Encrypted ZFS Backups to the Cloud: Source Code Repository: zfs-backup-to-s3.sh

Mailing List
Downloads
» Downloads
Message Forum
» General Discussion
Source Code Repository
» Source Code Repository
Wiki
» Wiki

Encrypted ZFS Backups to the Cloud was started in April 2009, is owned by Glenn Brunette, and has 11 members.

» Join This Project

Source code file content

Revision: 2 (of 2)

v0.3 updated to support direct use of the s3-crypto.ksh v0.4 functionality

» Project Revision History

» Checkout URL

source / zfs-backup-to-s3.sh

Size: 4717 bytes, 1 line

#!/bin/sh
#

# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.

umask 022

# ****************************************************************************
# Explicitly define a path.
# ****************************************************************************

PATH=/usr/gnu/bin:/usr/bin:/usr/sbin
export PATH

# ****************************************************************************
# Define the global variables that will be used throughout the script.
# ****************************************************************************

DEFAULTS_FILE="/etc/default/zfs-backup-to-s3"
export DEFAULTS_FILE

# Encryption algorithm specific parameters.
ENC_PROVIDER=""
ENC_ALG=""

# Splitting specific parameters.
MAX_FILE_SIZE=""

# Encryption key specific parameters.
KEY_TYPE=""
KEY_FILE=""
KEY_LABEL=""
KEY_STRING=""

# Amazon S3 specific parameters.
S3C_CRYPTO_CMD_NAME=""
S3C_CLI_CMD_NAME=""
S3_ACCESS_KEY_ID=""
S3_SECRET_ACCESS_KEY=""
S3_BUCKET=""

# ****************************************************************************
# Verify that this script is being run as the "zfssnap" role.
# ****************************************************************************

user=`id | sed 's/uid=.*(\(.*\)) gid=.*/\1/g'`
if [ "${user}" != "zfssnap" ]; then
   echo "Script must be executed by the zfssnap role."
   exit 1
fi

# ****************************************************************************
# Read program default settings from /etc/default/zfs-backup-to-s3.  This file
# must be owned and accessible only by the "zfssnap" role.
# ****************************************************************************

found=`find ${DEFAULTS_FILE} -user zfssnap -type f \
   \( -perm 400 -o -perm 600 \) | wc -l`

if [ $found -eq 1 ]; then
   . ${DEFAULTS_FILE}
else
   echo "File failed ownership and permission checks: ${DEFAULTS_FILE}"
   exit 1
fi

# ****************************************************************************
# Determine the type of key that will be used for the encryption operation.
# ****************************************************************************

if [ "${KEY_TYPE}" = "file" ]; then
   found=`find ${KEY_FILE} -user zfssnap -type f \
      \( -perm 400 -o -perm 600 \) | wc -l`

   if [ $found -eq 1 ]; then
      KEY_STRING="-k ${KEY_FILE}"
   else
      echo "File failed ownership and permission checks: ${KEY_FILE}"
      exit 1
   fi
elif [ "${KEY_TYPE}" = "token" ]; then
   KEY_STRING="-K ${KEY_TOKEN}"
else
   echo "Unknown value for KEY_TYPE: ${KEY_TYPE}"
   exit 1
fi

# ****************************************************************************
# Verify the Amazon S3 Settings.
# ****************************************************************************

export S3C_CLI_CMD_NAME S3_ACCESS_KEY_ID S3_SECRET_ACCESS_KEY

found=`find ${S3_SECRET_ACCESS_KEY} -user zfssnap -type f \
   \( -perm 400 -o -perm 600 \) | wc -l`

if [ $found -eq 0 ]; then
   echo "File failed ownership and permission checks: ${S3_SECRET_ACCESS_KEY}"
   exit 1
fi

if [ ! -x ${S3C_CRYPTO_CMD_NAME} ]; then
   echo "File is not exectuable: ${S3C_CRYPTO_CMD_NAME}"
   exit 1
else
   PATH=$PATH:`dirname ${S3C_CRYPTO_CMD_NAME}`
   export PATH
fi

# ****************************************************************************
# Define the file name that will be used as the base name for the file that
# is uploaded to the Cloud storage service.  This name will be the same as
# the ZFS snapshot name except that some characters such as '/', '@', and 
# ':' will be substituted as noted below.
# ****************************************************************************

remote_file_name=`echo ${LAST_SNAP} |\
   sed 's|/|~slash~|g'              |\
   sed 's|@|~at~|g'                 |\
   sed 's|:|~colon~|g'`
   
# ****************************************************************************
# Define the S3 Cryptographic command line options to be used.
# ****************************************************************************

CMP_OPTS="-C"

ENC_OPTS="-c -p ${ENC_PROVIDER} -a ${ENC_ALG} ${KEY_STRING}"

SPLIT_OPTS=""
if [ ! -z "${MAX_FILE_SIZE}" ]; then
   if [ ${MAX_FILE_SIZE} -gt 0 ]; then
      SPLIT_OPTS="-S -L ${MAX_FILE_SIZE}"
   fi
fi

CMD_OPTS="${CMP_OPTS} ${ENC_OPTS} ${SPLIT_OPTS}"
CMD_OPTS="${CMD_OPTS} -m put -b ${S3_BUCKET} -l - -r ${remote_file_name}"

# ****************************************************************************
# Stream the content through the $S3C_CLI_CMD_NAME to perform compression,
# encryption and splitting (if necessary) before uploading to the Cloud.
# ****************************************************************************

${S3C_CRYPTO_CMD_NAME} ${CMD_OPTS}

exit 0