In this video I install the Remote Backup Addon https://github.com/ikifar2012/remote-backup-addon/blob/master/README.md from Ikifar Matheson. This Add-on will preform an HA snapshot and encrypt the results and move it to another server using SSH tools. It will also manage the number of HA Snapshots that are stored in your HA instance. I use this as one of the leg of my 3-2-1 backup strategy, providing a second backup storage location and backup method.
Episode: 040
Video related links:
This add-on can be added to any HA-Supervised instance via: https://github.com/ikifar2012/ha-addons
Random uuid generator for automation ID: https://www.uuidgenerator.net/version4
Related video regarding the rest of my Backup Strategy: https://whatarewefixing.today/221/home-assistant-tasmota-back-ups/
Contact Links:
What are we Fixing Today Homepage / Website:
https://www.WhatAreWeFixing.Today/
Channel Link URL: (WhatAreWeFixingToday)
https://bit.ly/WhatAreWeFixingTodaysYT
What are we Fixing Today Facebook page (Sir GoodEnough):
https://bit.ly/WhatAreWeFixingTodayFB
What are we Fixing Today Twitter Account (Sir GoodEnough):
https://bit.ly/WhatAreWeFixingTodayTW
Discord Account: (Sir_Goodenough#9683)
https://discord.gg/Uhmhu3B
Please help support the channel:
Buy me Coffee: https://www.buymeacoffee.com/SirGoodenough
PayPal one-off donation link: https://www.paypal.me/SirGoodenough
Cash App $CASHTAG: https://cash.me/$SirGoodenough
Venmo cash link: https://venmo.com/SirGoodenough
If you would like to donate anything to this channel, please use this address:
C/O: Sirius GoodEnough
322 Buena Vista Ave.
Department: DYT
Waukesha, Wisconsin, 53188-3602
PROCESS SUMMARY:
1: Load the Repository
2: Load the addon and set-up the config file
3: Generate the key file pair (ssh-keygen)
4: Load public file into the target fileserver machine (ssh-copy-id)
5: Test login from the machine you generated the file into the target machine
6: Edit the config file (if needed)
7: Start the addon
8: Watch the log for problems
9: When run is complete, check that the zipped tar backup file is available on the file server and check that the password works.
10: When it all checks out, set-up an automation to run the backup on a scheduled time and date of your choosing. Sample automation attached.
SAMPLE CONFIG FILE: (1-2,6)
ssh_enabled: true
ssh_host: 192.168.60.74
ssh_port: 22
ssh_user: 'UserRemote'
ssh_key: HA_ecdsa
remote_directory: '/path-on-storage-machine'
zip_password: 'Your Password to remember here'
keep_local_backup: '14'
rsync_enabled: false
rsync_host: ''
rsync_rootfolder: hassio-sync
rsync_user: ''
rsync_password: ''
SETTING UP KEY FILES:
GENERATING KEY (3)
Start in a terminal window on a linux machine. All mine are Ubuntu.
UserRemote@Rodan:~$ cd .ssh
UserRemote@Rodan:~/.ssh$ ls -la
total 28
drwx------ 2 UserRemote UserRemote 4096 Jun 26 23:48 .
drwxr-xr-x 36 UserRemote UserRemote 4096 Aug 7 16:23 ..
-rw------- 1 root root 2882 Jun 26 23:48 known_hosts
UserRemote@Rodan:~/.ssh$ ssh-keygen -t ecdsa -b 521
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/UserRemote/.ssh/id_ecdsa): /home/UserRemote/.ssh/HA_ecdsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/UserRemote/.ssh/HA_ecdsa.
Your public key has been saved in /home/UserRemote/.ssh/HA_ecdsa.pub.
The key fingerprint is:
SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw UserRemote@Rodan
The key's randomart image is:
+---[ECDSA 521]---+
| .+++.=+=*|
| ** *.%=o|
| ..oO X.%+|
| . = +.O.=|
| .S+ ..oo|
| .+++.=+=*|
| ** *.%=o|
| ..oO X.%+|
| . = +.O.=|
+----[SHA256]-----+
UserRemote@Rodan:~/.ssh$ ls -la
total 36
drwx------ 2 UserRemote UserRemote 4096 Aug 13 23:48 .
drwxr-xr-x 36 UserRemote UserRemote 4096 Aug 7 16:23 ..
-rw------- 1 UserRemote UserRemote 365 Aug 13 23:48 HA_ecdsa
-rw-r--r-- 1 UserRemote UserRemote 263 Aug 13 23:48 HA_ecdsa.pub
-rw------- 1 root root 2882 Jun 26 23:48 known_hosts
COPY PUBLIC KEY TO MACHINE THAT WILL RECEIVE THE FILES: (4)
UserRemote@Rodan:~/.ssh$ ssh-copy-id -i HA_ecdsa.pub UserRemote@192.168.60.74
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "HA_ecdsa.pub"
The authenticity of host '192.168.60.74 (192.168.60.74)' can't be established.
ECDSA key fingerprint is SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
The authenticity of host '192.168.60.74 (192.168.60.74)' can't be established.
ECDSA key fingerprint is SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
The authenticity of host '192.168.60.74 (192.168.60.74)' can't be established.
ECDSA key fingerprint is SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/UserRemote/.ssh/known_hosts).
Enter passphrase for key '/home/UserRemote/.ssh/id_rsa':
UserRemote@192.168.60.74's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'UserRemote@192.168.60.74'"
and check to make sure that only the key(s) you wanted were added.
TEST THE LOGIN WORKS WITHOUT PASSWORD: (5)
UserRemote@Rodan:~/.ssh$ ssh UserRemote@192.168.60.74
The authenticity of host '192.168.60.74 (192.168.60.74)' can't be established.
ECDSA key fingerprint is SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/UserRemote/.ssh/known_hosts).
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-42-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Thu Aug 13 23:51:01 CDT 2020
System load: 4.41 Users logged in: 1
Usage of /: 22.3% of 72.83GB IPv4 address for docker0: 172.17.0.1
Memory usage: 8% IPv4 address for enp4s0f0: 192.168.60.73
Swap usage: 0% IPv4 address for enp4s0f1: 192.168.60.74
Processes: 318
* Are you ready for Kubernetes 1.19? It's nearly here! Try RC3 with
sudo snap install microk8s --channel=1.19/candidate --classic
https://microk8s.io/ has docs and details.
0 updates can be installed immediately.
0 of these updates are security updates.
Last login: Sun Aug 2 20:57:55 2020 from 192.168.60.12
UserRemote@eldrad:~$ exit
logout
Connection to 192.168.60.74 closed.
UserRemote@Rodan:~/.ssh$ ls -la
total 36
drwx------ 2 UserRemote UserRemote 4096 Aug 13 23:50 .
drwxr-xr-x 36 UserRemote UserRemote 4096 Aug 7 16:23 ..
-rw------- 1 UserRemote UserRemote 365 Aug 13 23:48 HA_ecdsa
-rw-r--r-- 1 UserRemote UserRemote 263 Aug 13 23:48 HA_ecdsa.pub
-rw------- 1 root root 2882 Jun 26 23:48 known_hosts
UserRemote@Rodan:~/.ssh$ cp HA_ecdsa /run/user/1000/gvfs/smb-share:domain=etc,server=192.168.60.67,share=ssl,user=UserRemote
UserRemote@Rodan:~/.ssh$
SAMPLE ADD-ON SET-UP LOG SESSION: (7-8-9)
Remote Backup
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing...
-----------------------------------------------------------
Add-on: Remote Backup
Automatically create HA snapshots to remote server location using SCP
-----------------------------------------------------------
Add-on version: 4.3.1
You are running the latest version of this add-on.
System: Ubuntu 18.04.5 LTS (amd64 / qemux86-64)
Home Assistant Core: 0.113.3
Home Assistant Supervisor: 232
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing...
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Adding SSH key
Creating local backup: "Automated backup 2020-08-14 00:27"
Backup created: 9b798ba7
Copying password-protected 9b798ba7.zip to /path-on-storage-machine on 192.168.60.74 using SCP
adding: 9b798ba7.tar (deflated 6%)
Warning: Permanently added '192.168.60.74' (ECDSA) to the list of known hosts.
Command completed successfully.
Backup process done!
[cmd] /run.sh exited 0
[cont-finish.d] executing container finish scripts...
[cont-finish.d] 99-message.sh: executing...
[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
SET_UP AUTOMATION FOR THE INTERVAL YOU WANT: (10)
automation:
####################################################
# Daily Back-up #
####################################################
- id: e297213a-c74a-456d-875f-d90e44667cf4-must-be-unique
alias: Daily Backup
initial_state: on
trigger:
platform: time
at: 03:27:19
condition: # remove this section for every day
- condition: time # or change to fit your needs
weekday: # weekday can be month/year also. See HA Docs.
- tue
- wed
- thu
- sat
- sun
action:
- service: hassio.addon_start
data:
addon: 3490a758_remote_backup
Link to this video on YouTube: https://youtu.be/0C4h3Bv75J4