Sign in Subscribe
backup

Veeam-Backup with SFTP

Panda

3 min read
Veeam-Backup with SFTP
Photo by Denny Müller / Unsplash

In a previous post I already wrote about how to create a backup with veeam to an FTP-server. However, I have encountered problems with the mounpoint in the past.
Unfortunately the server loses the connection to the remote SFTP-server and the password has to be re-entered. To avoid this I came across the script function in Veeam. There I have the possibility to execute a script before running the backup job.

So in this post I make use of the function in the hope that the backups will run by itselves and reliably in the future.

To do this, we open nano and copy the following script into it:

sudo nano /home/root/scripts/pre-job.sh

#!/bin/bash

# Set variables for SFTP server
SFTP_SERVER="access850302744.webspace-data.io"
SFTP_USER="u1670643807"
SFTP_PASSWORD=$(cat ~/.ssh/sftp_secret)

# Set log file path
LOG_FILE="/var/log/veeam-sftp-mount.log"

# Set variables for mount point
MOUNT_POINT="/mnt/backup/backup-ftp/"

# Check if the mount point already exists
if [ ! -d $MOUNT_POINT ]; then
  # Create the mount point if it doesn't exist
  mkdir $MOUNT_POINT
fi

# Mount the SFTP server using SSHFS
echo "$(date '+%Y-%m-%d %H:%M:%S') - Mounting SFTP server at $SFTP_SERVER" | tee -a $LOG_FILE
echo "$SFTP_PASSWORD" | sshfs -o allow_other,uid=$(id -u),gid=$(id -g) $SFTP_USER@$SFTP_SERVER:/ $MOUNT_POINT -o password_stdin

if [ $? -eq 0 ]; then
  echo "$(date '+%Y-%m-%d %H:%M:%S') - Successfully mounted SFTP server at $MOUNT_POINT" | tee -a $LOG_FILE
else
  echo "$(date '+%Y-%m-%d %H:%M:%S') - Failed to mount SFTP server at $MOUNT_POINT" | tee -a $LOG_FILE
  exit 1
fi
pre-job.sh

Copy this script with your parameters into a pre-job.sh file and save it to the location of your choice. In my case it was "/root/home/scripts". In the script itself there is a check if the mountpoint already exists and is active. If not, then the mount will be created again. The script will also write logs to the LOG_FILE path.

For security reasons don't save your SFTP password inside the script itself. That's why I use this:

sudo nano ~/.ssh/sftp_secret
Create sftp_secret file to store your password

Inside "sftp_secret" save your sftp password for your sftp connection:

YOURPASSWORD
Don't use " here

Keep in mind, that veeam is using the service-user "veeam" in the users group "veeam" which needs permissions to execute the scripts otherwise the scripts will fail and give you a warning. This might depend on where you've created the script files.

chmod -R g+rwx /home/root/scripts/
chgrp -R veeam /home/root/scripts/

Now we need a post-job-script to unmount the sftp mount from our system. I kept getting problems with only the pre-job-script because veeam or linux seem to randomly close the mount by itself.

sudo nano /home/root/scripts/post-job.sh
#!/bin/bash

# Set variables for mount point
MOUNT_POINT="/mnt/backup/ionos-backup-ftp/"

# Set log file path
LOG_FILE="/var/log/veeam-sftp-mount.log"

# Unmount the SFTP server
echo "$(date '+%Y-%m-%d %H:%M:%S') - Unmounting SFTP server from $MOUNT_POINT" | tee -a $LOG_FILE
fusermount -u $MOUNT_POINT

if [ $? -eq 0 ]; then
  echo "$(date '+%Y-%m-%d %H:%M:%S') - Successfully unmounted SFTP server from $MOUNT_POINT" | tee -a $LOG_FILE
else
  echo "$(date '+%Y-%m-%d %H:%M:%S') - Failed to unmount SFTP server from $MOUNT_POINT" | tee -a $LOG_FILE
  exit 1
fi
post-job.sh

Then you create a new backup job via cli because the veeam setup might won't let you create a new job when the destination path is on the same drive, even though you excluded the specific mountpoint.

First we need a new backup-repository for this:

veeamconfig repository create --name "SFTP" --location /mnt/backup/your-mount

After that we create a new backup-job:

veeamconfig job create filelevel --name "sftp-backup" --reponame "SFTP" --includedirs /etc,/home,/media,/opt,/root,/usr,/var --prejob "/home/root/scripts/pre-job.sh" --postjob "/home/root/scripts/post-job.sh" --daily --at 04:00

This command creates a file-level backup with the name "sftp-backup" in our recently created repository "SFTP" and includes the folders "/etc,/home,/media,/opt,/root,/usr,/var". Additionally, a pre-job and post-job is run with the scripts we created earlier. The backup is started every day at 4:00 am. You maybe get a warning about the destination path but it will still work, but not if configured in the veeam setup.

All future modifications to the job must be done via cli, otherwise you will get an error. For example: If you want to exclude some directories afterwards you can modify your backup-job like this:

veeamconfig job edit filelevel --excludedirs /home/root/mnt-0,/home/root/mnt-1/ for --name sftp-backup

Modify the command as it suits you. More info from veeam itself here.

Sign up for more like this.

Enter your email
Subscribe