Russian variant - Резервное копирование Mikrotik в Subversion посредством SSH/SFTP
Inspired by: Using SSH for system backup
Related forum posts
remote creating backup-file
Difference between backup and export - how to expect changes
Backup and Restore Certificates
Mikrotik SSH Backup - my solution
Realization
Requirements:
- ROS 5.15
- SVN Repository
- Linux with ssh, sftp, sshpass and svn
1. Import ROS public-key into your user known_hosts file
ssh-keyscan -v > -p 22 > -t dsa > 192.168.0.1 > >> ~/.ssh/known_hosts
2. Create user for backups on ROS
export = ssh, ftp,read, sniff
backup = ssh, test, policy
get export via sftp = ssh, ftp
get backup via sftp = ssh, ftp, sensitive
/user group add name=backup policy=ssh,ftp,read,sniff,test,policy,sensitive
/user add name=backuper password="password" group=backup address=192.168.0.2
3. Create in SVN folder for device:
svn mkdir --parents https://svn.domain.com/svn/admin/trunk/usingw01 --no-auth-cache --username user --password '*****' --message "Created empty directory for usingw01 - `date +"%Y-%m-%d %H:%M:%S"`"
4. Create folder for SVN working copy:
mkdir -p /root/backup/trunk/usingw01/
5. Create SVN working directory
cd /root/backup/trunk/usingw01
svn checkout https://svn.domain.com/svn/admin/trunk/usingw01 . --trust-server-cert --non-interactive --no-auth-cache --username usingw01 --password 'svnpassword'
6. Create folder for script:
mkdir /root/backup_scripts
7. Create script:
vi /root/backup_scripts/backup_usingw01_to_svn.sh
#!/bin/sh
routername=“> usingw01> "
sshhost=”> 192.168.0.1> "
sshport=“> 22> "
sshuser=”> backuper> "
sshpassword=“> password> "
svnlocalpath=”/root/backup/trunk/$routername"
svnusername=“> usingw01> "
svnpassword=”> svnpassword> "
current_export_name=“$routername-config-export-current.rsc”
precedent_export_name=“$routername-config-export-precedent.rsc”
current_backup_name=“$routername-config-backup-current.backup”sshpass -p $sshpassword ssh $sshuser@$sshhost -p $sshport export >$current_export_name
diff -I “by Router” $current_export_name $svnlocalpath/$precedent_export_nameif [ “$?” -ne “0” ]; then
sshpass -p $sshpassword ssh $sshuser@$sshhost -p $sshport export file=$current_export_name
sshpass -p $sshpassword ssh $sshuser@$sshhost -p $sshport system backup save name=$current_backup_name
sshpass -p $sshpassword sftp -oPort=$sshport $sshuser@$sshhost:$current_backup_namemv -f $current_export_name $svnlocalpath/
mv -f $current_backup_name $svnlocalpath/
rm -f $svnlocalpath/$precedent_export_name
svn add --force $svnlocalpath/$current_export_name
svn add --force $svnlocalpath/$current_backup_name
svn commit $svnlocalpath --trust-server-cert --non-interactive --no-auth-cache --username $svnusername --password $svnpassword --message “Automated commit of $routername atdate +"%Y-%m-%d %H:%M:%S"”mv -f $svnlocalpath/$current_export_name $svnlocalpath/$precedent_export_name
exit 1fi
mv -f $current_export_name $svnlocalpath/$precedent_export_name
exit 0
8. Create cron job:
crontab -e
00 04 * * * sh /root/backup_scripts/backup_usingw01_to_svn.sh
The logic of the script:
- make first export
- diff current export with precedent export
- if diff exist make a backup
- commit export and backup to svn
Be careful with passwords of users, if your password contain $, ), !, ** or other special bash symbols, you must shield their with **\**: **\$**, **\)**, **\, “‘!’”
Also you can setup post-commit hook on svn and you will receive email notifications with diff of export file. This is useful to view last changes in config:
Hopefully this will be useful for someone.