# conf/default.conf # Relax-and-Recover default configuration. # This file is part of Relax-and-Recover, licensed under the GNU General # Public License. Refer to the included COPYING for full text of license. # # Here we describe all configuration variables and set them to a default. # Do not change anything here. # Set in etc/rear/local.conf or etc/rear/site.conf only those variables # where you need a different value than the default which is set here # (in particular configuration variables for OUTPUT and BACKUP). # # Some variables are for secret values (like passwords or encryption keys) # which are set to a default value in a confidential way via # { VAR='secret_value' ; } 2>>/dev/$SECRET_OUTPUT_DEV # The STDERR output must be discarded via a compound group command # { confidential_command ; } 2>>/dev/$SECRET_OUTPUT_DEV # even for a single command to discard STDERR also for 'set -x'. # Otherwise the confidential command and its arguments would be shown # in the ReaR log file when usr/sbin/rear is run in debugscript mode. # In debugscript mode scripts and config files are run (sourced) # by the Source function (in lib/framework-functions.sh) with 'set -x' # but this default.conf file is sourced by usr/sbin/rear directly. # Nevertheless the confidential way is also used here # to provide a template how to set such variables properly # in the etc/rear/local.conf or etc/rear/site.conf config files. # # Some variables are for a password as a salted hash. # To generate a password hash: # 1. Run # openssl passwd -6 # if openssl 1.1.1 or newer is available, # alternatively run # openssl passwd -1 # Do not use something like # echo 'my_secret_password' | openssl passwd -6 -stdin # because that stores the whole command in a history file (e.g. ~/.bash_history) # (unless you know how to run commands without keeping the history). # openssl 1.1.0 only supports MD5 hashes (-1) and some exotic variants. # openssl 1.1.1 also supports -5 (SHA256) and -6 (SHA512). # See https://github.com/rear/rear/pull/2455#discussion_r453613086 # for information on the implications of MD5 cryptographic weakness # cf. https://en.wikipedia.org/wiki/MD5#Security # 2. Copy the entire openssl output line between single quotes # in a confidential variable assignment command like # { PASSWORD='$6$96u44a5mgLn9fNBy$pyNnCvw...' ; } 2>>/dev/$SECRET_OUTPUT_DEV # # Several variables are set to a default value via # VAR="${VAR:-default value}" # so VAR gets the default value assigned only if VAR is unset or null # which means you can set VAR to a non-empty value via # export VAR="value" # directly before you call "rear ..." # provided you do not overwrite that in your local.conf or site.conf file. # # Many variables are bash arrays that should be set carefully. # Use VAR=() to set an empty array. # Use VAR+=( 'value' ) to append a fixed value to an array. # Use VAR+=( "$var" ) to append a variable value to an array. # Whether or not the latter case works as intended depends on when and # how "$var" is set and evaluated by the Relax-and-Recover scripts. # Be careful with values that are globbing patterns (cf. COPY_AS_IS below). # Globbing patterns should not be quoted like VAR+=( /directory/* ) # when for globbing patterns bash pathname expansion is intended # in contrast to quoted globbing patterns like VAR+=( '/directory/*' ) # where bash pathname expansion would usually not happen. # In general using ${VAR[*]} is problematic and # using ${VAR[@]} without double-quotes is also problematic # so to prepend to an array use VAR=( 'prepend_value' "${VAR[@]}" ) # see 'Arrays' in "man bash" and for some examples see # https://github.com/rear/rear/issues/1068 # # Most variables can be set to an empty value VAR= which means that this # setting is off or set to some automatic mode. # # Boolean variables can be set to anything as we only check whether the variable # is not empty so that both VAR=yes and VAR=no evaluate to boolean 'true'. # To set a boolean variable to 'false' set it to an empty value. # # Some variables have ternary semantics: # - explicit true value like True T true t Yes Y yes y 1 # - explicit false value like False F false f No N no n 0 # - unset or empty or a value that is neither a true value nor a false value # (see the is_true and is_false functions in lib/global-functions.sh). # # In case of doubt inspect the scripts how exactly a particular variable works. #### # TMPDIR # # Relax-and-Recover needs a (temporary) working area where it builds in particular # the rescue/recovery system ISO image (and perhaps even stores the backup archive). # The directory name of the working area is created in /usr/sbin/rear by calling # mktemp -d -t rear.XXXXXXXXXXXXXXX # which results $TMPDIR/rear.XXXXXXXXXXXXXXX for ReaR's working area. # To have a specific working area directory prefix for Relax-and-Recover call # export TMPDIR="/prefix/for/rear/working/directory" # before calling 'rear' (/prefix/for/rear/working/directory must already exist). # This is useful for example when there is not sufficient free space # in /var/tmp or $TMPDIR for the ReaR recovery system ISO image or even the backup archive. # TMPDIR cannot be set to a default value here unconditionally # but only if it is not set before calling 'rear', otherwise ReaR (/usr/sbin/rear) # would not work in compliance with the Linux/Unix standards regarding TMPDIR # see https://github.com/rear/rear/issues/968 # When TMPDIR is unset ReaR uses by default /var/tmp instead of /tmp (the system default), # because /tmp is not intended for such large amounts of data that ReaR usually # produces when creating the ReaR recovery system ISO image, see file-hierarchy(7). # In particular, /tmp can be a tmpfs, and thus restricted by the available RAM/swap. # ReaR will set TMPDIR to ReaR's TMP_DIR which is $TMPDIR/rear.XXXXXXXXXXXXXXX/tmp # when ReaR runs on the original system (e.g. for "rear mkbackup" but not for "rear recover") # to ensure that temporary files from programs that are called by ReaR # are sufficiently safe against unwanted access by non-root users # (only 'root' has permissions to access ReaR's working area) # and that those temporary files will get cleaned up "by the way" # when ReaR removes its working area at the end # see https://github.com/rear/rear/issues/3167 export TMPDIR="${TMPDIR-/var/tmp}" #### #### # ROOT_HOME_DIR # # According to the Filesystem Hierarchy Standard # the home directory for the root user has to be '/root' # cf. https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard # but you may set it as needed like ROOT_HOME_DIR=~root # ~root is not included into double (or single) quotes so it can be # later expanded to actual root home directory. ROOT_HOME_DIR=~root #### #### # You can override autodetection and specify the kernel for the rescue/recovery system: KERNEL_FILE="" # The kernel configuration is used to collect the kernel binary and modules. # It can be set to a different version (e.g. to create a UP rescue media on a SMP system): KERNEL_VERSION="${KERNEL_VERSION:-$( uname -r )}" # You can add arbitrary kernel command line parameters when booting the rescue/recovery system # as you need it (e.g. things like 'console=...' see USE_SERIAL_CONSOLE below). # Additionally Relax-and-Recover supports some special kernel command line parameters like # - 'debug' # Starts all init-scripts (in /etc/scripts/system-setup.d/ in the rescue/recovery system) # in debug mode (via 'set -x') and asks for confirmation before it runs each init-script. # - 'auto_recover' or 'automatic' # Launch "rear recover" automatically (without automated reboot). # Together with 'debug' it runs "rear recover" in debugscript mode (with '-D'). # - 'unattended' # Launch "rear recover" automatically as with 'auto_recover' # plus automated reboot after successful "rear recover". # - 'ip=...' 'nm=...' 'netdev=...' 'gw=...' # When IP address plus optionally netmask (default 255.255.255.0), # network device (default eth0), and default gateway are specified, # then only that single network device is set up. # Example: ip=192.168.100.2 nm=255.255.255.0 netdev=eth0 gw=192.168.100.1 # - 'noip' # Prevents initialization of the networking configuration which is useful when # you want to do the networking configuration manually in the rescue/recovery system # e.g. to prevent the rescue/recovery system to use same IP address as the original system # but for the latter using USE_DHCLIENT="yes" (see below) is probably easier. # See also the 'RESCUE IMAGE KERNEL COMMAND LINE OPTIONS' section in the ReaR man page ("man rear"): KERNEL_CMDLINE="" # The COPY_KERNEL_PARAMETERS array lists kernel parameters that should be part # of the KERNEL_CMDLINE (in rescue image) if present on the current system (/proc/cmdline). # COPY_KERNEL_PARAMETERS specifies kernel parameter keys without value (e.g. net.ifnames but not net.ifnames=0). # If such a kernel parameter key is already specified in the KERNEL_CMDLINE variable # the already specified setting supersedes the one detected on the current system (if any). # - Check net.ifnames and biosdevname kernel parameter as it may impact # the network interface name during recovery/migration. COPY_KERNEL_PARAMETERS=( 'net.ifnames' 'biosdevname' ) #### #### # These variables are used to include arch/os/version specific stuff: # machine architecture, OS independent REAL_MACHINE="$( uname -m )" case "$REAL_MACHINE" in (x86_64|i686|i586) # all these behave exactly like i386. For 64bit we took care to handle the # special cases within the 32bit scripts to prevent code duplication MACHINE=i386 ;; (arm*|aarch*) MACHINE=arm ;; (s390*) MACHINE=s390 ;; (*) MACHINE=$REAL_MACHINE esac # Architecture, e.g. Linux-i386 ARCH="$( uname -s )-$MACHINE" 2>>/dev/null REAL_ARCH="$( uname -s )-$REAL_MACHINE" 2>>/dev/null #### # Short hostname HOSTNAME="$( hostname -s 2>/dev/null || uname -n | cut -d. -f1 )" # Logfile name # NOTE: This may not be dynamic, else deal with .bash_history in rescue system LOGFILE="$LOG_DIR/rear-$HOSTNAME.log" #### # Operating System, e.g. GNU/Linux OS="$( uname -o )" # Vendors are SUSE, Red Hat, Debian, Ubuntu, etc. # as returned by lsb_release -i -s OS_VENDOR=generic # Versions are 9.0, 10, 12.2, etc. # as returned by lsb_release -r -s OS_VERSION=none # Only with OS_VENDOR=generic and OS_VERSION=none # the OS_VENDOR and OS_VERSION variables are automatically # determined and set (via the above lsb_release calls). # Setting OS_VENDOR or OS_VERSION to invalid or unsupported values # results undefined behaviour for things that depend on those variables. # If on your system the above lsb_release calls result values # that are not yet supported by ReaR you may specify appropriate # supported values that could make it work even for your system. # See the SetOSVendorAndVersion function in the config-functions.sh script. #### # Keep the build area after we are done (ternary). # Useful to inspect the ReaR recovery system content in $TMPDIR/rear.XXXXXXXXXXXXXXX/rootfs/ # directly without the need to extract it from the initramfs/initrd in the ISO image. # Set to "y", "Yes", etc. to always keep the build area, to "n", "No", etc. to never keep it. # KEEP_BUILD_DIR is automatically set to true in debug mode (-d) and in debugscript mode (-D). # In addition to true (or any value that is recognized as 'yes' by the is_true function) # and false (or any value that is recognized as 'no' by the is_false function) # it can be set to several special values: # - 'errors' to obtain the old behaviour where KEEP_BUILD_DIR was always set to true # to keep the build area when errors in the ReaR recovery system were detected. # - empty (KEEP_BUILD_DIR="") which means that the build area will be kept on errors # if running interactively (in a terminal) but not otherwise to avoid cluttering # TMPDIR (see above) by cron or other automated jobs in case of errors. KEEP_BUILD_DIR="" #### # No default workflows. This variable is filled in where the workflows are defined # without the empty string as initial value WORKFLOWS and LOCKLESS_WORKFLOWS would # be unbound variables that would result an error exit if 'set -eu' is used: WORKFLOWS=("") # Allow some workflows to not lock and use a separate logfile named 'LOGFILE.lockless'. # The LOCKLESS_WORKFLOWS array gets filled during runtime as needed by the various # usr/share/rear/lib/WORKFLOW-workflow.sh scripts. Currently the following workflows # add themselves to the LOCKLESS_WORKFLOWS array: checklayout dump help # To make setting the right logfile name working in usr/sbin/rear # the lockless workflows must also be predefined here (cf. usr/sbin/rear): LOCKLESS_WORKFLOWS=( 'checklayout' 'dump' 'help' ) # SIMULTANEOUS_RUNNABLE_WORKFLOWS are also allowed to run simultaneously # but cannot use LOGFILE.lockless as the LOCKLESS_WORKFLOWS. # Instead the SIMULTANEOUS_RUNNABLE_WORKFLOWS get a LOGFILE with PID # because simultaneously runnable workflows require unique logfile names # so that the PID is interposed in the LOGFILE value from default.conf above, # i.e. by default SIMULTANEOUS_RUNNABLE_WORKFLOWS use during runtime # a logfile named /var/log/rear/rear-$HOSTNAME.$$.log that gets # at the end copied to a final possibly used-defined LOGFILE, # see /usr/sbin/rear and https://github.com/rear/rear/issues/1102 SIMULTANEOUS_RUNNABLE_WORKFLOWS=( 'mkbackuponly' 'restoreonly' ) #### # MESSAGE_PREFIX # Get messages of Relax-and-Recover output functions prefixed with ${MESSAGE_PREFIX}. # Other output (e.g. from programs that are called) is not prefixed. # By default MESSAGE_PREFIX is empty but the user can set it e.g. to MESSAGE_PREFIX="$$: " # to get ReaR messages prefixed with the PID of the running 'rear' main program which is # basically a requirement when workflows are run simultaneously to get distinguishable # messages (cf. SIMULTANEOUS_RUNNABLE_WORKFLOWS) MESSAGE_PREFIX="" #### # PROGRESS_MODE # How progress messages are shown (cf. lib/progresssubsystem.nosh). # PROGRESS_MODE can be "ANSI" (default/fallback) or "plain". # When there is a tty on stdout messages via the progress subsystem # are by default shown with ANSI escape sequences so that all # subsequent progress messages appear on one same line. # With PROGRESS_MODE="plain" the progress subsystem outputs the same # messages as in "ANSI" mode but without ANSI escape sequences. # PROGRESS_MODE="plain" is basically a requirement when workflows # are run simultaneously (cf. SIMULTANEOUS_RUNNABLE_WORKFLOWS) because # otherwise the progress messages from simultaneously running workflows # would mix up on one same line which results illegible and meaningless # output on the terminal PROGRESS_MODE="ANSI" # # PROGRESS_WAIT_SECONDS # The number of seconds between subsequent progress messages that are output # via the progress subsystem while a longer task (usually backup or restore) runs. # The default/fallback is 1 second. Setting e.g. PROGRESS_WAIT_SECONDS="5" can be # used to get less progress messages on the terminal but at the same time it delays # continuing after the task (e.g. backup or restore) had finished by half that time # on average up to at most the whole amount of PROGRESS_WAIT_SECONDS PROGRESS_WAIT_SECONDS="1" #### #### # Relax-and-Recover UserInput function default behaviour # # see the UserInput function decription in # usr/share/rear/lib/_input-output-functions.sh # # USER_INPUT_TIMEOUT # USER_INPUT_INTERRUPT_TIMEOUT # USER_INPUT_UNATTENDED_TIMEOUT # USER_INPUT_PROMPT # USER_INPUT_MAX_CHARS # USER_INPUT_user_input_ID # # All timeout values must be at least '1' (i.e. one second timeout). # The reason is that 'read -t 0' returns immediately without trying to read any data # so when 'read' should time out the minimum timeout value is '1'. # That the 'read' timeout can be a fractional number requires bash 4.x # see https://github.com/rear/rear/issues/2866#issuecomment-1254908270 # but in general ReaR should still work with bash 3.x so we use '-t 1'. # # USER_INPUT_TIMEOUT specifies the default timeout in seconds # after that UserInput() automatically proceeds with a default value. # That timeout interrupts a possibly ongoing user input # (same as the timeout of the 'read' bash builtin). # The UserInput timeout must be sufficiently long for the user # to read and understand the possibly unexpected UserInput() message # and then some more time to make a decision whether or not # the default action ("just proceed") is actually the right one # in his particular case and finally even more time to enter # his particular input when the default is not the right one. USER_INPUT_TIMEOUT="${USER_INPUT_TIMEOUT:-300}" # # USER_INPUT_INTERRUPT_TIMEOUT specifies the timeout in seconds # for how long UserInput() waits for the user to interrupt an automated input # when a predefined input value is specified for a particular UserInput() call # via a matching USER_INPUT_user_input_ID variable (see below). # The default interrupt timeout must be sufficiently long for the user # to read and understand the possibly unexpected UserInput() message # and then some more time to make a decision whether or not # the automated action is actually the right one and # if not a bit more time to hit a key to interrupt. USER_INPUT_INTERRUPT_TIMEOUT="${USER_INPUT_INTERRUPT_TIMEOUT:-30}" # # USER_INPUT_UNATTENDED_TIMEOUT specifies the timeout in seconds # for how long UserInput() waits for user input # when ReaR is run in 'unattended' or 'non-interactive' mode # i.e. when there is (usually) no user who would or could input something. USER_INPUT_UNATTENDED_TIMEOUT="${USER_INPUT_UNATTENDED_TIMEOUT:-3}" # # USER_INPUT_PROMPT specifies the default prompt text that is shown # if no prompt was specified for a particular UserInput() call. USER_INPUT_PROMPT="${USER_INPUT_PROMPT:-enter your input}" # # USER_INPUT_MAX_CHARS specifies the default maximum characters until # the UserInput function truncates further input and returns. # With the default USER_INPUT_MAX_CHARS=0 input is not truncated and it # also makes correcting the input possible (before [Enter] is pressed) # cf. https://github.com/rear/rear/issues/2622 USER_INPUT_MAX_CHARS="${USER_INPUT_MAX_CHARS:-0}" # # USER_INPUT_user_input_ID variables can be used to predefine automated # input for UserInput() calls with the matching user_input_ID value. # Each UserInput() call has a specific user_input_ID that is shown # when ReaR is run in debug mode (via the '-d' command line option). # For example "rear -d recover" may show something like: # UserInput -I LAYOUT_MIGRATION_CONFIRM_MAPPINGS needed ... # Confirm or edit the disk mapping # 1) Confirm disk mapping and continue 'rear recover' # 2) Edit disk mapping (/var/lib/rear/layout/disk_mappings) # 3) Use Relax-and-Recover shell and return back to here # 4) Abort 'rear recover' # (default '1' timeout 300 seconds) # In this case one can specify a predefined input in local.conf like # USER_INPUT_LAYOUT_MIGRATION_CONFIRM_MAPPINGS=2 # or directly on command line before running "rear recover" like # export USER_INPUT_LAYOUT_MIGRATION_CONFIRM_MAPPINGS=2 # The user_input_ID that is shown 'LAYOUT_MIGRATION_CONFIRM_MAPPINGS' # must be appended to a USER_INPUT_ variable prefix to get the right # USER_INPUT_LAYOUT_MIGRATION_CONFIRM_MAPPINGS variable name. # Then the "Edit disk mapping" choice will be selected automatically. # In this case the USER_INPUT_INTERRUPT_TIMEOUT is crucial because # otherwise one would be caught in an endless "Edit disk mapping" loop. #### # Default backup and output targets: BACKUP=REQUESTRESTORE OUTPUT=ISO # Default cdrom size in MB (probably it is actually MiB?): CDROM_SIZE=20 #### # The CHECK_CONFIG_FILES array lists files where changes # require the ReaR rescue/recovery system to be recreated. # Testing whether or not those files changed is implemented in the checklayout workflow # which exits with non-zero exit code when the disk layout or those files changed # (cf. https://github.com/rear/rear/issues/1134) but the checklayout workflow # does not automatically recreate the rescue/recovery system. # Files matching FILES_TO_PATCH_PATTERNS are added to this list automatically. CHECK_CONFIG_FILES=( '/etc/drbd/' '/etc/drbd.conf' '/etc/lvm/lvm.conf' '/etc/multipath.conf' '/etc/udev/udev.conf' "$CONFIG_DIR" ) # # FILES_TO_PATCH_PATTERNS is a space-separated list of shell glob patterns. # Files that match are eligible for a final migration of UUIDs and other # identifiers after recovery (if the layout recreation process has led # to a change of an UUID or a device name and a corresponding change needs # to be performed on restored configuration files ). # See finalize/GNU/Linux/280_migrate_uuid_tags.sh # The [] around the first letter make sure that # 'shopt -s nullglob' removes this file from the list if it does not exist: FILES_TO_PATCH_PATTERNS="[b]oot/{grub.conf,menu.lst,device.map} [e]tc/grub.* \ [b]oot/grub/{grub.conf,grub.cfg,menu.lst,device.map} \ [b]oot/grub2/{grub.conf,grub.cfg,menu.lst,device.map} \ [e]tc/sysconfig/grub [e]tc/sysconfig/bootloader \ [e]tc/lilo.conf [e]tc/elilo.conf \ [e]tc/yaboot.conf \ [e]tc/mtab [e]tc/fstab [e]tc/crypttab \ [e]tc/mtools.conf \ [e]tc/smartd.conf [e]tc/sysconfig/smartmontools \ [e]tc/sysconfig/rawdevices \ [e]tc/security/pam_mount.conf.xml \ [b]oot/efi/*/*/grub.cfg" #### #### # Relax-and-Recover recovery system update during "rear recover" # # see https://github.com/rear/rear/issues/841 # and https://hackweek.suse.com/14/projects/1508 # # The by default empty RECOVERY_UPDATE_URL means this functionality is not used so that # "rear recover" runs as usual without updating any files in the ReaR recovery system # (i.e. with the recovery system as "rear mkbackup" or "rear mkrescue" had made it). # # If RECOVERY_UPDATE_URL is non-empty it points to a download location # wherefrom "rear recover" will first of all download a tar.gz archive and # extract that at the root directory '/' in the ReaR recovery system. # # The intended purpose is to download and replace in the recovery system ReaR config files # (usually the content of /etc/rear/ and /var/lib/rear/recovery/ and /var/lib/rear/layout/) # with updated ReaR config files. # # But it is not limited to replace only ReaR config files in the recovery system. # Anything in the tar.gz archive will be extracted at '/' in the recovery system # (even if it destroys the recovery system) so that it can also be used to update # anything in the recovery system - provided one does the update carefully. # For example one should not replace currently running ReaR scripts. # # Currently only a HTTP download location is supported like # RECOVERY_UPDATE_URL="http://my_internal_server/$HOSTNAME.rear_config.tgz" # so that "curl -o recovery-update.tar.gz $RECOVERY_UPDATE_URL" will work. # Accordingly when using RECOVERY_UPDATE_URL="http://..." # curl should be added to the REQUIRED_PROGS array like # REQUIRED_PROGS+=( curl ) # RECOVERY_UPDATE_URL="${RECOVERY_UPDATE_URL:-}" #### #### # MIGRATION_MODE recovery during "rear recover" # # There is some basic autodetection during "rear recover" when # disks on the replacement hardware seem to not match compared to # what there was stored in disklayout.conf on the original system. # If a mismatch is autodetected then ReaR goes into its # MIGRATION_MODE where manual disk layout configuration happens. # In this case ReaR asks the user via several user dialogs what to do. # Only the disk size is used to determine whether or not # disks on the replacement hardware match the disks on the original system. # Problems only appear when more than one disk with same size is used. # Examples: # When on the original system and on the replacement hardware two disks # with same size are used the disk devices may get interchanged # so that what there was on /dev/sda on the original system may get # recreated on /dev/sdb on the replacement hardware and vice versa. # When on the original system one disk is used for the system and # another disk with same size for the ReaR recovery system and backup # the disk devices may get interchanged on the replacement hardware # so that "rear recover" could result an ultimate disaster # (instead of a recovery from a disaster) if it recreated the system # on the disk where the ReaR recovery system and backup is # which would overwrite/destroy the backup via parted and mkfs # (cf. https://github.com/rear/rear/issues/1271). # Therefore to be on the safe side and to avoid such problems # ReaR goes by default automatically into its MIGRATION_MODE # when more than one disk with same size is used on the original system # or when for one of the used disk sizes on the original system # more than one disk with same size is found on the replacement hardware # i.e. when there is more than one possible target disk. # Accordingly ReaR goes by default not into its MIGRATION_MODE # only if for each used disk size on the original system eaxctly one # possible target disk with same size is found on the replacement hardware. # With MIGRATION_MODE='true' (or any value that is recognized as 'yes' by the is_true function) # one can request MIGRATION_MODE regardless of autodetection during "rear recover" # provided "rear recover" is not run in 'unattended' or 'non-interactive' mode. # With MIGRATION_MODE='TRUE' ('TRUE' in uppercase letters) one can enfore MIGRATION_MODE # also when "rear recover" is run in 'unattended' or 'non-interactive' mode. # The by-default empty MIGRATION_MODE results that MIGRATION_MODE # is set via the above described autodetection during "rear recover". MIGRATION_MODE="${MIGRATION_MODE:-}" #### #### # Wiping disks during "rear recover" before recreating the disk layout: # # The intent is that disks where the disk layout will be recreated # get completely wiped as far as possible with reasonable effort, # see usr/share/rear/layout/recreate/default/README.wipe_disks # so that the disk layout recreation code (diskrestore.sh) # can run on clean disks that behave like pristine new disks, # see https://github.com/rear/rear/issues/799 # This is currently new and experimental functionality, # see https://github.com/rear/rear/pull/2514 # # An empty DISKS_TO_BE_WIPED="" means that disks will be automatically wiped. # The disks that will be automatically wiped are those disks # where in diskrestore.sh the create_disk_label function is called # i.e. disks where the whole partitioning will be recreated from scratch. # This automatism cannot work when the create_disk_label function is called # for higher level block devices like RAID devices that do not exist as disks # on the bare replacement hardware or on a bare replacement virtual machine. # When disk devices are specified like DISKS_TO_BE_WIPED="/dev/sda /dev/sdb" # all those that actually exist as block devices in the recovery system # (i.e. on the replacement hardware or on the replacement virtual machine) # will be wiped without any safety condition (except WRITE_PROTECTED_IDS) # and regardless if those disks are actually needed to recreate the system. # So e.g. DISKS_TO_BE_WIPED="/dev/sd[a-z]" will wipe all /dev/sda ... /dev/sdz that exist # except when for a disk in the recovery system its ID is listed in WRITE_PROTECTED_IDS # (listing disk IDs of the original system in WRITE_PROTECTED_IDS does not help). # When the ReaR recovery system was booted from a (USB) disk that is /dev/sda on the # replacement hardware then DISKS_TO_BE_WIPED="/dev/sda ..." may destroy the ReaR disk # unless that disk is (by default automatically) listed in WRITE_PROTECTED_IDS # (here it works because the ReaR disk ID is same on the replacement hardware). # In any case there is a user confirmation dialog before disks will be wiped. # With DISKS_TO_BE_WIPED="false" no disk will be wiped. # DISKS_TO_BE_WIPED has no influence what disks will get completely overwritten # by the actual disk layout recreation code (e.g. the diskrestore.sh script). DISKS_TO_BE_WIPED="${DISKS_TO_BE_WIPED:-}" #### #### # Formatting DASDs (S/390 specific) # DASD (Direct Access Storage Device) denotes a disk drive on the S/390 architecture. # DASDs need to be formatted before use (even before creating a partition table on them). # By default ReaR will format the DASDs that are going to be used to recreate the system # (are referenced in disklayout.conf) before recreating the disk layout. # This can be suppressed by setting FORMAT_DASDS="false". It can be useful when one intends # to use already formatted DASDs as recovery target. FORMAT_DASDS="" #### #### # Resizing partitions in MIGRATION_MODE during "rear recover" # # AUTORESIZE_PARTITIONS # AUTORESIZE_EXCLUDE_PARTITIONS # AUTOSHRINK_DISK_SIZE_LIMIT_PERCENTAGE # AUTOINCREASE_DISK_SIZE_THRESHOLD_PERCENTAGE # # For details see the scripts # usr/share/rear/layout/prepare/default/420_autoresize_last_partitions.sh # and # usr/share/rear/layout/prepare/default/430_autoresize_all_partitions.sh # # When AUTORESIZE_PARTITIONS is false, no partition is resized. # # When AUTORESIZE_PARTITIONS is true, all active partitions on all active disks # get resized by the 430_autoresize_all_partitions.sh script # (except boot and swap partitions via some special hardcoded rules in that script) # if the disk size had changed (i.e. only in migration mode). # This does not resize volumes on top of the affected partitions. # Using AUTORESIZE_PARTITIONS='true' with 430_autoresize_all_partitions.sh # may result badly aligned partitions in particular possibly harmful aligned # according to what flash memory based disks (i.e. SSDs) actually need # which is usually 4MiB or 8MiB alignment where a too small value # will result lower speed and less lifetime of flash memory devices # (cf. the below comment at USB_PARTITION_ALIGN_BLOCK_SIZE). # # A true or false value must be the first one in the AUTORESIZE_PARTITIONS array. # # When the first value in AUTORESIZE_PARTITIONS is neither true nor false # only the last active partition on each active disk gets resized # by the 420_autoresize_last_partitions.sh script. # # The following applies only when the last active partition on each active disk # gets resized by the 420_autoresize_last_partitions.sh script: # # In particular this does not resize volumes on top of the affected partitions. # To migrate volumes on a disk where the disk size had changed the user must in advance # manually adapt his disklayout.conf file before he runs "rear recover". # # All other values in the AUTORESIZE_PARTITIONS array specify partition device nodes # e.g. as in AUTORESIZE_PARTITIONS=( /dev/sda2 /dev/sdb3 ) # where last partitions with those partition device nodes should be resized # (i.e. this way only last partitions can be specified to be resized) # regardless of what is specified in the AUTORESIZE_EXCLUDE_PARTITIONS array. # # The values in the AUTORESIZE_EXCLUDE_PARTITIONS array specify partition device nodes # where partitions with those partition device nodes are excluded from being resized. # The special values 'boot', 'swap', and 'efi' specify that # - partitions where its filesystem mountpoint contains 'boot' or 'bios' or 'grub' # or where its GPT name or flags contain 'boot' or 'bios' or 'grub' (anywhere case insensitive) # - partitions for which an active 'swap' entry exists in disklayout.conf # or where its GPT name or flags contain 'swap' (anywhere case insensitive) # - partitions where its filesystem mountpoint contains 'efi' or 'esp' # or where its GPT name or flags contains 'efi' or 'esp' (anywhere case insensitive) # are excluded from being resized e.g. as in # AUTORESIZE_EXCLUDE_PARTITIONS=( boot swap efi /dev/sdb3 /dev/sdc4 ) # # In general ReaR is not meant to somehow "optimize" a system during "rear recover". # ReaR is meant to recreate a system as much as possible exactly as it was before. # Accordingly the automated resizing by the 420_autoresize_last_partitions.sh script # implements a "minimal changes" approach: # # When the new disk is a bit smaller (at most AUTOSHRINK_DISK_SIZE_LIMIT_PERCENTAGE percent), # only the last (active) partition gets shrinked but all other partitions are not changed. # When the new disk is smaller than AUTOSHRINK_DISK_SIZE_LIMIT_PERCENTAGE percent it errors out. # To migrate onto a substantially smaller new disk the user must in advance # manually adapt his disklayout.conf file before he runs "rear recover". # # When the new disk is not much bigger (less than AUTOINCREASE_DISK_SIZE_THRESHOLD_PERCENTAGE percent), # no partition gets increased (which leaves the bigger disk space at the end of the disk unused). # When the new disk is substantially bigger (at least AUTOINCREASE_DISK_SIZE_THRESHOLD_PERCENTAGE percent), # only the last (active) partition gets increased but all other partitions are not changed. # To migrate various partitions onto a substantially bigger new disk the user must in advance # manually adapt his disklayout.conf file before he runs "rear recover". # # Because only the end value of the last partition may get changed, the partitioning alignment # of the original system is not changed, cf. https://github.com/rear/rear/issues/102 # # Because only the last active (i.e. not commented in disklayout.conf) partition on a disk # may get changed, things go wrong if another partition is actually the last one on the disk # but that other partition is commented in disklayout.conf (e.g. because that partition # is a partition of another operating system that is not mounted during "rear mkrescue"). # To migrate a system with a non-active last partition onto a bigger or smaller new disk # the user must in advance manually adapt his disklayout.conf file before he runs "rear recover". # AUTORESIZE_PARTITIONS='' AUTORESIZE_EXCLUDE_PARTITIONS=( boot swap efi ) AUTOSHRINK_DISK_SIZE_LIMIT_PERCENTAGE=2 AUTOINCREASE_DISK_SIZE_THRESHOLD_PERCENTAGE=10 #### #### # Write-protection during "rear recover" # for OUTPUT=USB and OUTPUT=RAWDISK # # Designate disks via disk specific IDs or file system labels as write-protected # to avoid that those disks could get used as target disk during "rear recover" # via WRITE_PROTECTED_IDS and WRITE_PROTECTED_FS_LABEL_PATTERNS # in etc/rear/rescue.conf in the ReaR rescue/recovery system. # # WRITE_PROTECTED_ID_TYPES is a string of the 'lsblk' output columns where # their values are stored in WRITE_PROTECTED_IDS during "rear mkrescue/mkbackup". # During "rear recover" a disk is write-protected when one of the values # of this 'lsblk' output columns for the disk also exists in WRITE_PROTECTED_IDS. # The default 'lsblk' output columns for write-protection via disk specific IDs are # UUID filesystem UUID # PTUUID partition table identifier (usually UUID) # PARTUUID partition UUID # WWN unique storage identifier WRITE_PROTECTED_ID_TYPES="UUID PTUUID PARTUUID WWN" # # For OUTPUT=USB the values of the 'lsblk' output columns in WRITE_PROTECTED_ID_TYPES # of the ReaR recovery system disk (i.e. USB_DEVICE) are automatically added # to the WRITE_PROTECTED_IDS array during "rear mkrescue/mkbackup". # For OUTPUT=RAWDISK a partition table UUID is generated (provided 'uuidgen' is there) # that is added to the WRITE_PROTECTED_IDS array. # For the IDs in WRITE_PROTECTED_IDS their matching 'lsblk' output columns # must exist in WRITE_PROTECTED_ID_TYPES because only this ID types are used # to test if a disk is write-protected (see WRITE_PROTECTED_ID_TYPES above). # E.g. if you like to use additionally the 'lsblk' output column MODEL as ID # in WRITE_PROTECTED_IDS like WRITE_PROTECTED_IDS+=( "ACME_USB_DISK_XL" ) # you must also append that 'lsblk' output column as separated additional word # to the WRITE_PROTECTED_ID_TYPES string like WRITE_PROTECTED_ID_TYPES+=" MODEL" WRITE_PROTECTED_IDS=() # # WRITE_PROTECTED_FS_LABEL_PATTERNS is an array of (shell glob) patterns which designate # matching file system labels as write-protected partitions to write-protect their disk. # Entries may be quoted and contain blanks, but they may not contain single quotes themselves. # Example: WRITE_PROTECTED_FS_LABEL_PATTERNS+=( "Backup *" ) # For OUTPUT=USB the file system label of the ReaR data partition on the ReaR recovery system disk # is automatically added to WRITE_PROTECTED_FS_LABEL_PATTERNS during "rear mkrescue/mkbackup". WRITE_PROTECTED_FS_LABEL_PATTERNS=() #### #### # Creating XFS filesystems during "rear recover" # # MKFS_XFS_OPTIONS # MKFS_XFS_OPTIONS_... # # For details see the script # usr/share/rear/layout/prepare/GNU/Linux/130_include_filesystem_code.sh # and for some reasoning behind you may have a look at # https://github.com/rear/rear/pull/2005 # # During "rear mkrescue/mkbackup" the script layout/save/GNU/Linux/230_filesystem_layout.sh # calls 'xfs_info' and stores its output in var/lib/rear/layout/xfs/XFS_DEVICE.xfs files # where XFS_DEVICE is the basename of the device where the XFS filesystem is (e.g. sda2). # By default during "rear recover" the XFS filesystem on that device gets recreated # with matching mkfs.xfs options according to the stored 'xfs_info' output so that # XFS filesystems should get recreated with same XFS filesystem options as before. # # In particular in MIGRATION_MODE when disk devices had changed it could be needed # to recreate XFS filesystems with different XFS filesystem options as before. # MKFS_XFS_OPTIONS specifies global mkfs.xfs options for recreating all XFS filesystems. # Device specific mkfs.xfs options can be specified for each XFS device via # MKFS_XFS_OPTIONS_XFS_DEVICE where XFS_DEVICE is the basename of the device # but only uppercase letters and digits to ensure a valid bash variable name. # For example for /dev/sda2 it would be MKFS_XFS_OPTIONS_SDA2 and # for /dev/mapper/ACME_1000-part3 it would be MKFS_XFS_OPTIONS_ACME1000PART3 # Common global options can be specified first like MKFS_XFS_OPTIONS="global options" # and used via MKFS_XFS_OPTIONS_SDA2="$MKFS_XFS_OPTIONS additional options for sda2" # versus separated options as in MKFS_XFS_OPTIONS_SDB3="all options for sdb3". # To recreate XFS filesystems with the mkfs.xfs defaults (i.e. without mkfs.xfs options) # specify a space MKFS_XFS_OPTIONS=' ' or MKFS_XFS_OPTIONS_SDA2=' ' only for sda2. # # The by-default empty MKFS_XFS_OPTIONS results that the mkfs.xfs options are set # via the above described default according to the stored 'xfs_info' output. MKFS_XFS_OPTIONS="${MKFS_XFS_OPTIONS:-}" #### #### # Support for TCG Opal 2-compliant Self-Encrypting Disks # (see doc/user-guide/13-tcg-opal-support.adoc) # # Output location for the Pre-Boot Authentication (PBA) System (empty for not using a PBA). # (For URL syntax, see "Using OUTPUT_URL..." in doc/user-guide/03-configuration.adoc.) # This URL specifies # - where PBA output shall be stored by "rear mkopalpba", and # - where to find a local PBA image file during "rear mkrescue" and "rear opaladmin" (but can # be overridden by OPAL_PBA_IMAGE_FILE). # The actual PBA image file resides below the OPAL_PBA_OUTPUT_URL directory at # "$HOSTNAME/TCG-Opal-PBA-$HOSTNAME.raw". # NOTE: If a local directory is specified, Relax-and-Recover will automatically pick # up the PBA image when installing it to local disks or when building a rescue system. OPAL_PBA_OUTPUT_URL="file://$VAR_DIR/TCG-Opal-PBA" # # Full path of a local PBA image file. # This local path specifies the PBA image to be used by "rear mkrescue" and "rear opaladmin". # If not set (the default) and OPAL_PBA_OUTPUT_URL points to a local directory, the location is # determined by OPAL_PBA_OUTPUT_URL. OPAL_PBA_IMAGE_FILE="" # # These variables extend their non-prefixed counterparts (PROGS, COPY_AS_IS, etc.) for the PBA system only. # Their main purpose is to include the necessary files for a Plymouth graphical boot animation, which # provides a nice looking user interface to enter the disk password. OPAL_PBA_PROGS=() OPAL_PBA_COPY_AS_IS=() OPAL_PBA_LIBS=() OPAL_PBA_KERNEL_CMDLINE="" # The following variable, if non-empty, overrides FIRMWARE_FILES for the PBA system. OPAL_PBA_FIRMWARE_FILES=() # The following variable sets USE_SERIAL_CONSOLE for the PBA system. OPAL_PBA_USE_SERIAL_CONSOLE="" # # OPAL_PBA_UNLOCK_MODE determines the PBA's disk unlock mode, either "transient" (the default) or "permanent". # * "transient" mode unlocks devices until they are powered off. This is the normal behavior. # * "permanent" mode unlocks devices and deactivates locking until a reactivation command is issued. This mode exists # as a workaround for systems which are unable to reboot after transient unlocking. Example configuration in # 'local.conf' or 'site.conf': # if dmidecode | grep --quiet 'Product Name: ML10Gen9$'; then # # An HPE ML10Gen9 Server does not start reliably after disk unlocking unless the reboot method includes a # # power cycle. In the latter case, disks will only remain unlocked if "permanent" unlock mode is used. # # Seen on: HPE ML10Gen9, BIOS Version: 1.13, BIOS Release Date: 12/05/2019 # OPAL_PBA_KERNEL_CMDLINE+=" reboot=efi" # reboot with a power cycle # OPAL_PBA_UNLOCK_MODE="permanent" # keep disks unlocked after power cycling # fi # WARNING: If this mode is used, it is recommended to run 'rear opaladmin reactivate' each time the regular # operating system has booted (e.g. via a systemd unit). Even then, a protection gap exists between deactivating # locking by the PBA and reactivating locking by the reagular OS. If the regular boot fails or the reactivation # command is not issued for some reason, devices will remain unlocked permanently. OPAL_PBA_UNLOCK_MODE="transient" # # PBA debug password as a salted hash (empty for not using the debug shell facility). # If the debug password is entered when the PBA asks for a password to unlock disks, # an interactive emergency shell will be started, which can be used to debug the PBA system. { OPAL_PBA_DEBUG_PASSWORD='' ; } 2>>/dev/$SECRET_OUTPUT_DEV # # When not empty, OPAL_PBA_DEBUG_DEVICE_COUNT overrides the number of TCG Opal 2-compliant self-encrypting disks # installed. To test the PBA system on a machine without any Opal 2-compliant disk, set OPAL_PBA_DEBUG_DEVICE_COUNT=1. # Used to debug the PBA system. OPAL_PBA_DEBUG_DEVICE_COUNT="" # # Path to linux block device to use as AuthToken container (a small unformatted partition on removable media is ideal) # You may use any of standard /dev/disk/by-whatever/whatever symliks here, 'by-partuuid' should be the most robust one. # If multiple paths are specified here, they will be tried in the same order as specified until first present-one is found. # AuthToken may be generated in-PBA and then used as a password replacement, i.e. to unlock disks w/o typing Opal password each time. # If configured device is detected at the time you unlock disks with password, PBA will offer to create a token on that device. # In case you forgot to insert your AuthToken and booted to standart password promt, providing an empty password will trigger AT-rescan. OPAL_PBA_TKNPATH=( ) # # Raw byte offset at which to store AuthToken for current PBA # Single container (as defined by OPAL_PBA_TKNPATH) may hold multiple ATs for different PBAs at different offsets OPAL_PBA_TKNOFFSET=0 # # AuthToken encryption key # The simplest and the least secure option is to set some plain password here, e.g. 'mYt0kEnpAs$wOrd' # Please note that it will be stored in cleartext inside PBA image, so it is preferable to make it unique. # If someone manages to get PBA dump (e.g. boot your computer from live USB and dump a shadow-MBR), he will # effectively get your 'mYt0kEnpAs$wOrd' in clear-text, and if that 'someone' also manages to get your AuthToken, # he will be able to recover the original Opal password! But as long as you keep the token separate # from disk it unlocks, and don't keep it plugged-in after use, you're mostly fine. # The much better option, however requiring a recent hardware and recent systemd ver, is to use TPM2-assisted encryption # To use it, define a specially-formatted string here: 'tpm:yourtokenname:PCRs', e.g 'tpm:myopaltoken:4+9+12'. # In this mode encryption key will be stored in your device's TPM2 chip sealed with selected PCR-hashes. Depending on which # PCRs you select and PBA bootloader used, the AuthToken may be bound not only to device, but to exact PBA image # used to generate it (kernel, initrd, cmdline, etc), which makes it very secure. # This option works best with EFI-stub / UKI (Unified Kernel Image), for more info see # https://www.freedesktop.org/software/systemd/man/systemd-stub.html # https://www.freedesktop.org/software/systemd/man/systemd-creds.html # https://www.freedesktop.org/software/systemd/man/systemd-cryptenroll.html { OPAL_PBA_TKNKEY='tpm:opalauthtoken:7' ; } 2>>/dev/$SECRET_OUTPUT_DEV # # Poor man's alternative for AT <-> PBA binding, additionaly encrypts Opal password using PBA image hash as a key # Optional, may be used independently of TKNKEY type OPAL_PBA_TKNBIND="no" # # You may optionally additionally protect generated AT with second password, acting as a second factor auth # This var defines max number of attempts one will be given by PBA to provide that second password OPAL_PBA_TKN2FAMAXTRIES=3 # # Whether to wipe/destroy AuthToken after TKN2FAMAXTRIES exceeded # These 2FA options combined allow to have a simple-enough 'everyday' password (2FA one) # protecting a complex Opal password in a secure-enough way to keep the token inserted all the time OPAL_PBA_TKN2FAFAILWIPE="no" # # Enables AT debug mode: some messages in console and /.authtkn.stderr.* file # Actual disk-unlocking won't be attempted in this mode # You may use the following debug-passwords: # 'dbgpass' - accepted as (fake) disk-unlocking, but only being user-provided (typed-in) # 'dbgpasstkn' - accepted as (fake) disk-unlocking (including AuthToken) OPAL_PBA_TKNDBG="no" # # Enables 'SecureBoot disabled/unavailable' warning, accepts pseudo-boolean (yes/no) or custom message string # pseudo-false disables this check # pseudo-true shows a default message in console, but not in Plymouth (for use with newer Plymouth+two-step supporting SB-warning) # 'custom-message' shows that 'custom-message' message in both console/Plymouth modes # Additionally with this check enabled (pseudo-true or custom message) unattended boot / disk auto-unlock # will be allowed only if SecureBoot is active (otherwise PBA will wait for user-input to ensure he is aware of current SB state) # When empty defaults to display-message mode with default message text OPAL_PBA_SBWARN="" # # Suppress final success message (i.e. 'Disk unlocked, rebooting...') and associated wait OPAL_PBA_NOSUCCESSMSG="no" #### #### # Output/backup locations ## # # The URL defines the remote share as :/// like these examples: # nfs://host.domain/path/path/path # cifs://server.domain/share # usb:///dev/sdb1 # others might also work, if they can be mounted with mount :/ # there is special support for tape:///dev/nst0 # Additional options to the mount command are given using *_OPTIONS # Alternatively, you can provide your own mount/unmount commands, in that case # Relax-and-Recover will append its mountpoint to the command. # # Specify the location of the backup (see text above): BACKUP_URL= # BACKUP_OPTIONS variable contains the mount options, do not confuse with BACKUP_PROG_OPTIONS BACKUP_OPTIONS= BACKUP_MOUNTCMD= BACKUP_UMOUNTCMD= ## # Specify the location of the output: # When OUTPUT_URL is not specified it inherits the BACKUP_URL value # and then also OUTPUT_OPTIONS inherits the BACKUP_OPTIONS value # via the code in usr/share/rear/prep/default/020_translate_url.sh # but when OUTPUT_URL is set then OUTPUT_OPTIONS may have to be # explicitly set too in particular when BACKUP_OPTIONS are specified # because when OUTPUT_URL is set OUTPUT_OPTIONS does not inherit the BACKUP_OPTIONS value # cf. https://github.com/rear/rear/issues/2753 OUTPUT_URL= # Patterns for RESULT_FILES to be uploaded with shell wildcards if non empty # e.g. OUTPUT_URL_FILES_PATTERNS=("*.iso") to upload only iso files OUTPUT_URL_FILES_PATTERNS=() OUTPUT_OPTIONS= OUTPUT_MOUNTCMD= OUTPUT_UMOUNTCMD= # The directory that is created at the output location to store the RESULT_FILES therein. # For example OUTPUT_PREFIX specifies the prefix directory of a rescue/recovery system ISO image: OUTPUT_PREFIX="$HOSTNAME" #### # Keep an older copy of the output (mv $OUTPUT_PREFIX $OUTPUT_PREFIX.old before we copy the new version) # empty means only keep current output: KEEP_OLD_OUTPUT_COPY= # The remote file system layout for OUTPUT=PXE can be modified to accommodate different TFTP server layouts # (simply overwrite OUTPUT_PREFIX_PXE). #OUTPUT_PREFIX_PXE="$OUTPUT_PREFIX" # make it empty - see issue #570 (DRLM will fill it up) OUTPUT_PREFIX_PXE="" # When using fish, ftp, ftps, hftp, http, https or sftp in OUTPUT_URL, you can set OUTPUT_LFTP_OPTIONS to pass additional # parameters to LFTP (https://lftp.yar.ru/lftp-man.html). # Example: OUTPUT_LFTP_OPTIONS=("set ftp:ssl-force true" "set ftp:ssl-protect-data true") OUTPUT_LFTP_OPTIONS=() OUTPUT_LFTP_USERNAME=${OUTPUT_LFTP_USERNAME:-} { OUTPUT_LFTP_PASSWORD=${OUTPUT_LFTP_PASSWORD:-} ; } 2>>/dev/$SECRET_OUTPUT_DEV #### # OUTPUT=RAMDISK ## # With OUTPUT=RAMDISK the ReaR rescue/recovery system initramfs/initrd # is created but nothing additional is done to make it bootable. # # The script output/RAMDISK/default/900_copy_ramdisk.sh adds the initramfs # plus the kernel to the RESULT_FILES array so that the subsequent # script output/default/950_copy_result_files.sh will copy them # to the output location specified via OUTPUT_URL (or inherited from BACKUP_URL). # # With non-empty RAMDISK_SUFFIX # the kernel at the output location will be kernel-$RAMDISK_SUFFIX # the initramfs at the output location will be initramfs-$RAMDISK_SUFFIX.img RAMDISK_SUFFIX="$HOSTNAME" #### #### # OUTPUT=ISO ## # OUTPUT=ISO produces files suitable for booting with SYSLINUX/ISOLINUX and assumes that the result # will be written sequentially to a read-only medium with limited size (e.g. optical medium like CD-ROM). # # Default "local" ISO directory (usually /var/lib/rear/output). However, to avoid duplicate ISO images when # also using the OUTPUT_URL variable with a file syntax, it is then better only to use ISO_DIR. # Keep in mind that ISO_DIR works only with an absolute directory path and does not replace OUTPUT_URL # which supports the NETFS syntax (to copy the ISO image across the network). ISO_DIR=$VAR_DIR/output # # Default ISO label: # When the backup is split on multiple ISOs (cf. ISO_MAX_SIZE below) # the first ISO 'rear-HOSTNAME.iso' has the label $ISO_VOLID # and subsequent ISOs 'rear-HOSTNAME_01.iso' 'rear-HOSTNAME_02.iso' ... # get the labels ${ISO_VOLID}_01 ${ISO_VOLID}_02 ... respectively. # The ISO_VOLID default value REAR-ISO has 8 characters so that # the first ISO 'rear-HOSTNAME.iso' has the label REAR-ISO # and subsequent ISOs 'rear-HOSTNAME_01.iso' 'rear-HOSTNAME_02.iso' ... # get the labels REAR-ISO_01 REAR-ISO_02 ... respectively # that have 11 characters which is the maximum length for FAT volume names # ("man mkfs.fat" tells that a "volume name can be up to 11 characters long") # so things work when the ISO image is used to create a FAT bootable USB stick # cf. https://github.com/rear/rear/issues/1565 # and https://github.com/rear/rear/issues/2456 # In case of special filesystems that only support labels with even less than 11 characters # ("man mkfs.xfs" tells "XFS filesystem labels can be at most 12 characters long" so it's ok) # the ISO_VOLID value would have to be appropriately specified in /etc/rear/local.conf # so that $ISO_VOLID plus the trailing '_NN' does not exceed the maximum label length. ISO_VOLID="REAR-ISO" # # How to find isolinux.bin. # Possible values are "" (meaning search for it) or "/path/to/isolinux.bin" ISO_ISOLINUX_BIN="" # # ISO_MAX_SIZE is a rough way to specify the maximum size of generated ISO images. # The ISO_MAX_SIZE value is specified in MiB. # Actually ISO_MAX_SIZE does not implement the maximum size of the ISO. # Instead it is used to calculate the size of the chunks when a backup.tar.gz is split # that is used in a "split ... -b ${BACKUP_SPLIT_CHUNK_SIZE}m ..." SPLIT_COMMAND # in the usr/share/rear/backup/NETFS/default/500_make_backup.sh script. # Splitting a backup via ISO_MAX_SIZE is only supported for the 'tar' backup program. # Multiple ISO images are generated when the backup.tar.gz size exceeds # the BACKUP_SPLIT_CHUNK_SIZE that is derived from the ISO_MAX_SIZE value. # It is useful when the backup.tar.gz is included within the ISO image # (i.e. together with things like 'BACKUP_URL=iso:///backup'). # ISO_MAX_SIZE cannot be less than what the ReaR rescue/recovery system needs # because the recovery system must fit onto one (bootable) recovery medium # so that the whole recovery system must be on a single (bootable) ISO. # Therefore ISO_MAX_SIZE should be normally not less than about 600 MiB. # Because the ReaR recovery system and its bootloader must be on the first ISO # the actually used size of the chunks when a backup.tar.gz is split is the # ISO_MAX_SIZE value minus the size of the recovery system kernel and initrd # and minus 15 MiB for the bootloader for booting the ISO and # additionally minus 30 MiB for UEFI files when booting in UEFI mode # so that the recovery system plus the first chunk of the backup.tar.gz # should not exceed the specified ISO_MAX_SIZE value for the first ISO. # On the other hand the actual size of subsequent ISO images # is normally less than the specified ISO_MAX_SIZE value. # When the backup is split on multiple ISOs, then "rear mkrescue" would destroy # the backup because after "rear mkbackup" the first ISO 'rear-HOSTNAME.iso' # contains the recovery system plus the first part of the splitted backup # but "rear mkrescue" overwrites that first ISO with one that contains only # a new recovery system but no longer the first part of the splitted backup # so that then "rear recover" fails with "ERROR: Backup archive ... not found" # cf. https://github.com/rear/rear/issues/1545 # Even with a sufficiently big maximum ISO size so that all is in one ISO # "rear mkrescue" would overwrite an ISO that already contains a backup. # Accordingly when ISO_MAX_SIZE is set the mkrescue workflow is forbidden # to be on the safe side to not possibly destroy an existing backup. ISO_MAX_SIZE= # # Error out when files greater or equal ISO_FILE_SIZE_LIMIT should be included in the ISO. # There is a limit of the ISO 9660 file system that is 2GiB or 4GiB according to # https://en.wikipedia.org/wiki/ISO_9660#The_2/4_GiB_file_size_limit # Usually 'mkisofs' is called with '-iso-level 3' # cf. usr/share/rear/prep/ISO/GNU/Linux/320_verify_mkisofs.sh # but there are cases where ISO 9660 level 1 or 2 is used that has a 2GiB file size limit. # For example when 'ebiso' is used there is a 2GiB file size limit # cf. https://github.com/gozora/ebiso/issues/12 # but also other tools that are specified by ISO_MKISOFS_BIN could have that limit. # Accordingly to be by default on the safe side we use by default a 2GiB limit # cf. https://github.com/rear/rear/pull/2525 # Under normal circumstances files greater or equal 2GiB should not appear in the ISO. # An exception is when the backup is included in the ISO with BACKUP_URL=iso:// # where the backup archive file (e.g. backup.tar.gz) could be greater or equal 2GiB. # The user might adapt ISO_FILE_SIZE_LIMIT provided he verified that "rear recover" # actually works in his particular environment even when there are files in his ISO # (in particular backup.tar.gz) that are actually greater than the default 2GiB limit. # When there is a 2GiB file size limit a backup.tar.gz that is greater than 2GiB # will get corrupted in the ISO so backup restore via "rear recover" would fail # which is a dead end because the backup in the ISO got corrupted which is a severe error. # Also the ReaR recovery system initrd could become greater or equal 2GiB # (e.g. because of accidentally too much in COPY_AS_IS) which is likely an error # that could let booting or running the recovery system fail because # a recovery system in a 2GiB or bigger compressed initrd will need # more memory space when uncompressed and running in the ramdisk. # By default we error out when files greater or equal ISO_FILE_SIZE_LIMIT should be # included in the ISO but if really needed this ISO_FILE_SIZE_LIMIT test # can be skipped with ISO_FILE_SIZE_LIMIT=0 in etc/rear/local.conf # (2 GiB = 2 * 1024 * 1024 * 1024 bytes = 2147483648 bytes): ISO_FILE_SIZE_LIMIT=2147483648 # # How to find mkisofs: # Guess the common names mkisofs or genisoimage # script in prep stage will verify this and complain if not found # ebiso (https://github.com/gozora/ebiso/) can be used as alternative # for mkisofs/genisoimage on UEFI bootable systems # to use ebiso, specify ISO_MKISOFS_BIN=/ebiso # in /etc/rear/local.conf or /etc/rear/site.conf # xorrisofs is now used as the preferred method for generating the iso image # with mkisofs and genisoimage as second and third option ISO_MKISOFS_BIN="$( type -p xorrisofs || type -p mkisofs || type -p genisoimage )" # # Additional options passed to the $ISO_MKISOFS_BIN binary ISO_MKISOFS_OPTS="" # # Which files to include in the ISO image: ISO_FILES=() # # Prefix name for ISO images without the .iso suffix. # This might get a number appended (for splitting data onto multiple CDs). ISO_PREFIX="rear-$HOSTNAME" # # Default boot option (i.e. what gets booted automatically after some timeout) # when SYSLINUX boots the ISO image on BIOS systems. # This variable ISO_DEFAULT should be better named ISO_BIOS_BOOT_DEFAULT # (cf. USB_BIOS_BOOT_DEFAULT below) but we won't rename existing config variables # to avoid regressions for users who use existing config variable names # cf. https://github.com/rear/rear/pull/2293#issuecomment-564439509 # If ISO_DEFAULT is unset or empty or only blanks "boothd" is used by default. # ISO_DEFAULT="boothd" is an automatism that intends to boot from the original first disk. # In case of ISOLINUX "boothd" means to boot from the first disk 'boothd0' because # usually ISOLINUX is used for booting from CD-ROM which is usually not the first disk # so that the original first disk still is the first disk when booting the ISO from CD-ROM. # In case of EXTLINUX "boothd" would mean to boot from the second disk 'boothd1' because # usually when EXTLINUX is used the device with the ISO would be the first disk # and the original first disk would become the second disk (cf. USB_BIOS_BOOT_DEFAULT below). # ISO_DEFAULT="boothd0" boots from the first disk. # ISO_DEFAULT="boothd1" boots from the second disk. # The ISO_DEFAULT values 'boothd' 'boothd0' 'boothd1' are only supported # when the SYSLINUX module 'chain.c32' for chain booting is available. # ISO_DEFAULT="manual" boots the ReaR recovery system in normal mode # where one must manually log in as 'root', manually type "rear recover", and manually reboot. # ISO_DEFAULT="automatic" boots the ReaR recovery system with the 'auto_recover' kernel command line option # that runs "rear recover" automatically without automated reboot (see "man rear"). # For details see the make_syslinux_config function in lib/bootloader-functions.sh ISO_DEFAULT="boothd" # # ISO_RECOVER_MODE="unattended" boots the ReaR recovery system with the 'unattended' kernel command line option # that runs "rear recover" automatically plus automated reboot after successful rear recover (see "man rear"). # Together with ISO_DEFAULT="automatic" full-automated recovery happens when the ISO image is booted # which could result an endless full-automated recovery cycle when the ISO is booted by default # (e.g. when the device with the ISO is the first one in the BIOS boot order list). # The default ISO_RECOVER_MODE="" results the normal behaviour: ISO_RECOVER_MODE="" # # SYSLINUX timeout in 0.1 seconds units (e.g. 100 = 10 seconds) to automatically boot # set this value to 0 to disable # "" to use $USER_INPUT_TIMEOUT * 10 ISO_SYSLINUX_TIMEOUT="" #### #### # OUTPUT=USB ## # # OUTPUT=USB is only supported on PC-compatible (Linux-i386/x86/x86_64) architecture # see https://github.com/rear/rear/issues/2348 # Accordingly in case of false usage of OUTPUT=USB on non-PC-compatible architectures # (i.e. the POWER architectures ppc64/ppc64le, IBM Z s390/s390x, and ARM) # "rear mkrescue/mkbackup" errors out because on those architectures the USB medium cannot be booted # because for non-PC-compatible architectures there are no scripts that install a USB bootloader. # On non-PC-compatible architectures a possible alternative could be OUTPUT=RAMDISK (see above) # that results only the plain ReaR rescue/recovery system initramfs/initrd plus the kernel # (which is basically what OUTPUT=USB on non-PC-compatible architectures would result) # where one must then manually create a bootable medium for non-PC-compatible architectures # or load and boot the recovery system initrd plus kernel via 'kexec' from an already running system. # A workaround to get a bootable USB device on POWER architecture for Power BareMetal is described # in the usr/share/rear/prep/USB/Linux-ppc64/350_safeguard_error_out.sh script. # # OUTPUT=USB produces files suitable for booting with SYSLINUX/EXTLINUX from a disk device. # USB sticks and USB disks are the main use case for this. # "USB" also means any local block-storage device and includes eSATA and other external disks. # The device is also made bootable and a boot loader gets installed. # The device should be partitioned and formatted with an ext* file system. # The recommended way to do that is to use the "rear format" workflow. # Call "rear format -- --help" (the '--' is mandatory) to see format workflow options. # # The partition device to use (e.g. the exact partition like /dev/sdb1). # Normally USB_DEVICE gets set automatically for BACKUP=NETFS # via a specific BACKUP_URL like BACKUP_URL=usb:///dev/sdb1 # or via the generic BACKUP_URL=usb:///dev/disk/by-label/REAR-000 # (see also USB_DEVICE_FILESYSTEM_LABEL below): USB_DEVICE= # # USB_DEVICE_PARTED_LABEL is the partition type (i.e. what is used for 'parted mklabel') # that is used when formatting a medium for use with ReaR via the format workflow and # when SYSLINUX/EXTLINUX is used as booloader used for the USB medium (see USB_BOOTLOADER below). # It can be 'msdos' to create a MBR partition table or 'gpt' to create a GUID partition table (GPT). # It is set depending on the format workflow option -b/--bios or -e/--efi as follows: # When a format workflow option -b/--bios or -e/--efi was specified # USB_DEVICE_PARTED_LABEL is set to 'msdos' or 'gpt' accordingly. # When no format workflow option -b/--bios or -e/--efi was specified # it means hybrid boot supporting BIOS and UEFI by default # and then USB_DEVICE_PARTED_LABEL is set to 'gpt' # see https://github.com/rear/rear/issues/2698 # For "rear mkrescue/mkbackup" USB_DEVICE_PARTED_LABEL # is set in prep/USB/Linux-i386/340_find_mbr_bin.sh # which tries to autodetect what the USB disk partition type is # but uses a specified USB_DEVICE_PARTED_LABEL if autodetection fails. USB_DEVICE_PARTED_LABEL= # # The label that is set for the ReaR data partition via the format workflow. # That label must be used for settings like # BACKUP_URL=usb:///dev/disk/by-label/$USB_DEVICE_FILESYSTEM_LABEL # USB_DEVICE=/dev/disk/by-label/$USB_DEVICE_FILESYSTEM_LABEL # For OBDR only the default 'REAR-000' works (a label with exactly 8 characters length may also work) # cf. prep/OBDR/default/500_check_tape_label.sh and prep/OBDR/default/700_write_OBDR_header.sh USB_DEVICE_FILESYSTEM_LABEL='REAR-000' # # Filesystem to use for the USB_DEVICE_FILESYSTEM_LABEL labeled ReaR data partition # when formatting a medium for use with ReaR via the format workflow. # Only ext3 and ext4 are supported by the format workflow. # (An additional EFI system partition uses the vfat filesystem in any case.) # The default ext3 should work up to a maximum medium size of about 4TB # while ext4 should work up to a maximum medium size of about 16TB. # For larger medium sizes set USB_DEVICE_FILESYSTEM_PERCENTAGE appropriately # so that what is used for ReaR partitions by the format workflow # does not exceed what works for the specified USB_DEVICE_FILESYSTEM: USB_DEVICE_FILESYSTEM=ext3 # # USB_DEVICE_FILESYSTEM_PARAMS allow to add optimisations to the formatting # (mkfs) phase of the USB_DEVICE_FILESYSTEM. This can be handy to optimise # flash memory drives. An example for a Sandisk Cruzer Force 16GB USB stick: # USB_DEVICE_FILESYSTEM_PARAMS="-b 4096 -E stride=8,stripe-width=256 -O sparse_super,^has_journal" # Often the Linux kernel limits increase the block size value above 4096 (4K). # To determine optimal values one can use a utility as flashbench. USB_DEVICE_FILESYSTEM_PARAMS= # # Percentage of the whole medium that is used for all ReaR partitions # (ReaR data partition, EFI system partition, 'bios_grub' partition, boot partition) # when formatting a medium via the format workflow. # A setting of less than 100 (i.e. less than the whole medium) # does not leave any existing data intact on the medium. # The format workflow deletes all existing data on the whole medium. # A setting of less than 100 only leaves unused space on the medium # which can be manually used otherwise by the user: USB_DEVICE_FILESYSTEM_PERCENTAGE=100 # # USB_PARTITION_ALIGN_BLOCK_SIZE specifies partitioning alignment in MiB # when formatting a medium via the format workflow. # The default alignment of 8 MiB is intended in particular for flash memory devices. # The partitioning tool can't figure out optimal alignment values for many flash memory devices. # The flashbench command helps determining "erase block size" a.k.a. "segment size" # a.k.a. "allocation unit size" for your particular flash memory device. # A too small value will result lower speed and less lifetime of your flash memory device. # A sufficiently big value will improve speed and lifetime of your flash memory device. USB_PARTITION_ALIGN_BLOCK_SIZE="8" # # When UEFI is used USB_UEFI_PART_SIZE specifies the size of the EFI system partition (ESP) # in MiB when formatting a medium by the format workflow. # If USB_UEFI_PART_SIZE is empty or invalid (i.e. not an unsigned integer larger than 0) # the user must interactively enter a valid value while running the format workflow. # The default value of 1024 MiB should be sufficiently big # for the ReaR recovery system (kernel and initrd) and EFI bootloader (BOOTX64.efi and grub.cfg) # cf. https://github.com/rear/rear/pull/1205 # in particular when third-party kernel modules and firmware (e.g. from Nvidia) are used # cf. https://github.com/rear/rear/issues/2770#issuecomment-1068935688 # and 1024 MiB is in compliance with the 8 MiB partition alignment value ( 1024 = 8 * 128 ) # and also with higher 2^n MiB partition alignment values. # Furthermore the default value of 1024 MiB results that the FAT filesystem of the ESP # will be in compliance with that the ESP should officially use a FAT32 filesystem # because mkfs.vfat automatically makes a FAT32 filesystem starting at 512 MiB # (a FAT16 ESP works in most cases but causes issues with certain UEFI firmware) # cf. https://github.com/rear/rear/issues/2575 # The value of USB_UEFI_PART_SIZE will be rounded to the nearest # USB_PARTITION_ALIGN_BLOCK_SIZE chunk: USB_UEFI_PART_SIZE="1024" # # USB_BOOT_PART_SIZE specifies the size of an optional boot partition in MiB # when formatting a medium by the format workflow. # A boot partition is created when USB_BOOT_PART_SIZE is a positive integer. # By default we do not create a separated boot partition # so by default the ReaR recovery system (kernel and initrd) # and the backup archive get stored in the ReaR data partition # in a rear/HOSTNAME/TIMESTAMP directory (cf. USB_SUFFIX below): USB_BOOT_PART_SIZE="0" # # The label that is set for a boot partition via the format workflow # when a boot partition is created (see USB_BOOT_PART_SIZE above). # That label must be used for settings like # OUTPUT_URL=usb:///dev/disk/by-label/$USB_DEVICE_BOOT_LABEL # BACKUP_URL=usb:///dev/disk/by-label/$USB_DEVICE_FILESYSTEM_LABEL # to get the ReaR recovery system (kernel and initrd) stored # in the boot partition in a rear/HOSTNAME/TIMESTAMP directory # while the backup archive gets stored in the ReaR data partition # there in a matching rear/HOSTNAME/TIMESTAMP directory: USB_DEVICE_BOOT_LABEL="REARBOOT" # # Default boot option (i.e. what gets booted automatically after some timeout) # when EXTLINUX boots the USB stick or USB disk or other disk device on BIOS systems. # USB_BIOS_BOOT_DEFAULT="boothd0" boots from 'boothd0' which is usually the same disk # wherefrom currently EXTLINUX is booting so that this results usually a booting loop. # The default USB_BIOS_BOOT_DEFAULT="" boots from the second disk 'boothd1' # which should be the original first local harddisk because usually when booting # from USB stick or USB disk or other disk device this boot device is the first disk # and the original first local harddisk disk becomes the second disk. # USB_BIOS_BOOT_DEFAULT is only supported when the SYSLINUX module 'chain.c32' for chain booting is available. # For details see output/USB/Linux-i386/300_create_extlinux.sh USB_BIOS_BOOT_DEFAULT="" # # Booloader used for the USB medium. # At the moment only empty/unset and "grub" is supported. # USB_BOOTLOADER="grub" uses GRUB2 as bootloader for USB with BIOS. GRUB Legacy is not supported. # Default is using GRUB2 for EFI other then elilo, extlinux for ext, syslinux otherwise: USB_BOOTLOADER= # # Resulting files that should be copied onto the USB stick: USB_FILES=() # # USB_SUFFIX specifies the last part of the backup directory on the USB medium. # When USB_SUFFIX is unset or empty, backup on USB works in its default mode which means # multiple timestamp backup directories of the form rear/HOSTNAME/YYYYMMDD.HHMM # plus automated rescue environments and backups cleanup via USB_RETAIN_BACKUP_NR. # In contrast when USB_SUFFIX is set, backup on USB works in compliance with how backup on NFS works # (i.e. BACKUP_URL=usb:... and BACKUP_URL=nfs:... behave compatible when USB_SUFFIX is set) # which means a fixed backup directory of the form rear/HOSTNAME/USB_SUFFIX on the USB medium # and no automated removal of backups or other files (regardless of USB_RETAIN_BACKUP_NR) # see https://github.com/rear/rear/issues/1164 # Using multiple backups as described in doc/user-guide/11-multiple-backups.adoc # requires a fixed backup directory so that USB_SUFFIX must be set for multiple backups on USB # see https://github.com/rear/rear/issues/1160 # Also BACKUP_TYPE incremental or differential requires a fixed backup directory # so that USB_SUFFIX must be set for incremental or differential backup on USB # see https://github.com/rear/rear/issues/1145 USB_SUFFIX="" # # Number of older rescue environments or backups to retain on USB. # What is more than USB_RETAIN_BACKUP_NR gets automatically removed. # This is only supported when EXTLINUX is used as bootloader for USB # see USB_BOOTLOADER and output/USB/Linux-i386/300_create_extlinux.sh # and this setting is ignored when USB_SUFFIX is set (see above). USB_RETAIN_BACKUP_NR=2 # # Variable will probably be filled automatically # if an USB device was manually mounted to avoid recursive backups: AUTOEXCLUDE_USB_PATH=() #### #### # OUTPUT=RAWDISK ## # RAWDISK produces a bootable image file named "rear-$HOSTNAME.raw", which # - supports UEFI boot if syslinux/EFI or Grub 2/EFI is installed, # - supports Legacy BIOS boot if syslinux is installed, # - supports UEFI/Legacy BIOS dual boot if syslinux *and* one of the supported EFI bootloaders are installed. # # A RAWDISK image can be copied onto a disk boot medium (a USB stick will do) with # dd if="$uncompressed_image_file.raw" of="$disk_device" bs=1M # or for the default RAWDISK_IMAGE_COMPRESSION_COMMAND='gzip' below with # zcat "$compressed_image_file.raw.gz" | dd of="$disk_device" bs=1M # Note: Use the entire disk device (like /dev/sdX) to be overwritten, not only a partition (like /dev/sdX12). # # A RAWDISK image is suitable for archiving USB images, works without having to format the USB device # and can thus be used to replace the USB output method. # # Name of the disk image file (the extension '.raw' is appended automatically) RAWDISK_IMAGE_NAME="rear-$HOSTNAME" # # Disk image file compression command (empty: no compression). # The compression command may include options. It must # - accept the input file as the only argument, and # - produce an output file named like the input file plus a compression suffix. RAWDISK_IMAGE_COMPRESSION_COMMAND='gzip' # # Name of the (only) GPT partition containing the FAT boot file system (maximum 36 ASCII-characters) RAWDISK_GPT_PARTITION_NAME='Rescue System' # # Volume label of the FAT boot file system (maximum 11 ASCII-characters, all uppercase) RAWDISK_FAT_VOLUME_LABEL='RESCUE SYS' # # Bootloader configuration: # RAWDISK will auto-detect installed bootloaders and will provide the image with # - one UEFI bootloader (syslinux/EFI preferred) if available, and # - syslinux as a Legacy BIOS bootloader if available. # Override the auto-detection and exclude the respective bootloader? RAWDISK_BOOT_EXCLUDE_SYSLINUX_LEGACY='no' RAWDISK_BOOT_EXCLUDE_SYSLINUX_EFI='no' RAWDISK_BOOT_EXCLUDE_GRUB2_EFI='no' # # Name of local disk GPT partition(s) receiving an UEFI rescue system # If this variable is non-empty, 'rear mkrescue' will, in addition to its regular output, # install the rescue/recovery system to local GPT partitions with the specified name. # (A partition name can be set by sgdisk(8) with its '--change-name' option.) # The installation will only proceed with an UEFI bootloader and only on target partitions which # (a) are either empty or contain a VFAT file system, and # (b) are not currently mounted. # It is the user's responsibility to create appropriate boot entries, e.g. via efibootmgr(8). RAWDISK_INSTALL_GPT_PARTITION_NAME='' # # Set RAWDISK_DEBUG to 'yes' to drop into a shell as soon as the boot image is finished. # The image's partitions are still mounted at this stage and can be examined. The # ReaR workflow continues when exiting the shell. RAWDISK_DEBUG='no' #### #### # OUTPUT=PXE ## # PXE produces files suitable for booting with pxelinux. # # where should I place the PXE configuration ? (legacy way) PXE_CONFIG_PATH=/var/lib/rear/output # where should I place the PXE configuration ? (URL style) PXE_CONFIG_URL= # # put this before the hostname on the PXE server PXE_CONFIG_PREFIX=rear- # # TFPT IP server. needed to create grub menu when PXE_CONFIG_GRUB_STYLE=y # If not set, we gonna try to get TFTP IP from PXE_TFTP_UPLOAD_URL PXE_TFTP_IP= # # where should we put the TFTP files ? (legacy way) PXE_TFTP_PATH=/var/lib/rear/output # where should we put the TFTP files ? (URL style) # PXE_TFTP_UPLOAD_URL must be set and point to your # tftp server drectory using nfs or any other mountable scheme. #PXE_TFTP_URL: deprecated as of 2.8. Use PXE_TFTP_UPLOAD_URL PXE_TFTP_UPLOAD_URL= # # prefix for PXE files, e.g. the hostname PXE_TFTP_PREFIX=$HOSTNAME. # # Optional support for downloading kernel and initrd by HTTP, thus making # downloads considerably faster. # First, you have to use lpxelinux.0 instead of pxelinux.0, the former supports # HTTP downloads. It's compatible, just replace pxelinux.0 in your TFTP # directory or set bootfile-name/filename to lpxelinux.0 in your DHCP server. # PXE_CONFIG_GRUB_STYLE must NOT be set to yes. # # PXE_CONFIG_URL must be set and point to your pxelinux.cfg directory using nfs or any other mountable scheme. # # PXE_TFTP_UPLOAD_URL must still be set as it provides all files still being downloaded by TFTP. # # PXE_HTTP_UPLOAD_URL must be set and point to your # web server "DocumentRoot" (httpd) or "root" (nginx) directory # using nfs or any other mountable scheme. # # PXE_HTTP_DOWNLOAD_URL must be set and point to your web server root directory # using http. # # PXE_HTTP_DOWNLOAD_URL must *logically* point to the same directory # as PXE_HTTP_UPLOAD_URL! # # You may set OUTPUT_PREFIX_PXE, but keep in mind it will be added to # PXE_TFTP_UPLOAD_URL, PXE_HTTP_UPLOAD_URL and PXE_HTTP_DOWNLOAD_URL. # # Example: # OUTPUT=PXE # PXE_CONFIG_GRUB_STYLE= # OUTPUT_PREFIX_PXE=rear_kernels/$HOSTNAME # PXE_CONFIG_URL=nfs://tftp-server/var/lib/tftpboot/pxelinux.cfg # PXE_TFTP_UPLOAD_URL=nfs://tftp-server/var/lib/tftpboot # PXE_HTTP_UPLOAD_URL=nfs://web-server/var/www/html # PXE_HTTP_DOWNLOAD_URL=http://web-server PXE_HTTP_UPLOAD_URL= # # Optional HTTP download source for PXE (URL style) # for example PXE_HTTP_DOWNLOAD_URL="http://web-server". # If set an additional PXE boot option 'rear-http' in the pxeconfig is provided # which uses the specified URL as base path for kernel and initrd. # Optionally you can add a port: PXE_HTTP_DOWNLOAD_URL="http://web-server:8080". #PXE_HTTP_URL: deprecated as of 2.8. Use PXE_HTTP_DOWNLOAD_URL PXE_HTTP_DOWNLOAD_URL= # # Create pxelinux config symlinks for MAC addresses or for IP addresses ? [MAC|IP|''] PXE_CREATE_LINKS=MAC # # Should I remove old symlinks for this host ? [BOOL] PXE_REMOVE_OLD_LINKS= # # Should I use PXE based on GRUB2 instead of PXE legacy. [BOOL] (default is no) # PXE based on GRUB2 can be used by none x86 platform (like POWER ppc64/ppc64le). # More information on the GRUB PXE setup can be found here : # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/chap-installation-server-setup.html#sect-network-boot-setup-ppc-grub2 PXE_CONFIG_GRUB_STYLE= # # The way we start up in our PXE mode (keywords known are 'automatic', 'unattended', and empty) # 'automatic' is the auto_recover mode which means boot automatic with ReaR and execute a 'rear recover' # but when a question has to be answered (e.g. during migration mode) it will wait on an answer. # 'unattended' should only used by experts and is meant to foresee in an automated recovery for testing # purposes only. # Default is empty which means prompting what to do next and after a timeout boot next option defined by BIOS PXE_RECOVER_MODE= #### #### # OUTPUT=OBDR ## # COPY_AS_IS_OBDR=( ) COPY_AS_IS_EXCLUDE_OBDR=( ) # 'mt' is required, see https://github.com/rear/rear/issues/2637#issuecomment-1475690995 REQUIRED_PROGS_OBDR=( lsscsi mt sg_wr_mode ) # OBDR block size, known to work with 2048 OBDR_BLOCKSIZE=2048 #### # Certain operations might need longer time to kick in and more retries might be desirable. # REAR_SLEEP_DELAY (in sec.) is general delay for operation. REAR_SLEEP_DELAY=1 # REAR_MAX_RETRIES is maximum number of attempts that should be executed before operation is aborted. # Maximum timeout for operation calculates as REAR_SLEEP_DELAY * REAR_MAX_RETRIES # This retries / timeout operation is currently implemented only in get_disk_size(), # so if you have trouble with error messages like: # 'Could not determine size of disk ...' # tweaking of REAR_SLEEP_DELAY and REAR_MAX_RETRIES might help. REAR_MAX_RETRIES=5 #### # Internal BACKUP methods like # BACKUP=NETFS # ... ## # These settings apply to all cases of internal Relax-and-Recover backup. # # BACKUP program defaults. # Mostly tested with tar and rsync. # By default all local filesystems will be saved. # For a full understanding of these options, look at backup/NETFS/default/*.sh # The BACKUP_* variables relate to all builtin backup methods. # (NETFS, ISO, TAPE ...) BACKUP_PROG=tar # Some backup progs can tell us if the transfer was only partially successful. # Warning on partial transfers means that we won't abort but only print a warning. [BOOL] BACKUP_PROG_WARN_PARTIAL_TRANSFER=1 # If using an unsupported backup program, the last option must be # to write the archive to / read the archive from a file (like tar -f) # then you also have to set the CREATE and RESTORE archive options. # They are ignored if the backup program is supported. # Default setting for BACKUP_PROG_OPTIONS="" became "--anchored" (GD, 02/DEC/2014 - issue #475) # BACKUP_PROG_OPTIONS used to be a string variable, turn it into an array (GD, 06/SEP/2017 - issue #1175) BACKUP_PROG_OPTIONS=( "--anchored" ) # For unsupported backup programs, the last CREATE_ARCHIVE option must be # to read excludes from a file (like tar -X filename). # Furthermore, you should include an option for verbose output to stdout and # an option to stay on the local filesystem (like tar --one-file-system) and # maybe options to handle the exclude list correctly. BACKUP_PROG_OPTIONS_CREATE_ARCHIVE="" # For unsupported backup programs, the last RESTORE_ARCHIVE options must be # to restore the archive into a specific path (like tar -C $TARGET_FS_ROOT). BACKUP_PROG_OPTIONS_RESTORE_ARCHIVE="" BACKUP_PROG_SUFFIX=".tar" # BACKUP_PROG_COMPRESS_OPTIONS is an array so that one can use it to provide more complex values # e.g. to override the gzip default compression level (-6) via the tar '-I' option # like BACKUP_PROG_COMPRESS_OPTIONS=( -I 'gzip -9 -n -c' ) # but using it with command options (as in 'gzip -9') fails with tar versions before 1.27 # with a tar error message like "gzip -9: Cannot exec" because only since tar version 1.27 # tar supports passing command line arguments to external commands, see # http://git.savannah.gnu.org/cgit/tar.git/plain/NEWS?id=release_1_27 # Furthermore for advanced things like BACKUP_PROG_COMPRESS_OPTIONS=("--zstd") # backup restore may fail during 'rear recover' due to missing zstd binaries # in the ReaR recovery system (probably also for --lzip --lzma --lzop) # because there is no automatism in ReaR that would automatically include # additional things that are needed by tar into the ReaR recovery system # so that in such cases additionally needed things in the recovery system # must be manually specified via COPY_AS_IS, REQUIRED_PROGS, and LIBS. BACKUP_PROG_COMPRESS_OPTIONS=( --gzip ) BACKUP_PROG_COMPRESS_SUFFIX=".gz" # Addons for encryption and decryption of the backup (currently only tar is supported): BACKUP_PROG_CRYPT_ENABLED="false" # When BACKUP_PROG_CRYPT_ENABLED is set to a true value, BACKUP_PROG_CRYPT_KEY must be also set. # It is recommended to avoid special characters in the BACKUP_PROG_CRYPT_KEY value, # in particular bash metacharacters, bash control operator characters, bash grammar characters, # globbing metacharacters, regexp metacharacters, and slash or whitespace characters like # $ ` ' " | & ; ( ) < > { } [ ] . * @ ! ? / \ space tab newline # so that only alphanumeric characters and the underscore should be used to be on the safe side. # Otherwise things might break in weird ways when certain code in ReaR is not yet safe # against special characters in values cf. https://github.com/rear/rear/issues/1372 # and https://github.com/rear/rear/issues/2157 # There is no BACKUP_PROG_CRYPT_KEY value in etc/rear/local.conf in the ReaR recovery system. # It gets removed by build/default/960_remove_encryption_keys.sh # because the ReaR recovery system must be free of secrets # cf. the reasoning about SSH_UNPROTECTED_PRIVATE_KEYS below # and see https://github.com/rear/rear/issues/2155 # Therefore BACKUP_PROG_CRYPT_KEY must be manually set before running "rear recover". # In local.conf set it confidentially via { BACKUP_PROG_CRYPT_KEY='secret_key' ; } 2>>/dev/$SECRET_OUTPUT_DEV { BACKUP_PROG_CRYPT_KEY="${BACKUP_PROG_CRYPT_KEY:-}" ; } 2>>/dev/$SECRET_OUTPUT_DEV # The command for backup encryption during "rear mkbackup" will be basically # tar ... | BACKUP_PROG_CRYPT_OPTIONS BACKUP_PROG_CRYPT_KEY # for details see the backup/NETFS/default/500_make_backup.sh script: BACKUP_PROG_CRYPT_OPTIONS="/usr/bin/openssl des3 -salt -k " # The command for backup decryption during "rear recover" will be basically # BACKUP_PROG_DECRYPT_OPTIONS BACKUP_PROG_CRYPT_KEY | tar ... # for details see the restore/NETFS/default/400_restore_backup.sh script: BACKUP_PROG_DECRYPT_OPTIONS="/usr/bin/openssl des3 -d -k " # BACKUP_PROG_ARCHIVE is the backup file basename for BACKUP=NETFS # but for BACKUP=RSYNC it is the backup log file basename. # For BACKUP=NETFS one might even create a dynamic name # for example like BACKUP_PROG_ARCHIVE="backup_$( date -Iseconds )" # in particular one can use BACKUP_PROG_ARCHIVE="$( date '+%Y-%m-%d-%H%M' )-F" # to get the same full backup file name for BACKUP_TYPE="" as what is used # for BACKUP_TYPE=incremental and/or BACKUP_TYPE=differential (see below). # But then one must specify the right existing BACKUP_PROG_ARCHIVE # for "rear recover" so that the backup can be found and restored # (i.e. during "rear recover" a dynamic name does not make sense). BACKUP_PROG_ARCHIVE="${BACKUP_PROG_ARCHIVE:-backup}" # BACKUP_PROG_EXCLUDE is an array of strings that get written into a backup-exclude.txt file # that is used e.g. in 'tar -X backup-exclude.txt' to get things excluded from the backup. # Quoting of the BACKUP_PROG_EXCLUDE array members avoids bash pathname expansion # when bash pathname expansion is not wanted for the BACKUP_PROG_EXCLUDE array members. # In /etc/rear/local.conf use BACKUP_PROG_EXCLUDE+=( '/this/*' '/that/*' ) # to specify your particular items that should be excluded from the backup in addition to what # gets excluded from the backup by default here (see also BACKUP_ONLY_EXCLUDE below): BACKUP_PROG_EXCLUDE=( '/tmp/*' '/dev/shm/*' "$VAR_DIR/output/*" ) # BACKUP_PROG_INCLUDE is an array of strings that get written into a backup-include.txt file # that is used e.g. in 'tar -c $(cat backup-include.txt)' to get things included in the backup. # Quoting of the BACKUP_PROG_INCLUDE array members avoids bash pathname expansion # when bash pathname expansion is not wanted for the BACKUP_PROG_INCLUDE array members. # In /etc/rear/local.conf use BACKUP_PROG_INCLUDE=( /some/directory /path/to/some/file ) # to specify particular items that should be included in the backup in addition to what # gets included in the backup by default (see BACKUP_ONLY_INCLUDE below): BACKUP_PROG_INCLUDE=( ) # When BACKUP_ONLY_INCLUDE is set to a 'true' value # only what is specified in BACKUP_PROG_INCLUDE will be in the backup # but not implicitly also all local filesystems as defined in mountpoint_device: BACKUP_ONLY_INCLUDE="no" # When BACKUP_ONLY_EXCLUDE is set to a 'true' value # only what is specified in BACKUP_PROG_EXCLUDE will be excluded from the backup # but not implicitly also all excluded mountpoints in EXCLUDE_MOUNTPOINTS: BACKUP_ONLY_EXCLUDE="no" # Caution with MANUAL_INCLUDE mode: In MANUAL_INCLUDE mode, only the filesystems explicitly specified # in BACKUP_PROG_INCLUDE will be saved. MANUAL_INCLUDE (=YES) is only useful, if your systems do always have the # same "basic" mountpoints you want to save (either flat partitions or LVM or even mixed) and want to ignore # additional filesystems, that might have been included into the system (via SAN) to not blow up the # recovery system. Ensure to test your recovery when you want to use this mode. Default is NO MANUAL_INCLUDE=NO # Disable SELinux policy during backup with NETFS or RSYNC (default yes) BACKUP_SELINUX_DISABLE=1 # Enable integrity check of the backup archive (full check only with BACKUP=NETFS and BACKUP_PROG=tar, # with BACKUP=rsync or BACKUP_PROG=rsync it only checks whether rsync completed the restore successfully) BACKUP_INTEGRITY_CHECK= # Define BACKUP_TYPE. # By default BACKUP_TYPE is empty which means "rear mkbackup" will create a full backup. # Only with BACKUP=NETFS and BACKUP_PROG=tar one can also use incremental or differential backup: # Incremental or differential backup is currently only known to work with BACKUP_URL=nfs://. # Other BACKUP_URL schemes may work and at least BACKUP_URL=usb:///... requires USB_SUFFIX to be set # to work with incremental or differential backup (see https://github.com/rear/rear/issues/1145). # Incremental or differential backup and NETFS_KEEP_OLD_BACKUP_COPY contradict each other so that # NETFS_KEEP_OLD_BACKUP_COPY must not be 'true' in case of incremental or differential backup # because NETFS_KEEP_OLD_BACKUP_COPY would move an already existing backup directory away # but for incremental or differential backup an already existing backup directory must stay there # so that after the initial full backup the incremental or differential backups can be stored therein. # With incremental or differential backup there is no need for NETFS_KEEP_OLD_BACKUP_COPY # because with incremental or differential backup all backup archives have a date prefix: # Full backups are of the form YYYY-MM-DD-HHMM-F.tar.gz where the 'F' denotes a full backup. # Incremental backups are of the form YYYY-MM-DD-HHMM-I.tar.gz where the 'I' denotes an incremental backup. # Differential backups are of the form YYYY-MM-DD-HHMM-D.tar.gz where the last 'D' denotes a differential backup. # Therefore all backup archives have different file names so that no old one gets overwritten. # BACKUP_TYPE=incremental means "rear mkbackup" creates at least one full backup (cf. FULLBACKUPDAY below) # plus optionally several incremental backups that get created by subsequent "rear mkbackup" runs # where each new incremental backup is based on the last existing incremental backup # so that "rear recover" will restore first the latest full backup that exists # plus all incremental backups in the ordering as they were made after the latest full backup. # BACKUP_TYPE=differential means "rear mkbackup" creates at least one full backup (cf. FULLBACKUPDAY below) # plus optionally several differential backups that get created by subsequent "rear mkbackup" runs # where each new differential backup is based on the last existing full backup # so that "rear recover" will restore first the latest full backup that exists # plus one single latest differential backup that was made after the latest full backup. # Incremental and differential backup is implemented via the 'tar' option '--newer=YYYY-MM-DD' # so that only files whose modification or status change timestamp is newer than YYYY-MM-DD # get included in the incremental or differential backup. # In particular files that have been deleted since the last backup are not recognized this way # so that such files will get falsely restored during "rear recover". # Because of '--newer=YYYY-MM-DD' the timing granularity for incremental and differential backup # is one day and the differentiating time is at 00:00 on YYYY-MM-DD. # This means in particular for a series of incremental backups that happen each day at e.g. 05:00 # that all files with modification or status change timestamp between 00:00 and 05:00 # get included in two subsequent incremental backups, e.g. in 2017-11-22-0500-I.tar.gz # and in 2017-11-23-0500-I.tar.gz because 2017-11-23-0500-I.tar.gz includes all files # that are newer than 2017-11-22 at 00:00 (the date of the last incremental backup at 00:00) # see https://github.com/rear/rear/issues/1285 for details. # In general regarding advanced backup functionality (like incremental and differential backup): # ReaR is primarily a disaster recovery tool to recreate the basic system after a disaster happened. # ReaR is neither a backup software nor a backup management software and it is not meant to be one # (cf. "Relax-and-Recover versus backup and restore" in https://en.opensuse.org/SDB:Disaster_Recovery). # In particular do not expect too much from ReaR's internal backup methods like 'tar'. # For simple tasks ReaR's internal backup methods should be o.k. but # ReaR's internal backup methods are not meant as professional backup solutions. # In general the backup and restore of the files is "external functionality" for ReaR. # ReaR only calls an external tool and that tool does the backup and restore of the files. # Use a professional backup solution in particular when you need advanced backup functionality. BACKUP_TYPE= # Together with BACKUP_TYPE=incremental or BACKUP_TYPE=differential # you could define on which weekdays "rear mkbackup" will create a full backup. # If FULLBACKUPDAY is set a full backup will be done on each of the weekdays in the FULLBACKUPDAY array # in any case (regardless if there already exists a full backup that was created on the same day). # For example FULLBACKUPDAY=( Sun Wed ) makes a full backup on each Sunday and Wednesday. # The weekday values must match the output of "date +%a" run in the POSIX/C locale # (/usr/sbin/rear sets that locale) i.e. it must be an English abbreviated weekday. # According to http://stackoverflow.com/questions/18919151/crontab-day-of-the-week-syntax # here is a list of the English abbreviated weekday values: Sun Mon Tue Wed Thu Fri Sat FULLBACKUPDAY=() # Together with BACKUP_TYPE=incremental or BACKUP_TYPE=differential # you could define when an existing full backup is considered to be too old # so that "rear mkbackup" will create a new full backup. # ReaR does not remove any backup (the admin can do it deliberately and manually) # so that in particular too old backups are not removed. # By default an existing full backup is considered to be too old # when it is older than 7 days ago: FULLBACKUP_OUTDATED_DAYS="7" #### # Tape block size, default is to leave it up to the tape-device: TAPE_BLOCKSIZE= #### # UDEV workflow ## # Define the default WORKFLOW for the udev handler (empty to disable) UDEV_WORKFLOW=mkrescue # # Beep when udev handler has finished UDEV_BEEP=y # # Suspend the (USB) device when udev handler has finished ? UDEV_SUSPEND=y # # Turn the UID led on during udev workflow UDEV_UID_LED=y #### #### # Program files (as found in PATH) to include in the rescue/recovery system: # These progs are optional, if they are missing, nothing happens PROGS=( ) # # Required programs in the rescue/recovery system: # Same as above, but if they are missing, we abort. REQUIRED_PROGS=( "$SCRIPT_FILE" awk bash bc cat cmp cp cpio cut dd diff df dumpkeys echo expr file getopt grep join kbd_mode loadkeys ls mkdir mount mountpoint mv pidof ps pwd rm sed seq sort strings sync tar test tr umount uniq wc ) #### # Special library files to include in the rescue/recovery system: # Needed programs in the recovery system should be specified via # PROGS+=( non_mandatory_program ) # REQUIRED_PROGS+=( mandatory_program ) # Normally there is no need to specify LIBS for programs # because needed libraries for "normally" linked programs # get automatically included via the RequiredSharedObjects function # which calls ldd to determine the required shared objects # of the elements in the PROGS and REQUIRED_PROGS arrays # (cf. COPY_AS_IS and TRUSTED_FILE_OWNERS below). # Therefore only libraries that are not reported by ldd # (e.g. when libraries are loaded via dlopen by a program) # must be specified in LIBS. # RequiredSharedObjects() is also called for the elements in LIBS # but it does not descend recursively into (sub)-directories # so the elements in LIBS must evaluate to actual library files # (by bash pathname expansion with 'nullglob' that is set in ReaR). # For example instead of using only LIBS+=( /path/to/libdir ) # specify LIBS+=( /path/to/libdir/*.so* /path/to/libdir/*/*.so* ) # for library files in /path/to/libdir and in its direct sub-directories # cf. https://github.com/rear/rear/issues/2743 LIBS=() # # additional LD_LIBRARY_PATH entries that are required for software # that we include in the rescue system, e.g. for a commercial # backup software that is installed in /opt LD_LIBRARY_PATH_FOR_BACKUP_TOOL="" #### # Kernel modules to include in the rescue/recovery system: # The default MODULES=( 'all_modules' ) results that # all files in the /lib/modules/$KERNEL_VERSION directory # get included in the recovery system. Usually this is # required when migrating to different hardware to ensure # that all possibly needed kernel drivers for the new hardware # are available in the recovery system. It is also required # to have the recovery system better prepared for somewhat # "unusual use cases" where this or that additional kernel module # is needed (see https://github.com/rear/rear/issues/1202), # e.g. to ensure a USB keyboard is usable in the recovery system # (see https://github.com/rear/rear/issues/1870) # or to ensure data on external medium (e.g. iso9660) can be read # (see https://github.com/rear/rear/issues/1202). # Furthermore this is helpful to be on the safe side against possibly # missing other (dependant) kernel modules that are not automatically # found (see https://github.com/rear/rear/issues/1355). # The drawback of MODULES=( 'all_modules' ) is that it makes the # recovery system (and its ISO image) somewhat bigger, # see https://github.com/rear/rear/issues/2041 for some numbers. # To get the recovery system smaller by leaving out kernel modules # the following settings can be specified: # An empty MODULES=() setting means that the currently loaded # kernel modules get included in the recovery system # (so that recovery should work on same replacement hardware) # plus some kernel modules that should always be included # (see build/GNU/Linux/400_copy_modules.sh) # plus kernel modules for certain kernel drivers like # storage drivers, network drivers, crypto drivers, # virtualization drivers, and some extra drivers # (see rescue/GNU/Linux/230_storage_and_network_modules.sh # and rescue/GNU/Linux/240_kernel_modules.sh). Usually this # works reasonably well but no automatism works in any case # so that more explicit user settings are possible via # MODULES=( 'moduleX' 'moduleY' ) where additional kernel modules # can be specified to be included in the recovery system # in addition to the ones via an empty MODULES=() setting. # Normally other required kernel modules are usually also # automatically included but this may not work in any case # (see https://github.com/rear/rear/issues/1355). # The setting MODULES=( 'loaded_modules' ) results that # only those kernel modules that are currently loaded get included # in the recovery system so MODULES=( 'loaded_modules' 'additional_module' ) # is not supported but you may use COPY_AS_IS+=( ...) to include # certain modules in addition to the currently loaded modules. This # results a noticeable smaller recovery system but on the other hand # it means that recovery will only work on same replacement hardware. # The very special setting MODULES=( 'no_modules' ) enforces that # no kernel modules at all get included in the recovery system # regardless of what modules are currently loaded. Usually this # means that the recovery system will not work - unless # you have all needed kernel drivers compiled into your kernel. MODULES=( 'all_modules' ) # # Enforce to load these modules in the given order in the rescue/recovery system. # We also load modules listed in /etc/modules. The order is 1) /etc/modules and # 2) MODULES_LOAD and 3) modules loaded by udev or systemd. ReaR also takes the list # of modules from your initrd and adds that to MODULES_LOAD. MODULES_LOAD=() # # Kernel modules to exclude from the rescue/recovery system. # Modules that are specified in EXCLUDE_MODULES are excluded # from the rescue/recovery system in any case regardless what is # specified for MODULES e.g. also for MODULES=( 'all_modules' ). # By default we exclude scsi_debug - see issue #626: EXCLUDE_MODULES=( scsi_debug ) #### # Firmware files to include in the rescue/recovery system. # The FIRMWARE_FILES array contains filename globbing patterns # that are used as '-ipath' arguments for 'find' calls to find # firmware files in the /lib*/firmware/ directories that will # get included in the rescue/recovery system for example like # FIRMWARE_FILES=( '*rtl*' '*nvidia*' '*radeon*' ) # The special value FIRMWARE_FILES=( 'no' ) or any value that # is recognized as 'no' by the is_false function enforces that # no files from the /lib*/firmware/ directories get included # in the rescue/recovery system. # The special value FIRMWARE_FILES=( 'yes' ) or any value that # is recognized as 'yes' by the is_true function enforces that # all files from the /lib*/firmware/ directories get included # in the rescue/recovery system. # The by default empty FIRMWARE_FILES array means that # usually all files in the /lib*/firmware/ directories # get included in the rescue/recovery system but on certain # architectures like ppc64 or ppc64le the default could be different # cf. the conf/Linux-ppc64.conf and conf/Linux-ppc64le.conf scripts: FIRMWARE_FILES=() # UDEV_NET_MAC_RULE_FILES: # Array of files where we try to replace the network MAC addresses with the newly found ones # See also issue https://github.com/rear/rear/issues/2074 for the details UDEV_NET_MAC_RULE_FILES=( /etc/udev/rules.d/*persistent*{names,net,cd}.rules /etc/udev/rules.d/*eno-fix.rules ) #### # Files and directories to copy as-is (with tar) into the ReaR recovery system. # As its name tells COPY_AS_IS is primarily meant to "only copy as is". # In particular tar does not follow symlinks when copying # (for the reason behind see the build/GNU/Linux/100_copy_as_is.sh script). # To get libraries into the recovery system, use the LIBS array. # To get non-mandatory programs into the recovery system, use the PROGS array. # To get mandatory programs into the recovery system, use the REQUIRED_PROGS array. # For elements in the LIBS, PROGS, and REQUIRED_PROGS arrays # the RequiredSharedObjects function is called to determine required # shared objects (libraries) that get also copied into the recovery system. # For what is specified via the COPY_AS_IS array there is an exception to the # above "only copy as is" rule that for executables RequiredSharedObjects is called # to also get their needed libraries copied into the recovery system. # But when libraries are specified via COPY_AS_IS that are not executable # no required other libraries get automatically copied into the recovery system. # The reasoning behind is when programs are specified via COPY_AS_IS they # should be handled gracefully but COPY_AS_IS is not meant for libraries. # The drawback of calling RequiredSharedObjects for all executables is that # RequiredSharedObjects calls ldd to determine the required shared objects # but some versions of ldd do this by executing the executable (see "man ldd") # which could lead to the execution of arbitrary programs as user 'root' # in particular when directories are specified in COPY_AS_IS that may contain # unexpected files like programs from arbitrary (possibly untrusted) users # so for example COPY_AS_IS+=( /home/JohnDoe ) could be a rather bad idea. # To mitigate those possible ldd security issues RequiredSharedObjects calls ldd # only for files that are onwed by the trusted users in TRUSTED_FILE_OWNERS. # Usually globbing patterns in COPY_AS_IS are specified without quoting # like COPY_AS_IS+=( /whole/directory/ /directory_symlink/* /path/to/files* ) # so that the bash pathname expansion works as usually intended # (for details see the build/GNU/Linux/100_copy_as_is.sh script). # To copy contents of directory symlinks /directory_symlink/* can be used. # Because copying happens by calling tar ... ${COPY_AS_IS[*]} # (for the reason behind see the build/GNU/Linux/100_copy_as_is.sh script) # files or directories that contain blanks or other $IFS characters cannot be specified # but their parent directory can be specified if it does not contain $IFS characters. # Because usr/sbin/rear sets the nullglob option globbing patterns # like /path/to/files* expand to nothing if no file matches. COPY_AS_IS=( $SHARE_DIR $VAR_DIR ) # Things to exclude from being copied into the ReaR recovery system: # /var/lib/rear/output is useless in the recovery system and may contain huge files in particular # an old recovery system image (e.g. an ISO image) from a previous "rear mkrescue/mkbackup" run. # If that was re-included in the current recovery system each run of "rear mkrescue/mkbackup" # would generate a bigger recovery system that recursively contains all previous recovery systems. # /dev/.udev contains runtime things for udev (e.g. the temporary rules directory /dev/.udev/rules.d) # cf. https://github.com/rear/rear/commit/f57be9070cb8ad8692497d0baedf364b47ac7a8d # /dev/shm/ /dev/shm/\* is shared memory (shm/shmfs is mounted at /dev/shm as tmpfs) # cf. https://github.com/rear/rear/commit/5453f6656589819872dc626f4a9d118ade82276e # and https://github.com/rear/rear/commit/35b29218bdf1c88c0a2330147ae0e40480167fed # /dev/oracleasm contains internal files (runtime information) generated by Oracle ASM upon boot. # See https://github.com/rear/rear/issues/721 for details. # /dev/mapper contains links to /dev/dm-N kernel device nodes that are managed and generated by device mapper. # We let them being recreated by device mapper in the recovery system during the recovery process. # Copying them into the recovery system would let "rear recover" avoid the migration process. # See https://github.com/rear/rear/pull/1393 for details. # /dev/watchdog /dev/watchdog\* functionality is not wanted in the ReaR rescue/recovery system # because we do not want any automated reboot while disaster recovery happens via "rear recover". # Furthermore having dev/watchdog* during "rear mkrescue" may even trigger a system "crash" that is # caused by TrendMicro ds_am module touching dev/watchdog in ReaR's build area (/var/tmp/rear.XXX/rootfs). # See https://github.com/rear/rear/issues/2798 COPY_AS_IS_EXCLUDE=( $VAR_DIR/output/\* dev/.udev dev/shm dev/shm/\* dev/oracleasm dev/mapper dev/watchdog\* dev/vx dev/dmpconfig) # Array of user names that are trusted owners of files where RequiredSharedObjects calls ldd (cf. COPY_AS_IS) # and where a ldd test is run inside the recovery system that tests all binaries for 'not found' libraries. # The default is 'root' plus those standard system users that have a 'bin' or 'sbin' or 'root' home directory # cf. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users # When TRUSTED_FILE_OWNERS is empty all file owners are trusted. TRUSTED_FILE_OWNERS=( 'root' 'bin' 'daemon' 'sync' 'shutdown' 'halt' 'operator' ) #### #### # Including and setting keyboard mappings in the ReaR recovery system, # cf. https://github.com/rear/rear/pull/1781 # KEYMAPS_DEFAULT_DIRECTORY specifies the default directory for keyboard mapping files. # Different Linux distributions use a different default directory for keymaps, # see https://github.com/rear/rear/pull/1781#issuecomment-384322051 # and https://github.com/rear/rear/pull/1781#issuecomment-384331316 # and https://github.com/rear/rear/pull/1781#issuecomment-384560856 # so that we have this summary: # /usr/share/kbd/keymaps is used by SUSE and Arch Linux # /usr/share/keymaps is used by Debian and Ubuntu # /lib/kbd/keymaps is used by Centos and Fedora and Red Hat # By default (i.e. when KEYMAPS_DEFAULT_DIRECTORY is not set or empty) # it uses the first one of those directories that exist: KEYMAPS_DEFAULT_DIRECTORY="" # KEYMAPS_DIRECTORIES is a string of directories that contain keyboard mapping files # or plain keyboard mapping files to be included in the recovery system, for example like # KEYMAPS_DIRECTORIES="/usr/share/kbd/keymaps/legacy /usr/src/linux/drivers/char/defkeymap.map" # The main intent is to support non-US keyboards because without a right keyboard mapping # it could become an awful annoyance to work in the recovery system. # When KEYMAPS_DIRECTORIES is specified it is not sufficient to include # e.g. only a '/usr/share/kbd/keymaps/legacy/i386/' sub-directory because # include files in '/usr/share/kbd/keymaps/legacy/include/' are also needed. # For example to find out what 'loadkeys de-latin1-nodeadkeys' needs one may run # "strace -f -e open loadkeys de-latin1-nodeadkeys" and inspect its output # which keymap files are used which results e.g. on openSUSE Leap 42.3 those files: # /usr/share/kbd/keymaps/legacy/i386/qwertz/de-latin1-nodeadkeys.map.gz # /usr/share/kbd/keymaps/legacy/i386/qwertz/de-latin1.map.gz # /usr/share/kbd/keymaps/legacy/i386/include/qwertz-layout.inc # /usr/share/kbd/keymaps/legacy/i386/include/compose.inc # /usr/share/kbd/keymaps/legacy/i386/include/linux-with-alt-and-altgr.inc # /usr/share/kbd/keymaps/legacy/i386/include/linux-keys-bare.inc # /usr/share/kbd/keymaps/legacy/i386/include/euro2.map.gz # /usr/share/kbd/keymaps/legacy/include/compose.latin1 # cf. https://github.com/rear/rear/pull/1781#issuecomment-384574103 # Specifying those files in KEYMAPS_DIRECTORIES results a minimal recovery system # that contains only what is needed to use the de-latin1-nodeadkeys keyboard mapping. # In some cases (e.g. on ppc64 with the yaboot bootloader) a minimal recovery system # is required (cf. the section about REAR_INITRD_COMPRESSION below). # By default (i.e. when KEYMAPS_DIRECTORIES is not set or empty) # the whole KEYMAPS_DEFAULT_DIRECTORY is included to be on the safe side and # to get a recovery system that can be used with various usual keyboards: KEYMAPS_DIRECTORIES="" # KEYMAP is a keymap file to be set via 'loadkeys $KEYMAP' in the recovery system # to specify the exact keymap that should be set and used for example like: # KEYMAP="de-latin1-nodeadkeys" # During recovery system startup with topmost priority it tries to set # what is specified as KEYMAP but that may fail when needed keymap files # are missing in the recovery system (e.g. include files, see above). # With second priority it tries to set the keymap of the original system # which was dumped during "rear mkrescue/mkbackup", for details # see the rescue/GNU/Linux/500_clone_keyboard_mappings.sh script. # As fallback it tries to set the default 'defkeymap' (US keyboad) keymap. # Be default (i.e. when KEYMAP is not set or empty) the keymap of the original system # while "rear mkrescue/mkbackup" was run is also used in the recovery system: KEYMAP="" #### #### # Users and groups to copy into the ReaR recovery system. # Users and groups must exist in the original system (i.e. one cannot create new ones). # Specified users and groups that do not exist in the original system are ignored. # Users and groups must be specified with names (not with numerical IDs): CLONE_USERS=() CLONE_GROUPS=() CLONE_ALL_USERS_GROUPS="true" # When CLONE_ALL_USERS_GROUPS is 'true' or 'all' copy users and groups # that exist on the current system into the ReaR recovery system # in addition to the users and groups in CLONE_USERS and CLONE_GROUPS. # When CLONE_ALL_USERS_GROUPS contains a 'true' value, copy the users and groups # from the local /etc/passwd and /etc/group files into the recovery system. # To exclude users and groups set CLONE_ALL_USERS_GROUPS="false" and specify # the users and groups via CLONE_USERS and CLONE_GROUPS as needed. # If /etc/passwd or /etc/group on the original system contain secrets # (in particular passwords) the secrets get copied into the recovery system. # The /etc/shadow and /etc/gshadow files are not copied into the recovery system # so that shadow passwords should not appear in the recovery system # unless explicitly specified e.g. via COPY_AS_IS+=( /etc/shadow ) # When CLONE_ALL_USERS_GROUPS is 'all', copy also all users and groups that are # available via 'getent' on the original system into the recovery system. # For details see the usr/share/rear/rescue/default/900_clone_users_and_groups.sh script. # The default CLONE_ALL_USERS_GROUPS="true" should normally be sufficient # that all files from the backup can be restored with right user and group. # If the original file's user and group does not exist in the recovery system # that file from the backup might get restored with wrong user or group name # (e.g. with the fallback 'root:root') or with wrong numerical user ID or group ID # because the backup restore software runs "inside" the recovery system with the # users and groups there and not with the users and groups of the original system. # Therefore special users and groups can be added via CLONE_USERS and CLONE_GROUPS # or even CLONE_ALL_USERS_GROUPS="all" can be specified. #### # A terminal login password as a salted hash. # If empty, a root login into the ReaR recovery system via the system console or a serial terminal # is possible without being asked for a password. { TTY_ROOT_PASSWORD='' ; } 2>>/dev/$SECRET_OUTPUT_DEV #### # SSH_FILES # SSH_ROOT_PASSWORD # SSH_UNPROTECTED_PRIVATE_KEYS # # What SSH files should be copied into the ReaR rescue/recovery system and # how SSH access in the ReaR rescue/recovery system should be set up. # # This configuration only affects the rescue/recovery system. # A system restored by ReaR will receive its SSH configuration entirely from its backup. # ReaR supports OpenSSH versions >= 3.1 and SSH files at standard locations. # # When a different secure shell software is used set SSH_FILES='no' # to disable the SSH setup functionality in ReaR and specify the # files and programs that are needed for remote access in the # rescue/recovery system via generic ReaR functionality like # COPY_AS_IS, REQUIRED_PROGS, COPY_AS_IS_EXCLUDE, and LIBS. # # When SSH_FILES is set to 'no', nothing is done to set up SSH # (in particular no sshd setup) in the rescue/recovery system. # # For a rescue system/medium free of secrets, use the default configuration: # You can access the rescue system's root account via SSH via public/private key # if that was permitted on the original system (via authorized_keys). # Accessing other systems from the rescue system via SSH requires entering a password # (as there are no private keys on the rescue medium). # # To support added functionality on the running rescue system is possible # at the price of having the rescue system/medium contain secrets # so that the rescue system ISO image and any recovery medium # needs to be protected against unwanted access. # To access the rescue system with a password, set SSH_ROOT_PASSWORD. # To access other systems via root's passphrase-protected SSH private keys # present on the original system, set SSH_FILES='yes'. # To access other systems via root's protected and unprotected SSH private keys # present on the original system, set SSH_FILES='yes' and SSH_UNPROTECTED_PRIVATE_KEYS='yes'. # # For special needs, you have these options: # You can specify the SSH configuration files individually by setting SSH_FILES to an array, # whose elements are the file paths. # Elements of this array receive special key protection if configured. # You can use COPY_AS_IS_EXCLUDE to exclude files from being copied. # # SSH host key files can be generated anew only for the recovery system. # provided SSH_UNPROTECTED_PRIVATE_KEYS is not set to a 'false' value # because private host keys are never protected. # If there are no SSH host key files in the recovery system, a fallback RSA key # is generated when starting sshd during recovery system startup and # the RSA key fingerprint is shown on the recovery system login screen. # # For details see rescue/default/500_ssh.sh build/default/500_ssh_setup.sh # build/default/501_check_ssh_keys.sh and skel/default/etc/scripts/run-sshd # # The default SSH_FILES='avoid_sensitive_files' should be secure # because it avoids copying sensitive SSH files as follows: # From /etc/ssh only moduli, ssh_config, sshd_config, and ssh_known_hosts are copied and # from /root/.ssh only authorized_keys and known_hosts are copied into the recovery system. SSH_FILES='avoid_sensitive_files' # # SSH_ROOT_PASSWORD defines a password for remote access to the recovery system # as 'root' via SSH without requiring a public/private key pair. # This password is valid only while the recovery system is running and # will not allow access afterwards to the restored target system. # In the recovery system the password is stored in hashed MD5 format. # Both SSH_ROOT_PASSWORD='plain_text_password' and SSH_ROOT_PASSWORD='hashed_password' are possible. # To avoid a plain text password in the etc/rear/local.conf config file # generate a MD5 hashed password with the openssl command. # SSH_ROOT_PASSWORD is ignored when SSH_FILES is set to a 'false' value. { SSH_ROOT_PASSWORD='' ; } 2>>/dev/$SECRET_OUTPUT_DEV # # SSH_UNPROTECTED_PRIVATE_KEYS="yes" makes ReaR also include SSH keys without a passphrase # in the ReaR rescue/recovery system at the price of having the rescue system/medium # contain secrets so that the rescue system ISO image and any recovery medium # needs to be protected against unwanted access. # This is not recommended because usually ReaR should build a recovery system ISO image # that does not contain secrets from the original system so that a recovery medium that # is created from the recovery system ISO image does not need to be specially protected. # Instead of enabling this consider creating additional SSH keys with passphrases to be used # only during recovery. You can even have the same key, once with and once without passphrase. # The one without will be used during regular operations and the one with passphrase # on the ReaR rescue/recovery system. # With the default SSH_UNPROTECTED_PRIVATE_KEYS="no" ReaR tries to find SSH keys # without passphrase for root (but not for other users) at standard locations # and if found ReaR removes those unprotected keys from the recovery system. # But SSH_UNPROTECTED_PRIVATE_KEYS="no" is not at all any guarantee # to not have any kind of unprotected SSH key in the recovery system. # In general to check if there are unwanted files in the recovery system # use KEEP_BUILD_DIR="yes" and inspect the recovery system content # in $TMPDIR/rear.XXXXXXXXXXXXXXX/rootfs/ and use COPY_AS_IS_EXCLUDE # to exclude unwanted files from the recovery system. SSH_UNPROTECTED_PRIVATE_KEYS='no' #### ## # NON_FATAL_BINARIES_WITH_MISSING_LIBRARY # # What programs/binaries (i.e. files in a /bin/ or /sbin/ directory) # are o.k. in the ReaR rescue/recovery system regardless # that 'ldd' reports a 'not found' library for them. # In general the right solution when 'ldd' reports a 'not found' library # is to use the generic config variables COPY_AS_IS REQUIRED_PROGS and LIBS # to get actually missing stuff into the ReaR rescue/recovery system or # for external/third-party backup programs the specific config variables # like COPY_AS_IS_TSM COPY_AS_IS_BORG COPY_AS_IS_YUM and others. # NON_FATAL_BINARIES_WITH_MISSING_LIBRARY is a 'egrep' pattern # like NON_FATAL_BINARIES_WITH_MISSING_LIBRARY='myprog|/mydir/' # where it is known that things work regardless of what 'ldd' reports. # By default it is fatal when 'ldd' reports a 'not found' library for # any file in a /bin/ or /sbin/ directory in the recovery system and # "rear mkrescue/mkbackup" aborts with "recovery system not usable". # For details see the build/default/990_verify_rootfs.sh script. NON_FATAL_BINARIES_WITH_MISSING_LIBRARY='' ## # EXCLUDE_MD5SUM_VERIFICATION # # What files should be excluded from being verified during recovery system startup. # During "rear mkrescue/mkbackup" the build/default/995_md5sums_rootfs.sh script # creates md5sums for all regular files in the ReaR rescue/recovery system # and stores the result as /md5sums.txt in the ReaR rescue/recovery system. # During recovery system startup the md5sums of the files in /md5sums.txt are verified. # The reason behind is that there could be errors during loading/unpacking # of the initrd/initramfs which are reported (if one knows how to look for them) # but at least some errors do not abort the boot process so that # it could happen that files in the recovery system are corrupt # but the user may not notice the actual error and get any kind # of inexplicable errors later when using the recovery system, # see https://github.com/rear/rear/issues/1859 # and https://github.com/rear/rear/issues/1724 # EXCLUDE_MD5SUM_VERIFICATION is a 'egrep -v' pattern # like EXCLUDE_MD5SUM_VERIFICATION='/path/to/myfile|/path/to/mydir/' # for files or directories in md5sums.txt that should be excluded from being verified. # With the special value EXCLUDE_MD5SUM_VERIFICATION='all' # creating md5sums and verification can be completely skipped. # The by default empty EXCLUDE_MD5SUM_VERIFICATION means that certain files # get excluded where it is known that their md5sum verification will fail # (i.e. the already known false positives are excluded by default). # For details see the build/default/995_md5sums_rootfs.sh # and skel/default/etc/scripts/system-setup scripts. EXCLUDE_MD5SUM_VERIFICATION='' #### # Time synchronisation, could be NTP, CHRONY, NTPDATE, RDATE or empty: TIMESYNC= # Set a timesync source, mostly needed for NTPDATE and RDATE: TIMESYNC_SOURCE= #### # Define a default LANG_RECOVER. At least TSM seems to need it to correctly restore foreign language sets. # You may redefine it e.g. like LANG_RECOVER=de_DE@euro but be careful because there could be weird failures # because the plain UTF-8 encoding is compatible with ASCII but setting LANG e.g. to en_US.UTF-8 is no longer # ASCII compatible, see "Character encoding" in https://github.com/rear/rear/wiki/Coding-Style # and https://github.com/rear/rear/issues/1035 and https://github.com/rear/rear/pull/1469 LANG_RECOVER=C # LUKS_CRYPTSETUP_OPTIONS contains additional options to cryptsetup # which complement auto-detected options and enforce certain settings. # The default settings '--iter-time 2000 --use-random' increase security # beyond the level attained by compiled-in cryptsetup defaults. # On some systems using the /dev/random random generator may result in possibly long delays # while generating the needed LUKS encryption keys during "rear recover". # In this case you may set LUKS_CRYPTSETUP_OPTIONS="--iter-time 2000 --use-urandom" instead # but using /dev/urandom instead of /dev/random results a low-quality master encryption key. # To add more additional options to the ones below specify them in your etc/rear/local.conf via # LUKS_CRYPTSETUP_OPTIONS+=" more additional options" # (the leading space is mandatory) for example LUKS_CRYPTSETUP_OPTIONS+=" --force-password" # to avoid that during "rear recover" cryptsetup fails (which lets the diskrestore.sh script fail) # when your LUKS password does not match the cryptsetup password quality checking requirements. # Another example could be something like LUKS_CRYPTSETUP_OPTIONS+=" --align-payload 4096" # to enforce a 4096 * 512 bytes = 2 MiB alignment of the data payload (without LUKS header) # when e.g. 2 MiB alignment of the LUKS data payload is actually used on the original system. # This could be needed in particular when LUKS volumes are used as containers for higher level # storage objects like LVM on top of LUKS encrypted volumes to have LUKS encryption for LVM. # When "rear recover" is done on a different replacement disk it could happen that the # cryptsetup default data payload alignment (which is based on the topology of the new disk) # recreates LUKS volumes with a bigger alignment value that results less data payload size # compared to what it was on the original system which could let a subsequent LVM setup fail # when a specified LVM volume size does no longer fit into a smaller LUKS data payload area, # cf. https://github.com/rear/rear/issues/2389 # For details, see the cryptsetup(8) manual page of your particular Linux distribution. LUKS_CRYPTSETUP_OPTIONS="--iter-time 2000 --use-random" #### # BACKUP=CDM (Rubrik CDM; Cloud Data Management) ## # ReaR support for Rubrik Cloud Data Management (CDM). # ReaR will copy the Rubrk RBS agent and required OS binaries to its ISO for incluson on boot. # ReaR will start the Rubrik RBS agent when 'rear recover' is run. COPY_AS_IS_CDM=( /etc/rubrik /usr/bin/rubrik /var/log/rubrik /etc/pki ) COPY_AS_IS_EXCLUDE_CDM=( /var/log/rubrik/* ) PROGS_CDM=( /usr/bin/rubrik/backup_agent_main /usr/bin/rubrik/bootstrap_agent_main openssl uuidgen ) #### #### # BACKUP=FDRUPSTREAM ## # ReaR support for FDR/Upstream is limited to disaster recovery only. # ReaR will not perform an FDR/Upstream backup. # ReaR will install a working FDR/Upstream client when you issue the 'rear recover' command FDRUPSTREAM_INSTALL_PATH="/opt/fdrupstream" FDRUPSTREAM_CONFIG_PATH="/etc/opt/fdrupstream" FDRUPSTREAM_DATA_PATH="/var/opt/fdrupstream" COPY_AS_IS_FDRUPSTREAM=( "$FDRUPSTREAM_INSTALL_PATH" "$FDRUPSTREAM_CONFIG_PATH" "$FDRUPSTREAM_DATA_PATH" ) # Under certain conditions 'rear mkrescue' put its output files in $FDRUPSTREAM_DATA_PATH/rear # and subsequent runs of 'rear mkrescue' would let it grow (in effect, it is a recursive backup) # so we exclude $FDRUPSTREAM_DATA_PATH/rear from the backup: COPY_AS_IS_EXCLUDE_FDRUPSTREAM=( "$FDRUPSTREAM_DATA_PATH/rear" "$FDRUPSTREAM_INSTALL_PATH/usserver" ) CHECK_CONFIG_FILES_FDRUPSTREAM=( "$FDRUPSTREAM_INSTALL_PATH/fdrupstream" "$FDRUPSTREAM_INSTALL_PATH/upstream.msg" "$FDRUPSTREAM_INSTALL_PATH/uscmd*" "$FDRUPSTREAM_INSTALL_PATH/usdaemon*" "$FDRUPSTREAM_INSTALL_PATH/us" "$FDRUPSTREAM_INSTALL_PATH/us1" "$FDRUPSTREAM_INSTALL_PATH/us.ser" "$FDRUPSTREAM_INSTALL_PATH/*.so" "$FDRUPSTREAM_INSTALL_PATH/bin/*.so" "$FDRUPSTREAM_INSTALL_PATH/usudb*" "$FDRUPSTREAM_INSTALL_PATH/*.dat" "$FDRUPSTREAM_INSTALL_PATH/*.cfg" "$FDRUPSTREAM_CONFIG_PATH/*" "$FDRUPSTREAM_DATA_PATH/*/parms/*" ) PROGS_FDRUPSTREAM=() #### #### # BACKUP=PPDM ## # ReaR support for Dell PowerProtect Data Manager, restore only readonly _PPDM_INSTALL_DIR=/opt/dpsapps COPY_AS_IS_PPDM=( $_PPDM_INSTALL_DIR /etc/systemd/system/agentsvc?service /etc/systemd/system/multi-user.target.wants/agentsvc?service /usr/lib/locale # additional requirements # libutil needed by libpython3.11.so.1.0 that appears only on agent start in /opt/dpsapps/agentsvc/tmp/_M???????? /lib/*/libutil.so.1 /lib*/libutil.so.1 # gconv libs required to not be specific about LC_ALL # some distros put it into /usr/lib64, some in /usr/lib/x86_64-linux-gnu /usr/lib/*64*/gconv/ /usr/lib6?/gconv/ ) COPY_AS_IS_EXCLUDE_PPDM=( $_PPDM_INSTALL_DIR/*/{tmp,logs,tracelogs}/* # Logs and Temp content, but take directories along ) PROGS_PPDM=( ddfsadmin ddfsrc ddfssv locale whoami pgrep netstat # additional requirements date # for PIT calculation ) # in seconds, 5 minutes should be enough for an admin to fix the lockbox PPDM_WAIT_FOR_LOCKBOX_TIMEOUT=$(( 60*5 )) # point in time restore, take backups from before this # format is YYYY-MM-DD [HH[:MM[:SS]]] with the time defaulting to 23:59:59 to allow all backups from that day # default is to restore the latest backup PPDM_RESTORE_PIT= # The following variables are used for PPDM restore and determined automatically # during the recovery PPDM_DD_IP= PPDM_STORAGE_UNIT= PPDM_DD_USERNAME= PPDM_DD_CONFIG_TYPE= declare -A PPDM_ASSETS_AND_SSIDS=() #### #### # BACKUP=NBKDC ## # (NovaStor DataCenter: http://www.novastor.com) # Agent installation will be detected automatically in: # prep/NBKDC/default/400_prep_nbkdc.sh # ReaR will not perform the backup, this will be triggered by NovaStor DataCenter # NBKDC_DIR=/opt/NovaStor/DataCenter COPY_AS_IS_NBKDC=() COPY_AS_IS_EXCLUDE_NBKDC=() #### #### # BACKUP=NFS4SERVER ## # Note: This is for restore via NFS server, where another computer can connect to the rescue system via NFS and push # the backup files onto the disks after ReaR prepared and formatted them. # # This method has no backup functionality, only restore. And it requires interaction with an external system to push the files. # # ReaR will wait for a signal file (rear_finished.txt) to appear to indicate that the file transfer is complete. # # Use the abort file (rear_abort.txt) to abort the restore process, its content will be shown to the user as the reason for aborting. # REQUIRED_PROGS_NFS4SERVER=("rpc.nfsd" "rpc.mountd" "exportfs" "ss" "nproc") NFS4SERVER_MODULES=(nfs nfsd) # List of share options for the recovery system, see 'General Options' in exports(5) NFS4SERVER_EXPORT_OPTS=(rw no_root_squash async no_subtree_check) # List of trusted systems that can mount the recovery system, see 'Machine Name Formats' in exports(5) # e.g. NFS4SERVER_TRUSTED_CLIENTS=( myclient 172.16.76.0/24 ) NFS4SERVER_TRUSTED_CLIENTS=() # this file is relative to $TARGET_FS_ROOT/ # it will be deleted after restore NFS4SERVER_RESTORE_FINISHED_FILE=var/lib/rear/rear_finished.txt NFS4SERVER_RESTORE_ABORT_FILE=var/lib/rear/rear_abort.txt #### # BACKUP=GALAXY ## # Note: This is for Galaxy 5 (tested) und probably 6 (untested) # COPY_AS_IS_GALAXY=( /lib/libm* /opt/galaxy /etc/Galaxy.pkg /etc/CommVaultRegistry ) COPY_AS_IS_EXCLUDE_GALAXY=( "/opt/galaxy/iDataAgent/jobResults/*" "/opt/galaxy/Updates/*" "/opt/galaxy/Base/Temp/*" ) GALAXY_COMMCELL= GALAXY_PORT=8401 GALAXY_LOGONID= GALAXY_INSTANCE= GALAXY_BACKUPSET= #### #### # BACKUP=GALAXY7 ## # Note: This is for Galaxy 7 (tested) and maybe also for 6 (untested) # COPY_AS_IS_GALAXY7=( /lib/libm* /opt/galaxy /etc/CommVaultRegistry ) COPY_AS_IS_EXCLUDE_GALAXY7=( "/opt/galaxy/iDataAgent/jobResults/*" "/opt/galaxy/Updates/*" "/opt/galaxy/Base/Temp/*" ) # Use this default backup set. If left empty we will prompt the user at restore time for # the appropriate backup set to use. Could be set to a global organisation-wide default # in site.conf ... GALAXY7_BACKUPSET= # Use this argument file for all Galaxy commands. You can place some general stuff here # and also use this file to store the logon credentials to Galaxy. This file will be # automatically included in COPY_AS_IS GALAXY7_Q_ARGUMENTFILE= #### #### # BACKUP=GALAXY10 ## # Note: This is for Galaxy 10 (tested) # COPY_AS_IS_GALAXY10=( /lib/libm* /opt/simpana/ /etc/CommVaultRegistry ) COPY_AS_IS_EXCLUDE_GALAXY10=( "/opt/simpana/iDataAgent/jobResults/*" "/opt/simpana/Updates/*" "/opt/simpana/Base/Temp/*" ) # Use this default backup set. If left empty we will prompt the user at restore time for # the appropriate backup set to use. Could be set to a global organisation-wide default # in site.conf ... GALAXY10_BACKUPSET= # Use this argument file for all Galaxy commands. You can place some general stuff here # and also use this file to store the logon credentials to Galaxy. This file will be # automatically included in COPY_AS_IS GALAXY10_Q_ARGUMENTFILE= #### # BACKUP=GALAXY11 ## # Note: This is for CommVault 11 # # Note: Some variables can be set via environment variables when calling rear # # see 400_prep_galaxy.sh for how we auto-fill these values GALAXY11_CORE_DIRECTORY= GALAXY11_HOME_DIRECTORY= GALAXY11_LOG_DIRECTORY= GALAXY11_TEMP_DIRECTORY= GALAXY11_JOBS_RESULTS_DIRECTORY= GALAXY11_CONFIG_DIRECTORY=/etc/CommVaultRegistry # # add additional copy include/excludes for Galaxy 11, the content of the GALAXY_*_DIRECTORY # variables will be added automatically COPY_AS_IS_GALAXY11=() COPY_AS_IS_EXCLUDE_GALAXY11=() # Use this default backup set. If left empty we will prompt the user at restore time for # the appropriate backup set to use. Could be set to a global organisation-wide default # in site.conf ... GALAXY11_BACKUPSET=${GALAXY11_BACKUPSET:-} # Use this to set the poin-in-time recovery date/time as reported by qlist jobhistory # You can also specify an index from the last backup start at 0 (e.g. 0 = latest, 1 = previous last, etc.) # If the variable is empty commvault restores the latest backup by default GALAXY11_PIT_RECOVERY=${GALAXY11_PIT_RECOVERY:-} # Use this argument file for all Commvault commands. You can place some general stuff here # and also use this file to store the logon credentials to Commvault. This file will be # automatically included in COPY_AS_IS # Remember to adequately protect the rescue media if you include credentials in it GALAXY11_Q_ARGUMENTFILE= # CommVault login credentials for restore # Remember to adequately protect the rescue media if you include credentials in it GALAXY11_USER=${GALAXY11_USER:-} { GALAXY11_PASSWORD=${GALAXY11_PASSWORD:-} ; } 2>>/dev/$SECRET_OUTPUT_DEV ## # BACKUP=TSM stuff ## # COPY_AS_IS_TSM=( /etc/adsm /opt/tivoli/tsm/client /usr/local/ibm/gsk8* ) # TSM client can be big (~300MB). If you need to reduce the size of the rescue image initrd (which can be a # good idea for PowerVM based partition), # you can use the following COPY_AS_IS_TSM which will only copy what is needed to start a TSM restore. # Don't forget to add your custom configuration files like Includes and Excludes files. # COPY_AS_IS_TSM=( /etc/adsm /opt/tivoli/tsm/client/ba/bin/dsmc /opt/tivoli/tsm/client/ba/bin/dsm.sys /opt/tivoli/tsm/client/ba/bin/dsm.opt /opt/tivoli/tsm/client/api/bin64/libgpfs.so /opt/tivoli/tsm/client/api/bin64/libdmapi.so /opt/tivoli/tsm/client/ba/bin/EN_US/dsmclientV3.cat /usr/local/ibm/gsk8* ) COPY_AS_IS_EXCLUDE_TSM=( ) PROGS_TSM=(dsmc) # TSM library PATH that need to be added to LD_LIBRARY_PATH. # gsk lib PATH are detected and automatically added by usr/share/rear/prep/TSM/default/400_prep_tsm.sh TSM_LD_LIBRARY_PATH="/opt/tivoli/tsm/client/ba/bin:/opt/tivoli/tsm/client/api/bin64:/opt/tivoli/tsm/client/api/bin:/opt/tivoli/tsm/client/api/bin64/cit/bin" # where to copy the resulting files to and save them with TSM TSM_RESULT_FILE_PATH=/opt/tivoli/tsm/rear # # Additional dsmc options for restore. Point-in-time read from user # input is also added to this array. TSM_DSMC_RESTORE_OPTIONS=( ) # # Tell if the result from mkbackup/mkrescue (Rescue image: ISO image, PXE, kernel and initrd) # should be saved via TSM. # You can disable these saving when the result is saved on an different way (ISO_URL, PXE_TFTP_UPLOAD_URL....) # (y/n) default to y TSM_RESULT_SAVE=y # # TSM archive management class definition TSM_ARCHIVE_MGMT_CLASS= # # Say "y", "Yes" or "1" to remove the ISO file from local system (in the ISO_DIR location) # if TSM server confirms the backup was successful (to preserve space on the local system) TSM_RM_ISOFILE= #### #### # BACKUP=NBU (Symantec/Veritas NetBackup) ## # COPY_AS_IS_NBU=( /usr/openv/bin/vnetd /usr/openv/bin/vopied /usr/openv/lib /usr/openv/netbackup /usr/openv/var/auth/[mn]*.txt /opt/VRTSpbx /etc/vx/VxICS /etc/vx/vrtslog.conf ) COPY_AS_IS_EXCLUDE_NBU=( /usr/openv/netbackup/logs "/usr/openv/netbackup/bin/bpjava*" /usr/openv/netbackup/bin/xbp /usr/openv/netbackup/bin/private /usr/openv/lib/java /usr/openv/lib/shared/vddk /usr/openv/netbackup/baremetal ) # See https://github.com/rear/rear/issues/2105 why /usr/openv/netbackup/sec/at/lib/ is needed: NBU_LD_LIBRARY_PATH="/usr/openv/lib:/usr/openv/netbackup/sec/at/lib/" PROGS_NBU=( ) #### #### # BACKUP=AVA (EMC Avamar) ## # # AVA_ROOT_DIR is relocatable - default location is either /usr/local/avamar or /opt/avamar AVA_ROOT_DIR=/opt/avamar COPY_AS_IS_AVA=( $AVA_ROOT_DIR/* /var/avamar/avagent.cfg /var/avamar/cid.bin /etc/init.d/functions /etc/rc.d/init.d/avagent ) COPY_AS_IS_EXCLUDE_AVA=( "$AVA_ROOT_DIR/var/*" ) PROGS_AVA=( ) #### #### # BACKUP=DP (Micro Focus Data Protector) ## # With COPY_AS_IS_DP=( ... /etc/opt/omni/client ) in particular the client certificate files # localhost_cert.pem and localhost_key.pem in the /etc/opt/omni/client/sscertificates/ directory # that are needed to restore the backup when Data Protector Secure Communication is configured # get copied into the ReaR rescue/recovery system initramfs/initrd so that in particular # ReaR ISO images and ReaR recovery media must be protected against unwanted access. # In general to check if there are unwanted files in the recovery system use KEEP_BUILD_DIR="yes" # and inspect the recovery system content in $TMPDIR/rear.XXXXXXXXXXXXXXX/rootfs/ and use # COPY_AS_IS_EXCLUDE or COPY_AS_IS_EXCLUDE_DP to exclude unwanted files from the recovery system. # The client certificate is excluded from a Data Protector backup due to security concerns # so it is not restored with Data Protector. During "rear recover" the client certificate files # are copied from the ReaR recovery system into the recovered/recreated target system. # For details see the usr/share/rear/finalize/DP/default/500_restore_ssc.sh script. COPY_AS_IS_DP=( /opt/omni /etc/opt/omni/client ) COPY_AS_IS_EXCLUDE_DP=( /opt/omni/bin/telemetry /opt/omni/Depot /opt/omni/databases /opt/omni/jre /opt/omni/newconfig /opt/omni/bin/drim /opt/omni/AppServer /opt/omni/RS_idb /opt/omni/reporting ) DP_LD_LIBRARY_PATH="/opt/omni/lib:/opt/omni/lib64" #### #### # BACKUP=NSR (EMC Networker; Legato) ## # # NSR_ROOT_DIR is relocatable - default location is /nsr NSR_ROOT_DIR=/nsr COPY_AS_IS_NSR=( $NSR_ROOT_DIR /opt/nsr /opt/networker /usr/lib/nsr /usr/lib64/gconv ) COPY_AS_IS_EXCLUDE_NSR=( "$NSR_ROOT_DIR/logs/*" "$NSR_ROOT_DIR/debug/*" "$NSR_ROOT_DIR/index/*" "$NSR_ROOT_DIR/lockbox/*" "$NSR_ROOT_DIR/mm/*" "$NSR_ROOT_DIR/repository/*" "$NSR_ROOT_DIR/scripts/*" "$NSR_ROOT_DIR/utils/*" ) PROGS_NSR=( nsrexec nsrexecd mminfo save savefs savepnpc recover nsrfsra nsrinfo nsrretrieve nsrwatch nsrports uasm ) # NSRSERVER is normally found automatically, but for the rare cases it is not found pls define it in local.conf NSRSERVER= # NSR_RETENTION_TIME defines the retention time in EMC NetWorker for the result files (ISO image), default is "1 day" # see nsr_getdate(3) for the valid choices (double-quotes are important) NSR_RETENTION_TIME= # The name of the default NSR pool. Default is the upstream default but some sites need to change that to an own default pool name. NSR_DEFAULT_POOL_NAME=Default # There are different EMC Legato server based recovery options which highly depend on # the client's permissions granted on the EMC Networker (Legato) server side. # # Either it is allowed to self-service a recovery job on a EMC Networker server # (i.e. direct access) or it is required to trigger someone else who is capable # to start the file recovery job for the client (i.e. client does not have direct # access to the EMC Networker server). # # Those recovery actions are covered with the following settings: # NSR_CLIENT_MODE=yes ; Client needs to trigger someone else to start the # EMC Networker server recovery action # or # NSR_CLIENT_MODE=no (or unset) ; Default - We have full control on EMC networker server for recovery actions NSR_CLIENT_MODE= # It is possible to set dedicated permissions for EMC Networker clients to perform their # recovery actions on their own. To deal with this situation an additional variable is used # to indicate this during disaster recovery activity. This is combined with the setting of # NSR_CLIENT_MODE. # # The current possible combinations are: # NSR_CLIENT_MODE | NSR_CLIENT_REQUESTRESTORE | Explanation # ----------------+---------------------------+---------------- # NO or unset | YES, NO or unset | Default - EMC Networker server and client are under full control # YES | YES or unset | Client needs to request (someone else) to start the EMC Networker server recovery action # YES | NO | Client is allowed to recover files from EMC Network Server "on its own" with optional point-in-time recovery # # NSR_CLIENT_REQUESTRESTORE=yes ; Client needs to request for a recovery action # (is NOT allowed to perform recovery actions on its own). # or # NSR_CLIENT_REQUESTRESTORE=no (or unset) ; Default - Client does NOT need to request for a # recovery action (is allowed to perform recovery # actions on its own). NSR_CLIENT_REQUESTRESTORE= #### #### # BACKUP=SESAM (SEP Sesam: http://www.sep.de) # path to sesam installation will be detected automatically in: # prep/SESAM/default/400_prep_sesam.sh ## COPY_AS_IS_SESAM=() COPY_AS_IS_EXCLUDE_SESAM=() #### #### # BACKUP=BACULA (www.bacula.org) ## # If empty BACULA_CONF_DIR and BACULA_BIN_DIR # are automatically set in prep/BACULA/default/400_prep_bacula.sh # Usually BACULA_CONF_DIR is "/etc/bacula" # but for bacula-enterprise-client it is "/opt/bacula/etc" # Usually BACULA_BIN_DIR is "/usr/sbin" # but for bacula-enterprise-client it is "/opt/bacula/bin" BACULA_CONF_DIR="" BACULA_BIN_DIR="" COPY_AS_IS_BACULA=( /var/spool/bacula ) COPY_AS_IS_EXCLUDE_BACULA=( /var/lib/bacula ) PROGS_BACULA=( bacula-fd bconsole bacula-console bextract bls bscan btape smartctl ) # Provide the (possible) volume labels to restore from using bextract. # Multiple entries can be separated by '|' and '*' wildcards are allowed. # eg. VOL-*|Vol-* BEXTRACT_VOLUME= # Provide the Bacula archive device to use for restoring from, either the # name of a tape device or a disk block device as configured for bacula-sd. # eg. Ultrium-1 or /dev/sda1 BEXTRACT_DEVICE= #### #### # BACKUP=BORG (https://borgbackup.readthedocs.io) ## # Copy Borg stuff 1:1 COPY_AS_IS_BORG=( ) # Binaries Borg needs to operate correctly # ReaR includes `borg' and `locale' automatically PROGS_BORG=( ) # Borg server name BORGBACKUP_HOST= # Username for connection to Borg server BORGBACKUP_USERNAME= # Path to Borg repository on Borg server # Be careful to begin you path/to/repo with a / even with relative path # /./path/to/repo - path relative to current directory # /~/path/to/repo - path relative to user's home directory # /~other/path/to/repo - path relative to other's home directory BORGBACKUP_REPO= # Prefix used by ReaR to name archives. # Do not use '_' in the BORGBACKUP_ARCHIVE_PREFIX value as it is used internally by ReaR. BORGBACKUP_ARCHIVE_PREFIX="rear" # Compression used by Borg # Syntax: # compression_type: none, lz4, zlib, lzma # level: 0-9 # Default: none # We agreed in #1037 to mirror its settings in ReaR as well. # "The reason why we default to no compression is that users have to make # an informed choice." BORGBACKUP_COMPRESSION="" # Borg encryption type # Types: none, keyfile, repokey # none: encryption is disabled (least trouble with setup, least security) # keyfile: passphrase and having-the-key (stored on client in /$HOME/.config/borg/keys/) # repokey: passphrase-only (stored on server BORGBACKUP_REPO/config) # Default: repokey BORGBACKUP_ENC_TYPE="none" # When set, use the given path/filename as remote path (default is "borg") BORGBACKUP_REMOTE_PATH="" # Set archive umask # Default: 0077 BORGBACKUP_UMASK="" # Borg retention strategy # See https://borgbackup.readthedocs.io/en/stable/usage/prune.html # Deprecated variables like e.g. BORGBACKUP_PRUNE_WITHIN are still considered, # if new variable BORGBACKUP_PRUNE_KEEP_WITHIN is not set. BORGBACKUP_PRUNE_KEEP_WITHIN= BORGBACKUP_PRUNE_KEEP_LAST= BORGBACKUP_PRUNE_KEEP_MINUTELY= BORGBACKUP_PRUNE_KEEP_HOURLY= BORGBACKUP_PRUNE_KEEP_DAILY= BORGBACKUP_PRUNE_KEEP_WEEKLY= BORGBACKUP_PRUNE_KEEP_MONTHLY= BORGBACKUP_PRUNE_KEEP_YEARLY= # Borg default ssh port BORGBACKUP_PORT=22 # Hint about Borg output and logs: # If BORGBACKUP_SHOW_PROGRESS is true, no Borg output is written in ReaR log. # In case Borg output is written to ReaR logs (BORGBACKUP_SHOW_PROGRESS=false) # depending on verbosity (-v) Borg output is also shown to the user. # # Previous hint: If there is a need to store additional data into log file, # `tee' can be used for this purpose. # For more information on how additional output can be stored check: # https://github.com/rear/rear/issues/2007#issuecomment-448618562 # # Should progress from Borg be displayed as backup runs? # (Progress data will not be stored in ReaR log.) BORGBACKUP_SHOW_PROGRESS="no" BORGBACKUP_CREATE_SHOW_PROGRESS= BORGBACKUP_PRUNE_SHOW_PROGRESS= BORGBACKUP_EXTRACT_SHOW_PROGRESS= # Should final Borg stats be displayed after backup is over? # (Borg final stats will not be stored into ReaR log, if # BORGBACKUP_SHOW_PROGRESS is true) BORGBACKUP_SHOW_STATS="no" BORGBACKUP_CREATE_SHOW_STATS= BORGBACKUP_PRUNE_SHOW_STATS= BORGBACKUP_EXTRACT_SHOW_STATS= # Should Borg output list of items (files, dirs, ...)? # (Borg list will not be stored into ReaR log, if # BORGBACKUP_SHOW_PROGRESS is true) BORGBACKUP_SHOW_LIST="no" BORGBACKUP_CREATE_SHOW_LIST= BORGBACKUP_PRUNE_SHOW_LIST= BORGBACKUP_EXTRACT_SHOW_LIST= # Should Borg output final return code after its run? # (Borg return code will not be stored into ReaR log, if # BORGBACKUP_SHOW_PROGRESS is true) BORGBACKUP_SHOW_RC="no" BORGBACKUP_CREATE_SHOW_RC= BORGBACKUP_PRUNE_SHOW_RC= BORGBACKUP_EXTRACT_SHOW_RC= # Should rear ignore Borg WARNINGS # See https://borgbackup.readthedocs.io/en/stable/usage/general.html#return-codes BORGBACKUP_IGNORE_WARNING="no" # Pagination for selecting archives: # While restoring how many archives should be shown in each step to the user? # If more archives are available, cycle through them. # Enabled by default with showing up to 10 archives per cycle. # To disable it set it 0. BORGBACKUP_RESTORE_ARCHIVES_SHOW_MAX=10 # Should Borg when initializing a repo also create parent directories, # if they are missing? # Can be useful if e.g. you use ReaR USB output and want all your Borg # repositories in a subfolder (e.g. BORGBACKUP_REPO="/borg_repos/$HOSTNAME") BORGBACKUP_INIT_MAKE_PARENT_DIRS="no" # Should Borg exclude caches from backup? # Exclude directories that contain a CACHEDIR.TAG file # See https://borgbackup.readthedocs.io/en/stable/usage/create.html # See http://www.bford.info/cachedir/spec.html BORGBACKUP_EXCLUDE_CACHES="no" # Should Borg exclude directories with a .nobackup file? # Exclude directories tagged by containing a filesystem object .nobackup # e.g. created by `touch .nobackup` # See https://borgbackup.readthedocs.io/en/stable/usage/create.html BORGBACKUP_EXCLUDE_IF_NOBACKUP="no" # Should Borg backup be created with a specific timestamp? # E.g. when you use multiple backups method and each backup in the run should # have the same Borg timestamp. Consider the case you run backup shortly # before midnight, one backup running before midnight, the other one after # midnight. It may have an effect on your pruning policy, so you may find this # option useful. # Format for manually specifiying the archive creation date/time in UTC: # yyyy-ddThh:mm:ss # E.g. with `date --utc +"%FT%T` # https://github.com/rear/rear/blob/master/doc/user-guide/11-multiple-backups.adoc # https://borgbackup.readthedocs.io/en/stable/usage/create.html BORGBACKUP_TIMESTAMP= # Environment variables # Borg is using couple of environment variables which can influence its behavior. # You can make use of them by putting 'export BORG_var_name="var_value"' # into ReaR's local.conf/site.conf. # e.g. # (single quotes avoid issues with the special bash character $) # export BORG_PASSPHRASE='S3cr37_P455w0rD' # export BORG_RELOCATED_REPO_ACCESS_IS_OK="yes" # export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK="yes" # export BORG_KEYS_DIR="/borg/keys" # export BORG_CACHE_DIR="/borg/cache" # ... # # For full list and description see: # https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables #### #### # BACKUP=BLOCKCLONE ## # If set to "yes" partitions will be created 1:1 # Normally ReaR uses code that might create a slight offset in partitioning. # This might be fatal for Windows boot, if you plan to backup/restore # bootable Windows OS, which shares same disk with Linux, set this to "yes" # Setting this option to "yes" might cause that ReaR fails # when migrating to different HW. BLOCKCLONE_STRICT_PARTITIONING="no" # Source device for backup BLOCKCLONE_SOURCE_DEV="" # Program to use for cloning # Syntax: < ntfsclone | dd > BLOCKCLONE_PROG="" # Options that should be passed to BLOCKCLONE_PROG BLOCKCLONE_PROG_OPTS="" # Block device containing boot strap code # If empty, neither MBR bootstrap code, nor partition layout will be # saved/recreated BLOCKCLONE_SAVE_MBR_DEV="" # Filename containitg boot strap code (first 446B of MBR) BLOCKCLONE_MBR_FILE="boot_strap.img" # Filename containing strict partition layout BLOCKCLONE_PARTITIONS_CONF_FILE="partition_layout.conf" # Allow to run backup of mounted disks/partitions BLOCKCLONE_ALLOW_MOUNTED="no" # Try unmounting device first (only meaningful when BLOCKCLONE_ALLOW_MOUNTED="yes") BLOCKCLONE_TRY_UNMOUNT="no" #### #### # BACKUP=BAREOS (bareos.org) ## COPY_AS_IS_BAREOS=( /etc/bareos /var/spool/bareos ) COPY_AS_IS_EXCLUDE_BAREOS=( /var/lib/bareos ) PROGS_BAREOS=( bareos-fd bconsole bareos-console bextract bls bscan btape smartctl ) # Bareos client name, only adpat if it differs from hostname-fd # BAREOS_CLIENT="$HOSTNAME-fd" # Provide the (possible) volume labels to restore from using bextract. # Multiple entries can be separated by '|' and '*' wildcards are allowed. # eg. VOL-*|Vol-* BEXTRACT_VOLUME= # Provide the Bareos archive device to use for restoring from, either the # name of a tape device or a disk block device as configured for bareos-sd. # eg. Ultrium-1 or /dev/sda1 BEXTRACT_DEVICE= # If you have more than one restore job defined for a client, define it as # BAREOS_RESTORE_JOB=client-restore # You can leave it unset as ReaR will tell you when it is needed # BAREOS_RESTORE_JOB= # # If you have more than one fileset configured for your client, specify one here. # Otherwise interaction is needed during restore. # Leave unset, if you have only one fileset for your client (this is almost always the case) # E.g. BAREOS_FILESET=Full # BAREOS_FILESET= #### #### # BACKUP=DUPLICITY ## # DUPLICITY is a cloud based external backup method # The program duply is wrapper script around duplicity which makes it much easier to use # and script in ReaR - duply uses the concept of a profile (basically a script with vars # to define your settings - use it as "duply status" to see it in action) # By using DUPLY_PROFILE we will try an automatic restore, if duplicity directly is used # then you better add some restore script in the COPY_AS_IS array # # BACKUP_PROG="duply" DUPLY_PROFILE="" # ## # Extension for DUPLICITY # # BACKUP=DUPLICITY # BACKUP_PROG="duplicity" # DUPLICITY_PROG="$(type -P duplicity)" # # The following variable will be passed to Duplicity via --name, this prevents # Duplicity from always recreating the local archive (in /root/.cache/duplicity) # as the URL is always different when using BACKUP_DUPLICITY_NETFS_URL BACKUP_DUPLICITY_NAME="rear-backup" # # The ssh/rsync user at the backup server that is allowed to read/write the backup # for this host: # DUPLICITY_USER="" # # The backup server to write/read the backup: # DUPLICITY_HOST="" # # The protocol Duplicity should use for backup/restore (must be rsync for this case). # Duplicity supports much more (ssh, scp, ftp, ..) but this isn't test in ReaR yet: # DUPLICITY_PROTO="rsync" # # The path at the remote host, that contain the host-dirs with the backups: # DUPLICITY_PATH="" # # Combining the upper parameters should result # e.g. in BACKUP_DUPLICITY_URL="rsync://rear-user@192.168.99.10//backup/rear" # # BACKUP_DUPLICITY_URL="${DUPLICITY_PROTO}://${DUPLICITY_USER}@${DUPLICITY_HOST}/${DUPLICITY_PATH}" # # OR # # Use an NETFS-Style URL # BACKUP_DUPLICITY_NETFS_URL="cifs://backupserv/md0" # BACKUP_DUPLICITY_NETFS_OPTIONS="user=xxx,pass=xxx,vers=2.0" # # OR # # Provide a custom mount command # BACKUP_DUPLICITY_NETFS_MOUNTCMD="mount.cifs" # BACKUP_DUPLICITY_NETFS_UMOUNTCMD="umount" # # Value for duplicity Option '--full-if-older-than' # Duplicity will make a full backup if the latest full backup is older than the following variable. # Default = only do incremental backups: # BACKUP_DUPLICITY_FULL_IF_OLDER_THAN="" # # Value for duplicity action 'remove-older-than' # For format of time see the TIME FORMATS section at "man duplicity". # Default = do not remove old backups: # BACKUP_DUPLICITY_MAX_TIME="" # # To remove backups older than 2 months: # BACKUP_DUPLICITY_MAX_TIME="2M" # # Value for duplicity action 'remove-all-but-n-full' and 'remove-all-inc-of-but-n-full' # Default = do not remove old backups: # BACKUP_DUPLICITY_MAX_SETS="" # BACKUP_DUPLICITY_MAX_SETS_KEEP_FULL="" # # To only keep the last 3 sets: # BACKUP_DUPLICITY_MAX_SETS="3" # # To only keep the full backups of backup sets older than the 3 last sets, # but delete full backups older than 2 years: # BACKUP_DUPLICITY_MAX_SETS_KEEP_FULL="3" # BACKUP_DUPLICITY_MAX_TIME="2Y" # # GPG-KEY for encrypt backup (e.g. for backup-user): # BACKUP_DUPLICITY_GPG_OPTIONS="--cipher-algo AES" # BACKUP_DUPLICITY_GPG_ENC_KEY="" # BACKUP_DUPLICITY_GPG_ENC_PASSPHRASE="passphrase" # # To ask the passphrase on restore, set the following variable to true: # BACKUP_DUPLICITY_ASK_PASSPHRASE="true" # # GPG-KEY for sign backup (e.g. root-user): # BACKUP_DUPLICITY_GPG_SIGN_KEY="" # # Some extra options for duplicity, see "man duplicity": # BACKUP_DUPLICITY_OPTIONS="--volsize 100" # # On restore, Duplicity may temporarely need lots of space # (in worst case a bit more than the biggest file in the backup), # so by default an temporary directory will be created on the root filesystem # (and deleted afterwards). If that is not wanted (and you have enough RAM), # you can set the following variable to true to create a temporary ramdisk instead # which will also speed up restore a bit: # BACKUP_DUPLICITY_TEMP_RAMDISK="true" # # Directories not to backup # For mountpoints that are not in the backup to restore use DIRECTORY_ENTRIES_TO_RECOVER. # Mountpoints for proc (e.g. /proc and /var/lib/ntp/proc) # and /sys must be given- if not duplicity will fail: # BACKUP_DUPLICITY_EXCLUDE=( '/proc' '/sys' '/run' '/var/lib/ntp/proc' "$HOME/.cache" '/tmp' '/var/tmp' '/app' '/var/app' ) # # Evaluation of BACKUP_DUPLICITY_EXCLUDE # In older Versions of ReaR, BACKUP_DUPLICITY_EXCLUDE is evaluated by the shell and not by Duplicity itself. # Set the following variable to true to restore the old behavour: # BACKUP_DUPLICITY_EXCLUDE_EVALUATE_BY_SHELL="true" # # Mountpoints and directories to restore via DIRECTORY_ENTRIES_TO_RECOVER # if defined, used by restore/default/900_create_missing_directories.sh # #### #### # BACKUP=NETFS ## # NETFS is an internal backup method that saves the backup into a mounted directory. # This is usually a network share, but can also be used to create a backup to a local # disk (by providing your own BACKUP_MOUNTCMD and BACKUP_UMOUNTCMD commands that mount the # local disk. Please note that a backup to a local disk is not a disaster recovery backup. # # NETFS saves the system to a network file system. Supported are all filesystems that your # system can handle, for some exotic filesystems you might have to extend Relax-and-Recover # to correctly handle the URL or provide custom mount/umount commands. # # A BACKUP_URL backup target location is required for BACKUP=NETFS # cf. https://github.com/rear/rear/issues/1532#issuecomment-336810460 # so that it is an error to use BACKUP=NETFS without a BACKUP_URL. # # Prefix directory to create under the network filesystem share to store the NETFS backup. # By default NETFS_PREFIX is same as OUTPUT_PREFIX to store for example with BACKUP_PROG=tar the backup.tar.gz # at the same place where for example with OUTPUT=ISO the rescue/recovery system ISO image gets stored # in particular when OUTPUT_URL is not specified so OUTPUT_URL inherits the BACKUP_URL value: NETFS_PREFIX="$OUTPUT_PREFIX" # # Keep an older copy of the backup (mv $NETFS_PREFIX $NETFS_PREFIX.old before we copy the new version) # empty means only keep current backup: NETFS_KEEP_OLD_BACKUP_COPY= # # NETFS_RESTORE_CAPABILITIES is an array that contains those directories # where ReaR should save file capabilities via 'getcap -r' (during 'rear mkbackup') and # restore them for each file with file capabilities via 'setcap' (during 'rear recover'). # The special value NETFS_RESTORE_CAPABILITIES=( 'Yes' ) results that 'getcap -r /' # is used as fallback which could become unusable slow on systems with zillions of files # in particular when tons of stuff is mounted cf. https://github.com/rear/rear/issues/1283 # In this case one must explicitly specify on what directories 'getcap -r' should be run. # NETFS_RESTORE_CAPABILITIES should usually contain those directories that are in the backup. # The default NETFS_RESTORE_CAPABILITIES=( 'No' ) means that # the backup program should save and restore file capabilities # (e.g. 'tar' via '--xattr' that is used by default in ReaR). # For backup program that do not support to save and restore file capabilities # the user can manually specify NETFS_RESTORE_CAPABILITIES as a workaround # cf. https://github.com/rear/rear/issues/1175 # Furthermore BUILD_DIR (i.e. usually /tmp/rear.XXXXXXXXXXXXXXX cf. TMPDIR above) and # ISO_DIR are automatically excluded cf. rescue/NETFS/default/610_save_capabilities.sh NETFS_RESTORE_CAPABILITIES=( 'No' ) #### #### # BACKUP=RSYNC ## # RSYNC backup method uses rsync (using ssh or rsync) to make a backup to a remote network server. # RSYNC_PREFIX is the destination prefix directory to create on the remote network filesystem # where a 'backup' sub-directory will be created (default prefix is the short hostname): RSYNC_PREFIX="$HOSTNAME" # RSYNC_PROTOCOL_VERSION=29 when rsync version <3.0, or 30 for newer releases (is auto-detected, # but if you move from one rsync server to another it might become handy to known about this var) RSYNC_PROTOCOL_VERSION= # The BACKUP_URL contains the source or destination path of the remote rsync server (ssh, rsync protocol) # Note: please exchange the SSH keys to avoid password prompts # BACKUP_URL is mandatory with RSYNC # BACKUP_URL=rsync://[USER@]HOST[:PORT]/PATH # using ssh # BACKUP_URL=rsync://[USER@]HOST[:PORT]::/PATH # using rsync # # The default rsync options passed (more can/will be added according workflow) # You can use this variable to add your own options, e.g. # BACKUP_RSYNC_OPTIONS+=( --devices --acls ) BACKUP_RSYNC_OPTIONS=( --sparse --archive --hard-links --numeric-ids --stats ) #### #### # BACKUP=REQUESTRESTORE ## # This mode interrupts "rear recover" after formatting and mounting the filesystems # and expects the backup data was properly restored to continue "rear recover" # so you have to do something to restore your backup manually before continuing. # For example this mode could be used with servers that are saved with RBME (RSYNC BACKUP MADE EASY) # and the backup restore is done manually by pushing the files back via rsync/ssh. # The latter requires that SSH (in particular sshd) works in the ReaR recovery system. # For details see the restore/REQUESTRESTORE/default/200_prompt_user_to_start_restore.sh script. # # The text to display in order to prompt the user to restore the backup data: REQUESTRESTORE_TEXT="Now you must manually restore your backup. Ensure the backup data gets restored into $TARGET_FS_ROOT (instead of '/') because the disks and filesystems of the target system are mounted there. " # # This command is shown to the user and added to the predefined bash history # in the ReaR recovery system to make the manual backup restore easier: REQUESTRESTORE_COMMAND= # # Set the finished and abort files to enable non-interactive REQUESTRESTORE mode. # Without these variables, ReaR will prompt the user to continue with the recovery. # ReaR will wait for the finished file to appear and continue with the recovery, # or abort the recovery if the abort file appears. The content of the abort file is # shown and logged as abort reason. # Instead of the manual prompt ReaR will simply show an info message and the disk # usage of the target filesystems. REQUESTRESTORE_FINISHED_FILE=${REQUESTRESTORE_FINISHED_FILE:-} REQUESTRESTORE_ABORT_FILE=${REQUESTRESTORE_ABORT_FILE:-} #### #### # BACKUP=RBME ## # Restoring a RBME backup from NFS shares during "rear recover". # Making a RBME backup is not implemented in ReaR. # See https://github.com/schlomo/rbme how to make a RBME backup. # # During "rear recover" RBME shows a list of all available backups. # The special value 'latest' will automatically use the latest backup. RBME_BACKUP= # # Specify a RBME hostname that is not the system hostname. # Example: RBME_HOSTNAME="$HOSTNAME-bcp" RBME_HOSTNAME=$HOSTNAME #### #### # BACKUP=ZYPPER ## # It is not an usual file-based backup/restore method # where one gets the files of an old system back as they had been before. # This new kind of "backup" method does not work on files but on RPM packages # see https://github.com/rear/rear/issues/1085 # and https://hackweek.suse.com/15/projects/2242 # During "rear mkbackup" it will basically only save a list of installed RPM packages # into var/lib/rear/backup/ZYPPER/installed_RPM_packages and during "rear recover" it will basically # only install those RPM packages as pristine RPM packages from those zypper repositories # that are specified in ZYPPER_REPOSITORIES or in a var/lib/rear/backup/ZYPPER/zypper_repositories.repo file. # Any other files that should be restored (e.g. prepared config files or /home directories) # must be done by "Using Multiple Backups for Relax-and-Recover", see # doc/user-guide/11-multiple-backups.adoc ## # For each member zypper_repository in the ZYPPER_REPOSITORIES array the following command is called # zypper --root $TARGET_FS_ROOT addrepo $zypper_repository ... # which means each array member in ZYPPER_REPOSITORIES must be a valid zypper repository URI, # see what "zypper repos -u" shows as URI and what "zypper repos -e -" results and see "man zypper". # The by default empty ZYPPER_REPOSITORIES array means that during "rear mkbackup" the command # zypper repos --export var/lib/rear/backup/ZYPPER/zypper_repositories.repo # is run (var/lib/rear/backup/ZYPPER/zypper_repositories.repo gets included in the ReaR recovery system) and # when during "rear recover" in the ReaR recovery system /var/lib/rear/backup/ZYPPER/zypper_repositories.repo exists # zypper --root $TARGET_FS_ROOT addrepo --repo /var/lib/rear/backup/ZYPPER/zypper_repositories.repo # is run in the ReaR recovery system so that by default during "rear recover" the same # zypper repositories are used as in the original system. A precondition for that is # that during "rear recover" those zypper repositories are somehow "just accessible". # ReaR has nothing implemented to make zypper repositories accessible. # If that precondition is not fulfilled one must explicitly specify in /etc/rear/local.conf # the ZYPPER_REPOSITORIES array with appropriate valid zypper repository URI value(s) # that are "just accessible" during "rear recover". # Currently the above described automated zypper repositories usage is not implemented. # Te current default is to use a SUSE installation DVD in the first CDROM drive: ZYPPER_REPOSITORIES=( "cd:///?devices=/dev/sr0" ) # ZYPPER_INSTALL_RPMS specifies which kind of RPM packages are installed in which way for BACKUP=ZYPPER: # The by default empty ZYPPER_INSTALL_RPMS means that during "rear recover" # each RPM package that is installed on the original system gets re-installed on the target system # plus automatically all RPM packages that are required by the one that gets re-installed. # The list of all installed RPMs is stored during "rear mkbackup" by default in # var/lib/rear/backup/ZYPPER/installed_RPMs # With ZYPPER_INSTALL_RPMS="independent_RPMs" only those RPM packages that are not required # by other RPM packages on the original system get re-installed on the target system # plus all RPM packages that are required and recommended by the one that gets re-installed. # RPM packages that are not required by other RPMs are independently installed RPM packages. # The list of independently installed RPMs is stored during "rear mkbackup" by default in # var/lib/rear/backup/ZYPPER/independent_RPMs # Independently installed RPM packages are those that # either are intentionally installed by the admin (the ones that are really wanted) # or got unintentionally installed as recommended by other RPMs (those are perhaps needed) # or are no longer required after other RPMs had been removed (those are probably orphans): ZYPPER_INSTALL_RPMS="" # The COPY_AS_IS_ZYPPER array contains by default basically what # rpm -qc zypper ; rpm -ql libzypp | egrep -v 'locale|man' # shows (currently determined on openSUSE Leap 42.1) # plus the special /etc/products.d/baseproduct link and where to it points # and rpm because that is required by zypper/libzypp and # finally all kernel modules because otherwise modules like 'isofs' and some 'nls*' modules # that are needed to mount a iso9660 image (e.g. a SUSE installation medium in a CDROM drive) # are not available in the ReaR recovery system which can be a dead end for "rear recover": COPY_AS_IS_ZYPPER=( /etc/zypp '/etc/logrotate.d/zypp*' /usr/lib/zypp /usr/share/zypp /etc/products.d /usr/lib/rpm /lib/modules ) COPY_AS_IS_EXCLUDE_ZYPPER=() # The REQUIRED_PROGS_ZYPPER array contains by default # all zypper libzypp and libsolv-tools binaries - i.e. all what # rpm -ql zypper | grep bin ; rpm -ql libzypp | grep bin ; rpm -ql libsolv-tools | grep bin # shows (currently determined on openSUSE Leap 42.1) # and all rpm binaries because RPM is required by zypper/libzypp/libsolv-tools: REQUIRED_PROGS_ZYPPER=( zypper zypp-refresh installation_sources zypp-CheckAccessDeleted zypp-NameReqPrv appdata2solv comps2solv deltainfoxml2solv dumpsolv installcheck mergesolv repo2solv.sh repomdxml2solv rpmdb2solv rpmmd2solv rpms2solv susetags2solv testsolv updateinfoxml2solv rpm convertdb1 gendiff rpm2cpio rpmdb rpmgraph rpmkeys rpmqpack rpmquery rpmsign rpmspec rpmverify rcrpmconfigcheck ) # The PROGS_ZYPPER array is empty by default and inteded to contain additional useful programs # that are not strictly required in the ReaR recovery system to run "rear recover": PROGS_ZYPPER=() # ZYPPER_ROOT_PASSWORD specifies the initial root password in the target system for BACKUP=ZYPPER: # This initial root password should not be the actually intended root password # because its value is stored in usually insecure files (e.g. /etc/rear/local.conf) # which are included in the ReaR recovery system that is stored # in also usually insecure files (like ISO images e.g. rear-HOSTNAME.iso) # so that the actually intended root password for the target system # should be set manually by the admin after "rear recover". # As fallback "rear recover" sets 'root' as root password in the target system. # If SSH_ROOT_PASSWORD is specified it is used as root password in the target system # unless ZYPPER_ROOT_PASSWORD is specified which is used with highest priority: { ZYPPER_ROOT_PASSWORD='root' ; } 2>>/dev/$SECRET_OUTPUT_DEV # ZYPPER_NETWORK_SETUP_COMMANDS specifies the initial network setup in the target system for BACKUP=ZYPPER: # This initial network setup is only meant to make the target system # accessible from remote in a very basic way (e.g. for 'ssh'). # The actually intended network setup for the target system # should be done manually by the admin after "rear recover". # The by default empty ZYPPER_NETWORK_SETUP_COMMANDS array means # that during "rear recover" no network setup happens in the target system. # The ZYPPER_NETWORK_SETUP_COMMANDS array can be used for manual network setup for example like # ZYPPER_NETWORK_SETUP_COMMANDS=( 'ip addr add 192.168.100.2/24 dev eth0' 'ip link set dev eth0 up' 'ip route add default via 192.168.100.1' ) # where each command in ZYPPER_NETWORK_SETUP_COMMANDS is run during "rear recover" in the target system (via 'chroot'). # When one of the commands in ZYPPER_NETWORK_SETUP_COMMANDS is the special string 'NETWORKING_PREPARATION_COMMANDS' # the commands in NETWORKING_PREPARATION_COMMANDS (see below) are called inside the target system. # When one of the commands in ZYPPER_NETWORK_SETUP_COMMANDS is the special string 'YAST' # initial network setup in the target system happens by calling the hardcoded command # 'yast2 --ncurses lan add name=eth0 ethdevice=eth0 bootproto=dhcp' # if something else is needed an appropriate 'yast2' command can be manually specified. # ZYPPER_NETWORK_SETUP_COMMANDS can be used together with 'YAST' for additional manual network setup like # ZYPPER_NETWORK_SETUP_COMMANDS=( 'YAST' 'ip route add default via 192.168.100.1' 'systemctl enable sshd.service' ) ZYPPER_NETWORK_SETUP_COMMANDS=() # End of BACKUP=ZYPPER default setings. #### #### # BACKUP=YUM ## # This method is very similar to the ZYPPER method, above, but for systems that use the YUM package manager (RHEL, CentOS, etc) # Most options are the similar to, or the same as, the ZYPPER options. ## YUM_INSTALL_RPMS="" COPY_AS_IS_YUM=( '/etc/yum*' '/etc/logrotate.d/yum*' '/usr/bin/python*' '/bin/python*' /usr/lib/python2.7/site-packages/rpmUtils /usr/lib/python2.7/site-packages/yum /usr/lib/yum-plugins '/usr/share/bash-completion/completions/yum*' '/usr/share/doc/yum*' '/usr/share/yum*' '/var/lib/yum*' '/etc/rpm*' /usr/lib/rpm /usr/lib/tmpfiles.d/rpm.conf '/usr/share/bash-completion/completions/rpm*' '/usr/share/doc/rpm*' /lib/modules /usr/bin/urlgrabber /usr/libexec/urlgrabber-ext-down ) COPY_AS_IS_EXCLUDE_YUM=() REQUIRED_PROGS_YUM=( yum rpm rpm2cpio rpmdb rpmquery rpmverify chpasswd ) PROGS_YUM=() { YUM_ROOT_PASSWORD='root' ; } 2>>/dev/$SECRET_OUTPUT_DEV YUM_NETWORK_SETUP_COMMANDS=() YUM_EXCLUDE_PKGS=("") ## # This method has the ability to also create a backup archive of the files not provided by RPM # as well as those that have been provided by RPM but have been modified (configuration # files, customizations, etc). ## YUM_BACKUP_FILES=no ## # Should we build a comprehensive exclusion list for the backup? # Symlinks in file paths will cause excluded files from being excluded via the other path(s). # i.e. If /sbin/ifup is excluded, /usr/sbin/ifup will still be included due to the following link: # $ ls -ald /sbin # lrwxrwxrwx. 1 root root 8 Jun 15 2017 /sbin -> usr/sbin # A full, comprehensive exclusion list will find all paths to the excluded file, but takes longer. ## YUM_BACKUP_FILES_FULL_EXCL=no ## # This method can also capture the SELinux security contexts of every file on the source system # and reapply those contexts after the packages have been reinstalled (and the backups, if any, # have been extracted). ## YUM_BACKUP_SELINUX_CONTEXTS="no" ## # This method has the option of recreating the users and groups on the target system that are # present on the source system at the time that the backup is created. # # Valid options are: # RECREATE_USERS_GROUPS="no" # Users and groups are not recreated on the target system # RECREATE_USERS_GROUPS="yes" # Users and groups are recreated on the target system, but passwords are locked # RECREATE_USERS_GROUPS=("yes" "passwords") # Users and groups are recreated on the target system, including the passwords from the source system ## RECREATE_USERS_GROUPS="no" # End of BACKUP=YUM default setings. #### #### # BACKUP=VEEAM ## # ReaR support for Veeam Linux Agent Bare Metal Recovery (restore only) COPY_AS_IS_VEEAM=( /etc/veeam* /usr/bin/veeam* /usr/lib/veeam /usr/sbin/veeam* /usr/share/veeam /etc/bash_completion?d/veeam /usr/lib/systemd/system/veeamservice?service /lib/systemd/system/veeamservice?service /etc/systemd/system/veeam* ) REQUIRED_PROGS_VEEAM=( veeamconfig veeammount veeamservice dmidecode netcat ) # Hostname of the Veeam VBRServer from which we want to restore our data VEEAM_SERVER_HOSTNAME=${VEEAM_SERVER_HOSTNAME:-} # IP Address of our Veeam VBRServer VEEAM_IPADDR=${VEEAM_IPADDR:-} # Specify a username which has the role to register a host to the Veeam VBRServer (Veeam Restore Operator) VEEAM_USER="${VEEAM_USER:-}" # Password for the Veeam Restore Operator Role user to register { VEEAM_PASSWORD="${VEEAM_PASSWORD:-}" ; } 2>>/dev/$SECRET_OUTPUT_DEV # Domain is mainly used for Veeam VBR Server registration, joined to a windows active directory domain. If no domain is used, leave the field blank VEEAM_DOMAIN=${VEEAM_DOMAIN:-} # Backup ID to restore VEEAM_BACKUPID="${VEEAM_BACKUPID:-}" ## # End of BACKUP=VEEAM default setings. #### #### # BACKUP=EXTERNAL ## # Custom command backup setup. # In this mode your external program must do all what is needed in its own. # # The EXTERNAL_BACKUP EXTERNAL_RESTORE and EXTERNAL_CHECK commands # can be also defined as an array to better protect arguments with blanks. # Those EXTERNAL_* commands will be run inside eval like this: # eval "${EXTERNAL_BACKUP[@]}" # # In the example below we backup '/' via tar and ssh # to a file 'rear/backup.tar.gz' on a remote host 'backup_server'. # # Example command to backup the required data: # This example saves the data via SSH to a remote system called 'backup_server': # EXTERNAL_BACKUP="tar -c -l -z / | ssh backup_server 'cat >rear/backup.tar.gz'" # # Example command to restore the data (by default $TARGET_FS_ROOT is '/mnt/local'): # EXTERNAL_RESTORE="ssh backup_server cat rear/backup.tar.gz | tar -C $TARGET_FS_ROOT -x -z" # # When the backup command in EXTERNAL_BACKUP or the restore command in EXTERNAL_RESTORE # exits with a non-zero exit code that is listed in EXTERNAL_IGNORE_ERRORS # it will not let "rear mkbackup" or "rear recover" abort with an error # but only log a warning message. # This example could be useful when rsync is used in EXTERNAL_BACKUP or EXTERNAL_RESTORE # to ignore rsync partial transfer issues due to error or vanished source files: # EXTERNAL_IGNORE_ERRORS=( 23 24 ) # # Example command to verify the availability of the backup resource # before making the backup with "rear mkbackup" or "rear mkbackuponly". # It will be executed only if PING=1 (see below): # EXTERNAL_CHECK="ssh backup_server date >/dev/null" #### # Disable ping: # Some environments don't allow to ping the backup host, # even though the backup service is reachable e.g. in a DMZ. # Several backup methods check the backup host availability # when you enable ping tests by setting the PING variable # to any non-empty value (see 'Boolean variables' above). # Currently ping tests that check the PING variable # are implemented for those BACKUP=... methods: # BAREOS DUPLICITY EXTERNAL NETFS RSYNC GALAXY GALAXY7 GALAXY10 GALAXY11 NBU NSR TSM PING= #### # BACKUP_RESTORE_MOVE_AWAY # # Move away restored files or directories that should not have been restored: # # Do not confuse it with EXCLUDE_RESTORE in the EXCLUDES section below. # With EXCLUDE_RESTORE items are excluded during backup restore # where each particular backup method must explicitly implement support # for the EXCLUDE_RESTORE functionality (most do not support it). # In contrast BACKUP_RESTORE_MOVE_AWAY works generically # for any backup restore method. # # See https://github.com/rear/rear/issues/779 # # After backup restore ReaR should move away files or directories # that should not have been restored - mainly files or directories # that are created and maintained by system tools where # a restore from the backup results wrong/outdated # content that conflicts with the actual system. # # The generic traditional example of such a file was /etc/mtab. # As long as it was a regular file it must not have been restored # with outdated content from a backup. Nowadays it is a symbolic link # to /proc/self/mounts which should probably be restored to ensure # that link is available. # # ReaR will not remove any file (any user data is sacrosanct). # Instead ReaR moves those files away into a ReaR-specific directory # so that the admin can inspect that directory to see what ReaR thinks # should not have been restored: readonly BACKUP_RESTORE_MOVE_AWAY_DIRECTORY="$VAR_DIR/moved_away_after_backup_restore/" # # There is nothing hardcoded in the scripts. # Instead BACKUP_RESTORE_MOVE_AWAY_FILES is a documented list # that explains why each file or directory is moved away. # The BACKUP_RESTORE_MOVE_AWAY_FILES list is not readonly # so that it can be modified as needed by the scripts. # The items in the BACKUP_RESTORE_MOVE_AWAY_FILES list do not need to be only files. # Also a whole directory tree can be moved away (automatically recursively). # If an item in BACKUP_RESTORE_MOVE_AWAY_FILES is a directory only its content # is (recursively) removed but the original (empty) directory is kept because # the empty directory alone should not cause issues and usually only the content # is what results wrong/outdated content that conflicts with the actual system # or what is no longer needed after system recovery (e.g. content in /var/tmp # is probably no longer needed but the /var/tmp directory is still needed). # Already existing stuff in the BACKUP_RESTORE_MOVE_AWAY_DIRECTORY that would be (partially) # overwritten by the items in the BACKUP_RESTORE_MOVE_AWAY_FILES list is removed before # (because such stuff is considered as outdated leftover e.g. from a previous recovery) # but already existing stuff in the BACKUP_RESTORE_MOVE_AWAY_DIRECTORY that is not # in the curent BACKUP_RESTORE_MOVE_AWAY_FILES list is kept. # Example: # Probably stuff in the /var/tmp directory is not needed after a system recovery # and /etc/udev/rules.d/70-persistent-net.rules is created and maintained # by systemd/udev (see https://github.com/rear/rear/issues/770): # BACKUP_RESTORE_MOVE_AWAY_FILES=( /var/tmp /etc/udev/rules.d/70-persistent-net.rules ) # # Move away outdated information from previous boot via GRUB2 # to avoid a possible GRUB2 "error: invalid environment block." # cf. https://github.com/rear/rear/issues/1828 # GRUB2 can use /boot/grub/grubenv or /boot/grub2/grubenv # to remember a small amount of information from one boot to the next. # But on a by "rear recover" recreated system there is no such thing # as a meaningful previous boot (because "rear recover" recreates a system # by reinstalling it completely from scratch) so that there is no meaningful # use-case to remember any information from a possible previous boot, # cf. https://github.com/rear/rear/issues/1828#issuecomment-399050741 # Nevertheless that information from the last boot on the original system # could be still of interest for the user so that it is not deleted: BACKUP_RESTORE_MOVE_AWAY_FILES=( /boot/grub/grubenv /boot/grub2/grubenv ) #### #### # DIRECTORY_ENTRIES_TO_RECOVER # # Create still missing directories and symbolic links # after the backup was restored # (by the 900_create_missing_directories.sh script). # # For background information and reasoning see # https://github.com/rear/rear/issues/1455#issuecomment-324904017 # that reads: # Typical backup software assumes that the restore always happens # on top of a system that was installed the traditional way, # so that for the backup software it is safe to assume that # those directories are present. From the perspective # of the backup software there is therefore no need # to include such directories in a full backup. # Bottom line is, it is the duty of ReaR to make sure # that these special directories really do exist. # # By default a directories_permissions_owner_group file # (named $VAR_DIR/recovery/directories_permissions_owner_group) # is created by the 400_save_directories.sh script # that saves permissions, owner, group of basic directories # plus symbolic link names and targets of basic directories. # The basic directories are those that are currently used as mountpoints # plus the directories of the Filesystem Hierarchy Standard (FHS) # as listed at https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard # provided such a directory actually exists on the system # but mountpoints of mounted 'pseudofs' filesystems are # considered as unwanted "noise" and get excluded # (for details see the 400_save_directories.sh script). # # Via the DIRECTORY_ENTRIES_TO_RECOVER array additional directories # and symbolic links that should be created can be specified. # For each directory or symbolic link DIRECTORY_ENTRIES_TO_RECOVER # contains an array member which is a string that specifies # the directory or symbolic link with the following syntax: # A directory is specified as 'directory [ mode [ owner [ group ] ] ]' # where mode, owner, and group are optional in the following way: # When no mode is specified the default 'rwxr-xr-x root root' is used. # When owner should be specified also mode must be specified. # When no owner is specified the default 'root root' is used. # When group should be specified also mode and owner must be specified. # When owner is specified but no group then group is set same as the owner # so that this way e.g. 'lp lp' can be abbreviated to only 'lp'. # A symbolic link is specified as 'symlink_name -> symlink_target'. # Example: # DIRECTORY_ENTRIES_TO_RECOVER=( '/path/to/mytmpdir 1770 myowner mygroup' '/var/mytmpdir -> /path/to/mytmpdir' ) # By default the DIRECTORY_ENTRIES_TO_RECOVER array is empty: DIRECTORY_ENTRIES_TO_RECOVER=() #### #### # How to exclude something ----- EXCLUDES ------- # # You cannot exclude a device (e.g. /dev/sdg) directly. Instead you have to exclude everything # ON that device and then the dependency tracker will automatically exclude the device from the # recovery (because there won't be any recovery information for that "unnecessary" device). # # Furthermore, you have to exclude MD devices and LVM2 volume groups separately # as there is no automatic detection of these dependencies. # # Exclude filesystems by specifying their mountpoints. Will be automatically added to the # $BACKUP_PROG_EXCLUDE array during backup to prevent the excluded filesystems' data to # be backed up # examples: /tmp # /media/bigdisk EXCLUDE_MOUNTPOINTS=() # # Exclude MD devices # examples: /dev/md0 # /dev/md/0 EXCLUDE_MD=() # # Exclude LVM2 volume groups. This will automatically exclude also the creation of the # corresponding physical and logical volumes that belong to the excluded volume group. # You must also exclude the corresponding mountpoints in EXCLUDE_MOUNTPOINTS (see above) # otherwise "rear recover" would try to recreate the filesystems onto non-existing LVs. EXCLUDE_VG=() # # Exclude any component from the recovery image. # Some component types need a prefix: # - filesystems: "fs:/var/cache" # - physical volumes: "pv:/dev/sda2" # - swap: "swap:/dev/mapper/system-swap" # Volume groups look like: "/dev/system". # If in doubt about the correct syntax, consult /var/lib/rear/layout/disktodo.conf EXCLUDE_COMPONENTS=() # # Only include LVM2 volume groups - the opposite of EXCLUDE_VG (handy if you only want vg00 to be included) # EXCLUDE_VG and EXCLUDE_MOUNTPOINTS will get populated automatically, if needed # syntax : e.g. ONLY_INCLUDE_VG=( "vg00" "vg01" ) ONLY_INCLUDE_VG=() # # Automatically exclude disks that are not used by mounted filesystems AUTOEXCLUDE_DISKS=y # # Automatically exclude multipath disks and their dependent components AUTOEXCLUDE_MULTIPATH=y # # Automatically exclude automounter paths from the backup AUTOEXCLUDE_AUTOFS= # # Automatically exclude filesystems with mountpoints that are sub-directories # of the directories that are specified in the AUTOEXCLUDE_PATH array. # This is different from EXCLUDE_MOUNTPOINTS, which accepts only mountpoints. # Filesystems with mountpoints in the AUTOEXCLUDE_PATH array are not excluded. # For details see the layout/save/default/320_autoexclude.sh script. # For example a separate filesystem with mountpoint /mnt is not excluded # if AUTOEXCLUDE_PATH contains /mnt, but a separate filesystem /mnt/test is. # The AUTOEXCLUDE_PATH default /media /run[/media] /mnt and /tmp # intends to exclude temporarily mounted things (e.g. USB devices) # because mountpoints for temporarily mounted things are usually # sub-directories below /media /run[/media] /mnt and /tmp # see https://github.com/rear/rear/issues/2239 # Even if /tmp is a separate filesystem, the /tmp entry in AUTOEXCLUDE_PATH # does not cause files in the /tmp directory to be excluded from the backup # (except for files in filesystems mounted on directories below /tmp, if any). # Excluding files in the /tmp directory when an internal backup method is used # is achieved via a different default setting: # BACKUP_PROG_EXCLUDE=( '/tmp/*' ... ) above # so that /tmp filesystem will be recreated as an empty filesystem # cf. https://github.com/rear/rear/pull/2261 AUTOEXCLUDE_PATH=( /media /run /mnt /tmp ) # ## New Style include/excludes # Exclude components from being backed up, recreation information is active EXCLUDE_BACKUP=() # # Exclude components during component recreation # will be added to EXCLUDE_BACKUP (it is not backed up) # recreation information gathered, but commented out EXCLUDE_RECREATE=() # # Exclude components during the backup restore phase # Only used to exclude files from the restore. EXCLUDE_RESTORE=() # # Exclude block devices from being viable mapping options that can be selected # by the user during 'rear recover' (cf. layout/prepare/default/300_map_disks.sh). # The EXCLUDE_DEVICE_MAPPING array contains 'case' patterns that must match # the basename of block devices in the /sys/block/ directory: EXCLUDE_DEVICE_MAPPING=( 'loop*' 'ram*' 'zram*' ) # # Exclude RUNTIME_LOGFILE (useful for debugging) from initramfs EXCLUDE_RUNTIME_LOGFILE='no' #### #### # various warnings # # Warnings can be also disabled by unsetting these variables WARN_MISSING_VOL_ID=1 #### #### # enable/disable features # # To enable cfg2html, if present on the system, set to 'y', 'Y' or '1' USE_CFG2HTML= # The SKIP_CFG2HTML variable is no longer supported since ReaR 1.18 #### #### # IP addresses that are present on the system but must be excluded when # building the network configuration used in recovery mode; this is typically # used when floating IP addresses are used on the system EXCLUDE_IP_ADDRESSES=() # # Network interfaces that are present on the system but must be excluded when # building the network configuration used in recovery mode EXCLUDE_NETWORK_INTERFACES=() # # Simplify bonding setups by configuring always the first active device of a # bond, except when mode is 4 (IEEE 802.3ad policy) SIMPLIFY_BONDING=no # # Simplify bridge setups by configuring always the first active device of a bridge SIMPLIFY_BRIDGE=no # # Simplify team setups by configuring always the first active device of a team, # except when runner is 'lacp' (IEEE 802.3ad policy) SIMPLIFY_TEAMING=no ##### #### # Serial console support for the ReaR rescue/recovery system: # IA64 platforms require it and people need it when no VGA console is available. # By default there is serial console support in the ReaR recovery system # when 'getty' or 'agetty' and 'stty' can be found, # otherwise USE_SERIAL_CONSOLE is automatically set to 'no'. # When 'getty' or 'agetty' and 'stty' can be found # and there is a 'console=...' option in /proc/cmdline, # then USE_SERIAL_CONSOLE is automatically set to 'yes'. # With USE_SERIAL_CONSOLE="no" no serial console gets set up, # neither for the recovery system kernel nor for the recovery system bootloader. # With USE_SERIAL_CONSOLE="yes" plus appropriate SERIAL_CONSOLE_DEVICE... settings # serial consoles can be specified for the recovery system kernel and bootloader # for example when there is no 'console=...' option in /proc/cmdline # or when serial consoles for the recovery system kernel and bootloader # should differ from what 'console=...' options in /proc/cmdline tell. # By default (when empty) the automatism further described below is used: USE_SERIAL_CONSOLE= # # Devices to be used in general for serial console setup # unless explicitly specified via SERIAL_CONSOLE_DEVICES_KERNEL # or SERIAL_CONSOLE_DEVICE_SYSLINUX or SERIAL_CONSOLE_DEVICE_GRUB: # E.g. SERIAL_CONSOLE_DEVICES="/dev/ttyS0 /dev/ttyS1" SERIAL_CONSOLE_DEVICES= # # Serial consoles for the kernel of the recovery system # provided USE_SERIAL_CONSOLE is not 'no': # SERIAL_CONSOLE_DEVICES_KERNEL can be device nodes like "/dev/ttyS0 /dev/ttyS1" # or 'console=...' kernel parameters like "console=ttyS1,9600 console=tty0" or both like # SERIAL_CONSOLE_DEVICES_KERNEL="/dev/ttyS0 console=ttyS1,9600 console=tty0" # When SERIAL_CONSOLE_DEVICES_KERNEL is empty but SERIAL_CONSOLE_DEVICES is specified # then the specified SERIAL_CONSOLE_DEVICES are used for the kernel. # By default (when SERIAL_CONSOLE_DEVICES_KERNEL and SERIAL_CONSOLE_DEVICES are empty) # serial consoles get enabled for the recovery system kernel via COPY_KERNEL_PARAMETERS # for all 'console=...' options that are found in /proc/cmdline. SERIAL_CONSOLE_DEVICES_KERNEL= # # Serial console for SYSLINUX/EXTLINUX when it is used as bootloader for the recovery system # provided USE_SERIAL_CONSOLE is 'yes' (automatically with 'console=...' in /proc/cmdline): # SYSLINUX supports only one serial device (because the last SYSLINUX 'serial' directive wins). # The right /dev/ttyS* can be specified like SERIAL_CONSOLE_DEVICE_SYSLINUX="/dev/ttyS0" # or a whole SYSLINUX 'serial' directive can be specified e.g. for /dev/ttyS1 like # SERIAL_CONSOLE_DEVICE_SYSLINUX="serial 1 9600" # When SERIAL_CONSOLE_DEVICE_SYSLINUX is empty but SERIAL_CONSOLE_DEVICES is specified # then the first one of SERIAL_CONSOLE_DEVICES is used for SYSLINUX. # By default (when SERIAL_CONSOLE_DEVICE_SYSLINUX and SERIAL_CONSOLE_DEVICES are empty) # the devices of the 'console=...' options in /proc/cmdline # that exist as /dev/ttyS* or /dev/hvsi* character device nodes are used # (which excludes /dev/tty0 when there is 'console=tty0' in /proc/cmdline). SERIAL_CONSOLE_DEVICE_SYSLINUX= # # Serial console for GRUB when it is used as bootloader for the recovery system # provided USE_SERIAL_CONSOLE is 'yes' (automatically with 'console=...' in /proc/cmdline): # GRUB supports only one serial device (because the last GRUB 'serial' command wins). # The right /dev/ttyS* can be specified like SERIAL_CONSOLE_DEVICE_GRUB="/dev/ttyS0" # or a whole GRUB 'serial' command can be specified e.g. for /dev/ttyS1 like # SERIAL_CONSOLE_DEVICE_GRUB="serial --unit=1 --speed=9600" # When SERIAL_CONSOLE_DEVICE_GRUB is empty but SERIAL_CONSOLE_DEVICES is specified # then the first one of SERIAL_CONSOLE_DEVICES is used for GRUB. # By default (when SERIAL_CONSOLE_DEVICE_GRUB and SERIAL_CONSOLE_DEVICES are empty) # the devices of the 'console=...' options in /proc/cmdline # that exist as /dev/ttyS* or /dev/hvsi* character device nodes are used # (which excludes /dev/tty0 when there is 'console=tty0' in /proc/cmdline). SERIAL_CONSOLE_DEVICE_GRUB= # # Examples # (provided USE_SERIAL_CONSOLE is not 'no' # and 'getty' or 'agetty' and 'stty' can be found): # # Default behaviour # when there is no 'console=...' option in /proc/cmdline # then no serial console is set up for the recovery system. # # Default behaviour when there are for example # 'console=ttyS0,9600' and 'console=tty0' in /proc/cmdline # then 'console=ttyS0,9600' and 'console=tty0' # are used for the recovery system kernel # and only /dev/ttyS0 is used as serial console # for the recovery system bootloader (SYSLINUX or GRUB). # # On a headless machine without VGA card but with serial device /dev/ttyS0 # the kernel would choose /dev/ttyS0 as its console automatically # so no 'console=...' kernel option needs to be used and then the automatism described above # would not set up a console for the recovery system (in particular not for the bootloader). # In this case USE_SERIAL_CONSOLE="yes" and appropriate SERIAL_CONSOLE_DEVICE... settings # are needed to manually specify the right console setup for the recovery system. #### #### # Say "y", "Yes", etc, to enable or "n", "No" etc. # to disable the DHCP client protocol or leave empty to autodetect. # When enabled, lets the rescue/recovery system run dhclient to get an IP address # instead of using the same IP address as the original system: USE_DHCLIENT= # # Say "y", "Yes", etc, to enable static networking (overrules USE_DHCLIENT): USE_STATIC_NETWORKING= # # USE_RESOLV_CONF specifies what to use as /etc/resolv.conf in the recovery system: # Relax-and-Recover does no to replicate in the ReaR recovery system # whatever complicated DNS setup there is on the original system # (e.g. a local name server or a stub resolver like systemd-resolved). # By default in the recovery system a plain traditional /etc/resolv.conf file # with an entry of a remote 'nameserver DNS.server.IP.address' is needed. # For non-default cases the user must specify what he wants via USE_RESOLV_CONF # (e.g. to use a local name server that he manually starts in the recovery system). # With USE_RESOLV_CONF="no" (or any value that is recognized as 'no' by the is_false function) # there will be no /etc/resolv.conf file in the recovery system. # With USE_RESOLV_CONF="/path/to/file" that file on the original system will be copied # as /etc/resolv.conf in the recovery system provided the file exists and is non-empty. # Otherwise USE_RESOLV_CONF specifies the lines for /etc/resolv.conf in the recovery system # for example like USE_RESOLV_CONF=( "search my.domain" "nameserver 192.168.100.53" ) # The by default empty USE_RESOLV_CONF means that /etc/resolv.conf in the recovery system # is a copy of /etc/resolv.conf (or its symlink target) on the original system. # In case of static networking setup it would not work when /etc/resolv.conf # in the recovery system contains only loopback IP addresses or when there is # no nameserver entry so that "rear mkrescue/mkbackup" errors out in this case # unless USE_DHCLIENT is true (and USE_STATIC_NETWORKING is not also set to true). # USE_DHCLIENT is automatically true when a known 'dhclient' process is running # on the original system and then networking setup in the recovery system also # happens via DHCP (for details see see prep/GNU/Linux/210_include_dhclient.sh). # In this case during recovery system startup /etc/resolv.conf will be # generated by /bin/dhclient-script regardless what its content was before # (for details see usr/share/rear/build/GNU/Linux/630_verify_resolv_conf_file.sh): USE_RESOLV_CONF=() # # Commands to prepare network devices setup in the rescue/recovery system # provided the kernel command line does not contain the 'noip' parameter. # Each command is a quoted fixed string to get the commands separated from each other # as in NETWORKING_PREPARATION_COMMANDS=( 'first command' 'second command' ). # The commands in NETWORKING_PREPARATION_COMMANDS get copied at the beginning # of /etc/scripts/system-setup.d/60-network-devices.sh that is the main script # which runs while booting the rescue/recovery system to set up network devices. # The primary intent is to be able to specify special commands for special cases # as preparation so that the subsequent autogenerated network devices setup code # in the 60-network-devices.sh script can successfully set up network devices # (for details see usr/share/rear/rescue/GNU/Linux/310_network_devices.sh). # But NETWORKING_PREPARATION_COMMANDS is not limited to its primary intent. # For example it can also be used to set up networking completely manually in the rescue/recovery system via something like # NETWORKING_PREPARATION_COMMANDS=( 'ip addr add 192.168.100.2/24 dev eth0' 'ip link set dev eth0 up' 'ip route add default via 192.168.100.1' 'return' ) # where the last command lets the 60-network-devices.sh script directly return # so that the subsequent autogenerated network devices setup code will not be run. # The by default empty NETWORKING_PREPARATION_COMMANDS means the 60-network-devices.sh script # is autogenerated according to the network devices setup in the currently running system # i.e. the default is an automated network devices setup in the rescue/recovery system # that should match the network devices setup in the currently running system: NETWORKING_PREPARATION_COMMANDS=() #### #### # GRUB_RESCUE [ GRUB_RESCUE_USER ] # # Add a ReaR rescue/recovery system to the bootloader of the currently running system. # With BIOS a ReaR rescue system is added to the GRUB/GRUB2 bootloader of the currently running system. # With UEFI a ReaR rescue system is added to the EFI boot manager of the currently running system. # UEFI is only supported with GRUB2. GRUB_RESCUE with UEFI and GRUB is not supported. # It adds kernel and ReaR initrd to the bootloader directory in the currently running system. # It adds a 'Relax-and-Recover' boot entry to boot that locally installed ReaR rescue system. # With BIOS a 'Relax-and-Recover' boot entry is added to the GRUB/GRUB2 bootloader menu. # With UEFI a 'Relax-and-Recover' boot entry is added to the EFI boot manager. # With UEFI there is no 'Relax-and-Recover' boot entry in the GRUB2 bootloader menu # (cf. https://github.com/rear/rear/pull/954 and https://github.com/rear/rear/issues/2545). # Note that GRUB_RESCUE is the only functionality where "rear mkbackup" or "rear mkrescue" # changes the currently running system. It changes the currently running system even # in a critical way because it changes the bootloader of the currently running system. # The main reason for the GRUB_RESCUE functionality is to be quickly able to recover a system # from soft errors (like deleting all of /lib/) without digging out the ReaR recovery boot medium. # When booting that locally installed ReaR recovery system it does the same as when booting # the ReaR recovery system from an external ReaR boot medium - i.e. "rear recover" replaces the # whole current system with a recreated system where all files are restored from the backup. # To be on the safe side the GRUB_RESCUE functionality is disabled by default: GRUB_RESCUE=n # Optional password protection via GRUB_RESCUE_USER only works for GRUB2 with BIOS. # GRUB_RESCUE_USER is not supported for UEFI (cf. https://github.com/rear/rear/pull/954). # GRUB2 password protection requires an existing GRUB2 user with a password. # If the GRUB_RESCUE functionality is enabled (e.g. via GRUB_RESCUE=y in /etc/rear/local.conf) # a non-empty GRUB_RESCUE_USER can be optionally set to get GRUB2 password protection # for the 'Relax-and-Recover' GRUB2 menu entry. # When GRUB_RESCUE_USER is non-empty it must specify an already configured GRUB2 user # except the special value 'unrestricted' is set via GRUB_RESCUE_USER="unrestricted" # which creates the 'Relax-and-Recover' GRUB2 menu entry so that it can be booted by anyone # which means anyone who can boot the currently running system can replace it via "rear recover". # When GRUB_RESCUE_USER is empty ReaR does not do a GRUB2 user related setup # so that the already existing GRUB2 users configuration determines # which users can boot the 'Relax-and-Recover' GRUB2 menu entry. # Usually this means anyone can boot 'Relax-and-Recover' which means anyone # who can boot the currently running system can replace it via "rear recover". GRUB_RESCUE_USER="" # The former GRUB2 superuser setup support in ReaR via GRUB_SUPERUSER is dropped and # also the former GRUB2 password setup support in ReaR via GRUB_RESCUE_PASSWORD is dropped. # Both kind of setup can change the behaviour of the GRUB2 bootloader as a whole in unexpected ways # but ReaR is not meant to change the general GRUB2 configuration of the currently running system. # It works by default reasonably backward compatible when formerly a GRUB_SUPERUSER was used # which means a GRUB2 superuser was set up by ReaR in /etc/grub.d/01_users with GRUB_RESCUE_PASSWORD # so that the empty GRUB_RESCUE_USER results that the 'Relax-and-Recover' GRUB2 menu entry # can only be booted by the formerly set GRUB_SUPERUSER with the formerly set GRUB_RESCUE_PASSWORD. # For background information see https://github.com/rear/rear/pull/942 # and https://github.com/rear/rear/issues/703 # starting at https://github.com/rear/rear/issues/703#issuecomment-235506494 #### # REBUILD_INITRAMFS # Whether or not the initramfs/initrd should be rebuild during "rear recover" # in the recreated system. # The default REBUILD_INITRAMFS="yes" rebuilds the initramfs/initrd in any case # to be on the safe side because ReaR cannot check/verify all possible reasons # why the initramfs/initrd may have to be rebuild in the recreated system. # In special cases the user can explicitly skip rebuilding the initramfs/initrd in any case # via REBUILD_INITRAMFS="no" (or any value that is recognized as 'no' by the is_false function) # which usually means the initramfs/initrd that was restored form the backup gets used "as is" # but that can lead to errors later when booting the recreated system. # An empty value REBUILD_INITRAMFS="" (or any value that is neither recognized as 'yes' # by the is_true function nor as 'no' by the is_false function) specifies the old behaviour # where "rear recover" rebuilds the initrd/initramfs only if some storage drivers changed # (cf. 260_storage_drivers.sh and 260_recovery_storage_drivers.sh) but in general # that is insufficient (there are other reasons why the initramfs/initrd must be rebuild) # see https://github.com/rear/rear/issues/1321 REBUILD_INITRAMFS="yes" # BOOTLOADER # What kind of bootloader is used on the original system # (i.e. the bootloader that should be reinstalled during "rear recover"). # The by default empty BOOTLOADER means that ReaR will try to autodetect # what bootloader is used on the original system. # Specifying BOOTLOADER is only meant so that the user can if needed # (in particular when the bootloader autodetection fails for him) # enforce ReaR to set up during "rear recover" one of its supported bootloaders # (i.e. one of what is listed in layout/save/default/450_check_bootloader_files.sh). # What is currently listed in layout/save/default/450_check_bootloader_files.sh # is: GRUB2-EFI EFI GRUB2 GRUB ELILO LILO PPC ARM ARM-ALLWINNER ZIPL # - ARM is a dummy that does nothing, as on Raspberry Pi and most TI devices you just need # to include the first FAT partition (with the MLO or bootcode.bin) in your backup # - ARM-ALLWINNER is for Allwinner devices and will backup and restore the 2nd stage bootloader # With an unknown or unsupported bootloader value setting ReaR would fail: BOOTLOADER="" # GRUB2_INSTALL_DEVICES # When GRUB2 is used as bootloader GRUB2_INSTALL_DEVICES is a string of devices # where GRUB2 should be installed like GRUB2_INSTALL_DEVICES="/dev/sda /dev/sdb". # When GRUB2_INSTALL_DEVICES is specified, GRUB2 will be installed # on each grub2_install_device in GRUB2_INSTALL_DEVICES via a command like # chroot /mnt/local /bin/bash --login -c "grub2-install $grub2_install_device" # Careful when you use more than one disk like /dev/sda for the system # plus a USB disk /dev/sdb for the ReaR recovery system and the backup. # The two disk devices may get interchanged on the replacement hardware # so that during "rear recover" /dev/sda could be the USB disk. # In this case GRUB2_INSTALL_DEVICES="/dev/sda" would install GRUB2 # with the system's GRUB2 configuration on the USB disk which would # overwrite/destroy the ReaR recovery system bootloader. # In MIGRATION_MODE disk mappings (in var/lib/rear/layout/disk_mappings) # are applied when devices in GRUB2_INSTALL_DEVICES match so that enforcing # MIGRATION_MODE helps to avoid that GRUB2 gets installed on a wrong disk # when more than one disk is used. # When GRUB2 is used on POWER architecture e.g. on PPC64 or PPC64LE # the GRUB2_INSTALL_DEVICES have to be PPC PReP partition(s). # On POWER architecture the OpenFirmware is configured to read # the ELF image embedded in the PReP partition (like how the MBR # is used by PC-BIOS to embed boot code). # When GRUB2_INSTALL_DEVICES is not specified, ReaR tries to automatically determine # where to install GRUB2 but then the bootloader installation could get wrong. # For details see the finalize/Linux-i386/660_install_grub2.sh script. GRUB2_INSTALL_DEVICES="${GRUB2_INSTALL_DEVICES:-}" #### # GRUB2_MODULES_UEFI_LOAD # List of modules that will be included into Grub2 based UEFI boot loader (the core image). # When empty ReaR will use the defaults of grub-mkstandalone # (a reasonable set of default modules), and add modules needed to access /boot # and /boot/efi, if applicable. # More modules can be installed into the Grub2 standalone image ramdisk without # being included in the core image, see GRUB2_MODULES_UEFI. # This variable currently applies when building GRUB2 boot loader for UEFI in two scenarios: # 1. UEFI boot without secure boot (SECURE_BOOT_BOOTLOADER="") # and / or # 2. UEFI boot with GRUB_RESCUE="y" # Incorrect use of this variable can lead to an unusable ReaR recovery system. # When you specify it, verify that your ReaR recovery system works. GRUB2_MODULES_UEFI_LOAD=() # # GRUB2_MODULES_UEFI # List of modules that will be installed into Grub2 based UEFI boot loader ramdisk. # Those will not be preloaded in the core image, but will be available for autoloading # or manual loading via insmod. # When empty ReaR will use the defaults of grub-mkstandalone # (install all modules in the standalone image ramdisk) # This variable currently applies in the same scenarios as GRUB2_MODULES_UEFI_LOAD. # Incorrect use of this variable can lead to an unusable ReaR recovery system. # When you specify it, verify that your ReaR recovery system works. GRUB2_MODULES_UEFI=() # # GRUB2_DEFAULT_BOOT # The default GRUB2 menu entry to boot # when GRUB2 is used as bootloader for the ReaR recovery system. # Valid values are (see the create_grub2_cfg function in lib/bootloader-functions.sh): # rear : Relax-and-Recover (BIOS or UEFI without Secure Boot) # Relax-and-Recover (BIOS or UEFI in legacy BIOS mode) # rear_secure_boot : Relax-and-Recover (UEFI and Secure Boot) # chainloader : Boot next EFI # Boot from second disk hd1 (usually the original system disk) # reboot : Reboot # exit : Exit to EFI shell # Exit (possibly continue bootchain) GRUB2_DEFAULT_BOOT="chainloader" # # GRUB2_TIMEOUT # The timeout in seconds to automatically boot GRUB2_DEFAULT_BOOT # when GRUB2 is used as bootloader for the ReaR recovery system. GRUB2_TIMEOUT="$USER_INPUT_TIMEOUT" # # GRUB2_SET_ROOT_COMMAND # GRUB2_SEARCH_ROOT_COMMAND # Incorrect use of those variables can lead to an unusable ReaR recovery system. # When you specify one of them, verify that your ReaR recovery system works. # GRUB2_SET_ROOT_COMMAND is a GRUB2 command to set the 'root' device in GRUB2. # For example to set the first CDROM device to be used as 'root' device in GRUB2 use # GRUB2_SET_ROOT_COMMAND="set root=cd0" # GRUB2_SEARCH_ROOT_COMMAND is a GRUB2 command to let GRUB2 search for its 'root' device. # For example USB EFI booting may need a different search string than the default like # GRUB2_SEARCH_ROOT_COMMAND="search --no-floppy --set=root --label REAR-EFI" # cf. the script output/USB/Linux-i386/100_create_efiboot.sh # Other examples of a different setup could be like # GRUB2_SEARCH_ROOT_COMMAND="search --no-floppy --set=root --label REAR-EFI --hint hd0,msdos1" # or # GRUB2_SEARCH_ROOT_COMMAND="search --no-floppy --set=root --file /EFI/BOOT/BOOTX64.efi" # When both GRUB2_SET_ROOT_COMMAND and GRUB2_SEARCH_ROOT_COMMAND are specified # then GRUB2_SET_ROOT_COMMAND is done before GRUB2_SEARCH_ROOT_COMMAND # so GRUB2_SET_ROOT_COMMAND sets a default 'root' device and # then GRUB2 searches for a 'root' device via GRUB2_SEARCH_ROOT_COMMAND # which is used if one is found - otherwise the default 'root' device is used as fallback. GRUB2_SET_ROOT_COMMAND="" GRUB2_SEARCH_ROOT_COMMAND="" #### #### # # USING_UEFI_BOOTLOADER # # UEFI (Secure booting) support is partly available in ReaR (at least for Fedora, RHEL) # SLES, openSUSE do not work out of the box due to issues with making an UEFI bootable ISO image. # SLES, openSUSE need the additional tool 'ebiso' to make an UEFI bootable ISO image # (via ISO_MKISOFS_BIN=/usr/bin/ebiso - see the ISO_MKISOFS_BIN variable above). # The next variable can explitly specify whether or not an UEFI bootloader should be used: # USING_UEFI_BOOTLOADER= means let ReaR try to find it out by itself (default) # USING_UEFI_BOOTLOADER=0 means we do not want UEFI capable ISO and no efi tools in ReaR image # USING_UEFI_BOOTLOADER=1 means we want UEFI ISO image and all efi tools to recreate the secure boot # instead of '0' also any value that is recognized as 'no' by the is_false function can be used # instead of '1' also any value that is recognized as 'yes' by the is_true function can be used USING_UEFI_BOOTLOADER= # # UEFI_BOOTLOADER # # When a filename (with path) is specified in UEFI_BOOTLOADER in /etc/rear/local.conf # this file is used as UEFI bootloader provided it is a regular file, # for example UEFI_BOOTLOADER="/boot/efi/grub.efi". # Alternatively or additionally one can specify UEFI_BOOTLOADER as a single string # or as an array of filename globbing patterns that are used as '-iname' arguments # for 'find' calls to find a UEFI bootloader file in the /boot directory, for example # like UEFI_BOOTLOADER="elilo.efi" or UEFI_BOOTLOADER=( 'grub*.efi' 'boot*.efi' '*.efi' ) # where the first filename pattern that results a regular file is used as UEFI bootloader. # When both a file (with path) and filename globbing patterns are specified # as UEFI_BOOTLOADER array, the first array member must be the filename # like UEFI_BOOTLOADER=( '/boot/efi/grub.efi' 'grub*.efi' '*.efi' ) # where the first match that results a regular file is used as UEFI bootloader. # The by default empty UEFI_BOOTLOADER means that ReaR will try to autodetect # what to use as UEFI bootloader. First ReaR tries to find a 'well known file' # and then ReaR autodetects from EFI variables in /sys/firmware/efi/vars # or /sys/firmware/efi/efivars what to use as UEFI bootloader. UEFI_BOOTLOADER="" # # SECURE_BOOT_BOOTLOADER # # When using Secure Boot specify the full path of the Secure Boot bootloader. # For example: SECURE_BOOT_BOOTLOADER="/boot/efi/EFI/BOOT/shim.efi" # SECURE_BOOT_BOOTLOADER overrides UEFI_BOOTLOADER. # Normally Shim is the only used Secure Boot bootloader. # For a technical description of Shim see https://mjg59.dreamwidth.org/19448.html # Shim is a first stage bootloader that loads and executes a second stage bootloader # which normally is GRUB that is usually available as a grub*.efi file. # When Shim is used, its second stage bootloader can be actually anything # named grub*.efi (second stage bootloader is Shim compile time option) # so when for example SECURE_BOOT_BOOTLOADER="/boot/efi/EFI/BOOT/shim.efi" is specified # then all /boot/efi/EFI/BOOT/grub*.efi files are made available as second stage bootloader. # For more details see the output/ISO/Linux-i386/250_populate_efibootimg.sh script. SECURE_BOOT_BOOTLOADER="" # # Some backup tools cannot store vfat filesystems and therefore also cannot # restore the EFI System Partition (ESP) that must be a vfat filesystem. # For those, ReaR can backup and restore the ESP via the rescue image. # However, this is not recommended to do by default as the rescue image # could be older than the latest backup and the restored ESP could be # outdated or incompatible with the restored system. We enable this automatically # only for problematic backup software that cannot store vfat filesystems. RESTORE_ESP_FROM_RESCUE_SYSTEM=no #### #### # EFI_STUB # Enforce EFISTUB booting. # If enabled and OS is currently using some boot loader (Grub, Grub2, elilo, ...), restored # system will be using EFISTUB. # Should original OS be setup with EFISTUB, there will be no change in boot loader setup. # ReaR will trigger some basic check if kernel currently used, is EFISTUB capable and will # end with error if EFISTUB support is not available in detected Linux kernel. EFI_STUB="no" # # Full path to Systemd boot loader that will be used to boot ReaR rescue system. OUTPUT_EFISTUB_SYSTEMD_BOOTLOADER="/usr/lib/systemd/boot/efi/systemd-bootx64.efi" # # Options passed to efibootmgr --unicode ... # E.g. EFI_STUB_EFIBOOTMGR_ARGS="initrd=initramfs-linux.img root=/dev/sda2" EFI_STUB_EFIBOOTMGR_ARGS= ### # REAR_INITRD_COMPRESSION # What compression to use when creating the initramfs/initrd for the ReaR rescue/recovery system. # By default and also as fallback an initrd.cgz with gzip default compression is created. # The default is known to work well in practice. # The ReaR rescue/recovery system initrd is loaded by various bootloaders (normally syslinux). # Usually any bootloader should be able to load any initrd file but then # the initrd must be usable by the kernel which means a specially compressed initrd # may not always work, in particular not with older kernels. # When booting on ppc64 with the yaboot bootloader the initrd must be less than 32MB (or 32MiB?) # so that in this case the lzma compression could be even required # see https://github.com/rear/rear/issues/1142 # In genaral a smaller initrd is loaded faster by the ReaR rescue/recovery system bootloader # so that a small initrd could make the whole system recovery a bit faster. # With REAR_INITRD_COMPRESSION="fast" # an initrd.cgz with gzip --fast compression is created (fast creating but less compression). # With REAR_INITRD_COMPRESSION="best" # an initrd.cgz with gzip --best compression is created (best gzip compression but slower creating). # With REAR_INITRD_COMPRESSION="lzma" # an initrd.xz with xz using the lzma compression is created (very best compression but very slow). # With REAR_INITRD_COMPRESSION="lz4" # an initrd.lz4 with lz4 default -1 compression is created (fast speed but less compression). # An initrd.xz with lzma or lz4 compression may not work in this or that case. # An initrd.xz with lzma or lz4 compression is known not to work together with DRLM prior to version 2.1.1 # see https://github.com/rear/rear/pull/1182#issuecomment-275423441 # but at least lzma compression works with DRLM since version 2.1.1 # see https://github.com/rear/rear/pull/1182#issuecomment-282252770 REAR_INITRD_COMPRESSION="" ## # USE_RAMDISK # # Configure rescue system to create and pivot to a ramdisk instead of initramfs. # # This is required by some backup software that wants to check for actually available disk space. # Examples are: GALAXY11 # # Set to 'true' (or any value that is recognized as 'yes' by the is_true function) # to use a ramdisk with default size (usually 50% of physical RAM, see 'size' in "man tmpfs"). # Set to a number to use a ramdisk with available free disk space in MiB. # This will probably crash if you don't have enough physical memory # for the ReaR recovery system (minimum about 250 MiB up to more than 1 GiB) # plus the specified available free disk space, see KEEP_BUILD_DIR how to check # the ReaR recovery system content in $TMPDIR/rear.XXXXXXXXXXXXXXX/rootfs/ # # Example: USE_RAMDISK=1500 to create a ramdisk with 1500MiB free space including the ReaR rescue image USE_RAMDISK="no" #### # advanced handling of Relax-and-Recover result (boot image) ## # Relax-and-Recover can do something with the resulting files, here we say what: # # The list of resulting files that make up the DR environment. # RESULT_FILES array elements get added as needed by various scripts. # For example such an automatically added RESULT_FILES array element # is the bootable ISO image of the ReaR rescue/recovery system. # The resulting files will get copied to the output location # specified via OUTPUT_URL (or inherited from BACKUP_URL). # Initially this array is empty, but a user could specify additional files: RESULT_FILES=() # # we can send a mail with the resulting files. We even support multiple recipients, # each array variable is one recipient. When you set this variable to a value without # using an array, it will still work. RESULT_MAILTO=() # # set the sender, your local sendmail will expand this to a FQDN if you don't # supply a full name here. RESULT_MAILFROM=root # # set the subject to empty here, later script will fill in our default RESULT_MAILSUBJECT= # # path to your sendmail RESULT_SENDMAIL="$( type -p sendmail || echo /usr/lib/sendmail )" # # extra sendmail options. On my system -t makes sendmail read the recipients # from the mail headers # Use array to properly handle args with spaces ("some arg") RESULT_SENDMAIL_OPTIONS=( -oi -t ) #### #### # ia64 specific stuff # # full path to elilo.efi file. Leave empty to use automatic search for it ELILO_BIN= #### #### # Custom scripts # # The scripts can be defined as an array to better handle spaces in parameters. # The scripts are called like this: # eval "${PRE_RECOVERY_SCRIPT[@]}" # # Alternatively, commands can be executed by using the corresponding # PRE_RECOVERY_COMMANDS and POST_RECOVERY_COMMANDS array variables # which evaluate like this: # for command in "${PRE_RECOVERY_COMMANDS[@]}" ; do # eval "$command" # done # # Using PRE_RECOVERY_COMMANDS and POST_RECOVERY_COMMANDS # is simpler when multiple commands should be executed. # For example, # PRE_RECOVERY_SCRIPT=( 'echo Hello' ';' 'sleep 3' ) # can be rewritten as # PRE_RECOVERY_COMMANDS=( 'echo Hello' 'sleep 3' ) # or # PRE_RECOVERY_COMMANDS=( 'echo Hello' ) # PRE_RECOVERY_COMMANDS+=( 'sleep 3' ) # # Those get called at the very beginning of "rear recover". # The PRE_RECOVERY_COMMANDS are called directly before the PRE_RECOVERY_SCRIPT. # Nothing was recreated and you have only the plain ReaR rescue/recovery system: PRE_RECOVERY_COMMANDS=() PRE_RECOVERY_SCRIPT= # # Those get called at the very end of "rear recover". # The POST_RECOVERY_COMMANDS are called directly after the POST_RECOVERY_SCRIPT. # Use $TARGET_FS_ROOT (by default '/mnt/local') to access the recreated target system. POST_RECOVERY_SCRIPT= POST_RECOVERY_COMMANDS=() # # PRE_BACKUP_SCRIPT and POST_BACKUP_SCRIPT are called at the beginning and # at the end of the backup part in the mkbackup/mkbackuponly workflow like this: # eval "${PRE_BACKUP_SCRIPT[@]}" # # For example: # When a database is running on a filesystem which is included in the backup # you may need to stop a database service before backup via PRE_BACKUP_SCRIPT # and restart it after the backup was done via POST_BACKUP_SCRIPT. # In case of an error exit during backup and provided PRE_BACKUP_SCRIPT is set, # ReaR will run the POST_BACKUP_SCRIPT as exit task (via ReaR's EXIT_TASKS array). # This prevents that the database remains stopped in case of an error exit during backup # which also means the database is active after there was an error exit during backup # when the POST_BACKUP_SCRIPT restarts the database unconditioned. # When only POST_BACKUP_SCRIPT is set without a PRE_BACKUP_SCRIPT # then POST_BACKUP_SCRIPT is not run in case of an error exit during backup. # POST_BACKUP_SCRIPT is run if there is some error but no error exit during backup. # # Called at the beginning of the backup part in the mkbackup/mkbackuponly workflow: PRE_BACKUP_SCRIPT= # # Called at the end of the backup part in the mkbackup/mkbackuponly workflow: POST_BACKUP_SCRIPT= #### #### # RECOVERY_COMMANDS # RECOVERY_COMMANDS_LABEL # # The RECOVERY_COMMANDS array specifies the "rear recover" commands # that are automatically called after the ReaR recovery system has started up # to recreate the system in 'auto_recover'/'automatic' or 'unattended' mode. # The RECOVERY_COMMANDS are evaluated and run this way: # for command in "${RECOVERY_COMMANDS[@]}" ; do # eval "$command" # done # The RECOVERY_COMMANDS succeeded when the last command succeeded. # For details see the [skel/default]/etc/scripts/system-setup script. # The 'rear_options' variable is automatically set by this system-setup script. # The default 'rear_options' value is '-v' for verbose mode. # When the recovery system is booted with the 'debug' kernel command line option # (which runs the recovery system setup scripts with 'set -x') # the 'rear_options' value is accordingly '-D' for debugscript mode. # In 'unattended' mode the 'rear_options' value is additionally '--non-interactive'. # Normally a single command "rear -v recover" is called to recreate the system # (single quotes avoid that $rear_options is evaluated here where it is not set): RECOVERY_COMMANDS=( 'rear $rear_options recover' ) # For special cases RECOVERY_COMMANDS could be used for example # to call additional commands before "rear recover" is called. # # The RECOVERY_COMMANDS_LABEL string (some meaningful user info) specifies # what is shown to the user when the RECOVERY_COMMANDS will be run: RECOVERY_COMMANDS_LABEL='rear recover' #### #### # REBOOT_COMMANDS # REBOOT_COMMANDS_LABEL # # The REBOOT_COMMANDS array specifies the commands # that are called after "rear recover" or RECOVERY_COMMANDS succeeded # when "rear recover" is run in 'auto_recover'/'automatic' or 'unattended' mode. # The REBOOT_COMMANDS are evaluated and run this way: # for command in "${REBOOT_COMMANDS[@]}" ; do # eval "$command" # done # For details see the [skel/default]/etc/scripts/system-setup script. # Normally a single command 'reboot' is called to reboot the recreated system: REBOOT_COMMANDS=( 'reboot' ) # But in unattended mode an automated 'reboot' call could lead to an endless loop # when the ReaR recovery system is booted by default by the BIOS # so that "rear recover" and 'reboot' would run automatically in an endless loop. # In this case REBOOT_COMMANDS=( 'poweroff' ) could be the right way # to get an as much as possible automated recovery via the unattended mode # with 'poweroff' after successful "rear recover" to be able to remove # the ReaR recovery system medium before booting the recreated system # so no login into the ReaR recovery system is needed. # For special cases more than a single command can be called, # in particular when additional commands are neded to prepare the reboot # for example on machines with more sophisticated firmware one may need # some complicated dance with firmware settings before rebooting, # cf. https://github.com/rear/rear/pull/3070#issuecomment-1802901263 # # The REBOOT_COMMANDS_LABEL string (normally a single meaningful word) specifies # what is shown to the user when the REBOOT_COMMANDS will be run # which is by default to reboot the recreated system: REBOOT_COMMANDS_LABEL="Reboot" #### # Some external backup software request user input # (e.g. to enter paths to exclude or date and time values for point in time restore). # We use here the same default timeout as USER_INPUT_TIMEOUT was set above # because also this timeout here interrupts a possibly ongoing user input # (in particular when the bash builtin 'read -t timeout' is used) # see the above explanation where USER_INPUT_TIMEOUT is set. WAIT_SECS="${WAIT_SECS:-$USER_INPUT_TIMEOUT}" # To force adding multipath related executables # so a recovered system would be able to boot via SAN disks only # instead of the internal ones (no success guaranteed although). # E.g. in case the destination has no internal disks. # making the variable (y,Y,1) to enable BOOT_OVER_SAN= # ReaR default certificates location. ReaR will use it to store its required certificates. # If used with '--capath $REAR_CAPATH' curl option (see: man curl) the following commands # must be executed: # cd $REAR_CAPATH # for file in *.crt *.pem; do ln -sf $file `openssl x509 -hash -noout -in $file`.0; done # If '--cacert $REAR_CAPATH/certname.crt' curl option (see: man curl) is used # there is no need to rehash. # See http://stackoverflow.com/questions/9879688/difference-between-cacert-and-capath-in-curl REAR_CAPATH="/etc/rear/cert" #### # DRLM (Disaster Recovery Linux Manager) Variables # # Specify if ReaR is managed from DRLM (y/n) [ default (n) ]. DRLM_MANAGED=n # # Specify the DRLM certificate location. # DRLM can provide the certificate with it's 'instclient' workflow or you can get it from # /etc/drlm/cert/*.crt on a DRLM server. # By default is defined with '--capath' curl option (see: man curl). # Take care on using (-k|--insecure) only use it on trusted networks. # DRLM use a RESTful API and in future more REST required options could be added. DRLM_REST_OPTS="--capath $REAR_CAPATH" # # Specify DRLM Server name or ip address. # This name must be the same as defined in CN of the certificate (DRLM server hostname by default). # If is not possible because you're using other DRLM server for recovery or system migration, # get the certificate from the new DRLM server or use (-k or --insecure) on DRLM_REST_OPTS. DRLM_SERVER="" # # Specify DRLM Client name. # The hostname is used by default, but must be set to the DRLM client name if is different. # The client hostname is the recommended but not mandatory. DRLM_ID="$HOSTNAME" # # DRLM_REST_OPTS, DRLM_SERVER and DRLM_ID variables can be changed # in /etc/rear/local.conf and also can be updated at runtime. # e.g. # rear recover SERVER=1.1.1.1 REST_OPTS="-k" ID=client01 #### #### # Using deprecated features # # Some features, e.g. support for very old and EOL backup software, # can get deprecated if we - the ReaR maintainers - essentially # would like to get rid of that code but don't know if and how # the code is used by users "out there". To help with this process # features and code paths will be first set to "deprecated", causing # a ReaR mkrescue or mkbackup to fail with a clear error message and # a call to action to open a GitHub issue and explain why this should # not be deprecated - or when or under which conditions it can be # deprecated. # # Every deprecation has a keyword which can be added to the # DISABLE_DEPRECATION_ERRORS Bash array to override the deprecation # error and continue to use the code. # # Users who sete this without talking to the ReaR project over GitHub # run the risk that the code in question will be removed in a future ReaR # release. DISABLE_DEPRECATION_ERRORS=() #### # Include a Python interpreter # # default is false, can be set to enable finding a Python interpreter or to # specify the path to the Python binary to use PYTHON_INTERPRETER=false # set to true to include only the Python interpreter without any dist or site packages PYTHON_MINIMAL=false