Backup

Some files are downloaded to your Ansible control host during role run as a crude backup. You should find a backup of DNS records, your DKIM keys in your-momod/local/fetched/MYSEVER/.

A more comprehensive backup solution is provide via a Tarsnap role.

Most VPS hosts also allow you to have a backup of the server regularly generated, for a fee - it’s up to you to enable such a backup service.

Tarsnap

Tarsnap is an incremental backup service. It is a commercial service so you’ll need an account but does provide a useful automated off-site backup for the data on your server.

Tarsnap itself needs to be installed manually but Momod provides a role that sets up a script to regularly run backups. By default the Tarsnap role backs up very little data. You’ll need to manually configure which data directories you want to backup depending on the costs you’re willing to accept.

Read the tarsnap getting started page to get an idea of how tarsnap works.

Configuring Tarsnap

  1. You’ll need to sign up for an account and set it up: https://www.tarsnap.com/
  2. Manually Install Tarsnap, first setting up the Tarsnap repositories in apt then installing via binary or source. Note that there are no arm64 binaries so you’ll need to do a source install on Arm based servers.
  3. You’ll want to modify defaults in your host_vars file to suit - we don’t all want to backup at the same time and you probably want to extend the list of backed up directories defined in ’tarsnap_directories'.
  4. Generate a machine key on your server (the one you are backing up from), the the role will not complete until this is in place:
sudo tarsnap-keygen --keyfile /root/tarsnap.key --user REGISTERED_EMAIL --machine NAME
  1. Run the role
ansible-playbook  --ask-vault-pass --limit prod play/tarsnap.yml

Log in to your account on tarsnap.com after your chosen backup time to ensure the backup completed and included all the directories you added to the ’tarsnap_directories’ variable.