diff --git a/README.md b/README.md index e69de29..d45b5a6 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,70 @@ +# miyagi-pbs-zfs +Secure Proxmox PVE with Proxmox Backup Server PBS and ZFS Pull Replication with a mostly turned off System +Optimize Processes without colliding Replications, Backups, Monitorings or Scrubs +Save lot of Money with less performant Hardware + +Start it with bash miyagi-pbs-zfs -c configfile + +There are german payed Lessons here: +14. + 16.05.2024 (13-17h) - Replikationen und Backups Trojanersicher (V2) - on https://cloudisevil.com + +You also can searh vor sysops.tv or zfs. rocks on YouTube #miyagi - an english Tutorial will follow! + +What it does +Miyagi said, best defense, no be there + +Usecase +Proxmox Backupserver is running unnecessarly 24/7 +ZFS Replication is usually done by a zfs send, so its a push + +What if our Backup/Replicaserver is turned off most the time, nobody can attack it + +Consider not using a Gateway, use Routes! + +Prerequisites + +Proxmox with ZFS on Host to Backup/Replicate - we recommend check_mk Agent for automaticly added Tests +Proxmox with ZFS on Target Machine - it´s WOL MAC Address +Proxmox Backup Server as a VM oder better PCT on Target machine +Proxmox Backup Server Datastore has to be Setup on Source +Your contet of your Public Key of the Target Host .ssh/id_rsa.pub added to + Host to Backup .ssh/authorized_keys + Proxmox Backup Server on Target Host .ssh/authorized_keys +ssh one from your Target Host to Source Host and PBS to confirm Host Key with a yes + +At all Proxmox 'apt install zfs-auto-snapshot -y' +Target Hosts needs the following tools to be installed + + https://github.com/bashclub/zsync + https://github.com/bashclub/check-zfs-replication + +Any Host waking up the Target Host or a daily Cronjob + +What we do... + +Turning on the Computer with a @reboot Cron + +@reboot /root/pbs-zfs-daily.sh -c 200-ssd.conf && /root/pbs-zfs-daily.sh -c 200-hdd.conf + +So Miyagi at this point can pull two ZFS-Datastores to one Target Datastore, using the full Path of ZFS for Naming. +If you have multiple Target Datasets, please run multiple Configs and disable Proxmox Backup Server! +Miyagi will tag your Source for Replication with Zsync! + +Replicating by a Pull with https://github.com/bashclub-zsync +Pushing a Report to Proxmox Source Host, monitored by Check_MK unsing https://github.com/bashclub/checkzfs +The Report will be found by Check_MK´s built in Autdiscovery for new Services. +Data will be valid vor about one Day (90000s) bevore it expires. +So there nothing can go wrong! + +Regarding to the Weekday doing Maintenance on Proxmox Backup Server for getting more free Space. +Triggering a Push Backup with PBS (only Way to do) Backup to PBS and checking Exitcode for Report +Reporting PBS Result with 100% certainty in compact OK/WARN State to backuped PVE Host using Check_MK + +Verifying older Backups +Protecting the PBS Backups with a ZFS Snapshot +Updating the Host and PBS + +TURNING OFF THE MACHINE!!! +Test Targets Tank if less than 75% free, otherwise report to Check_MK +Test Disks after PBS Maintenance, before shutdown with SmartCTL Short Test and report to Check_MK +Support multiple Sources \ No newline at end of file diff --git a/config.example b/config.example index c001f50..dc5d43f 100644 --- a/config.example +++ b/config.example @@ -1,27 +1,33 @@ +#Edit all Variables for best Experience + +SSHPORT='22' #SSH Port, usually default 22 internally +BACKUPSERVER=no #use yes for triggering Proxmox Backup to Store +MAINTDAY=7 #1 Monday to 7 Sunday, dont start your System too late +SHUTDOWN=no #No be there anymore + SOURCEHOST='192.168.50.200' # IP from Proxmox VE System to be backuped and replicated daily SOURCEHOSTNAME='pve3' #Hostname of Proxmox VE System to be backuped and replicated daily +#Replication ZFSROOT='rpool/data' #First Dataset/Datastoresourcepath from Proxmox VE System to be backuped and replicated daily ZFSSECOND='rpool-hdd/data' #Optional second Dataset ZFSTRGT='rpool-ssd1/repl/pve200' #This pulling Machines Target ZFS Sourcepath + +#Prevent Scrubs on Backups and Replications ZPOOLSRC=rpool #First Pool/Tank from Proxmox VE System to be backuped and replicated daily ZPOOLDST=rpool #This pulling Machines Pool/Tank + +#ZSYNC ZPUSHTAG=bashclub:zsync-198-ssd #ZFS User parameter will be set on ZFSROOT and ZFSSECOND to select. ZPUSHMINKEEP=3 #Keep min x Snapshots on all Source Datasets to resume Replication ZPUSHKEEP=14 #Number of Snapshots with ZPUSHLABEL ZPUSHLABEL=zsync-rz #Suffix for ZFS-Auto-Snapshot Engine ZPUSHFILTER="" #ZPUSHLABEL will be replicated. So you can add more Patterns from ZFS, line hourly, daily, weekly, monthly. +#Backup PBSHOST='192.168.50.199' #IP from your Proxmox Backupserver - dont forget to add your hosts public key to PBS authorized keys BACKUPSTORE=backup #Datastorename configured in your Proxmox VE System to be backuped and replicated daily BACKUPSTOREPBS=backup #Datastorename configured in your Proxmox Backup Server BACKUPEXCLUDE='124,3021,3022,3023,3251,3252,3253,3254' #Machines to be excluded from Proxmox Backup REPLEXCLUDE=$BACKUPEXCLUDE -SSHPORT='22' #SSH Port, usually default 22 internally - -BACKUPSERVER=no - -MAINTDAY=7 - -SHUTDOWN=no