forked from tenhishadow/mbkp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmbkp.sh
191 lines (156 loc) · 6.22 KB
/
mbkp.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
#!/bin/bash
# mikrotik-backup script
# author Tenhi
# Initial checks
# Config file should be provided and should be readable
[[ -z "$1" ]] && echo "ERR: no config file provided" && exit 1
! [[ -r "$1" ]] && echo "ERR: cannot read $1" && exit 1
# Default variables ( may be overrided in custom config )
#### Connection ####################################
TGT_PORT="22" # default ssh-port
TGT_USER="bkpuser" # Default backup user
IDL="5s" # Default idle time
#### Backup variables ##############################
BKP_BINPWD="NvLB37zchdor9Y4E8KSpxibWHATfjstnw" # Default password for binary backup 33cr
BKP_EXPPWD="hGAEJKptcCznB2v8RaHkoxiSTYNFZ3suW" # Default password for export 33cr
ST_RTN="30" # Default retention time
#### Storage variables #############################
ST_ROOT="/mnt/bkp_share/mikrotik" # Default storage root
#######################################################################################################################
# Importing target config where you can override options
source $1
#######################################################################################################################
# Functions
#### Utils #############################################################################################
CMD_FIND=$(which find)
CMD_MV=$(which mv)
CMD_GZ=$(which gzip)
CMD_CHO=$(which chown)
CMD_CHM=$(which chmod)
CMD_MKD=$(which mkdir)" -p "
CMD_RM=$(which rm)
CMD_DATE=$(date +%Y%m%d_%H%M) # date in format YYYYMMDD_HHmm
CMD_SSL=$(which openssl)
CMD_SSH=$(which ssh)
CMD_SCP=$(which scp)
########################################################################################################
ST_FULL=$ST_ROOT/$ST_HOSTNAME"/" # full path to .backup (/root_storage/hostname/)
ST_ARCH=$ST_FULL"archive/" # full path to archive (/root_storage/hostname/archive)
TGT_BKPNAME_BIN=$ST_HOSTNAME"_"$CMD_DATE".backup"
TGT_BKPNAME_EXP=$ST_HOSTNAME"_"$CMD_DATE".export"
SSH_OPT=" -o ConnectionAttempts=5 -o ConnectTimeout=5s \
-o PasswordAuthentication=no -o PreferredAuthentications=publickey \
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
-o GlobalKnownHostsFile=/dev/null -o CheckHostIP=no "
SSH_STR="$CMD_SSH -2 -4 -p $TGT_PORT -l $TGT_USER $TGT_IP $SSH_OPT"
SCP_STR="$CMD_SCP -2 -4 -B $SSH_OPT -P $TGT_PORT $TGT_USER@$TGT_IP:/$TGT_BKPNAME_BIN $ST_FULL"
#\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#### Defining functions ################################################################################
function fn_check_log {
# Function for checking need of creating logfile
LOG=$ST_ROOT/"LOG.txt" # log-file location
if [[ -r $LOG ]]
then
return 0
else
echo "
################################################
# Logfile for mikrotik backups
# The format is:
# DATE;STATE;FILENAME
# author: Tenhi([email protected])
################################################
" > $LOG
fi
}
function fn_check_readme {
# Function for checking need of creating readme
README=$ST_ROOT"/README.txt" # README File
if [[ -r $README ]]
then
return 0
else
echo "
# ===
# Here you can find backups for all Mikrotiks
# Files located in:
# hostname/...
# Archived backups are in:
# hostname/archive/...
# You can get backup info for all jobs in LOG.txt
# ===
" > $README
fi
}
function fn_check_directory {
# Function for checking||creating full-path dirs
if [[ -d $ST_FULL"archive" && -r $ST_FULL"archive" ]]
then
return 0
else
$CMD_MKD $ST_FULL"archive"
$CMD_CHO root:root $ST_FULL
$CMD_CHM 755 $ST_FULL
fi
}
function fn_mikrotik_cleanup {
# Function for cleaning up target mikrotik
$SSH_STR "ip dns cache flush"
$SSH_STR "console clear-history"
}
function fn_mikrotik_fixtime {
# Function for setting ntp client
$SSH_STR "ip cloud set update-time=no; system ntp client set primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0 enabled=yes server-dns-names=pool.ntp.org"
}
function fn_backup_binary {
# Function for saving binary backup
# Changed 20170901
T_BKPSTR="system backup save name=$TGT_BKPNAME_BIN dont-encrypt=no password=$BKP_BINPWD"
T_BKPCLN="file remove [find name=$TGT_BKPNAME_BIN]"
$SSH_STR $T_BKPSTR # Initializing backup
sleep $IDL && $SCP_STR # Copy file to storage
sleep $IDL && $SSH_STR $T_BKPCLN # Remove created file on mikrotik
}
function fn_backup_export {
# Function for saving exported config
# NOTE: decrypt the file
# openssl des3 -d -salt -in encryptedfile.txt -out normalfile.txt
EXP_TMP_FILE="/tmp/"$RANDOM".export"
sleep $IDL && $SSH_STR export > $EXP_TMP_FILE
$CMD_SSL des3 -salt -k $BKP_EXPPWD -in $EXP_TMP_FILE -out $ST_FULL$TGT_BKPNAME_EXP".des3"
$CMD_RM $EXP_TMP_FILE
}
function fn_backup_retention {
# Function for rotating old backups
$CMD_FIND $ST_FULL -mtime +$ST_RTN -type f -exec $CMD_MV {} $ST_ARCH \;
$CMD_FIND $ST_ARCH -type f -exec $CMD_GZ {} \;
}
function fn_log {
# Function for recording results to logfile
if [[ -r $ST_FULL$TGT_BKPNAME_BIN ]]
then
echo $CMD_DATE";okay;"$TGT_BKPNAME_BIN >> $LOG
else
echo $CMD_DATE";fail;"$TGT_BKPNAME_BIN >> $LOG
fi
if [[ -r $ST_FULL$TGT_BKPNAME_EXP".des3" ]]
then
echo $CMD_DATE";okay;"$TGT_BKPNAME_EXP".des3" >> $LOG
else
echo $CMD_DATE";fail;"$TGT_BKPNAME_EXP".des3" >> $LOG
fi
}
##
# Start Execution
##
fn_check_directory # Checking and creating dirs
fn_check_log # Checking need of creating log-file
fn_check_readme # Checking need of creating readme
fn_backup_retention # Handling old backups
fn_mikrotik_cleanup # Initial cleanup
[[ $? -ne 0 ]] && fn_log && echo "ERR: cannot establish ssh-connection" && exit 1
sleep $IDL && fn_backup_binary # save binary backup
sleep $IDL && fn_backup_export # save exported config
sleep $IDL && fn_mikrotik_fixtime
sleep $IDL && fn_mikrotik_cleanup # Clean it again to hide commands
fn_log # Recording backup results to file