rwrapper

rwrapper (12275B)

---

 #!/bin/bash
 
 # TODO make some way of having this script communicate with scripts on the backup server to handle compression
 # and pruning on the local machine rather than over an ssh connection. Do this in a non votile way
 
 # stop on errors
 set -e -o pipefail
 
 # Where logs are kept
 logfolder="/tmp/logs"
 # How long to keep backups in destination until they are deleted
 retention=30
 # The log name for this execution of the script
 logfile="$logfolder/log-$(date +"%Y-%m-%dT%H:%M:%S%z").log"
 # Start time of script
 start=$(date +%s.%N)
 
 # Prints message to stdout and appends to log file
 # Takes message as argument
 message() { echo "$1" | tee -a "$logfile"; }
 
 # Depending on use flags prune either remotely or locally and prune either directories or archives
 prune() { \
 	# Check if user specified prune
 	if [ -n "${prune+x}" ]; then
 		message "Pruning files..."
 		# if user is backing up locally and specified some sort of compression
 		if [ -n "${compress_diff+x}" ] || [ -n "${compress+x}" ] || [ -n "${encryptor_name}" ] && [ -n "${local_backup+x}" ]; then
 			message "Pruning old files on local ${dst} locally (compressed)"
 			# look for files that end in compression extension or gpg extension and delete of over retention days
 			find "${dst}" -mindepth 1 -maxdepth 2 -name '*.tar.gz' -mtime +${retention} -o -name "*.tar.gz.gpg" -mtime +${retention} -not -path "${dst}/full/*" -exec rm -rfv {} \; 2>&1 | tee -a "$logfile"
 		# if user is backing to remote server and specified some sort of compression
 		elif [ -n "${compress_diff+x}" ] || [ -n "${compress+x}" ] || [ -n "${encryptor_name}" ]; then
 			# find command same as above but does not use -exec because that does not work over ssh
 			remote_command="find ${dst#*:} -mindepth 1 -maxdepth 2 -name '*.tar.gz' -mtime +${retention} -o -name '*.tar.gz.gpg' -mtime +${retention} -not -path ${dst#*:}/full/* | xargs rm -rfv"
 			message "Pruning old files on ${dst%%:*} located at ${dst#*:} (compressed)"
 			# run the command over ssh
 			ssh "${dst%%:*}" "eval ${remote_command}" 2>&1 | tee -a "$logfile"
 		# if user is backing up locally and did not specify and compression
 		elif [ -n "${local_backup+x}" ]; then
 			message "Pruning old files on local ${dst} locally (not compressed)"
 			# look for directiories over retention
 			find "${dst}" -mindepth 1 -maxdepth 1 -type d -mtime +${retention} -not -path "${dst}/full" -exec rm -rfv {} \; 2>&1 | tee -a "$logfile"
 		# must be backing up remotley and did not specify any compression
 		else
 			# look for directiories over retention
 			remote_command="find ${dst#*:} -mindepth 1 -maxdepth 1 -type d -mtime +${retention} -not -path ${dst#*:}/full | xargs rm -rfv"
 			message "Pruning old files on ${dst%%:*} located at ${dst#*:} (not compressed)"
 			# run the command over ssh
 			ssh "${dst%%:*}" "eval ${remote_command}" 2>&1 | tee -a "$logfile"
 		fi
 	fi ;}
 
 # Run ending messages and end with success
 end_backup() { \
 	message "Backup complete!"
 	message "Finished at: $(date +%Y-%m-%d-%H%M)"
 	message "Execution time: $(echo "$(date +%s.%N) - $start" | bc) seconds"
 	message "##### Rsync Backup Finished ######"
 	exit 0
 }
 
 # Help screen
 info() { cat << EOF
 rwrapper: bash wrapper script for rsync
 Main actions:
   -s source_dir		provide source address for rsync (REQUIRED)
   -d destination_dir	provide destination address for rsync can be remote or local (REQUIRED)
 			NOTE: if local add -m flag!
   -r			remove ALL source files after transfer
   -x			compress entire source folder then sync
   -l log_dir		folder to keep logs. Default: /tmp/logs
   -m 			local backup. Script wont work from local dir to local dir without this set.
 			NOTE: do not have this set when doing remote transfers!
   -z			compress incremental backups need -i as well
   -p 			prune files if older than retention value
   -t number		set retention (days). Default: 30
   -e name		specify key name to encrypt backup archive with (implies -x)
   -i			Do incremental backups needed for -z to work
   -b rate		limit socket I/O bandwidth when running rsync
 
 Examples:
 
 	./rwrapper -s src -d fire@7.7.7.7:/home/keeper/backups -p -e fire
 
 Compress and encrypt file, enable pruning and send over to remote host.
 (space efficient, less likley to get corrupted data, and secure for off site backups)
 
 	./rwrapper -s src -d fire@7.7.7.7:/home/keeper/backups -px
 
 Same as above just don't encrypt data at rest (Best for space, less likley to get corrupted data)
 
 	./rwrapper -s /data/src -d /two/data/dst -irzpm
 
 Rsync files to local directory while keeping compressed incremental backups and removing source files
 (for local to work -m MUST be specified)
 (Most likley to have corrupted data over a remote connection because tar is being run over ssh)
 
 	./rwrapper -s /data/src -d cool@2.2.2.2:/home/icebox
 
 Just normal old rsync no compression or anything (good for not getting corrupted data, bad for space)
 
 	./rwrapper -s /data/src -d cool@2.2.2.2:/home/coolbox -pi -t 100 -b 50
 
 Set retention of (incremental backup) directories (not using compression) to 100 days and
 set maximum transfer spped to 50KB/s
 
 EOF
 }
 
 # Handles reading the users use flags and arguments entered
 while getopts "hrnxlmzpis:d:l:t:e:b:" o; do case "${o}" in
     s) src="${OPTARG%/}/" ;;
     d) dst="${OPTARG%/}" ;;
 	l) logfolder="${OPTARG%/}" ;;
 	n) dryrun=True ;;
 	x) compress=True ;;
 	m) local_backup=True ;;
 	z) compress_diff=True ;;
     r) remove=True ;;
 	t) retention="${OPTARG}" ;;
 	p) prune=True ;;
 	e) encryptor_name="${OPTARG}" ;;
 	i) incremental_backups=True ;;
 	b) rate_limit="${OPTARG}";;
     *) info;  exit 1 ;;
 esac done
 
 # Wherever you see 2>&1 | tee -a "$logfile" that is a log to stdout and log file
 
 # Check for no options
 [ $OPTIND -eq 1 ] && info && exit 1
 
 message "##### Rsync Backup Started ######"
 message "Started at: $(date +%Y-%m-%d-%H%M)"
 
 # check of source and destinations fields are entered
 # rsync and other programs handle the errors from this point on
 [ -z "$src" ] && message 'Missing source directory (missing flag -s) Exiting ...' >&2 && exit 1
 [ -z "$dst" ] && message 'Missing destination directory (missing flag -d) Exiting ...' >&2 && exit 1
 
 # Rsync config
 # -a archive mode save most attributes of a file including permissions
 # -P show progress of file, good if you are watching in the terminal
 # -v verbose
 # -h times in human readable format
 # -i show transferring files in list format
 # -O dont worry about changing directory times (without this rsync will throw a minor error about not being able to change directory times unless user owns file)
 # -A preseve acls
 # -X preserver xattrs
 # -z compress when transferring
 # --delete delete extraneous files from the receiving side (this is mostly to keep an up to date exact copy of the full directory)
 # --stats display and log stats after execution
 # --exclude exclude files maching pattern
 OPT="-aPvhiOAXz --delete --stats --exclude='*.incomplete'"
 # if user specifies -r remove source files after transfer successful to destination
 [ -n "${remove+x}" ] && OPT="$OPT --remove-source-files"
 # run in dryrun mode if specified
 [ -n "${dryrun+x}" ] && OPT="$OPT -n"
 # rsync will log to this programs log file
 LOG="--log-file=$logfile"
 # Keep the date dor incremental backups
 DATE=$(date +%Y-%m-%d-%H%M)
 # do incremental backups if user specified -i
 BACKUP=""
 [ -n "${incremental_backups}" ] && BACKUP="--backup-dir=../$DATE/"
 # allow limiting of I/O socket bandwidth (read rsync man page for more on this option)
 RATE=""
 [ -n "${rate_limit}" ] && RATE="--bwlimit=${rate_limit}"
 
 # concatenated rsync command. Notice destination goes to full directory thats so delete doesnt remove our
 # incremental backups or other backups
 command="rsync ${OPT} ${LOG} ${RATE} ${src} ${dst}/full/ ${BACKUP}"
 # Rsync Notes:
 #
 # About checksums (from man page):
 # Note that rsync always verifies that each transferred file was correctly reconstructed on the receiving side
 # by checking a whole-file checksum that is generated as the file is transferred, but that automatic after-the-transfer
 # verification has nothing to do with this option's before-the-transfer "Does this file need to be updated?" check.
 #
 # Sync transfer is encrypted as it happens through SSH, unles rsync is daemonized, but thats why this script exists
 
 # Compress entire source directory (-x or -e)
 if [ -n "${compress+x}" ] || [ -n "${encryptor_name+x}" ]; then
 	# backup a directory up from the source directory just to avoid any problems
 	backupfile="${src}../full-backup-$(date +%Y-%m-%d-%H%M).tar.gz"
 	# if a local backup the archive can just be made in the destiantion directory
 	[ -n "${local_backup+x}" ] && backupfile="$dst/full-backup-$(date +%Y-%m-%d-%H%M).tar.gz"
 	# dry run will just make the archive command do nothing
 	[ -n "${dryrun+x}" ] && backupfile="/dev/null"
 	message "Compressing entire ${src} directory to ${backupfile}"
 	# compress entire archive. Excluding .incomplete files keeping all permissions (--acls --xattrs -p)
 	# --totals just logs the total size after compressed
 	tar --exclude '*.incomplete' --acls --xattrs -cpzf "${backupfile}" --totals "${src}" 2>&1 | tee -a "$logfile"
 	# check if we are encrypting if we are encrypt with specified public key and remove unencrypted archive
 	[ -n "${encryptor_name+x}" ] && message "Encrypting archive with ${encryptor_name} key" \
 		&& gpg -e --batch --yes --no-symkey-cache -r "${encryptor_name}" "${backupfile}" 2>&1 | tee -a "$logfile" \
 		&& rm -fv "${backupfile}" 2>&1 | tee -a "$logfile" && backupfile="${backupfile}.gpg"
 	# if user wants to remove source directory contents do so now we are done backing it up
 	[ -n "${remove}" ] && message "Removing source directory" && rm -rfv "${src}"* 2>&1 | tee -a "$logfile"
 	# local has no need for rsync, just end
 	[ -n "${local_backup+x}" ] && prune && end_backup
 	# rsync the archive to the remote server
 	# change destination for rsync command and only sync the file
 	# that way other files arent deleted by --delete option
 	command="rsync ${OPT} ${LOG} ${RATE} ${backupfile} ${dst}"
 	# since we just moving one file from outside the source directory lets get rsync to remove it when its done tranferring
 	[ -z "${BACKUP}" ] && command="rsync ${OPT} --remove-source-files ${LOG} ${RATE} ${backupfile} ${dst}"
 fi
 
 # Run rsync
 message "----- RSYNC START -----"
 message "Running: $command"
 # This loop will just keep going if rsync gets network errors as that will likley be resolved with time
 # if it succeeds the script continues if it doesnt it exits with error
 while true; do
 	eval "${command}" 2>&1 | tee -a "$logfile"
 	exit_code=$?
 	case $exit_code in
 		10|23|30|35) message "${DATE}: rsync failed with a network type error: ${exit_code}!" && DATE=$(date +%Y-%m-%d-%H%M) ;;
 		0) message "${DATE}: rsync had no errors!" && break ;;
 		*) message "${DATE}: rsync failed with unexpected error: ${exit_code}!" && exit 1 ;;
 esac done
 message "----- RSYNC END -----"
 
 # Compress incremental backups created by rsync with the --backup command (-z and -i)
 if [ -n "${incremental_backups}" ]; then
 	if [ -n "${compress_diff+x}" ] && [ -z "${local_backup+x}" ]; then
 		# Compress command to run on the remote machine
 		# {dst#*:} takes data after the semi-colon i.e the directory
 		# {dst%%:*} takes data before the semi colon i.e the host
 		remote_command="[ -d '${dst#*:}/${DATE}' ] && tar --acls --xattrs -cpzf ${dst#*:}/${DATE}.tar.gz --totals ${dst#*:}/${DATE} && rm -rf ${dst#*:}/${DATE:?} || :"
 		message "Compressing incremental backups on ${dst%%:*} located at ${dst#*:}"
 		# Run the remote command over ssh
 		ssh "${dst%%:*}" "eval ${remote_command}" 2>&1 | tee -a "$logfile"
 	elif [ -n "${compress_diff+x}" ] && [ -n "${local_backup+x}" ] && [ -d "${dst}/${DATE}" ]; then
 		message "Compressing incremental backups at ${dst} locally"
 		# Just archive the incremental backup locally
 		tar --acls --xattrs -cpzf "${dst}/${DATE}.tar.gz" --totals "${dst}/${DATE}" && rm -rf "${dst:?}/${DATE:?}" 2>&1 | tee -a "$logfile"
 	fi
 fi
 
 # files all transferred clean up
 prune
 end_backup
 
 # To decrypt if specified -e
 # 1. Be on machine that has the key that matches the name you used to encrypt
 # 2. run: gpg -d --output <outfile> <infile>
 # This will decrypt with the private key as we encrypt with the public key
 # To make gpg key run gpg --full-generate-key