Hello.
I want to share a script for $ subj. Perhaps someone will be useful.
Task setting: there are a number of EC2 servers in AWS scattered across different regions. It is required to automate their backups so that recovery is easy and fast.
Actually, the script itself:
ec2-automate-backup2ami.shDescription:
README.mdScript wrapper for
cron launch:
ec2-backup-wrapper.sh')
For the script to work, you must first:
- Install the ec2-api-tools package (I have version 1.6.7.3)
- Edit the wrapper script, specifying the path to ec2-automate-backup2ami.sh and to the log file
- Create a separate user in AWS IAM for backups and assign him a similar policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1389911824000", "Effect": "Allow", "Action": [ "ec2:CreateImage", "ec2:CreateSnapshot", "ec2:CreateTags", "ec2:DeleteSnapshot", "ec2:DeregisterImage", "ec2:DescribeRegions", "ec2:DescribeSnapshotAttribute", "ec2:ModifySnapshotAttribute", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes" ], "Resource": [ "*" ] } ] }
- Create a file with access parameters for the created user:
[ec2-user@zenoss ~]$ cat .stage export AWS_ACCESS_KEY=access_key export AWS_SECRET_KEY=secret_key export AWS_ACCESS_KEY_ID=access_key export AWS_SECRET_ACCESS_KEY=secret_key
- Specify EC2_HOME
- Mark each instance that requires backup with a Backup tag with a value of true
The Krontab looks something like this:
[ec2-user@backup ~]$ crontab -l PATH=$PATH:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin EC2_HOME=/usr/local SHELL=/bin/bash 00 2 * * * ./ec2-backup-wrapper.sh stage "alerts1@mydomain.cc alerts2@mydomain.cc"
The result of the script is written to the log file type ec2-automate-backup2ami.stage.log. In case of a runtime error, it will be sent to the specified email addresses.
It is worth paying attention that the file with parameters is called
. stage, and the script is called with a name without a dot.
After successful execution, an image with the name ec2ab_server.domain.cc_YYYY-MM-DD will appear in AWS AMI with the following tags:
- Name - EC2 instance name
- InitiatingHost - FQDN backup server
- PurgeAfterFE - date of image removal in unix time format
- PurgeAfter - the date of image removal in the format YYYY-MM-DD (only for the convenience of the administrator, the script uses PurgeAfterFE)
- PurgeAllow - allows automatic deletion of the image (true by default)
- Instance - EC2 Instance ID
- Created - the date the image was created in the format YYYY-MM-DD
PS The script is based on
ec2-automate-backup (backup EBS-disks, without iteration by region) from
colinbjohnson , for which many thanks to him!
PPS Perhaps, the script will work incorrectly under Mac OS / X (see the fourth line in the get_purge_after_date () function), but I have no opportunity to check it.
PPPS Before creating snapshots, the script does not flush the file system buffers, so the backup may be inconsistent. To create consistent snapshots, use
ec2-consistent-snapshot.UPD Added the ability to automatically copy the images created in the process of backup AMI to other regions. To enable this option, you must specify the
-y option in the script launch command line, and add the corresponding tag to the instance settings. The region is selected before creating backups at random from all possible ones or from the list specified on the command line with the
-o key (space separator). In other words, all copies will fall into one region within one script run.
For example:
/usr/local/bin/ec2-automate-backup2ami.sh -s tag -t "Backup=true" -k 14d -p -h -u -n -y "CopyRegion=true" -o "us-west-1 eu-west-1"
In the given example script:
- zabekapit all instances that have a Backup tag with a value of true (-s, -t)
- will remove backups created more than 13 days ago (-k, -p)
- will add to the backup various informational tags (-h, -u, -n)
- will copy all backups into one of the two of the two listed at the start of the script (-y, -o)
The list of region names can be obtained using the
ec2-describe-regions command.
After copying, a
CopyRegion tag will be added to the original AMI with a value corresponding to the region where it was copied. And to the copied AMI -
SourceRegion tag, defining the source region.