+echo "target=$ZFSTRGT" > /etc/bashclub/$SOURCEHOST.conf
+echo "source=root@$SOURCEHOST" >> /etc/bashclub/$SOURCEHOST.conf
+echo "sshport=$SSHPORT" >> /etc/bashclub/$SOURCEHOST.conf
+echo "tag=$ZPUSHTAG" >> /etc/bashclub/$SOURCEHOST.conf
+echo "snapshot_filter=$ZPUSHFILTER" >> /etc/bashclub/$SOURCEHOST.conf
+echo "min_keep=$ZPUSHMINKEEP" >> /etc/bashclub/$SOURCEHOST.conf
+echo "zfs_auto_snapshot_keep=$ZPUSHKEEP" >> /etc/bashclub/$SOURCEHOST.conf
+echo "zfs_auto_snapshot_label=$ZPUSHLABEL" >> /etc/bashclub/$SOURCEHOST.conf
+
+/usr/bin/bashclub-zsync -d -c /etc/bashclub/$SOURCEHOST.conf
+
+# So one Day has 1440 Minutes, so we go condition Yellow on 1500
+/usr/local/bin/checkzfs --source $SOURCEHOST --replicafilter "$ZFSTRGT/" --filter "#$ZFSROOT/|#$ZFSSECOND/" --threshold 1500,2000 --output checkmk --prefix pull-$(hostname):$ZPUSHTAG> /tmp/cmk_tmp.out && ( echo "<<<local>>>" ; cat /tmp/cmk_tmp.out ) > /tmp/90000_checkzfs
+
+scp /tmp/90000_checkzfs $SOURCEHOST:/var/lib/check_mk_agent/spool/90000_checkzfs_$(hostname)_$ZPOOLSRC
+
+if [[ "$BACKUPSERVER" == "no" ]]
+then 
+echo No Backup configured in this Run
+exit
+fi
+
+PRUNEJOB=$(ssh $PBSHOST proxmox-backup-manager prune-job list --output-format json-pretty | grep -m 1 "id" | cut -d'"' -f4)
+
+
+###
+
+   if [ $(date +%u) == $MAINTDAY ]; then 
+	echo "MAINTENANCE"
+
+        ssh root@$PBSHOST proxmox-backup-manager prune-job run $PRUNEJOB
+    	ssh root@$PBSHOST proxmox-backup-manager garbage-collection start $BACKUPSTOREPBS
+
+else
+    echo "Today no Maintenance" 
+fi
+
+    ssh root@$SOURCEHOST zpool scrub -s $ZPOOLSRC
+    zpool scrub -s $ZPOOLDST
+
+    ssh root@$SOURCEHOST pvesm set $BACKUPSTORE --disable 0
+
+### one Day is 86400 Seconds, so we going Condition grey if no new Status File will be pushed
+
+echo ssh root@$SOURCEHOST vzdump --node $SOURCEHOSTNAME --storage $BACKUPSTORE --exclude  $BACKUPEXCLUDE --mode snapshot --all 1 --notes-template '{{guestname}}' 
+
+if [ $? -eq 0 ]; then
+    echo command returned 0 is good
+    echo 0 "DailyPBS" - Daily Backup  > /tmp/cmk_tmp.out && ( echo "<<<local>>>" ; cat /tmp/cmk_tmp.out ) > /tmp/90000_checkpbs
+else
+    echo command returned other not good
+    echo 2 "DailyPBS" - Daily Backup  > /tmp/cmk_tmp.out && ( echo "<<<local>>>" ; cat /tmp/cmk_tmp.out ) > /tmp/90000_checkpbs
+
+fi
+
+scp  /tmp/90000_checkpbs  root@$SOURCEHOST:/var/lib/check_mk_agent/spool
+
+###
+
+    ssh root@$SOURCEHOST pvesm set $BACKUPSTORE --disable 1
+    if [ $(date +%u) == $MAINTDAY ]; then ssh root@$PBSHOST proxmox-backup-manager verify backup; fi
+
+/etc/cron.daily/zfs-auto-snapshot #protecting all  Datasets/ZVOLs except the Replicas with daily Snaps
+
+#doing updates without regeret
+
+
+apt dist-upgrade -y
+ssh $PBSHOST apt dist-upgrade -y
+
+if [[ "$SHUTDOWN" == "yes" ]]
+then
+	shutdown now
+else 
+	echo no Shutdown configured - Next run has to be set in crontab!
+fi