|
The Fedora Server operating system can run on single-board computers (SBC) like Raspberry Pi. This article is aimed at users who want to make full use of physical server systems and use built-in tools like Cockpit for data backup and personal data recovery. It describes the three stages of backup.
Necessary Preparations
To use this guide, you need a running Fedora Linux workstation and the following items:
For this setup, at the time of writing this article, due to cost and availability reasons, I chose Raspberry Pi 3B+/4B+ (one for hot switching). When using Cockpit to remotely connect to the Raspberry Pi server, you can place the Raspberry Pi near the router for setup.
Enhancing Server Security
After completing the installation and management of the SBC server, it is a good practice to enhance server security with firewalld.
Before connecting storage devices to the server, once the server is online, you must set up the firewall. firewalld is a zone-based firewall. After completing the installation and management guide according to Fedora documentation, create a predefined zone named FedoraServer.
Rich Rules in firewalld
Rich rules are used to block or allow a specific IP address or range of addresses. The following rule only accepts SSH connections from registered IP addresses (client workstations) and disconnects other connections. The command is run in the Cockpit terminal or client workstation terminal to connect to the server via ssh.
firewall-cmd --add-rich-rule='rule family=ipv4 source address=<registered_ip_address>/24 service name=ssh log prefix="SSH Logs" level="notice" accept'
Deny All Hosts’ Ping Requests
Use this command to set icmp to reject and disallow ping requests:
firewall-cmd --add-rich-rule='rule protocol value=icmp reject'For other firewall controls, such as managing ports and zones, please refer to the following links. Please note that misconfigured firewalls may expose security vulnerabilities to attacks.
Managing Firewalls in Cockpit
firewalld Rules
Configuring File Server Storage
The next step is to connect the storage device to the SBC and then partition the newly inserted storage device using Cockpit. Using Cockpit’s graphical server management interface makes managing a home lab (which can be one or more servers) much easier than before. The Fedora Linux server standard provides Cockpit.
At this stage, an SSD device powered through the USB port of the SBC can work without additional power supply.
/media, and then click βOkβ./media.
Creating Backups and Restoring Backups
Backup is rarely one-size-fits-all. Here are some choices regarding where to back up data, the steps for backing up data, verifying some automation, and determining how to restore backed-up data.
Backup workflow β version 1.0
Backup 1. Use rsync to remotely sync from the client to the file server (Raspberry Pi).
The command used for this transfer is:
rsync -azP ~/source syncuser@host1:/destinationParameters:
-a/--archive: Archive-z/--compress: Compress-P/--progress: Show progressTo run rsync with more options, you can set the following options:
--inplace: Update target documents by replacing directly.--append: Append data to shorter documents.Before backing up documents to storage space, deduplication and compression of source documents are the most effective ways to reduce backup data capacity.
At the end of each workday, I run this manually. Once I set up the cloud backup workflow, automated scripts are an advantage.
For more details about rsync, please visit the article on Fedora Magazine here.
Backup 2. Use rsync to remotely sync from the file server to the primary cloud storage.
Choosing cloud storage is a factor to consider;
rsync, sftp.Hetzner-hosted Nextcloud meets one of these cloud storage standards β Storage Box. You won’t be vendor-locked and can switch freely without exit penalties.
Generate SSH keys on the file server and create an authorized keys file.
Use ssh-keygen command to generate a new pair of SSH keys for the file server and cloud storage.
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key . . .Insert the required SSH public key into the new local authorized keys file.
cat .ssh/id_rsa.pub >> storagebox_authorized_keys
Transfer the key file to cloud storage.
The next step is to upload the generated authorized keys file to the storage box. To do this, first create a .ssh directory with 700 permissions, then create an authorized file with the SSH public key and assign it 600 permissions. Run the following command.
echo -e "mkdir .ssh
chmod 700 .ssh
put storagebox_authorized_keys .ssh/authorized_keys
chmod 600 .ssh/authorized_keys" | sftp <username>@<username>.your-storagebox.de
Using rsync over ssh
Use rsync to sync your file directory’s current state to the storage box.
rsync --progress -e 'ssh -p23' --recursive <local_directory> <username>@<username>.your-storagebox.de:<target_directory>This process is called a push operation because it βpushesβ a directory from the local system to a remote system.
Restoring a directory from cloud storage
To restore a directory from the storage box, switch to this directory:
rsync --progress -e 'ssh -p23' --recursive <username>@<username>.your-storagebox.de:<remote_directory> <local_directory>
Backup 3. Client backup to a second cloud storage.
Deja Dup is a tool that provides a quick backup solution for Fedora Workstation in the Fedora software repository. It features GPG encryption, scheduled tasks, file inclusion (which directories to back up), and more.
Backing up to the secondary cloud
Restoring files from cloud storage
Archiving Personal Data
Not all data requires a 3-2-1 backup strategy. This is about sharing personal data. I use a laptop with a 1TB hard drive as an archive for my personal data (family photos).
Go to βSharingβ in settings (in my case, it’s the GNOME file manager) and toggle the switch to enable sharing.
Open βFile Sharingβ, βNetworkβ and βRequired passwordβ to allow you to share your public folder with other workstations on your local network using the WebDAV protocol.
Preparing Rollback Options
Untested backups are no better than having no backups at all. I use a βhot-switchingβ method in my home lab environment to avoid situations like frequent power outages or liquid damage. However, my recommended solution is far from a disaster recovery plan or automated failover in enterprise IT.
Using Cockpit to Track Activities and Troubleshoot
As your project grows, the number of servers you manage also increases. Tracking activities and alerts in Cockpit can lighten your management burden. You can archive these using Cockpit’s graphical interface in three ways.
SELinux Menu
How to diagnose network issues, find logs, and troubleshoot in Cockpit:
SELinux logs
Network or Storage Logs
Server logs track detailed metrics associated with CPU load, memory usage, network activity, storage performance, and system logs. Logs will be organized and displayed in the network panel or storage panel.
Storage logs in Cockpit
Software Updates
At preset times and frequencies, Cockpit can assist with security updates. When needed, you can run all updates.
Software updates
Congratulations on setting up a file/backup server on Fedora ARM server version.
via: https://fedoramagazine.org/3-2-1-backup-plan-with-fedora-arm-server/
Author: Hanku Lee, Edited by: lujun9972, Translated by: hwlife, Proofread by: wxy
This article is originally compiled by LCTT and proudly presented by Linux China.
