Backing Up with tar over ssh


Copy arbitrary bits of the filesystem between servers using ssh and tar
Shuffling files between servers is simple with scp
root@linux:~# scp some-archive.tgz rocky:/
Or even copying many files at once: 
root@linux:~/tmp# scp ray:/usr/local/etc/* .
But scp isn't designed to traverse subdirectories and preserve ownership and permissions. Fortunately, tar is one of the very early (and IMHO, most brilliant) design decisions in ssh to make it behave exactly as any other standard Unix command. When it is used to execute commands without an interactive login session, ssh simply accepts data on STDIN and prints the results to STDOUT. Think of any pipeline involving ssh as an easy portal to the machine you're connecting to. For example, suppose you want to backup all of the home directories on one server to an archive on another: 
root@linux~# tar zcvf - /home | ssh shewta "cat > shewta-homes.tgz"
Or even write a compressed archive directly to a tape drive on the remote machine: 
root@linux~# tar zcvf - /var/named/data | ssh ray "cat > /dev/tape"
Suppose you wanted to just make a copy of a directory structure from one machine directly into the filesystem of another. In this example, we have a working Apache on the local machine but a broken copy on the remote side. Let's get the two in sync:
root@linux:~# cd /usr/local 
root@linux:/usr/local# tar zcf - apache | ssh pacman "cd /usr/local; mv apache apache.bak; tar zpxvf -"
This moves /usr/local/apache/ on pacman to /usr/local/apache.bak/, then creates an exact copy of /usr/local/apache/z flag to tar), as performance will depend on the processing speed of both machines, the speed (and utilization) of the network, and whether you're already using compression in ssh from clyde, preserving permissions and the entire directory structure. You can experiment with using compression on both ends or not (with the
Finally, let's assume that you have a large archive on the local machine and want to restore it to the remote side without having to copy it there first (suppose it's really huge, and you have enough space for the extracted copy, but not enough for a copy of the archive as well): 
root@linux~# ssh shewta "cd /usr/local/src; tar zpvxf -"< really-big-archive.tgz
Or alternately, from the other direction: 
root@linux:/usr/local/src# ssh candy "cat really-big-archive.tgz"| tar zpvxf -
If you encounter problems with archives created or extracted on the remote end, check to make sure that nothing is written to the terminal in your ~/.bashrc on the remote machine. If you like to run /usr/local/temp or some other program that writes to your terminal, it's a better idea to keep it in ~/.bash_profile or ~/.bash_login than in ~/.bashrc, because you're only interested in seeing what fortune has to say when there is an actual human being logging in and definitely not when remote commands are executed as part of a pipeline. You can still set environment variables or run any other command you like in ~/.bashrc, as long as those commands are guaranteed never to print anything to STDOUT or STDERR. 
Using ssh keys to eliminate the need for passwords makes slinging around arbitrary chunks of the filesystem even easier (and easily scriptable in cron, if you're so inclined). Take a look at the hacks listed below for an example of how to make it very easy (and secure) to connect to any of your servers with ssh.

0 comments:

Post a Comment