All of our offsite backups use duplicity. Most, but not all, are encrypted using GPG.
If a backup fails then then start by looking at any output captured by cron and sent to the “machine email” list. This is linked from the Nagios alert under “extra actions”.
To proceed further you will need to know a few things which you can
determine either from the job configuration in Puppet or by listing
crontabs for users, eg.
sudo crontab -lu govuk-backup:
- the user that the backup normally runs as, eg.
- the script that is run, eg.
- the destination for the backup, eg.
- the archive directory used as a local cache, eg.
Start by checking the status of the destination to see what backups succeeded recently:
sudo -iu <user> duplicity collection-status --archive-dir <archive_directory> <destination>
You can try running the backup again manually. This may take some time
so it’s recommended to use
sudo -iu <user> /var/spool/duplicity/<script>
You can look for output of the backup jobs in the “machine email plat1”
google group. If the log contains the line
"Warning, found the following orphaned backup files then try running
sudo -iugovuk-backup duplicity cleanup <destination> --no-encryption --force