Making automatic backups

The standard method of making backups of an AppGate system is to use the AppGate Console -> System Settings -> Backup & Restore panel. This will create a backup file of all the configuration files on the AppGate system. The only drawback is that it requires manual interaction. It is however quite easy to automate this procedure.

To make this process automatic we need the following:

  • A Shell script that can be run from cron on the AppGate system.

  • An other Unix system which supports ssh and scp to which we can copy the backup files.

 

How to do it

If you have an AppGate cluster you can do this on just one of the nodes in the cluster. The backup-file will normally be the same regardless on which node in the cluster it was generated.

  1. Create a new directory on the AppGate. Login to the AppGate server using the AppGate Console and do a Run Commands -> Shell on AppGate. Use the "su"-command to become root and then do: 

    appgate# mkdir /var/opt/appgate/local

     

  2. Transfer the backup.sh to /var/opt/appgate/local Use the AppGate Console -> System Settings -> File transfer

    Edit the backup.sh and change the relevant parameters and make it executable: 

    appgate#  chmod +x /var/opt/appgate/local/backup.sh

     

  3. To do an automatic copy without manual intervention we will use scp with Public Key as authentication method. Start by creating a pair of ssh authentication keys and move them into place. 

    appgate# cd /var/opt/appgate/local
    appgate# ssh-keygen -N "" -f id_rsa -t rsa

     

  4. Copy the public key to the host which should receive the backup files. 

    appgate# scp id_rsa.pub user@backup-host:  

  5. On the backup host append the public key to the authorized_keys file. Check the manual on ssh for the exact name of the files etc on your backup host. This is an example: 

    appgate# ssh backup-host -l user
    backup-host% cat id_rsa.pub >> .ssh/authorized_keys2

    To test that the ssh-keys work try ssh with the Public Key authentication, you user and the command ls : 

    appgate#  ssh -i /var/opt/appgate/local/id_rsa -l user backuphost ls

    If correct, it should work without any user interaction. That is without questions for passwords or any thing. You should get some output from ls just.

    By now you should also be able to try the script: 

    appgate# ./backup.sh

    It should run without errors and you should check that a backup file has been created on the backup-host.

  6. Now we just need to make the script run on a regular basis. We do that by adding and entry to the crontab for the user root. We first put the current crontab into a file and then edit it: 

    appgate# crontab -l root > /tmp/ct
    appgate# nano /tmp/ct

    For a backup to made each night at 01:15 add the following line: 

    15 1 * * * /var/opt/appgate/local/backup.sh

    Save the file and put it into action by: 

    appgate# crontab /tmp/ct

     

The script

Below is the template script. You need to look through it and modify the relevant parameters. 

#!/bin/sh

# Change KEY AND remember it!
KEY=change_this_key

# Change USER and BACKUPHOST to what you will use
USER=username
BACKUPHOST=192.168.x.y

DIR=/var/opt/appgate/local
DATE=`date '+%y%m%d'`
BACKUPSRC=$DIR/appgate.agb
BACKUPDST=appgate-$DATE.agb
KEYFILE=$DIR/id_rsa
NODENAME=`uname -n`

/opt/APPGserv/bin/ag_backup -h $NODENAME -k $KEY -t /tmp -o $BACKUPSRC

/opt/APPGserv/bin/scp -q -i $KEYFILE $BACKUPSRC $USER@$BACKUPHOST:$BACKUPDST

 

If the file has passed a through a Windows machine you must be careful about line endings. Windows tends to mess up line endings and those are important. To be sure you can clean out potential Windows line endings as soon as the file has been transfered to the AppGate system: 

appgate# cp backup.sh foo
appgate# dos2unix < foo > backup.sh
Updated 2008-06-26 18:11 Copyright © 2002-2009 AppGate Network Security AB. All rights reserved.
Legal notice 		Contact AppGate Network Security
Comments to the webmaster