Mini Shell
# conf/default.conf
# Relax-and-Recover default configuration.
# This file is part of Relax-and-Recover, licensed under the GNU General
# Public License. Refer to the included COPYING for full text of license.
#
# Here we define and describe all configuration variables and set them to a default.
#
# Do not change them here. Set them in your site.conf or local.conf file as needed.
#
# Many variables are bash arrays that should be set carefully.
# Use VAR=() to set an empty array.
# Use VAR+=( 'value' ) to append a fixed value to an array.
# Use VAR+=( "$var" ) to append a variable value to an array.
# Whether or not the latter case works as intended depends on when and
# how "$var" is set and evaluated by the Relax-and-Recover scripts.
# Be careful with values that are globbing patterns (cf. COPY_AS_IS below).
# Globbing patterns should not be quoted like VAR+=( /directory/* )
# when for globbing patterns bash pathname expansion is intended
# in contrast to quoted globbing patterns like VAR+=( '/directory/*' )
# where bash pathname expansion would usually not happen.
# In general using ${VAR[*]} is problematic and
# using ${VAR[@]} without double-quotes is also problematic
# so to prepend to an array use VAR=( 'prepend_value' "${VAR[@]}" )
# see 'Arrays' in "man bash" and for some examples see
# https://github.com/rear/rear/issues/1068
#
# Most variables can be set to an empty value VAR= which means that this
# setting is off or set to some automatic mode.
#
# Boolean variables can be set to anything as we only check whether the variable
# is not empty so that both VAR=yes and VAR=no evaluate to boolean 'true'.
# To set a boolean variable to 'false' set it to an empty value.
#
# Some variables have ternary semantics:
# - explicit true value like True T true t Yes Y yes y 1
# - explicit false value like False F false f No N no n 0
# - unset or empty or a value that is neither a true value nor a false value
# (see the is_true and is_false functions in lib/global-functions.sh).
#
# In case of doubt inspect the scripts how exactly a particular variable works.
##
# TMPDIR
#
# Relax-and-Recover needs a (temporary) working area where it builds in particular
# the rescue/recovery system ISO image (and perhaps even stores the backup archive).
# The directory name of the working area is created in /usr/sbin/rear by calling
# mktemp -d -t rear.XXXXXXXXXXXXXXX
# which usually results /tmp/rear.XXXXXXXXXXXXXXX or $TMPDIR/rear.XXXXXXXXXXXXXXX
# the latter when the canonical Linux/Unix environment variable TMPDIR
# is set in the environment where /usr/sbin/rear is called.
# To have a specific working area directory prefix for Relax-and-Recover call
# export TMPDIR="/prefix/for/rear/working/directory"
# before calling 'rear' (/prefix/for/rear/working/directory must already exist).
# This is useful for example when there is not sufficient free space
# in /var/tmp or $TMPDIR for the ISO image or even the backup archive.
# TMPDIR cannot be set to a default value here unconditionally but only
# if it is not set before calling the program, otherwise /usr/sbin/rear
# would not work in compliance with the Linux/Unix standards regarding TMPDIR
# see https://github.com/rear/rear/issues/968
# The default is /var/tmp instead of the more usual /tmp (the system default),
# because /tmp is not intended for such large amounts of data that ReaR usually
# produces when creating the image (see file-hierarchy(7)). In particular,
# /tmp can be a tmpfs, and thus restricted by the available RAM/swap.
export TMPDIR="${TMPDIR-/var/tmp}"
##
# ROOT_HOME_DIR
#
# According to the Filesystem Hierarchy Standard
# the home directory for the root user has to be '/root'
# cf. https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
# but you may set it as needed like ROOT_HOME_DIR=~root
# ~root is not included into double (or single) quotes so it can be
# later expanded to actual root home directory.
ROOT_HOME_DIR=~root
# You can override autodetection and specify the kernel for the rescue/recovery system:
KERNEL_FILE=""
# The kernel configuration is used to collect the kernel binary and modules.
# It can be set to a different version (e.g. to create a UP rescue media on a SMP system):
KERNEL_VERSION="${KERNEL_VERSION:-$( uname -r )}"
# You can add arbitrary kernel command line parameters when booting the rescue/recovery system
# as you need it (e.g. things like 'console=...' see USE_SERIAL_CONSOLE below).
# Additionally Relax-and-Recover supports some special kernel command line parameters like
# - 'debug'
# Starts all init-scripts (in /etc/scripts/system-setup.d/ in the rescue/recovery system)
# in debug mode (via 'set -x') and asks for confirmation before it runs each init-script.
# - 'auto_recover' or 'automatic'
# Launch rear recover automatically (without automated reboot).
# Together with debug it runs rear recover in debug mode.
# - 'unattended'
# Launch rear recover automatically as with auto_recover
# plus automated reboot after successful rear recover.
# - 'ip=...' 'nm=...' 'netdev=...' 'gw=...'
# If IP address plus optionally netmask (default 255.255.255.0),
# network device (default eth0), and a default gateway are specified
# only that single network device is set up.
# Example: ip=192.168.100.2 nm=255.255.255.0 netdev=eth0 gw=192.168.100.1
# - 'noip'
# Prevents initialization of the networking configuration which is useful when
# you want to do the networking configuration manually in the rescue/recovery system
# e.g. to prevent the rescue/recovery system to use same IP address as the original system
# but for the latter using USE_DHCLIENT="yes" (see below) is probably easier.
# See also the 'RESCUE IMAGE KERNEL COMMAND LINE OPTIONS' section in the ReaR man page ("man rear"):
KERNEL_CMDLINE=""
# The COPY_KERNEL_PARAMETERS array lists kernel parameter that should be part of the KERNEL_CMDLINE (in rescue image)
# if present on the current system (/proc/cmdline).
# COPY_KERNEL_PARAMETERS should only store kernel parameter key, not the value (ex: net.ifnames but not net.ifnames=0)
# If the key-value kernel parameter is already set in KERNEL_CMDLINE variable it will always superseed
# the one detected on the current system (if any).
# - Check net.ifnames and biosdevname kernel parameter as it may impact the network interface name during recovery/migration.
COPY_KERNEL_PARAMETERS=( 'net.ifnames' 'biosdevname' )
# These variables are used to include arch/os/version specific stuff:
# machine architecture, OS independent
REAL_MACHINE="$( uname -m )"
case "$REAL_MACHINE" in
(x86_64|i686|i586)
# all these behave exactly like i386. For 64bit we took care to handle the
# special cases within the 32bit scripts to prevent code duplication
MACHINE=i386
;;
(arm*|aarch*)
MACHINE=arm
;;
(s390*)
MACHINE=s390
;;
(*)
MACHINE=$REAL_MACHINE
esac
# Architecture, e.g. Linux-i386
ARCH="$( uname -s )-$MACHINE" 2>>/dev/null
REAL_ARCH="$( uname -s )-$REAL_MACHINE" 2>>/dev/null
# Short hostname
HOSTNAME="$( hostname -s 2>/dev/null || uname -n | cut -d. -f1 )"
# Logfile name
# NOTE: This may not be dynamic, else deal with .bash_history in rescue system
LOGFILE="$LOG_DIR/rear-$HOSTNAME.log"
# Operating System, e.g. GNU/Linux
OS="$( uname -o )"
# Vendors are SUSE, Red Hat, Debian, Ubuntu, etc.
# as returned by lsb_release -i -s
OS_VENDOR=generic
# Versions are 9.0, 10, 12.2, etc.
# as returned by lsb_release -r -s
OS_VERSION=none
# Only with OS_VENDOR=generic and OS_VERSION=none
# the OS_VENDOR and OS_VERSION variables are automatically
# determined and set (via the above lsb_release calls).
# Setting OS_VENDOR or OS_VERSION to invalid or unsupported values
# results undefined behaviour for things that depend on those variables.
# If on your system the above lsb_release calls result values
# that are not yet supported by ReaR you may specify appropriate
# supported values that could make it work even for your system.
# See the SetOSVendorAndVersion function in the config-functions.sh script.
# Keep the build area after we are done (ternary).
# Useful to inspect the ReaR recovery system content in $TMPDIR/rear.XXXXXXXXXXXXXXX/rootfs/
# directly without the need to extract it from the initramfs/initrd in the ISO image.
# Set to "y", "Yes", etc. to always keep the build area, to "n", "No", etc. to never keep it.
# KEEP_BUILD_DIR is automatically set to true in debug mode (-d) and in debugscript mode (-D).
# In addition to true (or any value that is recognized as 'yes' by the is_true function)
# and false (or any value that is recognized as 'no' by the is_false function)
# it can be set to several special values:
# - 'errors' to obtain the old behaviour where KEEP_BUILD_DIR was always set to true
# to keep the build area when errors in the ReaR recovery system were detected.
# - empty (KEEP_BUILD_DIR="") which means that the build area will be kept on errors
# if running interactively (in a terminal) but not otherwise to avoid cluttering
# TMPDIR (see above) by cron or other automated jobs in case of errors.
KEEP_BUILD_DIR=""
# No default workflows. This variable is filled in where the workflows are defined
# without the empty string as initial value WORKFLOWS and LOCKLESS_WORKFLOWS would
# be unbound variables that would result an error exit if 'set -eu' is used:
WORKFLOWS=("")
# Allow some workflows to not lock and use a separate logfile named 'LOGFILE.lockless'.
# The LOCKLESS_WORKFLOWS array gets filled during runtime as needed by the various
# usr/share/rear/lib/WORKFLOW-workflow.sh scripts. Currently the following workflows
# add themselves to the LOCKLESS_WORKFLOWS array: checklayout dump help
# To make setting the right logfile name working in usr/sbin/rear
# the lockless workflows must also be predefined here (cf. usr/sbin/rear):
LOCKLESS_WORKFLOWS=( 'checklayout' 'dump' 'help' )
# SIMULTANEOUS_RUNNABLE_WORKFLOWS are also allowed to run simultaneously
# but cannot use LOGFILE.lockless as the LOCKLESS_WORKFLOWS.
# Instead the SIMULTANEOUS_RUNNABLE_WORKFLOWS get a LOGFILE with PID
# because simultaneously runnable workflows require unique logfile names
# so that the PID is interposed in the LOGFILE value from default.conf above,
# i.e. by default SIMULTANEOUS_RUNNABLE_WORKFLOWS use during runtime
# a logfile named /var/log/rear/rear-$HOSTNAME.$$.log that gets
# at the end copied to a final possibly used-defined LOGFILE,
# see /usr/sbin/rear and https://github.com/rear/rear/issues/1102
SIMULTANEOUS_RUNNABLE_WORKFLOWS=( 'mkbackuponly' 'restoreonly' )
##
# MESSAGE_PREFIX
#
# Get messages of Relax-and-Recover output functions prefixed with ${MESSAGE_PREFIX}.
# Other output (e.g. from programs that are called) is not prefixed.
# By default MESSAGE_PREFIX is empty but the user can set it e.g. to MESSAGE_PREFIX="$$: "
# to get ReaR messages prefixed with the PID of the running 'rear' main program which is
# basically a requirement when workflows are run simultaneously to get distinguishable
# messages (cf. SIMULTANEOUS_RUNNABLE_WORKFLOWS)
MESSAGE_PREFIX=""
##
# PROGRESS_MODE
#
# How progress messages are shown (cf. lib/progresssubsystem.nosh).
# PROGRESS_MODE can be "ANSI" (default/fallback) or "plain".
# When there is a tty on stdout messages via the progress subsystem
# are by default shown with ANSI escape sequences so that all
# subsequent progress messages appear on one same line.
# With PROGRESS_MODE="plain" the progress subsystem outputs the same
# messages as in "ANSI" mode but without ANSI escape sequences.
# PROGRESS_MODE="plain" is basically a requirement when workflows
# are run simultaneously (cf. SIMULTANEOUS_RUNNABLE_WORKFLOWS) because
# otherwise the progress messages from simultaneously running workflows
# would mix up on one same line which results illegible and meaningless
# output on the terminal
PROGRESS_MODE="ANSI"
##
# PROGRESS_WAIT_SECONDS
#
# The number of seconds between subsequent progress messages that are output
# via the progress subsystem while a longer task (usually backup or restore) runs.
# The default/fallback is 1 second. Setting e.g. PROGRESS_WAIT_SECONDS="5" can be
# used to get less progress messages on the terminal but at the same time it delays
# continuing after the task (e.g. backup or restore) had finished by half that time
# on average up to at most the whole amount of PROGRESS_WAIT_SECONDS
PROGRESS_WAIT_SECONDS="1"
##
# Relax-and-Recover UserInput function default behaviour
#
# see the UserInput function decription in
# usr/share/rear/lib/_input-output-functions.sh
#
# USER_INPUT_TIMEOUT
# USER_INPUT_INTERRUPT_TIMEOUT
# USER_INPUT_PROMPT
# USER_INPUT_MAX_CHARS
# USER_INPUT_user_input_ID
#
# USER_INPUT_TIMEOUT specifies the default timeout in seconds
# after that UserInput() automatically proceeds with a default value.
# That timeout interrupts a possibly ongoing user input
# (same as the timeout of the 'read' bash builtin).
# The UserInput timeout must be sufficiently long for the user
# to read and understand the possibly unexpected UserInput() message
# and then some more time to make a decision whether or not
# the default action ("just proceed") is actually the right one
# in his particular case and finally even more time to enter
# his particular input when the default is not the right one.
# USER_INPUT_TIMEOUT is set to a default value here only
# if not already set so that the user can set it also like
# export USER_INPUT_TIMEOUT=30
# directly before he calls "rear ...":
test "$USER_INPUT_TIMEOUT" || USER_INPUT_TIMEOUT=300
#
# USER_INPUT_INTERRUPT_TIMEOUT specifies the default timeout in seconds
# for how long UserInput() waits for the user to interrupt an automated input
# when a predefined input value is specified for a particular UserInput() call
# via a matching USER_INPUT_user_input_ID variable (see below).
# The minimum waiting time to interrupt an automated input is one second.
# The default is 10 seconds to give the user a better chance to recognize
# an automated input and be able to actually hit a key to interrupt.
# USER_INPUT_INTERRUPT_TIMEOUT is set to a default value here only
# if not already set so that the user can set it also like
# export USER_INPUT_INTERRUPT_TIMEOUT=5
# directly before he calls "rear ...":
test "$USER_INPUT_INTERRUPT_TIMEOUT" || USER_INPUT_INTERRUPT_TIMEOUT=10
#
# USER_INPUT_PROMPT specifies the default prompt text that is shown
# if no prompt was specified for a particular UserInput() call.
# USER_INPUT_PROMPT is set to a default value here only
# if not already set so that the user can set it also like
# export USER_INPUT_PROMPT="$HOSTNAME input"
# directly before he calls "rear ...":
test "$USER_INPUT_PROMPT" || USER_INPUT_PROMPT='enter your input'
#
# USER_INPUT_MAX_CHARS specifies the default maximum characters until
# the UserInput function truncates further input and returns.
# With the default USER_INPUT_MAX_CHARS=0 input is not truncated and it
# also makes correcting the input possible (before [Enter] is pressed)
# cf. https://github.com/rear/rear/issues/2622
# USER_INPUT_MAX_CHARS is set to a default value here only
# if not already set so that the user can set it also like
# export USER_INPUT_MAX_CHARS=200
# directly before he calls "rear ...":
test "$USER_INPUT_MAX_CHARS" || USER_INPUT_MAX_CHARS=0
#
# USER_INPUT_user_input_ID variables can be used to predefine automated
# input for UserInput() calls with the matching user_input_ID value.
# Each UserInput() call has a specific user_input_ID that is shown
# when ReaR is run in debug mode (via the '-d' command line option).
# For example "rear -d recover" may show something like:
# UserInput -I LAYOUT_MIGRATION_CONFIRM_MAPPINGS needed ...
# Confirm or edit the disk mapping
# 1) Confirm disk mapping and continue 'rear recover'
# 2) Edit disk mapping (/var/lib/rear/layout/disk_mappings)
# 3) Use Relax-and-Recover shell and return back to here
# 4) Abort 'rear recover'
# (default '1' timeout 300 seconds)
# In this case one can specify a predefined input in local.conf like
# USER_INPUT_LAYOUT_MIGRATION_CONFIRM_MAPPINGS=2
# or directly on command line before running "rear recover" like
# export USER_INPUT_LAYOUT_MIGRATION_CONFIRM_MAPPINGS=2
# The user_input_ID that is shown 'LAYOUT_MIGRATION_CONFIRM_MAPPINGS'
# must be appended to a USER_INPUT_ variable prefix to get the right
# USER_INPUT_LAYOUT_MIGRATION_CONFIRM_MAPPINGS variable name.
# Then the "Edit disk mapping" choice will be selected automatically.
# In this case the USER_INPUT_INTERRUPT_TIMEOUT is crucial because
# otherwise one would be caught in an endless "Edit disk mapping" loop.
# Default backup and output targets:
BACKUP=REQUESTRESTORE
OUTPUT=ISO
# Default cdrom size in MB (probably it is actually MiB?):
CDROM_SIZE=20
# The CHECK_CONFIG_FILES array lists files where changes
# require the ReaR rescue/recovery system to be recreated.
# Testing whether or not those files changed is implemented in the checklayout workflow
# which exits with non-zero exit code when the disk layout or those files changed
# (cf. https://github.com/rear/rear/issues/1134) but the checklayout workflow
# does not automatically recreate the rescue/recovery system.
# Files matching FILES_TO_PATCH_PATTERNS are added to this list automatically.
CHECK_CONFIG_FILES=( '/etc/drbd/' '/etc/drbd.conf' '/etc/lvm/lvm.conf' '/etc/multipath.conf' '/etc/rear/' '/etc/udev/udev.conf' )
# FILES_TO_PATCH_PATTERNS is a space-separated list of shell glob patterns.
# Files that match are eligible for a final migration of UUIDs and other
# identifiers after recovery (if the layout recreation process has led
# to a change of an UUID or a device name and a corresponding change needs
# to be performed on restored configuration files ).
# See finalize/GNU/Linux/280_migrate_uuid_tags.sh
# The [] around the first letter make sure that shopt -s nullglob removes this file from the list if it does not exist
FILES_TO_PATCH_PATTERNS="[b]oot/{grub.conf,menu.lst,device.map} [e]tc/grub.* \
[b]oot/grub/{grub.conf,grub.cfg,menu.lst,device.map} \
[b]oot/grub2/{grub.conf,grub.cfg,menu.lst,device.map} \
[e]tc/sysconfig/grub [e]tc/sysconfig/bootloader \
[e]tc/lilo.conf [e]tc/elilo.conf \
[e]tc/yaboot.conf \
[e]tc/mtab [e]tc/fstab [e]tc/crypttab \
[e]tc/mtools.conf \
[e]tc/smartd.conf [e]tc/sysconfig/smartmontools \
[e]tc/sysconfig/rawdevices \
[e]tc/security/pam_mount.conf.xml \
[b]oot/efi/*/*/grub.cfg"
##
# Relax-and-Recover recovery system update during "rear recover"
#
# see https://github.com/rear/rear/issues/841
# and https://hackweek.suse.com/14/projects/1508
#
# The by default empty RECOVERY_UPDATE_URL means this functionality is not used so that
# "rear recover" runs as usual without updating any files in the ReaR recovery system
# (i.e. with the recovery system as "rear mkbackup" or "rear mkrescue" had made it).
#
# If RECOVERY_UPDATE_URL is non-empty it points to a download location
# wherefrom "rear recover" will first of all download a tar.gz archive and
# extract that at the root directory '/' in the ReaR recovery system.
#
# The intended purpose is to download and replace in the recovery system ReaR config files
# (usually the content of /etc/rear/ and /var/lib/rear/recovery/ and /var/lib/rear/layout/)
# with updated ReaR config files.
#
# But it is not limited to replace only ReaR config files in the recovery system.
# Anything in the tar.gz archive will be extracted at '/' in the recovery system
# (even if it destroys the recovery system) so that it can also be used to update
# anything in the recovery system - provided one does the update carefully.
# For example one should not replace currently running ReaR scripts.
#
# Currently only a HTTP download location is supported like
# RECOVERY_UPDATE_URL="http://my_internal_server/$HOSTNAME.rear_config.tgz"
# so that "curl -o recovery-update.tar.gz $RECOVERY_UPDATE_URL" will work.
# Accordingly when using RECOVERY_UPDATE_URL="http://..."
# curl should be added to the REQUIRED_PROGS array like
# REQUIRED_PROGS+=( curl )
#
# RECOVERY_UPDATE_URL is set to a default value here only
# if not already set so that the user can set it also via
# export RECOVERY_UPDATE_URL="http://my_internal_server/host123_rear_config.tgz"
# directly before he calls "rear recover":
test "$RECOVERY_UPDATE_URL" || RECOVERY_UPDATE_URL=""
##
# MIGRATION_MODE recovery during "rear recover"
#
# There is some basic autodetection during "rear recover" when
# disks on the replacement hardware seem to not match compared to
# what there was stored in disklayout.conf on the original system.
# If a mismatch is autodetected then ReaR goes into its
# MIGRATION_MODE where manual disk layout configuration happens.
# In this case ReaR asks the user via several user dialogs what to do.
# Only the disk size is used to determine whether or not
# disks on the replacement hardware match the disks on the original system.
# Problems only appear when more than one disk with same size is used.
# Examples:
# When on the original system and on the replacement hardware two disks
# with same size are used the disk devices may get interchanged
# so that what there was on /dev/sda on the original system may get
# recreated on /dev/sdb on the replacement hardware and vice versa.
# When on the original system one disk is used for the system and
# another disk with same size for the ReaR recovery system and backup
# the disk devices may get interchanged on the replacement hardware
# so that "rear recover" could result an ultimate disaster
# (instead of a recovery from a disaster) if it recreated the system
# on the disk where the ReaR recovery system and backup is
# which would overwrite/destroy the backup via parted and mkfs
# (cf. https://github.com/rear/rear/issues/1271).
# Therefore to be on the safe side and to avoid such problems
# ReaR goes by default automatically into its MIGRATION_MODE
# when more than one disk with same size is used on the original system
# or when for one of the used disk sizes on the original system
# more than one disk with same size is found on the replacement hardware
# i.e. when there is more than one possible target disk.
# Accordingly ReaR goes by default not into its MIGRATION_MODE
# only if for each used disk size on the original system eaxctly one
# possible target disk with same size is found on the replacement hardware.
# By setting MIGRATION_MODE='true' one can enfore MIGRATION_MODE.
# The by-default empty MIGRATION_MODE results that MIGRATION_MODE
# is set via the above described autodetection during "rear recover".
# MIGRATION_MODE is set to a default value here only
# if not already set so that the user can set it also via
# export MIGRATION_MODE='true'
# directly before he calls "rear recover":
test "$MIGRATION_MODE" || MIGRATION_MODE=''
##
# Wiping disks during "rear recover" before recreating the disk layout:
#
# The intent is that disks where the disk layout will be recreated
# get completely wiped as far as possible with reasonable effort,
# see usr/share/rear/layout/recreate/default/README.wipe_disks
# so that the disk layout recreation code (diskrestore.sh)
# can run on clean disks that behave like pristine new disks,
# see https://github.com/rear/rear/issues/799
# This is currently new and experimental functionality,
# see https://github.com/rear/rear/pull/2514
#
# An empty DISKS_TO_BE_WIPED='' means that disks will be automatically wiped.
# The disks that will be automatically wiped are those disks
# where in diskrestore.sh the create_disk_label function is called
# i.e. disks where the whole partitioning will be recreated from scratch.
# This automatism cannot work when the create_disk_label function is called
# for higher level block devices like RAID devices that do not exist as disks
# on the bare replacement hardware or on a bare replacement virtual machine.
# When disk devices are specified like DISKS_TO_BE_WIPED="/dev/sda /dev/sdb"
# all those that actually exist as block devices in the recovery system
# (i.e. on the replacement hardware or on the replacement virtual machine)
# will be wiped without any safety condition (except WRITE_PROTECTED_IDS)
# and regardless if those disks are actually needed to recreate the system.
# So e.g. DISKS_TO_BE_WIPED="/dev/sd[a-z]" will wipe all /dev/sda ... /dev/sdz that exist
# except when for a disk in the recovery system its ID is listed in WRITE_PROTECTED_IDS
# (listing disk IDs of the original system in WRITE_PROTECTED_IDS does not help).
# When the ReaR recovery system was booted from a (USB) disk that is /dev/sda on the
# replacement hardware then DISKS_TO_BE_WIPED="/dev/sda ..." may destroy the ReaR disk
# unless that disk is (by default automatically) listed in WRITE_PROTECTED_IDS
# (here it works because the ReaR disk ID is same on the replacement hardware).
# In any case there is a user confirmation dialog for the disks that will be wiped.
# Currently by default no disk is wiped to avoid issues until this feature was more tested:
DISKS_TO_BE_WIPED='false'
##
# Resizing partitions in MIGRATION_MODE during "rear recover"
#
# AUTORESIZE_PARTITIONS
# AUTORESIZE_EXCLUDE_PARTITIONS
# AUTOSHRINK_DISK_SIZE_LIMIT_PERCENTAGE
# AUTOINCREASE_DISK_SIZE_THRESHOLD_PERCENTAGE
#
# For details see the scripts
# usr/share/rear/layout/prepare/default/420_autoresize_last_partitions.sh
# and
# usr/share/rear/layout/prepare/default/430_autoresize_all_partitions.sh
#
# When AUTORESIZE_PARTITIONS is false, no partition is resized.
#
# When AUTORESIZE_PARTITIONS is true, all active partitions on all active disks
# get resized by the 430_autoresize_all_partitions.sh script
# (except boot and swap partitions via some special hardcoded rules in that script)
# if the disk size had changed (i.e. only in migration mode).
# This does not resize volumes on top of the affected partitions.
# Using AUTORESIZE_PARTITIONS='true' with 430_autoresize_all_partitions.sh
# may result badly aligned partitions in particular possibly harmful aligned
# according to what flash memory based disks (i.e. SSDs) actually need
# which is usually 4MiB or 8MiB alignment where a too small value
# will result lower speed and less lifetime of flash memory devices
# (cf. the below comment at USB_PARTITION_ALIGN_BLOCK_SIZE).
#
# A true or false value must be the first one in the AUTORESIZE_PARTITIONS array.
#
# When the first value in AUTORESIZE_PARTITIONS is neither true nor false
# only the last active partition on each active disk gets resized
# by the 420_autoresize_last_partitions.sh script.
#
# The following applies only when the last active partition on each active disk
# gets resized by the 420_autoresize_last_partitions.sh script:
#
# In particular this does not resize volumes on top of the affected partitions.
# To migrate volumes on a disk where the disk size had changed the user must in advance
# manually adapt his disklayout.conf file before he runs "rear recover".
#
# All other values in the AUTORESIZE_PARTITIONS array specify partition device nodes
# e.g. as in AUTORESIZE_PARTITIONS=( /dev/sda2 /dev/sdb3 )
# where last partitions with those partition device nodes should be resized
# (i.e. this way only last partitions can be specified to be resized)
# regardless of what is specified in the AUTORESIZE_EXCLUDE_PARTITIONS array.
#
# The values in the AUTORESIZE_EXCLUDE_PARTITIONS array specify partition device nodes
# where partitions with those partition device nodes are excluded from being resized.
# The special values 'boot', 'swap', and 'efi' specify that
# - partitions where its filesystem mountpoint contains 'boot' or 'bios' or 'grub'
# or where its GPT name or flags contain 'boot' or 'bios' or 'grub' (anywhere case insensitive)
# - partitions for which an active 'swap' entry exists in disklayout.conf
# or where its GPT name or flags contain 'swap' (anywhere case insensitive)
# - partitions where its filesystem mountpoint contains 'efi' or 'esp'
# or where its GPT name or flags contains 'efi' or 'esp' (anywhere case insensitive)
# are excluded from being resized e.g. as in
# AUTORESIZE_EXCLUDE_PARTITIONS=( boot swap efi /dev/sdb3 /dev/sdc4 )
#
# In general ReaR is not meant to somehow "optimize" a system during "rear recover".
# ReaR is meant to recreate a system as much as possible exactly as it was before.
# Accordingly the automated resizing by the 420_autoresize_last_partitions.sh script
# implements a "minimal changes" approach:
#
# When the new disk is a bit smaller (at most AUTOSHRINK_DISK_SIZE_LIMIT_PERCENTAGE percent),
# only the last (active) partition gets shrinked but all other partitions are not changed.
# When the new disk is smaller than AUTOSHRINK_DISK_SIZE_LIMIT_PERCENTAGE percent it errors out.
# To migrate onto a substantially smaller new disk the user must in advance
# manually adapt his disklayout.conf file before he runs "rear recover".
#
# When the new disk is not much bigger (less than AUTOINCREASE_DISK_SIZE_THRESHOLD_PERCENTAGE percent),
# no partition gets increased (which leaves the bigger disk space at the end of the disk unused).
# When the new disk is substantially bigger (at least AUTOINCREASE_DISK_SIZE_THRESHOLD_PERCENTAGE percent),
# only the last (active) partition gets increased but all other partitions are not changed.
# To migrate various partitions onto a substantially bigger new disk the user must in advance
# manually adapt his disklayout.conf file before he runs "rear recover".
#
# Because only the end value of the last partition may get changed, the partitioning alignment
# of the original system is not changed, cf. https://github.com/rear/rear/issues/102
#
# Because only the last active (i.e. not commented in disklayout.conf) partition on a disk
# may get changed, things go wrong if another partition is actually the last one on the disk
# but that other partition is commented in disklayout.conf (e.g. because that partition
# is a partition of another operating system that is not mounted during "rear mkrescue").
# To migrate a system with a non-active last partition onto a bigger or smaller new disk
# the user must in advance manually adapt his disklayout.conf file before he runs "rear recover".
#
AUTORESIZE_PARTITIONS=''
AUTORESIZE_EXCLUDE_PARTITIONS=( boot swap efi )
AUTOSHRINK_DISK_SIZE_LIMIT_PERCENTAGE=2
AUTOINCREASE_DISK_SIZE_THRESHOLD_PERCENTAGE=10
##
# Write-protection during "rear recover"
# for OUTPUT=USB and OUTPUT=RAWDISK
#
# Designate disks via disk specific IDs or file system labels as write-protected
# to avoid that those disks could get used as target disk during "rear recover"
# via WRITE_PROTECTED_IDS and WRITE_PROTECTED_FS_LABEL_PATTERNS
# in etc/rear/rescue.conf in the ReaR rescue/recovery system.
#
# WRITE_PROTECTED_ID_TYPES is a string of the 'lsblk' output columns where
# their values are stored in WRITE_PROTECTED_IDS during "rear mkrescue/mkbackup".
# During "rear recover" a disk is write-protected when one of the values
# of this 'lsblk' output columns for the disk also exists in WRITE_PROTECTED_IDS.
# The default 'lsblk' output columns for write-protection via disk specific IDs are
# UUID filesystem UUID
# PTUUID partition table identifier (usually UUID)
# PARTUUID partition UUID
# WWN unique storage identifier
WRITE_PROTECTED_ID_TYPES="UUID PTUUID PARTUUID WWN"
#
# For OUTPUT=USB the values of the 'lsblk' output columns in WRITE_PROTECTED_ID_TYPES
# of the ReaR recovery system disk (i.e. USB_DEVICE) are automatically added
# to the WRITE_PROTECTED_IDS array during "rear mkrescue/mkbackup".
# For OUTPUT=RAWDISK a partition table UUID is generated (provided 'uuidgen' is there)
# that is added to the WRITE_PROTECTED_IDS array.
# For the IDs in WRITE_PROTECTED_IDS their matching 'lsblk' output columns
# must exist in WRITE_PROTECTED_ID_TYPES because only this ID types are used
# to test if a disk is write-protected (see WRITE_PROTECTED_ID_TYPES above).
# E.g. if you like to use additionally the 'lsblk' output column MODEL as ID
# in WRITE_PROTECTED_IDS like WRITE_PROTECTED_IDS+=( "ACME_USB_DISK_XL" )
# you must also append that 'lsblk' output column as separated additional word
# to the WRITE_PROTECTED_ID_TYPES string like WRITE_PROTECTED_ID_TYPES+=" MODEL"
WRITE_PROTECTED_IDS=()
#
# WRITE_PROTECTED_FS_LABEL_PATTERNS is an array of (shell glob) patterns which designate
# matching file system labels as write-protected partitions to write-protect their disk.
# Entries may be quoted and contain blanks, but they may not contain single quotes themselves.
# Example: WRITE_PROTECTED_FS_LABEL_PATTERNS+=( "Backup *" )
# For OUTPUT=USB the file system label of the ReaR data partition on the ReaR recovery system disk
# is automatically added to WRITE_PROTECTED_FS_LABEL_PATTERNS during "rear mkrescue/mkbackup".
WRITE_PROTECTED_FS_LABEL_PATTERNS=()
##
# Creating XFS filesystems during "rear recover"
#
# MKFS_XFS_OPTIONS
# MKFS_XFS_OPTIONS_...
#
# For details see the script
# usr/share/rear/layout/prepare/GNU/Linux/130_include_filesystem_code.sh
# and for some reasoning behind you may have a look at
# https://github.com/rear/rear/pull/2005
#
# During "rear mkrescue/mkbackup" the script layout/save/GNU/Linux/230_filesystem_layout.sh
# calls 'xfs_info' and stores its output in var/lib/rear/layout/xfs/XFS_DEVICE.xfs files
# where XFS_DEVICE is the basename of the device where the XFS filesystem is (e.g. sda2).
# By default during "rear recover" the XFS filesystem on that device gets recreated
# with matching mkfs.xfs options according to the stored 'xfs_info' output so that
# XFS filesystems should get recreated with same XFS filesystem options as before.
#
# In particular in MIGRATION_MODE when disk devices had changed it could be needed
# to recreate XFS filesystems with different XFS filesystem options as before.
# MKFS_XFS_OPTIONS specifies global mkfs.xfs options for recreating all XFS filesystems.
# Device specific mkfs.xfs options can be specified for each XFS device via
# MKFS_XFS_OPTIONS_XFS_DEVICE where XFS_DEVICE is the basename of the device
# but only uppercase letters and digits to ensure a valid bash variable name.
# For example for /dev/sda2 it would be MKFS_XFS_OPTIONS_SDA2 and
# for /dev/mapper/ACME_1000-part3 it would be MKFS_XFS_OPTIONS_ACME1000PART3
# Common global options can be specified first like MKFS_XFS_OPTIONS="global options"
# and used via MKFS_XFS_OPTIONS_SDA2="$MKFS_XFS_OPTIONS additional options for sda2"
# versus separated options as in MKFS_XFS_OPTIONS_SDB3="all options for sdb3".
# To recreate XFS filesystems with the mkfs.xfs defaults (i.e. without mkfs.xfs options)
# specify a space MKFS_XFS_OPTIONS=' ' or MKFS_XFS_OPTIONS_SDA2=' ' only for sda2.
#
# The by-default empty MKFS_XFS_OPTIONS results that the mkfs.xfs options are set
# via the above described default according to the stored 'xfs_info' output.
# MKFS_XFS_OPTIONS is set to a default value here only
# if not already set so that the user can set it also via
# export MKFS_XFS_OPTIONS="..."
# directly before he calls "rear recover":
test "$MKFS_XFS_OPTIONS" || MKFS_XFS_OPTIONS=''
##
# Support for TCG Opal 2-compliant Self-Encrypting Disks
# (see doc/user-guide/13-tcg-opal-support.adoc)
#
# Output location for the Pre-Boot Authentication (PBA) System (empty for not using a PBA).
# (For URL syntax, see "Using OUTPUT_URL..." in doc/user-guide/03-configuration.adoc.)
# This URL specifies
# - where PBA output shall be stored by "rear mkopalpba", and
# - where to find a local PBA image file during "rear mkrescue" and "rear opaladmin" (but can
# be overridden by OPAL_PBA_IMAGE_FILE).
# The actual PBA image file resides below the OPAL_PBA_OUTPUT_URL directory at
# "$HOSTNAME/TCG-Opal-PBA-$HOSTNAME.raw".
# NOTE: If a local directory is specified, Relax-and-Recover will automatically pick
# up the PBA image when installing it to local disks or when building a rescue system.
OPAL_PBA_OUTPUT_URL="file://$VAR_DIR/TCG-Opal-PBA"
#
# Full path of a local PBA image file.
# This local path specifies the PBA image to be used by "rear mkrescue" and "rear opaladmin".
# If not set (the default) and OPAL_PBA_OUTPUT_URL points to a local directory, the location is
# determined by OPAL_PBA_OUTPUT_URL.
OPAL_PBA_IMAGE_FILE=""
#
# These variables extend their non-prefixed counterparts (PROGS, COPY_AS_IS, etc.) for the PBA system only.
# Their main purpose is to include the necessary files for a Plymouth graphical boot animation, which
# provides a nice looking user interface to enter the disk password.
OPAL_PBA_PROGS=()
OPAL_PBA_COPY_AS_IS=()
OPAL_PBA_LIBS=()
OPAL_PBA_KERNEL_CMDLINE=""
# The following variable, if non-empty, overrides FIRMWARE_FILES for the PBA system.
OPAL_PBA_FIRMWARE_FILES=()
# The following variable sets USE_SERIAL_CONSOLE for the PBA system.
OPAL_PBA_USE_SERIAL_CONSOLE=""
#
# OPAL_PBA_UNLOCK_MODE determines the PBA's disk unlock mode, either "transient" (the default) or "permanent".
# * "transient" mode unlocks devices until they are powered off. This is the normal behavior.
# * "permanent" mode unlocks devices and deactivates locking until a reactivation command is issued. This mode exists
# as a workaround for systems which are unable to reboot after transient unlocking. Example configuration in
# 'local.conf' or 'site.conf':
# if dmidecode | grep --quiet 'Product Name: ML10Gen9$'; then
# # An HPE ML10Gen9 Server does not start reliably after disk unlocking unless the reboot method includes a
# # power cycle. In the latter case, disks will only remain unlocked if "permanent" unlock mode is used.
# # Seen on: HPE ML10Gen9, BIOS Version: 1.13, BIOS Release Date: 12/05/2019
# OPAL_PBA_KERNEL_CMDLINE+=" reboot=efi" # reboot with a power cycle
# OPAL_PBA_UNLOCK_MODE="permanent" # keep disks unlocked after power cycling
# fi
# WARNING: If this mode is used, it is recommended to run 'rear opaladmin reactivate' each time the regular
# operating system has booted (e.g. via a systemd unit). Even then, a protection gap exists between deactivating
# locking by the PBA and reactivating locking by the reagular OS. If the regular boot fails or the reactivation
# command is not issued for some reason, devices will remain unlocked permanently.
OPAL_PBA_UNLOCK_MODE="transient"
#
# PBA debug password as a salted hash (empty for not using the debug shell facility).
# If the debug password is entered when the PBA asks for a password to unlock disks,
# an interactive emergency shell will be started, which can be used to debug the PBA system.
# To generate a password hash,
# 1. run
# - 'openssl passwd -6', if openssl 1.1.1 or newer is available, or
# - 'openssl passwd -1', otherwise (see https://github.com/rear/rear/pull/2455#discussion_r453613086 for information
# on the implications of its cryptographic weakness),
# 2. copy its entire output line between single quotes and assign it to this variable.
OPAL_PBA_DEBUG_PASSWORD=''
#
# When not empty, OPAL_PBA_DEBUG_DEVICE_COUNT overrides the number of TCG Opal 2-compliant self-encrypting disks
# installed. To test the PBA system on a machine without any Opal 2-compliant disk, set OPAL_PBA_DEBUG_DEVICE_COUNT=1.
# Used to debug the PBA system.
OPAL_PBA_DEBUG_DEVICE_COUNT=""
##
# Output/backup locations
##
# The URL defines the remote share as <scheme>://<host>/<share> like these examples:
# nfs://host.domain/path/path/path
# cifs://server.domain/share
# usb:///dev/sdb1
# others might also work, if they can be mounted with mount <host>:/<path>
# there is special support for tape:///dev/nst0
# Additional options to the mount command are given using *_OPTIONS
# Alternatively, you can provide your own mount/unmount commands, in that case
# Relax-and-Recover will append its mountpoint to the command.
# Specify the location of the backup (see text above):
BACKUP_URL=
# BACKUP_OPTIONS variable contains the mount options, do not confuse with BACKUP_PROG_OPTIONS
BACKUP_OPTIONS=
BACKUP_MOUNTCMD=
BACKUP_UMOUNTCMD=
# Specify the location of the output:
# When OUTPUT_URL is not specified it inherits the BACKUP_URL value
# and then also OUTPUT_OPTIONS inherits the BACKUP_OPTIONS value
# via the code in usr/share/rear/prep/default/020_translate_url.sh
# but when OUTPUT_URL is set then OUTPUT_OPTIONS may have to be
# explicitly set too in particular when BACKUP_OPTIONS are specified
# because when OUTPUT_URL is set OUTPUT_OPTIONS does not inherit the BACKUP_OPTIONS value
# cf. https://github.com/rear/rear/issues/2753
OUTPUT_URL=
OUTPUT_OPTIONS=
OUTPUT_MOUNTCMD=
OUTPUT_UMOUNTCMD=
OUTPUT_PREFIX="$HOSTNAME"
# Keep an older copy of the output (mv $OUTPUT_PREFIX $OUTPUT_PREFIX.old before we copy the new version)
# empty means only keep current output:
KEEP_OLD_OUTPUT_COPY=
# The remote file system layout for OUTPUT=PXE can be modified to accommodate different TFTP server layouts
# (simply overwrite OUTPUT_PREFIX_PXE).
#OUTPUT_PREFIX_PXE="$OUTPUT_PREFIX" # make it empty - see issue #570 (DRLM will fill it up)
OUTPUT_PREFIX_PXE=""
# When using fish, ftp, ftps, hftp, http, https or sftp in OUTPUT_URL, you can set OUTPUT_LFTP_OPTIONS to pass additional
# parameters to LFTP (https://lftp.yar.ru/lftp-man.html).
# Example: OUTPUT_LFTP_OPTIONS="set ftp:ssl-force true; set ftp:ssl-protect-data true;"
OUTPUT_LFTP_OPTIONS=""
##
# OUTPUT=RAMDISK stuff
##
# With OUTPUT=RAMDISK the ReaR rescue/recovery system initramfs/initrd
# is created but nothing additional is done to make it bootable.
#
# The script output/RAMDISK/default/900_copy_ramdisk.sh adds the initramfs
# plus the kernel to the RESULT_FILES array so that the subsequent
# script output/default/950_copy_result_files.sh will copy them
# to the output location specified via OUTPUT_URL (or inherited from BACKUP_URL).
#
# With non-empty RAMDISK_SUFFIX
# the kernel at the output location will be kernel-$RAMDISK_SUFFIX
# the initramfs at the output location will be initramfs-$RAMDISK_SUFFIX.img
RAMDISK_SUFFIX="$HOSTNAME"
##
# OUTPUT=ISO stuff
##
# OUTPUT=ISO produces files suitable for booting with SYSLINUX/ISOLINUX and assumes that the result
# will be written sequentially to a read-only medium with limited size (e.g. optical medium like CD-ROM).
#
# Default "local" ISO directory (usually /var/lib/rear/output). However, to avoid duplicate ISO images when
# also using the OUTPUT_URL variable with a file syntax, it is then better only to use ISO_DIR.
# Keep in mind that ISO_DIR works only with an absolute directory path and does not replace OUTPUT_URL
# which supports the NETFS syntax (to copy the ISO image across the network).
ISO_DIR=$VAR_DIR/output
#
# Default ISO label:
# When the backup is split on multiple ISOs (cf. ISO_MAX_SIZE below)
# the first ISO 'rear-HOSTNAME.iso' has the label $ISO_VOLID
# and subsequent ISOs 'rear-HOSTNAME_01.iso' 'rear-HOSTNAME_02.iso' ...
# get the labels ${ISO_VOLID}_01 ${ISO_VOLID}_02 ... respectively.
# The ISO_VOLID default value REAR-ISO has 8 characters so that
# the first ISO 'rear-HOSTNAME.iso' has the label REAR-ISO
# and subsequent ISOs 'rear-HOSTNAME_01.iso' 'rear-HOSTNAME_02.iso' ...
# get the labels REAR-ISO_01 REAR-ISO_02 ... respectively
# that have 11 characters which is the maximum length for FAT volume names
# ("man mkfs.fat" tells that a "volume name can be up to 11 characters long")
# so things work when the ISO image is used to create a FAT bootable USB stick
# cf. https://github.com/rear/rear/issues/1565
# and https://github.com/rear/rear/issues/2456
# In case of special filesystems that only support labels with even less than 11 characters
# ("man mkfs.xfs" tells "XFS filesystem labels can be at most 12 characters long" so it's ok)
# the ISO_VOLID value would have to be appropriately specified in /etc/rear/local.conf
# so that $ISO_VOLID plus the trailing '_NN' does not exceed the maximum label length.
ISO_VOLID="REAR-ISO"
#
# How to find isolinux.bin.
# Possible values are "" (meaning search for it) or "/path/to/isolinux.bin"
ISO_ISOLINUX_BIN=""
#
# ISO_MAX_SIZE is a rough way to specify the maximum size of generated ISO images.
# The ISO_MAX_SIZE value is specified in MiB.
# Actually ISO_MAX_SIZE does not implement the maximum size of the ISO.
# Instead it is used to calculate the size of the chunks when a backup.tar.gz is split
# that is used in a "split ... -b ${BACKUP_SPLIT_CHUNK_SIZE}m ..." SPLIT_COMMAND
# in the usr/share/rear/backup/NETFS/default/500_make_backup.sh script.
# Splitting a backup via ISO_MAX_SIZE is only supported for the 'tar' backup program.
# Multiple ISO images are generated when the backup.tar.gz size exceeds
# the BACKUP_SPLIT_CHUNK_SIZE that is derived from the ISO_MAX_SIZE value.
# It is useful when the backup.tar.gz is included within the ISO image
# (i.e. together with things like 'BACKUP_URL=iso:///backup').
# ISO_MAX_SIZE cannot be less than what the ReaR rescue/recovery system needs
# because the recovery system must fit onto one (bootable) recovery medium
# so that the whole recovery system must be on a single (bootable) ISO.
# Therefore ISO_MAX_SIZE should be normally not less than about 600 MiB.
# Because the ReaR recovery system and its bootloader must be on the first ISO
# the actually used size of the chunks when a backup.tar.gz is split is the
# ISO_MAX_SIZE value minus the size of the recovery system kernel and initrd
# and minus 15 MiB for the bootloader for booting the ISO and
# additionally minus 30 MiB for UEFI files when booting in UEFI mode
# so that the recovery system plus the first chunk of the backup.tar.gz
# should not exceed the specified ISO_MAX_SIZE value for the first ISO.
# On the other hand the actual size of subsequent ISO images
# is normally less than the specified ISO_MAX_SIZE value.
# When the backup is split on multiple ISOs, then "rear mkrescue" would destroy
# the backup because after "rear mkbackup" the first ISO 'rear-HOSTNAME.iso'
# contains the recovery system plus the first part of the splitted backup
# but "rear mkrescue" overwrites that first ISO with one that contains only
# a new recovery system but no longer the first part of the splitted backup
# so that then "rear recover" fails with "ERROR: Backup archive ... not found"
# cf. https://github.com/rear/rear/issues/1545
# Even with a sufficiently big maximum ISO size so that all is in one ISO
# "rear mkrescue" would overwrite an ISO that already contains a backup.
# Accordingly when ISO_MAX_SIZE is set the mkrescue workflow is forbidden
# to be on the safe side to not possibly destroy an existing backup.
ISO_MAX_SIZE=
#
# Error out when files greater or equal ISO_FILE_SIZE_LIMIT should be included in the ISO.
# There is a limit of the ISO 9660 file system that is 2GiB or 4GiB according to
# https://en.wikipedia.org/wiki/ISO_9660#The_2/4_GiB_file_size_limit
# Usually 'mkisofs' is called with '-iso-level 3'
# cf. usr/share/rear/prep/ISO/GNU/Linux/320_verify_mkisofs.sh
# but there are cases where ISO 9660 level 1 or 2 is used that has a 2GiB file size limit.
# For example when 'ebiso' is used there is a 2GiB file size limit
# cf. https://github.com/gozora/ebiso/issues/12
# but also other tools that are specified by ISO_MKISOFS_BIN could have that limit.
# Accordingly to be by default on the safe side we use by default a 2GiB limit
# cf. https://github.com/rear/rear/pull/2525
# Under normal circumstances files greater or equal 2GiB should not appear in the ISO.
# An exception is when the backup is included in the ISO with BACKUP_URL=iso://
# where the backup archive file (e.g. backup.tar.gz) could be greater or equal 2GiB.
# The user might adapt ISO_FILE_SIZE_LIMIT provided he verified that "rear recover"
# actually works in his particular environment even when there are files in his ISO
# (in particular backup.tar.gz) that are actually greater than the default 2GiB limit.
# When there is a 2GiB file size limit a backup.tar.gz that is greater than 2GiB
# will get corrupted in the ISO so backup restore via "rear recover" would fail
# which is a dead end because the backup in the ISO got corrupted which is a severe error.
# Also the ReaR recovery system initrd could become greater or equal 2GiB
# (e.g. because of accidentally too much in COPY_AS_IS) which is likely an error
# that could let booting or running the recovery system fail because
# a recovery system in a 2GiB or bigger compressed initrd will need
# more memory space when uncompressed and running in the ramdisk.
# By default we error out when files greater or equal ISO_FILE_SIZE_LIMIT should be
# included in the ISO but if really needed this ISO_FILE_SIZE_LIMIT test
# can be skipped with ISO_FILE_SIZE_LIMIT=0 in etc/rear/local.conf
# (2 GiB = 2 * 1024 * 1024 * 1024 bytes = 2147483648 bytes):
ISO_FILE_SIZE_LIMIT=2147483648
#
# How to find mkisofs:
# Guess the common names mkisofs or genisoimage
# script in prep stage will verify this and complain if not found
# ebiso (https://github.com/gozora/ebiso/) can be used as alternative
# for mkisofs/genisoimage on UEFI bootable systems
# to use ebiso, specify ISO_MKISOFS_BIN=<full_path_to_ebiso>/ebiso
# in /etc/rear/local.conf or /etc/rear/site.conf
# xorrisofs is now used as the preferred method for generating the iso image
# with mkisofs and genisoimage as second and third option
ISO_MKISOFS_BIN="$( type -p xorrisofs || type -p mkisofs || type -p genisoimage )"
#
# Additional options passed to the $ISO_MKISOFS_BIN binary
ISO_MKISOFS_OPTS=""
#
# Which files to include in the ISO image:
ISO_FILES=()
#
# Prefix name for ISO images without the .iso suffix.
# This might get a number appended (for splitting data onto multiple CDs).
ISO_PREFIX="rear-$HOSTNAME"
#
# Default boot option (i.e. what gets booted automatically after some timeout)
# when SYSLINUX boots the ISO image on BIOS systems.
# This variable ISO_DEFAULT should be better named ISO_BIOS_BOOT_DEFAULT
# (cf. USB_BIOS_BOOT_DEFAULT below) but we won't rename existing config variables
# to avoid regressions for users who use existing config variable names
# cf. https://github.com/rear/rear/pull/2293#issuecomment-564439509
# If ISO_DEFAULT is unset or empty or only blanks "boothd" is used by default.
# ISO_DEFAULT="boothd" is an automatism that intends to boot from the original first disk.
# In case of ISOLINUX "boothd" means to boot from the first disk 'boothd0' because
# usually ISOLINUX is used for booting from CD-ROM which is usually not the first disk
# so that the original first disk still is the first disk when booting the ISO from CD-ROM.
# In case of EXTLINUX "boothd" would mean to boot from the second disk 'boothd1' because
# usually when EXTLINUX is used the device with the ISO would be the first disk
# and the original first disk would become the second disk (cf. USB_BIOS_BOOT_DEFAULT below).
# ISO_DEFAULT="boothd0" boots from the first disk.
# ISO_DEFAULT="boothd1" boots from the second disk.
# The ISO_DEFAULT values 'boothd' 'boothd0' 'boothd1' are only supported
# when the SYSLINUX module 'chain.c32' for chain booting is available.
# ISO_DEFAULT="manual" boots the ReaR recovery system in normal mode
# where one must manually log in as 'root', manually type "rear recover", and manually reboot.
# ISO_DEFAULT="automatic" boots the ReaR recovery system with the 'auto_recover' kernel command line option
# that runs "rear recover" automatically without automated reboot (see "man rear").
# For details see the make_syslinux_config function in lib/bootloader-functions.sh
ISO_DEFAULT="boothd"
#
# ISO_RECOVER_MODE="unattended" boots the ReaR recovery system with the 'unattended' kernel command line option
# that runs "rear recover" automatically plus automated reboot after successful rear recover (see "man rear").
# Together with ISO_DEFAULT="automatic" full-automated recovery happens when the ISO image is booted
# which could result an endless full-automated recovery cycle when the ISO is booted by default
# (e.g. when the device with the ISO is the first one in the BIOS boot order list).
# The default ISO_RECOVER_MODE="" results the normal behaviour:
ISO_RECOVER_MODE=""
##
# OUTPUT=USB stuff
##
#
# OUTPUT=USB is only supported on PC-compatible (Linux-i386/x86/x86_64) architecture
# see https://github.com/rear/rear/issues/2348
# Accordingly in case of false usage of OUTPUT=USB on non-PC-compatible architectures
# (i.e. the POWER architectures ppc64/ppc64le, IBM Z s390/s390x, and ARM)
# "rear mkrescue/mkbackup" errors out because on those architectures the USB medium cannot be booted
# because for non-PC-compatible architectures there are no scripts that install a USB bootloader.
# On non-PC-compatible architectures a possible alternative could be OUTPUT=RAMDISK (see above)
# that results only the plain ReaR rescue/recovery system initramfs/initrd plus the kernel
# (which is basically what OUTPUT=USB on non-PC-compatible architectures would result)
# where one must then manually create a bootable medium for non-PC-compatible architectures
# or load and boot the recovery system initrd plus kernel via 'kexec' from an already running system.
# A workaround to get a bootable USB device on POWER architecture for Power BareMetal is described
# in the usr/share/rear/prep/USB/Linux-ppc64/350_safeguard_error_out.sh script.
#
# OUTPUT=USB produces files suitable for booting with SYSLINUX/EXTLINUX from a disk device.
# USB sticks and USB disks are the main use case for this.
# "USB" also means any local block-storage device and includes eSATA and other external disks.
# The device is also made bootable and a boot loader gets installed.
# The device should be partitioned and formatted with an ext* file system.
# The recommended way to do that is to use the "rear format" workflow.
# Call "rear format -- --help" (the '--' is mandatory) to see format workflow options.
#
# The partition device to use (e.g. the exact partition like /dev/sdb1).
# Normally USB_DEVICE gets set automatically for BACKUP=NETFS
# via a specific BACKUP_URL like BACKUP_URL=usb:///dev/sdb1
# or via the generic BACKUP_URL=usb:///dev/disk/by-label/REAR-000
# (see also USB_DEVICE_FILESYSTEM_LABEL below):
USB_DEVICE=
#
# USB_DEVICE_PARTED_LABEL is the partition type (i.e. what is used for 'parted mklabel')
# that is used when formatting a medium for use with ReaR via the format workflow and
# when SYSLINUX/EXTLINUX is used as booloader used for the USB medium (see USB_BOOTLOADER below).
# It can be 'msdos' to create a MBR partition table or 'gpt' to create a GUID partition table (GPT).
# It is set depending on the format workflow option -b/--bios or -e/--efi as follows:
# When a format workflow option -b/--bios or -e/--efi was specified
# USB_DEVICE_PARTED_LABEL is set to 'msdos' or 'gpt' accordingly.
# When no format workflow option -b/--bios or -e/--efi was specified
# it means hybrid boot supporting BIOS and UEFI by default
# and then USB_DEVICE_PARTED_LABEL is set to 'gpt'
# see https://github.com/rear/rear/issues/2698
# For "rear mkrescue/mkbackup" USB_DEVICE_PARTED_LABEL
# is set in prep/USB/Linux-i386/340_find_mbr_bin.sh
# which tries to autodetect what the USB disk partition type is
# but uses a specified USB_DEVICE_PARTED_LABEL if autodetection fails.
USB_DEVICE_PARTED_LABEL=
#
# The label that is set for the ReaR data partition via the format workflow.
# That label must be used for settings like
# BACKUP_URL=usb:///dev/disk/by-label/$USB_DEVICE_FILESYSTEM_LABEL
# USB_DEVICE=/dev/disk/by-label/$USB_DEVICE_FILESYSTEM_LABEL
# For OBDR only the default 'REAR-000' works (a label with exactly 8 characters length may also work)
# cf. prep/OBDR/default/500_check_tape_label.sh and prep/OBDR/default/700_write_OBDR_header.sh
USB_DEVICE_FILESYSTEM_LABEL='REAR-000'
#
# Filesystem to use for the USB_DEVICE_FILESYSTEM_LABEL labeled ReaR data partition
# when formatting a medium for use with ReaR via the format workflow.
# Only ext3 and ext4 are supported by the format workflow.
# (An additional EFI system partition uses the vfat filesystem in any case.)
# The default ext3 should work up to a maximum medium size of about 4TB
# while ext4 should work up to a maximum medium size of about 16TB.
# For larger medium sizes set USB_DEVICE_FILESYSTEM_PERCENTAGE appropriately
# so that what is used for ReaR partitions by the format workflow
# does not exceed what works for the specified USB_DEVICE_FILESYSTEM:
USB_DEVICE_FILESYSTEM=ext3
#
# USB_DEVICE_FILESYSTEM_PARAMS allow to add optimisations to the formatting
# (mkfs) phase of the USB_DEVICE_FILESYSTEM. This can be handy to optimise
# flash memory drives. An example for a Sandisk Cruzer Force 16GB USB stick:
# USB_DEVICE_FILESYSTEM_PARAMS="-b 4096 -E stride=8,stripe-width=256 -O sparse_super,^has_journal"
# Often the Linux kernel limits increase the block size value above 4096 (4K).
# To determine optimal values one can use a utility as flashbench.
USB_DEVICE_FILESYSTEM_PARAMS=
#
# Percentage of the whole medium that is used for ReaR partitions
# when formatting a medium via the format workflow.
# When UEFI is used it specifies what is used by the format workflow for both partitions,
# the EFI system partition (ESP) plus the USB_DEVICE_FILESYSTEM_LABEL labeled ReaR data partition.
# A setting of less than 100 (i.e. less than the whole medium)
# does not leave any existing data intact on the medium.
# The format workflow deletes all existing data on the whole medium.
# A setting of less than 100 only leaves unused space on the medium
# which can be manually used otherwise by the user:
USB_DEVICE_FILESYSTEM_PERCENTAGE=100
#
# USB_PARTITION_ALIGN_BLOCK_SIZE specifies partitioning alignment in MiB
# when formatting a medium via the format workflow.
# The default alignment of 8 MiB is intended in particular for flash memory devices.
# The partitioning tool can't figure out optimal alignment values for many flash memory devices.
# The flashbench command helps determining "erase block size" a.k.a. "segment size"
# a.k.a. "allocation unit size" for your particular flash memory device.
# A too small value will result lower speed and less lifetime of your flash memory device.
# A sufficiently big value will improve speed and lifetime of your flash memory device.
USB_PARTITION_ALIGN_BLOCK_SIZE="8"
#
# When UEFI is used USB_UEFI_PART_SIZE specifies the size of the EFI system partition (ESP)
# in MiB when formatting a medium by the format workflow.
# If USB_UEFI_PART_SIZE is empty or invalid (i.e. not an unsigned integer larger than 0)
# the user must interactively enter a valid value while running the format workflow.
# The default value of 1024 MiB should be sufficiently big
# cf. https://github.com/rear/rear/pull/1205
# in particular when third-party kernel modules and firmware (e.g. from Nvidia) are used
# cf. https://github.com/rear/rear/issues/2770#issuecomment-1068935688
# and 1024 MiB is in compliance with the 8 MiB partition alignment value ( 1024 = 8 * 128 )
# and also with higher 2^n MiB partition alignment values.
# Furthermore the default value of 1024 MiB results that the FAT filesystem of the ESP
# will be in compliance with that the ESP should officially use a FAT32 filesystem
# because mkfs.vfat automatically makes a FAT32 filesystem starting at 512 MiB
# (a FAT16 ESP works in most cases but causes issues with certain UEFI firmware)
# cf. https://github.com/rear/rear/issues/2575
# The value of USB_UEFI_PART_SIZE will be rounded to the nearest
# USB_PARTITION_ALIGN_BLOCK_SIZE chunk:
USB_UEFI_PART_SIZE="1024"
#
# USB_BOOT_PART_SIZE specifies the size of an optional boot partition in MiB
# when formatting a medium by the format workflow.
# A boot partition is created when USB_BOOT_PART_SIZE is a positive integer.
# By default we do not create a separated boot partition
# so by default the ReaR recovery system (kernel and initrd)
# and the backup archive get stored in the ReaR data partition
# in a rear/HOSTNAME/TIMESTAMP directory (cf. USB_SUFFIX below):
USB_BOOT_PART_SIZE="0"
#
# The label that is set for a boot partition via the format workflow
# when a boot partition is created (see USB_BOOT_PART_SIZE above).
# That label must be used for settings like
# OUTPUT_URL=usb:///dev/disk/by-label/$USB_DEVICE_BOOT_LABEL
# BACKUP_URL=usb:///dev/disk/by-label/$USB_DEVICE_FILESYSTEM_LABEL
# to get the ReaR recovery system (kernel and initrd) stored
# in the boot partition in a rear/HOSTNAME/TIMESTAMP directory
# while the backup archive gets stored in the ReaR data partition
# there in a matching rear/HOSTNAME/TIMESTAMP directory:
USB_DEVICE_BOOT_LABEL="REARBOOT"
#
# Default boot option (i.e. what gets booted automatically after some timeout)
# when EXTLINUX boots the USB stick or USB disk or other disk device on BIOS systems.
# USB_BIOS_BOOT_DEFAULT="boothd0" boots from 'boothd0' which is usually the same disk
# wherefrom currently EXTLINUX is booting so that this results usually a booting loop.
# The default USB_BIOS_BOOT_DEFAULT="" boots from the second disk 'boothd1'
# which should be the original first local harddisk because usually when booting
# from USB stick or USB disk or other disk device this boot device is the first disk
# and the original first local harddisk disk becomes the second disk.
# USB_BIOS_BOOT_DEFAULT is only supported when the SYSLINUX module 'chain.c32' for chain booting is available.
# For details see output/USB/Linux-i386/300_create_extlinux.sh
USB_BIOS_BOOT_DEFAULT=""
#
# Booloader used for the USB medium.
# At the moment only empty/unset and "grub" is supported.
# USB_BOOTLOADER="grub" uses GRUB2 as bootloader for USB with BIOS. GRUB Legacy is not supported.
# Default is using GRUB2 for EFI other then elilo, extlinux for ext, syslinux otherwise:
USB_BOOTLOADER=
#
# USB EFI booting can benefit with a better search string than the default:
# GRUB2_SEARCH_ROOT_COMMAND="search --no-floppy --set=root --label REAR-EFI
# as hardcoded in script output/USB/Linux-i386/100_create_efiboot.sh
# Only to be used by experts. An example of a different setup could be:
# GRUB2_SEARCH_ROOT_COMMAND="search --no-floppy --set=root --label REAR-EFI --hint hd0,msdos1"
# or
# GRUB2_SEARCH_ROOT_COMMAND="search --no-floppy --set=root --file /EFI/BOOT/BOOTX64.efi"
GRUB2_SEARCH_ROOT_COMMAND=""
#
# Resulting files that should be copied onto the USB stick:
USB_FILES=()
#
# USB_SUFFIX specifies the last part of the backup directory on the USB medium.
# When USB_SUFFIX is unset or empty, backup on USB works in its default mode which means
# multiple timestamp backup directories of the form rear/HOSTNAME/YYYYMMDD.HHMM
# plus automated rescue environments and backups cleanup via USB_RETAIN_BACKUP_NR.
# In contrast when USB_SUFFIX is set, backup on USB works in compliance with how backup on NFS works
# (i.e. BACKUP_URL=usb:... and BACKUP_URL=nfs:... behave compatible when USB_SUFFIX is set)
# which means a fixed backup directory of the form rear/HOSTNAME/USB_SUFFIX on the USB medium
# and no automated removal of backups or other files (regardless of USB_RETAIN_BACKUP_NR)
# see https://github.com/rear/rear/issues/1164
# Using multiple backups as described in doc/user-guide/11-multiple-backups.adoc
# requires a fixed backup directory so that USB_SUFFIX must be set for multiple backups on USB
# see https://github.com/rear/rear/issues/1160
# Also BACKUP_TYPE incremental or differential requires a fixed backup directory
# so that USB_SUFFIX must be set for incremental or differential backup on USB
# see https://github.com/rear/rear/issues/1145
USB_SUFFIX=""
#
# Number of older rescue environments or backups to retain on USB.
# What is more than USB_RETAIN_BACKUP_NR gets automatically removed.
# This is only supported when EXTLINUX is used as bootloader for USB
# see USB_BOOTLOADER and output/USB/Linux-i386/300_create_extlinux.sh
# and this setting is ignored when USB_SUFFIX is set (see above).
USB_RETAIN_BACKUP_NR=2
#
# Variable will probably be filled automatically
# if an USB device was manually mounted to avoid recursive backups:
AUTOEXCLUDE_USB_PATH=()
##
# OUTPUT=RAWDISK stuff
##
# RAWDISK produces a bootable image file named "rear-$HOSTNAME.raw", which
# - supports UEFI boot if syslinux/EFI or Grub 2/EFI is installed,
# - supports Legacy BIOS boot if syslinux is installed,
# - supports UEFI/Legacy BIOS dual boot if syslinux *and* one of the supported EFI bootloaders are installed.
#
# A RAWDISK image can be copied onto a disk boot medium (a USB stick will do) with
# dd if="$uncompressed_image_file.raw" of="$disk_device" bs=1M
# or for the default RAWDISK_IMAGE_COMPRESSION_COMMAND='gzip' below with
# zcat "$compressed_image_file.raw.gz" | dd of="$disk_device" bs=1M
# Note: Use the entire disk device (like /dev/sdX) to be overwritten, not only a partition (like /dev/sdX12).
#
# A RAWDISK image is suitable for archiving USB images, works without having to format the USB device
# and can thus be used to replace the USB output method.
#
# Name of the disk image file (the extension '.raw' is appended automatically)
RAWDISK_IMAGE_NAME="rear-$HOSTNAME"
#
# Disk image file compression command (empty: no compression).
# The compression command may include options. It must
# - accept the input file as the only argument, and
# - produce an output file named like the input file plus a compression suffix.
RAWDISK_IMAGE_COMPRESSION_COMMAND='gzip'
#
# Name of the (only) GPT partition containing the FAT boot file system (maximum 36 ASCII-characters)
RAWDISK_GPT_PARTITION_NAME='Rescue System'
#
# Volume label of the FAT boot file system (maximum 11 ASCII-characters, all uppercase)
RAWDISK_FAT_VOLUME_LABEL='RESCUE SYS'
#
# Bootloader configuration:
# RAWDISK will auto-detect installed bootloaders and will provide the image with
# - one UEFI bootloader (syslinux/EFI preferred) if available, and
# - syslinux as a Legacy BIOS bootloader if available.
# Override the auto-detection and exclude the respective bootloader?
RAWDISK_BOOT_EXCLUDE_SYSLINUX_LEGACY='no'
RAWDISK_BOOT_EXCLUDE_SYSLINUX_EFI='no'
RAWDISK_BOOT_EXCLUDE_GRUB2_EFI='no'
#
# Name of local disk GPT partition(s) receiving an UEFI rescue system
# If this variable is non-empty, 'rear mkrescue' will, in addition to its regular output,
# install the rescue/recovery system to local GPT partitions with the specified name.
# (A partition name can be set by sgdisk(8) with its '--change-name' option.)
# The installation will only proceed with an UEFI bootloader and only on target partitions which
# (a) are either empty or contain a VFAT file system, and
# (b) are not currently mounted.
# It is the user's responsibility to create appropriate boot entries, e.g. via efibootmgr(8).
RAWDISK_INSTALL_GPT_PARTITION_NAME=''
#
# Set RAWDISK_DEBUG to 'yes' to drop into a shell as soon as the boot image is finished.
# The image's partitions are still mounted at this stage and can be examined. The
# ReaR workflow continues when exiting the shell.
RAWDISK_DEBUG='no'
##
# PXE stuff
##
# PXE produces files suitable for booting with pxelinux.
#
# where should I place the PXE configuration ? (legacy way)
PXE_CONFIG_PATH=/var/lib/rear/output
# where should I place the PXE configuration ? (URL style)
PXE_CONFIG_URL=
#
# put this before the hostname on the PXE server
PXE_CONFIG_PREFIX=rear-
#
# TFPT IP server. needed to create grub menu when PXE_CONFIG_GRUB_STYLE=y
# If not set, we gonna try to get TFTP IP from PXE_TFTP_URL
PXE_TFTP_IP=
#
# where should we put the TFTP files ? (legacy way)
PXE_TFTP_PATH=/var/lib/rear/output
# where should we put the TFTP files ? (URL style)
PXE_TFTP_URL=
#
# prefix for PXE files, e.g. the hostname
PXE_TFTP_PREFIX=$HOSTNAME.
#
# Optional HTTP download source for PXE (URL style)
# for example PXE_HTTP_URL="http://pxe-over-http-srv:7777"
# If set an additional PXE boot option 'rear-http' in the pxeconfig is provided
# which uses the specified URL as base path for kernel and initrd.
PXE_HTTP_URL=
#
# Create pxelinux config symlinks for MAC addresses or for IP addresses ? [MAC|IP|'']
PXE_CREATE_LINKS=MAC
#
# Should I remove old symlinks for this host ? [BOOL]
PXE_REMOVE_OLD_LINKS=
#
# Should I use PXE based on GRUB2 instead of PXE legacy. [BOOL] (default is no)
# PXE based on GRUB2 can be used by none x86 platform (like POWER ppc64/ppc64le).
# More information on the GRUB PXE setup can be found here :
# https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/chap-installation-server-setup.html#sect-network-boot-setup-ppc-grub2
PXE_CONFIG_GRUB_STYLE=
#
# The way we start up in our PXE mode (keywords known are 'automatic', 'unattended', and empty)
# 'automatic' is the auto_recover mode which means boot automatic with ReaR and execute a 'rear recover'
# but when a question has to be answered (e.g. during migration mode) it will wait on an answer.
# 'unattended' should only used by experts and is meant to foresee in an automated recovery for testing
# purposes only.
# Default is empty which means prompting what to do next and after a timeout boot next option defined by BIOS
PXE_RECOVER_MODE=
# Certain operation might need longer time to kick in and more retries might be desirable.
# REAR_SLEEP_DELAY (in sec.) is general delay for operation.
REAR_SLEEP_DELAY=1
# REAR_MAX_RETRIES is maximum number of attempts that should be executed before operation is aborted.
# Maximum timeout for operation calculates as REAR_SLEEP_DELAY * REAR_MAX_RETRIES
# This retries / timeout operation is currently implemented only in get_disk_size (),
# so if you have trouble with error messages like:
# 'Could not determine size of disk <device> ...' tweaking of REAR_SLEEP_DELAY and REAR_MAX_RETRIES might help.
REAR_MAX_RETRIES=5
##
# Internal BACKUP stuff
##
# These settings apply to all cases of internal Relax-and-Recover backup.
#
# BACKUP program defaults.
# Mostly tested with tar and rsync.
# By default all local filesystems will be saved.
# For a full understanding of these options, look at backup/NETFS/default/*.sh
# The BACKUP_* variables relate to all builtin backup methods.
# (NETFS, ISO, TAPE ...)
BACKUP_PROG=tar
# Some backup progs can tell us if the transfer was only partially successful.
# Warning on partial transfers means that we won't abort but only print a warning. [BOOL]
BACKUP_PROG_WARN_PARTIAL_TRANSFER=1
# If using an unsupported backup program, the last option must be
# to write the archive to / read the archive from a file (like tar -f)
# then you also have to set the CREATE and RESTORE archive options.
# They are ignored if the backup program is supported.
# Default setting for BACKUP_PROG_OPTIONS="" became "--anchored" (GD, 02/DEC/2014 - issue #475)
# BACKUP_PROG_OPTIONS used to be a string variable, turn it into an array (GD, 06/SEP/2017 - issue #1175)
BACKUP_PROG_OPTIONS=( "--anchored" )
# For unsupported backup programs, the last CREATE_ARCHIVE option must be
# to read excludes from a file (like tar -X filename).
# Furthermore, you should include an option for verbose output to stdout and
# an option to stay on the local filesystem (like tar --one-file-system) and
# maybe options to handle the exclude list correctly.
BACKUP_PROG_OPTIONS_CREATE_ARCHIVE=""
# For unsupported backup programs, the last RESTORE_ARCHIVE options must be
# to restore the archive into a specific path (like tar -C $TARGET_FS_ROOT).
BACKUP_PROG_OPTIONS_RESTORE_ARCHIVE=""
BACKUP_PROG_SUFFIX=".tar"
# BACKUP_PROG_COMPRESS_OPTIONS is an array so that one can use it to provide more complex values
# e.g. to override the gzip default compression level (-6) via the tar '-I' option
# like BACKUP_PROG_COMPRESS_OPTIONS=( -I 'gzip -9 -n -c' )
# but using it with command options (as in 'gzip -9') fails with tar versions before 1.27
# with a tar error message like "gzip -9: Cannot exec" because only since tar version 1.27
# tar supports passing command line arguments to external commands, see
# http://git.savannah.gnu.org/cgit/tar.git/plain/NEWS?id=release_1_27
# Furthermore for advanced things like BACKUP_PROG_COMPRESS_OPTIONS=("--zstd")
# backup restore may fail during 'rear recover' due to missing zstd binaries
# in the ReaR recovery system (probably also for --lzip --lzma --lzop)
# because there is no automatism in ReaR that would automatically include
# additional things that are needed by tar into the ReaR recovery system
# so that in such cases additionally needed things in the recovery system
# must be manually specified via COPY_AS_IS, REQUIRED_PROGS, and LIBS.
BACKUP_PROG_COMPRESS_OPTIONS=( --gzip )
BACKUP_PROG_COMPRESS_SUFFIX=".gz"
# Addons for encryption and decryption of the backup (currently only tar is supported):
BACKUP_PROG_CRYPT_ENABLED="false"
# When BACKUP_PROG_CRYPT_ENABLED is set to a true value, BACKUP_PROG_CRYPT_KEY must be also set.
# It is recommended to avoid special characters in the BACKUP_PROG_CRYPT_KEY value,
# in particular bash metacharacters, bash control operator characters, bash grammar characters,
# globbing metacharacters, regexp metacharacters, and slash or whitespace characters like
# $ ` ' " | & ; ( ) < > { } [ ] . * @ ! ? / \ space tab newline
# so that only alphanumeric characters and the underscore should be used to be on the safe side.
# Otherwise things might break in weird ways when certain code in ReaR is not yet safe
# against special characters in values cf. https://github.com/rear/rear/issues/1372
# and https://github.com/rear/rear/issues/2157
# There is no BACKUP_PROG_CRYPT_KEY value in etc/rear/local.conf in the ReaR recovery system.
# It gets removed by build/default/960_remove_encryption_keys.sh
# because the ReaR recovery system must be free of secrets
# cf. the reasoning about SSH_UNPROTECTED_PRIVATE_KEYS below
# and see https://github.com/rear/rear/issues/2155
# Therefore BACKUP_PROG_CRYPT_KEY must be manually set before running "rear recover".
# BACKUP_PROG_CRYPT_KEY is set to a default value here only
# if not already set so that the user can set it also like
# export BACKUP_PROG_CRYPT_KEY='my_secret_passphrase'
# directly before he calls "rear ..." so that there is no need to store it in a config file.
# Avoid that the BACKUP_PROG_CRYPT_KEY value is shown when usr/sbin/rear was called with 'set -x'
# for debugging usr/sbin/rear cf. https://github.com/rear/rear/issues/2144#issuecomment-493908133
# In debugscript mode only scripts sourced by the Source function in lib/framework-functions.sh
# are run with 'set -x' but default.conf is sourced by usr/sbin/rear directly.
# See the comment of the UserInput function in lib/_input-output-functions.sh
# how to keep things confidential when usr/sbin/rear is run in debugscript mode
# ('2>/dev/null' should be sufficient here because 'test' does not output on stdout):
{ test "$BACKUP_PROG_CRYPT_KEY" ; } 2>/dev/null || BACKUP_PROG_CRYPT_KEY=''
# The command for backup encryption during "rear mkbackup" will be basically
# tar ... | BACKUP_PROG_CRYPT_OPTIONS BACKUP_PROG_CRYPT_KEY
# for details see the backup/NETFS/default/500_make_backup.sh script:
BACKUP_PROG_CRYPT_OPTIONS="/usr/bin/openssl des3 -salt -k "
# The command for backup decryption during "rear recover" will be basically
# BACKUP_PROG_DECRYPT_OPTIONS BACKUP_PROG_CRYPT_KEY | tar ...
# for details see the restore/NETFS/default/400_restore_backup.sh script:
BACKUP_PROG_DECRYPT_OPTIONS="/usr/bin/openssl des3 -d -k "
# One might even create a dynamic name like BACKUP_PROG_ARCHIVE="backup_$( date -Iseconds )"
# in particular one can use BACKUP_PROG_ARCHIVE="$( date '+%Y-%m-%d-%H%M' )-F"
# to get the same full backup file name for BACKUP_TYPE="" as what is used
# for BACKUP_TYPE=incremental and/or BACKUP_TYPE=differential (see below).
# But then one must specify the right existing BACKUP_PROG_ARCHIVE
# for "rear recover" so that the backup can be found and restored
# (i.e. during "rear recover" a dynamic name does not make sense).
# BACKUP_PROG_ARCHIVE is set to a default value here only
# if not already set so that the user can set it also like
# export BACKUP_PROG_ARCHIVE="mybackup"
# directly before he calls "rear ...":
test "$BACKUP_PROG_ARCHIVE" || BACKUP_PROG_ARCHIVE="backup"
# BACKUP_PROG_EXCLUDE is an array of strings that get written into a backup-exclude.txt file
# that is used e.g. in 'tar -X backup-exclude.txt' to get things excluded from the backup.
# Quoting of the BACKUP_PROG_EXCLUDE array members avoids bash pathname expansion
# when bash pathname expansion is not wanted for the BACKUP_PROG_EXCLUDE array members.
# In /etc/rear/local.conf use BACKUP_PROG_EXCLUDE+=( '/this/*' '/that/*' )
# to specify your particular items that should be excluded from the backup in addition to what
# gets excluded from the backup by default here (see also BACKUP_ONLY_EXCLUDE below):
BACKUP_PROG_EXCLUDE=( '/tmp/*' '/dev/shm/*' "$VAR_DIR/output/*" )
# BACKUP_PROG_INCLUDE is an array of strings that get written into a backup-include.txt file
# that is used e.g. in 'tar -c $(cat backup-include.txt)' to get things included in the backup.
# Quoting of the BACKUP_PROG_INCLUDE array members avoids bash pathname expansion
# when bash pathname expansion is not wanted for the BACKUP_PROG_INCLUDE array members.
# In /etc/rear/local.conf use BACKUP_PROG_INCLUDE=( /some/directory /path/to/some/file )
# to specify particular items that should be included in the backup in addition to what
# gets included in the backup by default (see BACKUP_ONLY_INCLUDE below):
BACKUP_PROG_INCLUDE=( )
# When BACKUP_ONLY_INCLUDE is set to a 'true' value
# only what is specified in BACKUP_PROG_INCLUDE will be in the backup
# but not implicitly also all local filesystems as defined in mountpoint_device:
BACKUP_ONLY_INCLUDE="no"
# When BACKUP_ONLY_EXCLUDE is set to a 'true' value
# only what is specified in BACKUP_PROG_EXCLUDE will be excluded from the backup
# but not implicitly also all excluded mountpoints in EXCLUDE_MOUNTPOINTS:
BACKUP_ONLY_EXCLUDE="no"
# Caution with MANUAL_INCLUDE mode: In MANUAL_INCLUDE mode, only the filesystems explicitly specified
# in BACKUP_PROG_INCLUDE will be saved. MANUAL_INCLUDE (=YES) is only useful, if your systems do always have the
# same "basic" mountpoints you want to save (either flat partitions or LVM or even mixed) and want to ignore
# additional filesystems, that might have been included into the system (via SAN) to not blow up the
# recovery system. Ensure to test your recovery when you want to use this mode. Default is NO
MANUAL_INCLUDE=NO
# Disable SELinux policy during backup with NETFS or RSYNC (default yes)
BACKUP_SELINUX_DISABLE=1
# Enable integrity check of the backup archive (full check only with BACKUP=NETFS and BACKUP_PROG=tar,
# with BACKUP=rsync or BACKUP_PROG=rsync it only checks whether rsync completed the restore successfully)
BACKUP_INTEGRITY_CHECK=
# Define BACKUP_TYPE.
# By default BACKUP_TYPE is empty which means "rear mkbackup" will create a full backup.
# Only with BACKUP=NETFS and BACKUP_PROG=tar one can also use incremental or differential backup:
# Incremental or differential backup is currently only known to work with BACKUP_URL=nfs://.
# Other BACKUP_URL schemes may work and at least BACKUP_URL=usb:///... requires USB_SUFFIX to be set
# to work with incremental or differential backup (see https://github.com/rear/rear/issues/1145).
# Incremental or differential backup and NETFS_KEEP_OLD_BACKUP_COPY contradict each other so that
# NETFS_KEEP_OLD_BACKUP_COPY must not be 'true' in case of incremental or differential backup
# because NETFS_KEEP_OLD_BACKUP_COPY would move an already existing backup directory away
# but for incremental or differential backup an already existing backup directory must stay there
# so that after the initial full backup the incremental or differential backups can be stored therein.
# With incremental or differential backup there is no need for NETFS_KEEP_OLD_BACKUP_COPY
# because with incremental or differential backup all backup archives have a date prefix:
# Full backups are of the form YYYY-MM-DD-HHMM-F.tar.gz where the 'F' denotes a full backup.
# Incremental backups are of the form YYYY-MM-DD-HHMM-I.tar.gz where the 'I' denotes an incremental backup.
# Differential backups are of the form YYYY-MM-DD-HHMM-D.tar.gz where the last 'D' denotes a differential backup.
# Therefore all backup archives have different file names so that no old one gets overwritten.
# BACKUP_TYPE=incremental means "rear mkbackup" creates at least one full backup (cf. FULLBACKUPDAY below)
# plus optionally several incremental backups that get created by subsequent "rear mkbackup" runs
# where each new incremental backup is based on the last existing incremental backup
# so that "rear recover" will restore first the latest full backup that exists
# plus all incremental backups in the ordering as they were made after the latest full backup.
# BACKUP_TYPE=differential means "rear mkbackup" creates at least one full backup (cf. FULLBACKUPDAY below)
# plus optionally several differential backups that get created by subsequent "rear mkbackup" runs
# where each new differential backup is based on the last existing full backup
# so that "rear recover" will restore first the latest full backup that exists
# plus one single latest differential backup that was made after the latest full backup.
# Incremental and differential backup is implemented via the 'tar' option '--newer=YYYY-MM-DD'
# so that only files whose modification or status change timestamp is newer than YYYY-MM-DD
# get included in the incremental or differential backup.
# In particular files that have been deleted since the last backup are not recognized this way
# so that such files will get falsely restored during "rear recover".
# Because of '--newer=YYYY-MM-DD' the timing granularity for incremental and differential backup
# is one day and the differentiating time is at 00:00 on YYYY-MM-DD.
# This means in particular for a series of incremental backups that happen each day at e.g. 05:00
# that all files with modification or status change timestamp between 00:00 and 05:00
# get included in two subsequent incremental backups, e.g. in 2017-11-22-0500-I.tar.gz
# and in 2017-11-23-0500-I.tar.gz because 2017-11-23-0500-I.tar.gz includes all files
# that are newer than 2017-11-22 at 00:00 (the date of the last incremental backup at 00:00)
# see https://github.com/rear/rear/issues/1285 for details.
# In general regarding advanced backup functionality (like incremental and differential backup):
# ReaR is primarily a disaster recovery tool to recreate the basic system after a disaster happened.
# ReaR is neither a backup software nor a backup management software and it is not meant to be one
# (cf. "Relax-and-Recover versus backup and restore" in https://en.opensuse.org/SDB:Disaster_Recovery).
# In particular do not expect too much from ReaR's internal backup methods like 'tar'.
# For simple tasks ReaR's internal backup methods should be o.k. but
# ReaR's internal backup methods are not meant as professional backup solutions.
# In general the backup and restore of the files is "external functionality" for ReaR.
# ReaR only calls an external tool and that tool does the backup and restore of the files.
# Use a professional backup solution in particular when you need advanced backup functionality.
BACKUP_TYPE=
# Together with BACKUP_TYPE=incremental or BACKUP_TYPE=differential
# you could define on which weekdays "rear mkbackup" will create a full backup.
# If FULLBACKUPDAY is set a full backup will be done on each of the weekdays in the FULLBACKUPDAY array
# in any case (regardless if there already exists a full backup that was created on the same day).
# For example FULLBACKUPDAY=( Sun Wed ) makes a full backup on each Sunday and Wednesday.
# The weekday values must match the output of "date +%a" run in the POSIX/C locale
# (/usr/sbin/rear sets that locale) i.e. it must be an English abbreviated weekday.
# According to http://stackoverflow.com/questions/18919151/crontab-day-of-the-week-syntax
# here is a list of the English abbreviated weekday values: Sun Mon Tue Wed Thu Fri Sat
FULLBACKUPDAY=()
# Together with BACKUP_TYPE=incremental or BACKUP_TYPE=differential
# you could define when an existing full backup is considered to be too old
# so that "rear mkbackup" will create a new full backup.
# ReaR does not remove any backup (the admin can do it deliberately and manually)
# so that in particular too old backups are not removed.
# By default an existing full backup is considered to be too old
# when it is older than 7 days ago:
FULLBACKUP_OUTDATED_DAYS="7"
##
# UDEV workflow stuff
##
# Define the default WORKFLOW for the udev handler (empty to disable)
UDEV_WORKFLOW=mkrescue
#
# Beep when udev handler has finished
UDEV_BEEP=y
#
# Suspend the (USB) device when udev handler has finished ?
UDEV_SUSPEND=y
#
# Turn the UID led on during udev workflow
UDEV_UID_LED=y
# Program files (as found in PATH) to include in the rescue/recovery system:
# These progs are optional, if they are missing, nothing happens
PROGS=( )
#
# Required programs in the rescue/recovery system:
# Same as above, but if they are missing, we abort.
REQUIRED_PROGS=(
"$SCRIPT_FILE"
awk
bash
bc
cat
cmp
cp
cpio
cut
dd
diff
df
dumpkeys
echo
expr
file
getopt
grep
join
kbd_mode
loadkeys
ls
mkdir
mount
mountpoint
mv
pidof
ps
pwd
rm
sed
seq
sort
strings
sync
tar
test
tr
umount
uniq
wc
)
# Special library files to include in the rescue/recovery system:
# Needed programs in the recovery system should be specified via
# PROGS+=( non_mandatory_program )
# REQUIRED_PROGS+=( mandatory_program )
# Normally there is no need to specify LIBS for programs
# because needed libraries for "normally" linked programs
# get automatically included via the RequiredSharedObjects function
# which calls ldd to determine the required shared objects
# of the elements in the PROGS and REQUIRED_PROGS arrays
# (cf. COPY_AS_IS and TRUSTED_FILE_OWNERS below).
# Therefore only libraries that are not reported by ldd
# (e.g. when libraries are loaded via dlopen by a program)
# must be specified in LIBS.
# RequiredSharedObjects() is also called for the elements in LIBS
# but it does not descend recursively into (sub)-directories
# so the elements in LIBS must evaluate to actual library files
# (by bash pathname expansion with 'nullglob' that is set in ReaR).
# For example instead of using only LIBS+=( /path/to/libdir )
# specify LIBS+=( /path/to/libdir/*.so* /path/to/libdir/*/*.so* )
# for library files in /path/to/libdir and in its direct sub-directories
# cf. https://github.com/rear/rear/issues/2743
LIBS=()
# Kernel modules to include in the rescue/recovery system:
# The default MODULES=( 'all_modules' ) results that
# all files in the /lib/modules/$KERNEL_VERSION directory
# get included in the recovery system. Usually this is
# required when migrating to different hardware to ensure
# that all possibly needed kernel drivers for the new hardware
# are available in the recovery system. It is also required
# to have the recovery system better prepared for somewhat
# "unusual use cases" where this or that additional kernel module
# is needed (see https://github.com/rear/rear/issues/1202),
# e.g. to ensure a USB keyboard is usable in the recovery system
# (see https://github.com/rear/rear/issues/1870)
# or to ensure data on external medium (e.g. iso9660) can be read
# (see https://github.com/rear/rear/issues/1202).
# Furthermore this is helpful to be on the safe side against possibly
# missing other (dependant) kernel modules that are not automatically
# found (see https://github.com/rear/rear/issues/1355).
# The drawback of MODULES=( 'all_modules' ) is that it makes the
# recovery system (and its ISO image) somewhat bigger,
# see https://github.com/rear/rear/issues/2041 for some numbers.
# To get the recovery system smaller by leaving out kernel modules
# the following settings can be specified:
# An empty MODULES=() setting means that the currently loaded
# kernel modules get included in the recovery system
# (so that recovery should work on same replacement hardware)
# plus some kernel modules that should always be included
# (see build/GNU/Linux/400_copy_modules.sh)
# plus kernel modules for certain kernel drivers like
# storage drivers, network drivers, crypto drivers,
# virtualization drivers, and some extra drivers
# (see rescue/GNU/Linux/230_storage_and_network_modules.sh
# and rescue/GNU/Linux/240_kernel_modules.sh). Usually this
# works reasonably well but no automatism works in any case
# so that more explicit user settings are possible via
# MODULES=( 'moduleX' 'moduleY' ) where additional kernel modules
# can be specified to be included in the recovery system
# in addition to the ones via an empty MODULES=() setting.
# Normally other required kernel modules are usually also
# automatically included but this may not work in any case
# (see https://github.com/rear/rear/issues/1355).
# The setting MODULES=( 'loaded_modules' ) results that
# only those kernel modules that are currently loaded get included
# in the recovery system so MODULES=( 'loaded_modules' 'additional_module' )
# is not supported but you may use COPY_AS_IS+=( ...) to include
# certain modules in addition to the currently loaded modules. This
# results a noticeable smaller recovery system but on the other hand
# it means that recovery will only work on same replacement hardware.
# The very special setting MODULES=( 'no_modules' ) enforces that
# no kernel modules at all get included in the recovery system
# regardless of what modules are currently loaded. Usually this
# means that the recovery system will not work - unless
# you have all needed kernel drivers compiled into your kernel.
MODULES=( 'all_modules' )
#
# Enforce to load these modules in the given order in the rescue/recovery system.
# We also load modules listed in /etc/modules. The order is 1) /etc/modules and
# 2) MODULES_LOAD and 3) modules loaded by udev or systemd. ReaR also takes the list
# of modules from your initrd and adds that to MODULES_LOAD.
MODULES_LOAD=()
#
# Kernel modules to exclude from the rescue/recovery system.
# Modules that are specified in EXCLUDE_MODULES are excluded
# from the rescue/recovery system in any case regardless what is
# specified for MODULES e.g. also for MODULES=( 'all_modules' ).
# By default we exclude scsi_debug - see issue #626:
EXCLUDE_MODULES=( scsi_debug )
# Firmware files to include in the rescue/recovery system.
# The FIRMWARE_FILES array contains filename globbing patterns
# that are used as '-ipath' arguments for 'find' calls to find
# firmware files in the /lib*/firmware/ directories that will
# get included in the rescue/recovery system for example like
# FIRMWARE_FILES=( '*rtl*' '*nvidia*' '*radeon*' )
# The special value FIRMWARE_FILES=( 'no' ) or any value that
# is recognized as 'no' by the is_false function enforces that
# no files from the /lib*/firmware/ directories get included
# in the rescue/recovery system.
# The special value FIRMWARE_FILES=( 'yes' ) or any value that
# is recognized as 'yes' by the is_true function enforces that
# all files from the /lib*/firmware/ directories get included
# in the rescue/recovery system.
# The by default empty FIRMWARE_FILES array means that
# usually all files in the /lib*/firmware/ directories
# get included in the rescue/recovery system but on certain
# architectures like ppc64 or ppc64le the default could be different
# cf. the conf/Linux-ppc64.conf and conf/Linux-ppc64le.conf scripts:
FIRMWARE_FILES=()
# UDEV_NET_MAC_RULE_FILES:
# Array of files where we try to replace the network MAC addresses with the newly found ones
# See also issue https://github.com/rear/rear/issues/2074 for the details
UDEV_NET_MAC_RULE_FILES=( /etc/udev/rules.d/*persistent*{names,net,cd}.rules /etc/udev/rules.d/*eno-fix.rules )
# Files and directories to copy as-is (with tar) into the ReaR recovery system.
# As its name tells COPY_AS_IS is primarily meant to "only copy as is".
# In particular tar does not follow symlinks when copying
# (for the reason behind see the build/GNU/Linux/100_copy_as_is.sh script).
# To get libraries into the recovery system, use the LIBS array.
# To get non-mandatory programs into the recovery system, use the PROGS array.
# To get mandatory programs into the recovery system, use the REQUIRED_PROGS array.
# For elements in the LIBS, PROGS, and REQUIRED_PROGS arrays
# the RequiredSharedObjects function is called to determine required
# shared objects (libraries) that get also copied into the recovery system.
# For what is specified via the COPY_AS_IS array there is an exception to the
# above "only copy as is" rule that for executables RequiredSharedObjects is called
# to also get their needed libraries copied into the recovery system.
# But when libraries are specified via COPY_AS_IS that are not executable
# no required other libraries get automatically copied into the recovery system.
# The reasoning behind is when programs are specified via COPY_AS_IS they
# should be handled gracefully but COPY_AS_IS is not meant for libraries.
# The drawback of calling RequiredSharedObjects for all executables is that
# RequiredSharedObjects calls ldd to determine the required shared objects
# but some versions of ldd do this by executing the executable (see "man ldd")
# which could lead to the execution of arbitrary programs as user 'root'
# in particular when directories are specified in COPY_AS_IS that may contain
# unexpected files like programs from arbitrary (possibly untrusted) users
# so for example COPY_AS_IS+=( /home/JohnDoe ) could be a rather bad idea.
# To mitigate those possible ldd security issues RequiredSharedObjects calls ldd
# only for files that are onwed by the trusted users in TRUSTED_FILE_OWNERS.
# Usually globbing patterns in COPY_AS_IS are specified without quoting
# like COPY_AS_IS+=( /whole/directory/ /directory_symlink/* /path/to/files* )
# so that the bash pathname expansion works as usually intended
# (for details see the build/GNU/Linux/100_copy_as_is.sh script).
# To copy contents of directory symlinks /directory_symlink/* can be used.
# Because copying happens by calling tar ... ${COPY_AS_IS[*]}
# (for the reason behind see the build/GNU/Linux/100_copy_as_is.sh script)
# files or directories that contain blanks or other $IFS characters cannot be specified
# but their parent directory can be specified if it does not contain $IFS characters.
# Because usr/sbin/rear sets the nullglob option globbing patterns
# like /path/to/files* expand to nothing if no file matches.
COPY_AS_IS=( $SHARE_DIR $VAR_DIR )
# Things to exclude from being copied into the ReaR recovery system:
# /var/lib/rear/output is useless in the recovery system and may contain huge files in particular
# an old recovery system image (e.g. an ISO image) from a previous "rear mkrescue/mkbackup" run.
# If that was re-included in the current recovery system each run of "rear mkrescue/mkbackup"
# would generate a bigger recovery system that recursively contains all previous recovery systems.
# /dev/.udev contains runtime things for udev (e.g. the temporary rules directory /dev/.udev/rules.d)
# cf. https://github.com/rear/rear/commit/f57be9070cb8ad8692497d0baedf364b47ac7a8d
# /dev/shm/ /dev/shm/\* is shared memory (shm/shmfs is mounted at /dev/shm as tmpfs)
# cf. https://github.com/rear/rear/commit/5453f6656589819872dc626f4a9d118ade82276e
# and https://github.com/rear/rear/commit/35b29218bdf1c88c0a2330147ae0e40480167fed
# /dev/oracleasm contains internal files (runtime information) generated by Oracle ASM upon boot.
# See https://github.com/rear/rear/issues/721 for details.
# /dev/mapper contains links to /dev/dm-N kernel device nodes that are managed and generated by device mapper.
# We let them being recreated by device mapper in the recovery system during the recovery process.
# Copying them into the recovery system would let "rear recover" avoid the migration process.
# See https://github.com/rear/rear/pull/1393 for details.
# /dev/watchdog /dev/watchdog\* functionality is not wanted in the ReaR rescue/recovery system
# because we do not want any automated reboot while disaster recovery happens via "rear recover".
# Furthermore having dev/watchdog* during "rear mkrescue" may even trigger a system "crash" that is
# caused by TrendMicro ds_am module touching dev/watchdog in ReaR's build area (/var/tmp/rear.XXX/rootfs).
# See https://github.com/rear/rear/issues/2798
COPY_AS_IS_EXCLUDE=( $VAR_DIR/output/\* dev/.udev dev/shm dev/shm/\* dev/oracleasm dev/mapper dev/watchdog\* )
# Array of user names that are trusted owners of files where RequiredSharedObjects calls ldd (cf. COPY_AS_IS)
# and where a ldd test is run inside the recovery system that tests all binaries for 'not found' libraries.
# The default is 'root' plus those standard system users that have a 'bin' or 'sbin' or 'root' home directory
# cf. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users
# When TRUSTED_FILE_OWNERS is empty all file owners are trusted.
TRUSTED_FILE_OWNERS=( 'root' 'bin' 'daemon' 'sync' 'shutdown' 'halt' 'operator' )
# Including and setting keyboard mappings in the ReaR recovery system,
# cf. https://github.com/rear/rear/pull/1781
# KEYMAPS_DEFAULT_DIRECTORY specifies the default directory for keyboard mapping files.
# Different Linux distributions use a different default directory for keymaps,
# see https://github.com/rear/rear/pull/1781#issuecomment-384322051
# and https://github.com/rear/rear/pull/1781#issuecomment-384331316
# and https://github.com/rear/rear/pull/1781#issuecomment-384560856
# so that we have this summary:
# /usr/share/kbd/keymaps is used by SUSE and Arch Linux
# /usr/share/keymaps is used by Debian and Ubuntu
# /lib/kbd/keymaps is used by Centos and Fedora and Red Hat
# By default (i.e. when KEYMAPS_DEFAULT_DIRECTORY is not set or empty)
# it uses the first one of those directories that exist:
KEYMAPS_DEFAULT_DIRECTORY=""
# KEYMAPS_DIRECTORIES is a string of directories that contain keyboard mapping files
# or plain keyboard mapping files to be included in the recovery system, for example like
# KEYMAPS_DIRECTORIES="/usr/share/kbd/keymaps/legacy /usr/src/linux/drivers/char/defkeymap.map"
# The main intent is to support non-US keyboards because without a right keyboard mapping
# it could become an awful annoyance to work in the recovery system.
# When KEYMAPS_DIRECTORIES is specified it is not sufficient to include
# e.g. only a '/usr/share/kbd/keymaps/legacy/i386/' sub-directory because
# include files in '/usr/share/kbd/keymaps/legacy/include/' are also needed.
# For example to find out what 'loadkeys de-latin1-nodeadkeys' needs one may run
# "strace -f -e open loadkeys de-latin1-nodeadkeys" and inspect its output
# which keymap files are used which results e.g. on openSUSE Leap 42.3 those files:
# /usr/share/kbd/keymaps/legacy/i386/qwertz/de-latin1-nodeadkeys.map.gz
# /usr/share/kbd/keymaps/legacy/i386/qwertz/de-latin1.map.gz
# /usr/share/kbd/keymaps/legacy/i386/include/qwertz-layout.inc
# /usr/share/kbd/keymaps/legacy/i386/include/compose.inc
# /usr/share/kbd/keymaps/legacy/i386/include/linux-with-alt-and-altgr.inc
# /usr/share/kbd/keymaps/legacy/i386/include/linux-keys-bare.inc
# /usr/share/kbd/keymaps/legacy/i386/include/euro2.map.gz
# /usr/share/kbd/keymaps/legacy/include/compose.latin1
# cf. https://github.com/rear/rear/pull/1781#issuecomment-384574103
# Specifying those files in KEYMAPS_DIRECTORIES results a minimal recovery system
# that contains only what is needed to use the de-latin1-nodeadkeys keyboard mapping.
# In some cases (e.g. on ppc64 with the yaboot bootloader) a minimal recovery system
# is required (cf. the section about REAR_INITRD_COMPRESSION below).
# By default (i.e. when KEYMAPS_DIRECTORIES is not set or empty)
# the whole KEYMAPS_DEFAULT_DIRECTORY is included to be on the safe side and
# to get a recovery system that can be used with various usual keyboards:
KEYMAPS_DIRECTORIES=""
# KEYMAP is a keymap file to be set via 'loadkeys $KEYMAP' in the recovery system
# to specify the exact keymap that should be set and used for example like:
# KEYMAP="de-latin1-nodeadkeys"
# During recovery system startup with topmost priority it tries to set
# what is specified as KEYMAP but that may fail when needed keymap files
# are missing in the recovery system (e.g. include files, see above).
# With second priority it tries to set the keymap of the original system
# which was dumped during "rear mkrescue/mkbackup", for details
# see the rescue/GNU/Linux/500_clone_keyboard_mappings.sh script.
# As fallback it tries to set the default 'defkeymap' (US keyboad) keymap.
# Be default (i.e. when KEYMAP is not set or empty) the keymap of the original system
# while "rear mkrescue/mkbackup" was run is also used in the recovery system:
KEYMAP=""
# Users and groups to copy into the ReaR recovery system.
# Users and groups must exist in the original system (i.e. one cannot create new ones).
# Specified users and groups that do not exist in the original system are ignored.
# Users and groups must be specified with names (not with numerical IDs):
CLONE_USERS=()
CLONE_GROUPS=()
CLONE_ALL_USERS_GROUPS="true"
# When CLONE_ALL_USERS_GROUPS is 'true' or 'all' copy users and groups
# that exist on the current system into the ReaR recovery system
# in addition to the users and groups in CLONE_USERS and CLONE_GROUPS.
# When CLONE_ALL_USERS_GROUPS contains a 'true' value, copy the users and groups
# from the local /etc/passwd and /etc/group files into the recovery system.
# To exclude users and groups set CLONE_ALL_USERS_GROUPS="false" and specify
# the users and groups via CLONE_USERS and CLONE_GROUPS as needed.
# If /etc/passwd or /etc/group on the original system contain secrets
# (in particular passwords) the secrets get copied into the recovery system.
# The /etc/shadow and /etc/gshadow files are not copied into the recovery system
# so that shadow passwords should not appear in the recovery system
# unless explicitly specified e.g. via COPY_AS_IS+=( /etc/shadow )
# When CLONE_ALL_USERS_GROUPS is 'all', copy also all users and groups that are
# available via 'getent' on the original system into the recovery system.
# For details see the usr/share/rear/rescue/default/900_clone_users_and_groups.sh script.
# The default CLONE_ALL_USERS_GROUPS="true" should normally be sufficient
# that all files from the backup can be restored with right user and group.
# If the original file's user and group does not exist in the recovery system
# that file from the backup might get restored with wrong user or group name
# (e.g. with the fallback 'root:root') or with wrong numerical user ID or group ID
# because the backup restore software runs "inside" the recovery system with the
# users and groups there and not with the users and groups of the original system.
# Therefore special users and groups can be added via CLONE_USERS and CLONE_GROUPS
# or even CLONE_ALL_USERS_GROUPS="all" can be specified.
# A terminal login password as a salted hash.
# If empty, a root login into the ReaR recovery system via the system console or a serial terminal
# is possible without being asked for a password.
# To generate a password hash,
# 1. run
# - 'openssl passwd -6', if openssl 1.1.1 or newer is available, or
# - 'openssl passwd -1', otherwise (see https://github.com/rear/rear/pull/2455#discussion_r453613086 for information
# on the implications of its cryptographic weakness),
# 2. copy its entire output line and insert it between the single quotes of the following line:
# { TTY_ROOT_PASSWORD=''; } 2>/dev/null
# NOTE: stderr is redirected in the above line to avoid exposing the password hash
# in the log file when ReaR runs in debugscript mode.
TTY_ROOT_PASSWORD=''
##
# SSH_FILES
# SSH_ROOT_PASSWORD
# SSH_UNPROTECTED_PRIVATE_KEYS
#
# What SSH files should be copied into the ReaR rescue/recovery system and
# how SSH access in the ReaR rescue/recovery system should be set up.
#
# This configuration only affects the rescue/recovery system.
# A system restored by ReaR will receive its SSH configuration entirely from its backup.
# ReaR supports OpenSSH versions >= 3.1 and SSH files at standard locations.
#
# When a different secure shell software is used set SSH_FILES='no'
# to disable the SSH setup functionality in ReaR and specify the
# files and programs that are needed for remote access in the
# rescue/recovery system via generic ReaR functionality like
# COPY_AS_IS, REQUIRED_PROGS, COPY_AS_IS_EXCLUDE, and LIBS.
#
# When SSH_FILES is set to 'no', nothing is done to set up SSH
# (in particular no sshd setup) in the rescue/recovery system.
#
# For a rescue system/medium free of secrets, use the default configuration:
# You can access the rescue system's root account via SSH via public/private key
# if that was permitted on the original system (via authorized_keys).
# Accessing other systems from the rescue system via SSH requires entering a password
# (as there are no private keys on the rescue medium).
#
# To support added functionality on the running rescue system is possible
# at the price of having the rescue system/medium contain secrets
# so that the rescue system ISO image and any recovery medium
# needs to be protected against unwanted access.
# To access the rescue system with a password, set SSH_ROOT_PASSWORD.
# To access other systems via root's passphrase-protected SSH private keys
# present on the original system, set SSH_FILES='yes'.
# To access other systems via root's protected and unprotected SSH private keys
# present on the original system, set SSH_FILES='yes' and SSH_UNPROTECTED_PRIVATE_KEYS='yes'.
#
# For special needs, you have these options:
# You can specify the SSH configuration files individually by setting SSH_FILES to an array,
# whose elements are the file paths.
# Elements of this array receive special key protection if configured.
# You can use COPY_AS_IS_EXCLUDE to exclude files from being copied.
#
# SSH host key files can be generated anew only for the recovery system.
# provided SSH_UNPROTECTED_PRIVATE_KEYS is not set to a 'false' value
# because private host keys are never protected.
# If there are no SSH host key files in the recovery system, a fallback RSA key
# is generated when starting sshd during recovery system startup and
# the RSA key fingerprint is shown on the recovery system login screen.
#
# For details see rescue/default/500_ssh.sh build/default/500_ssh_setup.sh
# build/default/501_check_ssh_keys.sh and skel/default/etc/scripts/run-sshd
#
# The default SSH_FILES='avoid_sensitive_files' should be secure
# because it avoids copying sensitive SSH files as follows:
# From /etc/ssh only moduli, ssh_config, sshd_config, and ssh_known_hosts are copied and
# from /root/.ssh only authorized_keys and known_hosts are copied into the recovery system.
SSH_FILES='avoid_sensitive_files'
#
# SSH_ROOT_PASSWORD defines a password for remote access to the recovery system as 'root' via SSH
# without requiring a public/private key pair. This password is valid only while the recovery system
# is running and will not allow access afterwards to the restored target system.
# In the recovery system the password is stored in hashed MD5 format (do not forget the password).
# Both SSH_ROOT_PASSWORD='plain_text_password' and SSH_ROOT_PASSWORD='hashed_password' are possible.
# To avoid a plain text password in the etc/rear/local.conf config file
# generate a hashed password with the command
# echo 'my_recovery_system_root_password' | openssl passwd -1 -stdin
# and use the output of openssl to set SSH_ROOT_PASSWORD='output_of_openssl'
# (single quotes avoid issues with the special bash character $ in the openssl output).
# SSH_ROOT_PASSWORD is ignored when SSH_FILES is set to a 'false' value.
SSH_ROOT_PASSWORD=
#
# SSH_UNPROTECTED_PRIVATE_KEYS="yes" makes ReaR also include SSH keys without a passphrase
# in the ReaR rescue/recovery system at the price of having the rescue system/medium
# contain secrets so that the rescue system ISO image and any recovery medium
# needs to be protected against unwanted access.
# This is not recommended because usually ReaR should build a recovery system ISO image
# that does not contain secrets from the original system so that a recovery medium that
# is created from the recovery system ISO image does not need to be specially protected.
# Instead of enabling this consider creating additional SSH keys with passphrases to be used
# only during recovery. You can even have the same key, once with and once without passphrase.
# The one without will be used during regular operations and the one with passphrase
# on the ReaR rescue/recovery system.
# With the default SSH_UNPROTECTED_PRIVATE_KEYS="no" ReaR tries to find SSH keys
# without passphrase for root (but not for other users) at standard locations
# and if found ReaR removes those unprotected keys from the recovery system.
# But SSH_UNPROTECTED_PRIVATE_KEYS="no" is not at all any guarantee
# to not have any kind of unprotected SSH key in the recovery system.
# In general to check if there are unwanted files in the recovery system
# use KEEP_BUILD_DIR="yes" and inspect the recovery system content
# in $TMPDIR/rear.XXXXXXXXXXXXXXX/rootfs/ and use COPY_AS_IS_EXCLUDE
# to exclude unwanted files from the recovery system.
SSH_UNPROTECTED_PRIVATE_KEYS='no'
##
# NON_FATAL_BINARIES_WITH_MISSING_LIBRARY
#
# What programs/binaries (i.e. files in a /bin/ or /sbin/ directory)
# are o.k. in the ReaR rescue/recovery system regardless
# that 'ldd' reports a 'not found' library for them.
# In general the right solution when 'ldd' reports a 'not found' library
# is to use the generic config variables COPY_AS_IS REQUIRED_PROGS and LIBS
# to get actually missing stuff into the ReaR rescue/recovery system or
# for external/third-party backup programs the specific config variables
# like COPY_AS_IS_TSM COPY_AS_IS_BORG COPY_AS_IS_YUM and others.
# NON_FATAL_BINARIES_WITH_MISSING_LIBRARY is a 'egrep' pattern
# like NON_FATAL_BINARIES_WITH_MISSING_LIBRARY='myprog|/mydir/'
# where it is known that things work regardless of what 'ldd' reports.
# By default it is fatal when 'ldd' reports a 'not found' library for
# any file in a /bin/ or /sbin/ directory in the recovery system and
# "rear mkrescue/mkbackup" aborts with "recovery system not usable".
# For details see the build/default/990_verify_rootfs.sh script.
NON_FATAL_BINARIES_WITH_MISSING_LIBRARY=''
##
# EXCLUDE_MD5SUM_VERIFICATION
#
# What files should be excluded from being verified during recovery system startup.
# During "rear mkrescue/mkbackup" the build/default/995_md5sums_rootfs.sh script
# creates md5sums for all regular files in the ReaR rescue/recovery system
# and stores the result as /md5sums.txt in the ReaR rescue/recovery system.
# During recovery system startup the md5sums of the files in /md5sums.txt are verified.
# The reason behind is that there could be errors during loading/unpacking
# of the initrd/initramfs which are reported (if one knows how to look for them)
# but at least some errors do not abort the boot process so that
# it could happen that files in the recovery system are corrupt
# but the user may not notice the actual error and get any kind
# of inexplicable errors later when using the recovery system,
# see https://github.com/rear/rear/issues/1859
# and https://github.com/rear/rear/issues/1724
# EXCLUDE_MD5SUM_VERIFICATION is a 'egrep -v' pattern
# like EXCLUDE_MD5SUM_VERIFICATION='/path/to/myfile|/path/to/mydir/'
# for files or directories in md5sums.txt that should be excluded from being verified.
# With the special value EXCLUDE_MD5SUM_VERIFICATION='all'
# creating md5sums and verification can be completely skipped.
# The by default empty EXCLUDE_MD5SUM_VERIFICATION means that certain files
# get excluded where it is known that their md5sum verification will fail
# (i.e. the already known false positives are excluded by default).
# For details see the build/default/995_md5sums_rootfs.sh
# and skel/default/etc/scripts/system-setup scripts.
EXCLUDE_MD5SUM_VERIFICATION=''
# Time synchronisation, could be NTP, CHRONY, NTPDATE, RDATE or empty:
TIMESYNC=
# Set a timesync source, mostly needed for NTPDATE and RDATE:
TIMESYNC_SOURCE=
# Define a default LANG_RECOVER. At least TSM seems to need it to correctly restore foreign language sets.
# You may redefine it e.g. like LANG_RECOVER=de_DE@euro but be careful because there could be weird failures
# because the plain UTF-8 encoding is compatible with ASCII but setting LANG e.g. to en_US.UTF-8 is no longer
# ASCII compatible, see "Character encoding" in https://github.com/rear/rear/wiki/Coding-Style
# and https://github.com/rear/rear/issues/1035 and https://github.com/rear/rear/pull/1469
LANG_RECOVER=C
# LUKS_CRYPTSETUP_OPTIONS contains additional options to cryptsetup
# which complement auto-detected options and enforce certain settings.
# The default settings '--iter-time 2000 --use-random' increase security
# beyond the level attained by compiled-in cryptsetup defaults.
# On some systems using the /dev/random random generator may result in possibly long delays
# while generating the needed LUKS encryption keys during "rear recover".
# In this case you may set LUKS_CRYPTSETUP_OPTIONS="--iter-time 2000 --use-urandom" instead
# but using /dev/urandom instead of /dev/random results a low-quality master encryption key.
# To add more additional options to the ones below specify them in your etc/rear/local.conf via
# LUKS_CRYPTSETUP_OPTIONS+=" more additional options"
# (the leading space is mandatory) for example LUKS_CRYPTSETUP_OPTIONS+=" --force-password"
# to avoid that during "rear recover" cryptsetup fails (which lets the diskrestore.sh script fail)
# when your LUKS password does not match the cryptsetup password quality checking requirements.
# Another example could be something like LUKS_CRYPTSETUP_OPTIONS+=" --align-payload 4096"
# to enforce a 4096 * 512 bytes = 2 MiB alignment of the data payload (without LUKS header)
# when e.g. 2 MiB alignment of the LUKS data payload is actually used on the original system.
# This could be needed in particular when LUKS volumes are used as containers for higher level
# storage objects like LVM on top of LUKS encrypted volumes to have LUKS encryption for LVM.
# When "rear recover" is done on a different replacement disk it could happen that the
# cryptsetup default data payload alignment (which is based on the topology of the new disk)
# recreates LUKS volumes with a bigger alignment value that results less data payload size
# compared to what it was on the original system which could let a subsequent LVM setup fail
# when a specified LVM volume size does no longer fit into a smaller LUKS data payload area,
# cf. https://github.com/rear/rear/issues/2389
# For details, see the cryptsetup(8) manual page of your particular Linux distribution.
LUKS_CRYPTSETUP_OPTIONS="--iter-time 2000 --use-random"
##
# BACKUP=CDM (Rubrik CDM; Cloud Data Management)
##
# ReaR support for Rubrik Cloud Data Management (CDM).
# ReaR will copy the Rubrk RBS agent and required OS binaries to its ISO for incluson on boot.
# ReaR will start the Rubrik RBS agent when 'rear recover' is run.
COPY_AS_IS_CDM=( /etc/rubrik /usr/bin/rubrik /var/log/rubrik /etc/pki )
COPY_AS_IS_EXCLUDE_CDM=( /var/log/rubrik/* )
PROGS_CDM=( /usr/bin/rubrik/backup_agent_main /usr/bin/rubrik/bootstrap_agent_main openssl uuidgen )
##
# BACKUP=FDRUPSTREAM stuff
##
# ReaR support for FDR/Upstream is limited to disaster recovery only.
# ReaR will not perform an FDR/Upstream backup.
# ReaR will install a working FDR/Upstream client when you issue the 'rear recover' command
FDRUPSTREAM_INSTALL_PATH="/opt/fdrupstream"
FDRUPSTREAM_CONFIG_PATH="/etc/opt/fdrupstream"
FDRUPSTREAM_DATA_PATH="/var/opt/fdrupstream"
COPY_AS_IS_FDRUPSTREAM=( "$FDRUPSTREAM_INSTALL_PATH" "$FDRUPSTREAM_CONFIG_PATH" "$FDRUPSTREAM_DATA_PATH" )
# Under certain conditions 'rear mkrescue' put its output files in $FDRUPSTREAM_DATA_PATH/rear
# and subsequent runs of 'rear mkrescue' would let it grow (in effect, it is a recursive backup)
# so we exclude $FDRUPSTREAM_DATA_PATH/rear from the backup:
COPY_AS_IS_EXCLUDE_FDRUPSTREAM=( "$FDRUPSTREAM_DATA_PATH/rear" "$FDRUPSTREAM_INSTALL_PATH/usserver" )
CHECK_CONFIG_FILES_FDRUPSTREAM=(
"$FDRUPSTREAM_INSTALL_PATH/fdrupstream"
"$FDRUPSTREAM_INSTALL_PATH/upstream.msg"
"$FDRUPSTREAM_INSTALL_PATH/uscmd*"
"$FDRUPSTREAM_INSTALL_PATH/usdaemon*"
"$FDRUPSTREAM_INSTALL_PATH/us"
"$FDRUPSTREAM_INSTALL_PATH/us1"
"$FDRUPSTREAM_INSTALL_PATH/us.ser"
"$FDRUPSTREAM_INSTALL_PATH/*.so"
"$FDRUPSTREAM_INSTALL_PATH/bin/*.so"
"$FDRUPSTREAM_INSTALL_PATH/usudb*"
"$FDRUPSTREAM_INSTALL_PATH/*.dat"
"$FDRUPSTREAM_INSTALL_PATH/*.cfg"
"$FDRUPSTREAM_CONFIG_PATH/*"
"$FDRUPSTREAM_DATA_PATH/*/parms/*"
)
PROGS_FDRUPSTREAM=()
##
# BACKUP=NBKDC stuff
##
# (NovaStor DataCenter: http://www.novastor.com)
# Agent installation will be detected automatically in:
# prep/NBKDC/default/400_prep_nbkdc.sh
# ReaR will not perform the backup, this will be triggered by NovaStor DataCenter
##
NBKDC_DIR=/opt/NovaStor/DataCenter
COPY_AS_IS_NBKDC=()
COPY_AS_IS_EXCLUDE_NBKDC=()
##
# BACKUP=GALAXY stuff
##
# Note: This is for Galaxy 5 (tested) und probably 6 (untested)
#
COPY_AS_IS_GALAXY=( /lib/libm* /opt/galaxy /etc/Galaxy.pkg /etc/CommVaultRegistry )
COPY_AS_IS_EXCLUDE_GALAXY=( "/opt/galaxy/iDataAgent/jobResults/*" "/opt/galaxy/Updates/*" "/opt/galaxy/Base/Temp/*" )
GALAXY_COMMCELL=
GALAXY_PORT=8401
GALAXY_LOGONID=
GALAXY_INSTANCE=
GALAXY_BACKUPSET=
##
# BACKUP=GALAXY7 stuff
##
# Note: This is for Galaxy 7 (tested) and maybe also for 6 (untested)
#
COPY_AS_IS_GALAXY7=( /lib/libm* /opt/galaxy /etc/CommVaultRegistry )
COPY_AS_IS_EXCLUDE_GALAXY7=( "/opt/galaxy/iDataAgent/jobResults/*" "/opt/galaxy/Updates/*" "/opt/galaxy/Base/Temp/*" )
# Use this default backup set. If left empty we will prompt the user at restore time for
# the appropriate backup set to use. Could be set to a global organisation-wide default
# in site.conf ...
GALAXY7_BACKUPSET=
# Use this argument file for all Galaxy commands. You can place some general stuff here
# and also use this file to store the logon credentials to Galaxy. This file will be
# automatically included in COPY_AS_IS
GALAXY7_Q_ARGUMENTFILE=
##
# BACKUP=GALAXY10 stuff
##
# Note: This is for Galaxy 10 (tested)
#
COPY_AS_IS_GALAXY10=( /lib/libm* /opt/simpana/ /etc/CommVaultRegistry )
COPY_AS_IS_EXCLUDE_GALAXY10=( "/opt/simpana/iDataAgent/jobResults/*" "/opt/simpana/Updates/*" "/opt/simpana/Base/Temp/*" )
# Use this default backup set. If left empty we will prompt the user at restore time for
# the appropriate backup set to use. Could be set to a global organisation-wide default
# in site.conf ...
GALAXY10_BACKUPSET=
# Use this argument file for all Galaxy commands. You can place some general stuff here
# and also use this file to store the logon credentials to Galaxy. This file will be
# automatically included in COPY_AS_IS
GALAXY10_Q_ARGUMENTFILE=
##
# BACKUP=TSM stuff
##
#
COPY_AS_IS_TSM=( /etc/adsm /opt/tivoli/tsm/client /usr/local/ibm/gsk8* )
# TSM client can be big (~300MB). If you need to reduce the size of the rescue image initrd (which can be a
# good idea for PowerVM based partition),
# you can use the following COPY_AS_IS_TSM which will only copy what is needed to start a TSM restore.
# Don't forget to add your custom configuration files like Includes and Excludes files.
# COPY_AS_IS_TSM=( /etc/adsm /opt/tivoli/tsm/client/ba/bin/dsmc /opt/tivoli/tsm/client/ba/bin/dsm.sys /opt/tivoli/tsm/client/ba/bin/dsm.opt /opt/tivoli/tsm/client/api/bin64/libgpfs.so /opt/tivoli/tsm/client/api/bin64/libdmapi.so /opt/tivoli/tsm/client/ba/bin/EN_US/dsmclientV3.cat /usr/local/ibm/gsk8* )
COPY_AS_IS_EXCLUDE_TSM=( )
PROGS_TSM=(dsmc)
# TSM library PATH that need to be added to LD_LIBRARY_PATH.
# gsk lib PATH are detected and automatically added by usr/share/rear/prep/TSM/default/400_prep_tsm.sh
TSM_LD_LIBRARY_PATH="/opt/tivoli/tsm/client/ba/bin:/opt/tivoli/tsm/client/api/bin64:/opt/tivoli/tsm/client/api/bin:/opt/tivoli/tsm/client/api/bin64/cit/bin"
# where to copy the resulting files to and save them with TSM
TSM_RESULT_FILE_PATH=/opt/tivoli/tsm/rear
#
# Additional dsmc options for restore. Point-in-time read from user
# input is also added to this array.
TSM_DSMC_RESTORE_OPTIONS=( )
#
# Tell if the result from mkbackup/mkrescue (Rescue image: ISO image, PXE, kernel and initrd)
# should be saved via TSM.
# You can disable these saving when the result is saved on an different way (ISO_URL, PXE_TFTP_URL....)
# (y/n) default to y
TSM_RESULT_SAVE=y
#
# TSM archive management class definition
TSM_ARCHIVE_MGMT_CLASS=
#
# Say "y", "Yes" or "1" to remove the ISO file from local system (in the ISO_DIR location)
# if TSM server confirms the backup was successful (to preserve space on the local system)
TSM_RM_ISOFILE=
##
# OUTPUT=OBDR stuff
##
#
COPY_AS_IS_OBDR=( )
COPY_AS_IS_EXCLUDE_OBDR=( )
REQUIRED_PROGS_OBDR=( lsscsi sg_wr_mode )
# OBDR block size, known to work with 2048
OBDR_BLOCKSIZE=2048
##
# BACKUP=NBU stuff (Symantec/Veritas NetBackup)
##
#
COPY_AS_IS_NBU=( /usr/openv/bin/vnetd /usr/openv/bin/vopied /usr/openv/lib /usr/openv/netbackup /usr/openv/var/auth/[mn]*.txt /opt/VRTSpbx /etc/vx/VxICS /etc/vx/vrtslog.conf )
COPY_AS_IS_EXCLUDE_NBU=( /usr/openv/netbackup/logs "/usr/openv/netbackup/bin/bpjava*" /usr/openv/netbackup/bin/xbp /usr/openv/netbackup/bin/private /usr/openv/lib/java /usr/openv/lib/shared/vddk /usr/openv/netbackup/baremetal )
# See https://github.com/rear/rear/issues/2105 why /usr/openv/netbackup/sec/at/lib/ is needed:
NBU_LD_LIBRARY_PATH="/usr/openv/lib:/usr/openv/netbackup/sec/at/lib/"
PROGS_NBU=( )
##
# BACKUP=AVA stuff (EMC Avamar)
##
#
# AVA_ROOT_DIR is relocatable - default location is either /usr/local/avamar or /opt/avamar
AVA_ROOT_DIR=/opt/avamar
COPY_AS_IS_AVA=( $AVA_ROOT_DIR/* /var/avamar/avagent.cfg /var/avamar/cid.bin /etc/init.d/functions /etc/rc.d/init.d/avagent )
COPY_AS_IS_EXCLUDE_AVA=( "$AVA_ROOT_DIR/var/*" )
PROGS_AVA=( )
##
# BACKUP=DP stuff (Micro Focus Data Protector)
##
# With COPY_AS_IS_DP=( ... /etc/opt/omni/client ) in particular the client certificate files
# localhost_cert.pem and localhost_key.pem in the /etc/opt/omni/client/sscertificates/ directory
# that are needed to restore the backup when Data Protector Secure Communication is configured
# get copied into the ReaR rescue/recovery system initramfs/initrd so that in particular
# ReaR ISO images and ReaR recovery media must be protected against unwanted access.
# In general to check if there are unwanted files in the recovery system use KEEP_BUILD_DIR="yes"
# and inspect the recovery system content in $TMPDIR/rear.XXXXXXXXXXXXXXX/rootfs/ and use
# COPY_AS_IS_EXCLUDE or COPY_AS_IS_EXCLUDE_DP to exclude unwanted files from the recovery system.
# The client certificate is excluded from a Data Protector backup due to security concerns
# so it is not restored with Data Protector. During "rear recover" the client certificate files
# are copied from the ReaR recovery system into the recovered/recreated target system.
# For details see the usr/share/rear/finalize/DP/default/500_restore_ssc.sh script.
COPY_AS_IS_DP=( /opt/omni /etc/opt/omni/client )
COPY_AS_IS_EXCLUDE_DP=( /opt/omni/bin/telemetry /opt/omni/Depot /opt/omni/databases /opt/omni/jre /opt/omni/newconfig /opt/omni/bin/drim /opt/omni/AppServer /opt/omni/RS_idb /opt/omni/reporting )
DP_LD_LIBRARY_PATH="/opt/omni/lib:/opt/omni/lib64"
##
# BACKUP=NSR (EMC Networker; Legato)
##
#
# NSR_ROOT_DIR is relocatable - default location is /nsr
NSR_ROOT_DIR=/nsr
COPY_AS_IS_NSR=( $NSR_ROOT_DIR /opt/nsr /opt/networker /usr/lib/nsr /usr/lib64/gconv )
COPY_AS_IS_EXCLUDE_NSR=( "$NSR_ROOT_DIR/logs/*" "$NSR_ROOT_DIR/debug/*" "$NSR_ROOT_DIR/index/*" "$NSR_ROOT_DIR/lockbox/*" "$NSR_ROOT_DIR/mm/*" "$NSR_ROOT_DIR/repository/*" "$NSR_ROOT_DIR/scripts/*" "$NSR_ROOT_DIR/utils/*" )
PROGS_NSR=( nsrexec nsrexecd mminfo save savefs savepnpc recover nsrfsra nsrinfo nsrretrieve nsrwatch nsrports uasm )
# NSRSERVER is normally found automatically, but for the rare cases it is not found pls define it in local.conf
NSRSERVER=
# NSR_RETENTION_TIME defines the retention time in EMC NetWorker for the result files (ISO image), default is "1 day"
# see nsr_getdate(3) for the valid choices (double-quotes are important)
NSR_RETENTION_TIME=
# The name of the default NSR pool. Default is the upstream default but some sites need to change that to an own default pool name.
NSR_DEFAULT_POOL_NAME=Default
# There are different EMC Legato server based recovery options which highly depend on
# the client's permissions granted on the EMC Networker (Legato) server side.
#
# Either it is allowed to self-service a recovery job on a EMC Networker server
# (i.e. direct access) or it is required to trigger someone else who is capable
# to start the file recovery job for the client (i.e. client does not have direct
# access to the EMC Networker server).
#
# Those recovery actions are covered with the following settings:
# NSR_CLIENT_MODE=yes ; Client needs to trigger someone else to start the
# EMC Networker server recovery action
# or
# NSR_CLIENT_MODE=no (or unset) ; Default - We have full control on EMC networker server for recovery actions
NSR_CLIENT_MODE=
# It is possible to set dedicated permissions for EMC Networker clients to perform their
# recovery actions on their own. To deal with this situation an additional variable is used
# to indicate this during disaster recovery activity. This is combined with the setting of
# NSR_CLIENT_MODE.
#
# The current possible combinations are:
# NSR_CLIENT_MODE | NSR_CLIENT_REQUESTRESTORE | Explanation
# ----------------+---------------------------+----------------
# NO or unset | YES, NO or unset | Default - EMC Networker server and client are under full control
# YES | YES or unset | Client needs to request (someone else) to start the EMC Networker server recovery action
# YES | NO | Client is allowed to recover files from EMC Network Server "on its own" with optional point-in-time recovery
#
# NSR_CLIENT_REQUESTRESTORE=yes ; Client needs to request for a recovery action
# (is NOT allowed to perform recovery actions on its own).
# or
# NSR_CLIENT_REQUESTRESTORE=no (or unset) ; Default - Client does NOT need to request for a
# recovery action (is allowed to perform recovery
# actions on its own).
NSR_CLIENT_REQUESTRESTORE=
##
# BACKUP=SESAM (SEP Sesam: http://www.sep.de)
# path to sesam installation will be detected automatically in:
# prep/SESAM/default/400_prep_sesam.sh
##
COPY_AS_IS_SESAM=()
COPY_AS_IS_EXCLUDE_SESAM=()
##
# BACKUP=BACULA stuff (www.bacula.org stuff)
##
# If empty BACULA_CONF_DIR and BACULA_BIN_DIR
# are automatically set in prep/BACULA/default/400_prep_bacula.sh
# Usually BACULA_CONF_DIR is "/etc/bacula"
# but for bacula-enterprise-client it is "/opt/bacula/etc"
# Usually BACULA_BIN_DIR is "/usr/sbin"
# but for bacula-enterprise-client it is "/opt/bacula/bin"
BACULA_CONF_DIR=""
BACULA_BIN_DIR=""
COPY_AS_IS_BACULA=( /var/spool/bacula )
COPY_AS_IS_EXCLUDE_BACULA=( /var/lib/bacula )
PROGS_BACULA=( bacula-fd bconsole bacula-console bextract bls bscan btape smartctl )
# Provide the (possible) volume labels to restore from using bextract.
# Multiple entries can be separated by '|' and '*' wildcards are allowed.
# eg. VOL-*|Vol-*
BEXTRACT_VOLUME=
# Provide the Bacula archive device to use for restoring from, either the
# name of a tape device or a disk block device as configured for bacula-sd.
# eg. Ultrium-1 or /dev/sda1
BEXTRACT_DEVICE=
##
# BACKUP=BORG stuff (https://borgbackup.readthedocs.io)
##
# Copy Borg stuff 1:1
COPY_AS_IS_BORG=( )
# Binaries Borg needs to operate correctly
# ReaR includes `borg' and `locale' automatically
PROGS_BORG=( )
# Borg server name
BORGBACKUP_HOST=
# Username for connection to Borg server
BORGBACKUP_USERNAME=
# Path to Borg repository on Borg server
# Be careful to begin you path/to/repo with a / even with relative path
# /./path/to/repo - path relative to current directory
# /~/path/to/repo - path relative to user's home directory
# /~other/path/to/repo - path relative to other's home directory
BORGBACKUP_REPO=
# Prefix used by ReaR to name archives.
# Do not use '_' in the BORGBACKUP_ARCHIVE_PREFIX value as it is used internally by ReaR.
BORGBACKUP_ARCHIVE_PREFIX="rear"
# Compression used by Borg
# Syntax: <compression_type,level>
# compression_type: none, lz4, zlib, lzma
# level: 0-9
# Default: none
# We agreed in #1037 to mirror its settings in ReaR as well.
# "The reason why we default to no compression is that users have to make
# an informed choice."
BORGBACKUP_COMPRESSION=""
# Borg encryption type
# Types: none, keyfile, repokey
# none: encryption is disabled (least trouble with setup, least security)
# keyfile: passphrase and having-the-key (stored on client in /$HOME/.config/borg/keys/)
# repokey: passphrase-only (stored on server BORGBACKUP_REPO/config)
# Default: repokey
BORGBACKUP_ENC_TYPE="none"
# When set, use the given path/filename as remote path (default is "borg")
BORGBACKUP_REMOTE_PATH=""
# Set archive umask
# Default: 0077
BORGBACKUP_UMASK=""
# Borg retention strategy
# See https://borgbackup.readthedocs.io/en/stable/usage/prune.html
# Deprecated variables like e.g. BORGBACKUP_PRUNE_WITHIN are still considered,
# if new variable BORGBACKUP_PRUNE_KEEP_WITHIN is not set.
BORGBACKUP_PRUNE_KEEP_WITHIN=
BORGBACKUP_PRUNE_KEEP_LAST=
BORGBACKUP_PRUNE_KEEP_MINUTELY=
BORGBACKUP_PRUNE_KEEP_HOURLY=
BORGBACKUP_PRUNE_KEEP_DAILY=
BORGBACKUP_PRUNE_KEEP_WEEKLY=
BORGBACKUP_PRUNE_KEEP_MONTHLY=
BORGBACKUP_PRUNE_KEEP_YEARLY=
# Borg default ssh port
BORGBACKUP_PORT=22
# Hint about Borg output and logs:
# If BORGBACKUP_SHOW_PROGRESS is true, no Borg output is written in ReaR log.
# In case Borg output is written to ReaR logs (BORGBACKUP_SHOW_PROGRESS=false)
# depending on verbosity (-v) Borg output is also shown to the user.
#
# Previous hint: If there is a need to store additional data into log file,
# `tee' can be used for this purpose.
# For more information on how additional output can be stored check:
# https://github.com/rear/rear/issues/2007#issuecomment-448618562
#
# Should progress from Borg be displayed as backup runs?
# (Progress data will not be stored in ReaR log.)
BORGBACKUP_SHOW_PROGRESS="no"
BORGBACKUP_CREATE_SHOW_PROGRESS=
BORGBACKUP_PRUNE_SHOW_PROGRESS=
BORGBACKUP_EXTRACT_SHOW_PROGRESS=
# Should final Borg stats be displayed after backup is over?
# (Borg final stats will not be stored into ReaR log, if
# BORGBACKUP_SHOW_PROGRESS is true)
BORGBACKUP_SHOW_STATS="no"
BORGBACKUP_CREATE_SHOW_STATS=
BORGBACKUP_PRUNE_SHOW_STATS=
BORGBACKUP_EXTRACT_SHOW_STATS=
# Should Borg output list of items (files, dirs, ...)?
# (Borg list will not be stored into ReaR log, if
# BORGBACKUP_SHOW_PROGRESS is true)
BORGBACKUP_SHOW_LIST="no"
BORGBACKUP_CREATE_SHOW_LIST=
BORGBACKUP_PRUNE_SHOW_LIST=
BORGBACKUP_EXTRACT_SHOW_LIST=
# Should Borg output final return code after its run?
# (Borg return code will not be stored into ReaR log, if
# BORGBACKUP_SHOW_PROGRESS is true)
BORGBACKUP_SHOW_RC="no"
BORGBACKUP_CREATE_SHOW_RC=
BORGBACKUP_PRUNE_SHOW_RC=
BORGBACKUP_EXTRACT_SHOW_RC=
# Pagination for selecting archives:
# While restoring how many archives should be shown in each step to the user?
# If more archives are available, cycle through them.
# Enabled by default with showing up to 10 archives per cycle.
# To disable it set it 0.
BORGBACKUP_RESTORE_ARCHIVES_SHOW_MAX=10
# Should Borg when initializing a repo also create parent directories,
# if they are missing?
# Can be useful if e.g. you use ReaR USB output and want all your Borg
# repositories in a subfolder (e.g. BORGBACKUP_REPO="/borg_repos/$HOSTNAME")
BORGBACKUP_INIT_MAKE_PARENT_DIRS="no"
# Should Borg exclude caches from backup?
# Exclude directories that contain a CACHEDIR.TAG file
# See https://borgbackup.readthedocs.io/en/stable/usage/create.html
# See http://www.bford.info/cachedir/spec.html
BORGBACKUP_EXCLUDE_CACHES="no"
# Should Borg exclude directories with a .nobackup file?
# Exclude directories tagged by containing a filesystem object .nobackup
# e.g. created by `touch .nobackup`
# See https://borgbackup.readthedocs.io/en/stable/usage/create.html
BORGBACKUP_EXCLUDE_IF_NOBACKUP="no"
# Should Borg backup be created with a specific timestamp?
# E.g. when you use multiple backups method and each backup in the run should
# have the same Borg timestamp. Consider the case you run backup shortly
# before midnight, one backup running before midnight, the other one after
# midnight. It may have an effect on your pruning policy, so you may find this
# option useful.
# Format for manually specifiying the archive creation date/time in UTC:
# yyyy-ddThh:mm:ss
# E.g. with `date --utc +"%FT%T`
# https://github.com/rear/rear/blob/master/doc/user-guide/11-multiple-backups.adoc
# https://borgbackup.readthedocs.io/en/stable/usage/create.html
BORGBACKUP_TIMESTAMP=
# Environment variables
# Borg is using couple of environment variables which can influence its behavior.
# You can make use of them by putting 'export BORG_var_name="var_value"'
# into ReaR's local.conf/site.conf.
# e.g.
# (single quotes avoid issues with the special bash character $)
# export BORG_PASSPHRASE='S3cr37_P455w0rD'
# export BORG_RELOCATED_REPO_ACCESS_IS_OK="yes"
# export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK="yes"
# export BORG_KEYS_DIR="/borg/keys"
# export BORG_CACHE_DIR="/borg/cache"
# ...
#
# For full list and description see:
# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables
##
# BACKUP=BLOCKCLONE
##
# If set to "yes" partitions will be created 1:1
# Normally ReaR uses code that might create a slight offset in partitioning.
# This might be fatal for Windows boot, if you plan to backup/restore
# bootable Windows OS, which shares same disk with Linux, set this to "yes"
# Setting this option to "yes" might cause that ReaR fails
# when migrating to different HW.
BLOCKCLONE_STRICT_PARTITIONING="no"
# Source device for backup
BLOCKCLONE_SOURCE_DEV=""
# Program to use for cloning
# Syntax: < ntfsclone | dd >
BLOCKCLONE_PROG=""
# Options that should be passed to BLOCKCLONE_PROG
BLOCKCLONE_PROG_OPTS=""
# Block device containing boot strap code
# If empty, neither MBR bootstrap code, nor partition layout will be
# saved/recreated
BLOCKCLONE_SAVE_MBR_DEV=""
# Filename containitg boot strap code (first 446B of MBR)
BLOCKCLONE_MBR_FILE="boot_strap.img"
# Filename containing strict partition layout
BLOCKCLONE_PARTITIONS_CONF_FILE="partition_layout.conf"
# Allow to run backup of mounted disks/partitions
BLOCKCLONE_ALLOW_MOUNTED="no"
# Try unmounting device first (only meaningful when BLOCKCLONE_ALLOW_MOUNTED="yes")
BLOCKCLONE_TRY_UNMOUNT="no"
##
# BACKUP=BAREOS stuff (bareos.org)
##
COPY_AS_IS_BAREOS=( /etc/bareos /var/spool/bareos )
COPY_AS_IS_EXCLUDE_BAREOS=( /var/lib/bareos )
PROGS_BAREOS=( bareos-fd bconsole bareos-console bextract bls bscan btape smartctl )
# Bareos client name, only adpat if it differs from hostname-fd
# BAREOS_CLIENT="$HOSTNAME-fd"
# Provide the (possible) volume labels to restore from using bextract.
# Multiple entries can be separated by '|' and '*' wildcards are allowed.
# eg. VOL-*|Vol-*
BEXTRACT_VOLUME=
# Provide the Bareos archive device to use for restoring from, either the
# name of a tape device or a disk block device as configured for bareos-sd.
# eg. Ultrium-1 or /dev/sda1
BEXTRACT_DEVICE=
# If you have more than one restore job defined for a client, define it as
# BAREOS_RESTORE_JOB=client-restore
# You can leave it unset as ReaR will tell you when it is needed
# BAREOS_RESTORE_JOB=
#
# If you have more than one fileset configured for your client, specify one here.
# Otherwise interaction is needed during restore.
# Leave unset, if you have only one fileset for your client (this is almost always the case)
# E.g. BAREOS_FILESET=Full
# BAREOS_FILESET=
##
# BACKUP=DUPLICITY stuff
##
# DUPLICITY is a cloud based external backup method
# The program duply is wrapper script around duplicity which makes it much easier to use
# and script in ReaR - duply uses the concept of a profile (basically a script with vars
# to define your settings - use it as "duply <profile> status" to see it in action)
# By using DUPLY_PROFILE we will try an automatic restore, if duplicity directly is used
# then you better add some restore script in the COPY_AS_IS array
#
# BACKUP_PROG="duply"
DUPLY_PROFILE=""
#
#######################################################################
# Extension for DUPLICITY
#
# BACKUP=DUPLICITY
# BACKUP_PROG="duplicity"
#
DUPLICITY_PROG="$(type -P duplicity)"
#
# The following variable will be passed to Duplicity via --name, this prevents
# Duplicity from always recreating the local archive (in /root/.cache/duplicity)
# as the URL is always different when using BACKUP_DUPLICITY_NETFS_URL
BACKUP_DUPLICITY_NAME="rear-backup"
#
# The ssh/rsync user at the backup server that is allowed to read/write the backup
# for this host:
# DUPLICITY_USER="<user>"
#
# The backup server to write/read the backup:
# DUPLICITY_HOST="<hostname|ip>"
#
# The protocol Duplicity should use for backup/restore (must be rsync for this case).
# Duplicity supports much more (ssh, scp, ftp, ..) but this isn't test in ReaR yet:
# DUPLICITY_PROTO="rsync"
#
# The path at the remote host, that contain the host-dirs with the backups:
# DUPLICITY_PATH="</dir1/dir2>"
#
# Combining the upper parameters should result
# e.g. in BACKUP_DUPLICITY_URL="rsync://rear-user@192.168.99.10//backup/rear"
#
# BACKUP_DUPLICITY_URL="${DUPLICITY_PROTO}://${DUPLICITY_USER}@${DUPLICITY_HOST}/${DUPLICITY_PATH}"
#
# OR
#
# Use an NETFS-Style URL
# BACKUP_DUPLICITY_NETFS_URL="cifs://backupserv/md0"
# BACKUP_DUPLICITY_NETFS_OPTIONS="user=xxx,pass=xxx,vers=2.0"
#
# OR
#
# Provide a custom mount command
# BACKUP_DUPLICITY_NETFS_MOUNTCMD="mount.cifs"
# BACKUP_DUPLICITY_NETFS_UMOUNTCMD="umount"
#
# Value for duplicity Option '--full-if-older-than'
# Duplicity will make a full backup if the latest full backup is older than the following variable.
# Default = only do incremental backups:
# BACKUP_DUPLICITY_FULL_IF_OLDER_THAN=""
#
# Value for duplicity action 'remove-older-than'
# For format of time see the TIME FORMATS section at "man duplicity".
# Default = do not remove old backups:
# BACKUP_DUPLICITY_MAX_TIME=""
#
# To remove backups older than 2 months:
# BACKUP_DUPLICITY_MAX_TIME="2M"
#
# Value for duplicity action 'remove-all-but-n-full' and 'remove-all-inc-of-but-n-full'
# Default = do not remove old backups:
# BACKUP_DUPLICITY_MAX_SETS=""
# BACKUP_DUPLICITY_MAX_SETS_KEEP_FULL=""
#
# To only keep the last 3 sets:
# BACKUP_DUPLICITY_MAX_SETS="3"
#
# To only keep the full backups of backup sets older than the 3 last sets,
# but delete full backups older than 2 years:
# BACKUP_DUPLICITY_MAX_SETS_KEEP_FULL="3"
# BACKUP_DUPLICITY_MAX_TIME="2Y"
#
# GPG-KEY for encrypt backup (e.g. for backup-user):
# BACKUP_DUPLICITY_GPG_OPTIONS="--cipher-algo AES"
# BACKUP_DUPLICITY_GPG_ENC_KEY="<gpg-key-id>"
# BACKUP_DUPLICITY_GPG_ENC_PASSPHRASE="passphrase"
#
# To ask the passphrase on restore, set the following variable to true:
# BACKUP_DUPLICITY_ASK_PASSPHRASE="true"
#
# GPG-KEY for sign backup (e.g. root-user):
# BACKUP_DUPLICITY_GPG_SIGN_KEY=""
#
# Some extra options for duplicity, see "man duplicity":
# BACKUP_DUPLICITY_OPTIONS="--volsize 100"
#
# On restore, Duplicity may temporarely need lots of space
# (in worst case a bit more than the biggest file in the backup),
# so by default an temporary directory will be created on the root filesystem
# (and deleted afterwards). If that is not wanted (and you have enough RAM),
# you can set the following variable to true to create a temporary ramdisk instead
# which will also speed up restore a bit:
# BACKUP_DUPLICITY_TEMP_RAMDISK="true"
#
# Directories not to backup
# For mountpoints that are not in the backup to restore use DIRECTORY_ENTRIES_TO_RECOVER.
# Mountpoints for proc (e.g. /proc and /var/lib/ntp/proc)
# and /sys must be given- if not duplicity will fail:
# BACKUP_DUPLICITY_EXCLUDE=( '/proc' '/sys' '/run' '/var/lib/ntp/proc' "$HOME/.cache" '/tmp' '/var/tmp' '/app' '/var/app' )
#
# Evaluation of BACKUP_DUPLICITY_EXCLUDE
# In older Versions of ReaR, BACKUP_DUPLICITY_EXCLUDE is evaluated by the shell and not by Duplicity itself.
# Set the following variable to true to restore the old behavour:
# BACKUP_DUPLICITY_EXCLUDE_EVALUATE_BY_SHELL="true"
#
# Mountpoints and directories to restore via DIRECTORY_ENTRIES_TO_RECOVER
# if defined, used by restore/default/900_create_missing_directories.sh
#
#######################################################################
##
# BACKUP=NETFS stuff
##
# NETFS is an internal backup method that saves the backup into a mounted directory.
# This is usually a network share, but can also be used to create a backup to a local
# disk (by providing your own BACKUP_MOUNTCMD and BACKUP_UMOUNTCMD commands that mount the
# local disk. Please note that a backup to a local disk is not a disaster recovery backup.
#
# NETFS saves the system to a network file system. Supported are all filesystems that your
# system can handle, for some exotic filesystems you might have to extend Relax-and-Recover
# to correctly handle the URL or provide custom mount/umount commands.
#
# A BACKUP_URL backup target location is required for BACKUP=NETFS
# cf. https://github.com/rear/rear/issues/1532#issuecomment-336810460
# so that it is an error to use BACKUP=NETFS without a BACKUP_URL.
#
# Prefix directory to create under the network filesystem share:
NETFS_PREFIX="$HOSTNAME"
#
# Keep an older copy of the backup (mv $NETFS_PREFIX $NETFS_PREFIX.old before we copy the new version)
# empty means only keep current backup:
NETFS_KEEP_OLD_BACKUP_COPY=
#
# NETFS_RESTORE_CAPABILITIES is an array that contains those directories
# where ReaR should save file capabilities via 'getcap -r' (during 'rear mkbackup') and
# restore them for each file with file capabilities via 'setcap' (during 'rear recover').
# The special value NETFS_RESTORE_CAPABILITIES=( 'Yes' ) results that 'getcap -r /'
# is used as fallback which could become unusable slow on systems with zillions of files
# in particular when tons of stuff is mounted cf. https://github.com/rear/rear/issues/1283
# In this case one must explicitly specify on what directories 'getcap -r' should be run.
# NETFS_RESTORE_CAPABILITIES should usually contain those directories that are in the backup.
# The default NETFS_RESTORE_CAPABILITIES=( 'No' ) means that
# the backup program should save and restore file capabilities
# (e.g. 'tar' via '--xattr' that is used by default in ReaR).
# For backup program that do not support to save and restore file capabilities
# the user can manually specify NETFS_RESTORE_CAPABILITIES as a workaround
# cf. https://github.com/rear/rear/issues/1175
# Furthermore BUILD_DIR (i.e. usually /tmp/rear.XXXXXXXXXXXXXXX cf. TMPDIR above) and
# ISO_DIR are automatically excluded cf. rescue/NETFS/default/610_save_capabilities.sh
NETFS_RESTORE_CAPABILITIES=( 'No' )
##
# BACKUP=RSYNC method
##
# RSYNC backup method uses rsync (using ssh or rsync) to make a backup to a remote network server
# prefix directory to create on the remote network filesystem
# default prefix is the short hostname
RSYNC_PREFIX="$HOSTNAME"
# RSYNC_PROTOCOL_VERSION=29 when rsync version <3.0, or 30 for newer releases (is auto-detected,
# but if you move from one rsync server to another it might become handy to known about this var)
RSYNC_PROTOCOL_VERSION=
# The BACKUP_URL contains the source or destination path of the remote rsync server (ssh, rsync protocol)
# Note: please exchange the SSH keys to avoid password prompts
# BACKUP_URL is mandatory with RSYNC
# BACKUP_URL=rsync://[USER@]HOST[:PORT]/PATH # using ssh
# BACKUP_URL=rsync://[USER@]HOST[:PORT]::/PATH # using rsync
#
# The default rsync options passed (more can/will be added according workflow)
# You can use this variable to add your own options, e.g.
# BACKUP_RSYNC_OPTIONS+=( --devices --acls )
BACKUP_RSYNC_OPTIONS=( --sparse --archive --hard-links --numeric-ids --stats )
############
# Tape block size, default is to leave it up to the tape-device:
TAPE_BLOCKSIZE=
# Disable ping:
# Some environments don't allow to ping the backup host,
# even though the backup software is reachable
# e.g. in a DMZ. since most backup methods check the host availability,
# you can disable ping by unsetting the PING variable [BOOL]
PING=
##
# BACKUP=REQUESTRESTORE stuff
##
# This mode interrupts "rear recover" after formatting and mounting the filesystems
# and expects the backup data was properly restored to continue "rear recover"
# so you have to do something to restore your backup manually before continuing.
# For example this mode could be used with servers that are saved with RBME (RSYNC BACKUP MADE EASY)
# and the backup restore is done manually by pushing the files back via rsync/ssh.
# The latter requires that SSH (in particular sshd) works in the ReaR recovery system.
# For details see the restore/REQUESTRESTORE/default/200_prompt_user_to_start_restore.sh script.
#
# The text to display in order to prompt the user to restore the backup data:
REQUESTRESTORE_TEXT="Please start the restore process on your backup host.
Make sure that you restore the data into $TARGET_FS_ROOT (by default '/mnt/local')
instead of '/' because the hard disks of the recovered system are mounted there.
"
#
# This command is shown to the user and added to the predefined bash history
# in the ReaR recovery system to make the manual backup restore easier:
REQUESTRESTORE_COMMAND=
##
# BACKUP=RBME
##
# This mode allows restoring a RBME backup from NFS shares.
# As NFSv4 is not fully supported with ReaR (yet) it is safer to
# use BACKUP_OPTIONS="nfsvers=3,nolock" in the local.conf file.
# Note: You may have to open appropriate TCP/UDP ports on the NFS server (iptables).
#
# Configure the RBME backup ahead of time.
# RBME will present you a list of all backups that are available.
# A magic value of 'latest' will automatically use the latest backup.
RBME_BACKUP=
#
# If the RBME hostname is different from the system hostname, configure it here
# Example: RBME_HOSTNAME="$HOSTNAME-bcp"
RBME_HOSTNAME=$HOSTNAME
##
# BACKUP=ZYPPER
##
# It is not an usual file-based backup/restore method
# where one gets the files of an old system back as they had been before.
# This new kind of "backup" method does not work on files but on RPM packages
# see https://github.com/rear/rear/issues/1085
# and https://hackweek.suse.com/15/projects/2242
# During "rear mkbackup" it will basically only save a list of installed RPM packages
# into var/lib/rear/backup/ZYPPER/installed_RPM_packages and during "rear recover" it will basically
# only install those RPM packages as pristine RPM packages from those zypper repositories
# that are specified in ZYPPER_REPOSITORIES or in a var/lib/rear/backup/ZYPPER/zypper_repositories.repo file.
# Any other files that should be restored (e.g. prepared config files or /home directories)
# must be done by "Using Multiple Backups for Relax-and-Recover", see
# doc/user-guide/11-multiple-backups.adoc
##
# For each member zypper_repository in the ZYPPER_REPOSITORIES array the following command is called
# zypper --root $TARGET_FS_ROOT addrepo $zypper_repository ...
# which means each array member in ZYPPER_REPOSITORIES must be a valid zypper repository URI,
# see what "zypper repos -u" shows as URI and what "zypper repos -e -" results and see "man zypper".
# The by default empty ZYPPER_REPOSITORIES array means that during "rear mkbackup" the command
# zypper repos --export var/lib/rear/backup/ZYPPER/zypper_repositories.repo
# is run (var/lib/rear/backup/ZYPPER/zypper_repositories.repo gets included in the ReaR recovery system) and
# when during "rear recover" in the ReaR recovery system /var/lib/rear/backup/ZYPPER/zypper_repositories.repo exists
# zypper --root $TARGET_FS_ROOT addrepo --repo /var/lib/rear/backup/ZYPPER/zypper_repositories.repo
# is run in the ReaR recovery system so that by default during "rear recover" the same
# zypper repositories are used as in the original system. A precondition for that is
# that during "rear recover" those zypper repositories are somehow "just accessible".
# ReaR has nothing implemented to make zypper repositories accessible.
# If that precondition is not fulfilled one must explicitly specify in /etc/rear/local.conf
# the ZYPPER_REPOSITORIES array with appropriate valid zypper repository URI value(s)
# that are "just accessible" during "rear recover".
# Currently the above described automated zypper repositories usage is not implemented.
# Te current default is to use a SUSE installation DVD in the first CDROM drive:
ZYPPER_REPOSITORIES=( "cd:///?devices=/dev/sr0" )
# ZYPPER_INSTALL_RPMS specifies which kind of RPM packages are installed in which way for BACKUP=ZYPPER:
# The by default empty ZYPPER_INSTALL_RPMS means that during "rear recover"
# each RPM package that is installed on the original system gets re-installed on the target system
# plus automatically all RPM packages that are required by the one that gets re-installed.
# The list of all installed RPMs is stored during "rear mkbackup" by default in
# var/lib/rear/backup/ZYPPER/installed_RPMs
# With ZYPPER_INSTALL_RPMS="independent_RPMs" only those RPM packages that are not required
# by other RPM packages on the original system get re-installed on the target system
# plus all RPM packages that are required and recommended by the one that gets re-installed.
# RPM packages that are not required by other RPMs are independently installed RPM packages.
# The list of independently installed RPMs is stored during "rear mkbackup" by default in
# var/lib/rear/backup/ZYPPER/independent_RPMs
# Independently installed RPM packages are those that
# either are intentionally installed by the admin (the ones that are really wanted)
# or got unintentionally installed as recommended by other RPMs (those are perhaps needed)
# or are no longer required after other RPMs had been removed (those are probably orphans):
ZYPPER_INSTALL_RPMS=""
# The COPY_AS_IS_ZYPPER array contains by default basically what
# rpm -qc zypper ; rpm -ql libzypp | egrep -v 'locale|man'
# shows (currently determined on openSUSE Leap 42.1)
# plus the special /etc/products.d/baseproduct link and where to it points
# and rpm because that is required by zypper/libzypp and
# finally all kernel modules because otherwise modules like 'isofs' and some 'nls*' modules
# that are needed to mount a iso9660 image (e.g. a SUSE installation medium in a CDROM drive)
# are not available in the ReaR recovery system which can be a dead end for "rear recover":
COPY_AS_IS_ZYPPER=( /etc/zypp '/etc/logrotate.d/zypp*' /usr/lib/zypp /usr/share/zypp /etc/products.d /usr/lib/rpm /lib/modules )
COPY_AS_IS_EXCLUDE_ZYPPER=()
# The REQUIRED_PROGS_ZYPPER array contains by default
# all zypper libzypp and libsolv-tools binaries - i.e. all what
# rpm -ql zypper | grep bin ; rpm -ql libzypp | grep bin ; rpm -ql libsolv-tools | grep bin
# shows (currently determined on openSUSE Leap 42.1)
# and all rpm binaries because RPM is required by zypper/libzypp/libsolv-tools:
REQUIRED_PROGS_ZYPPER=( zypper zypp-refresh installation_sources zypp-CheckAccessDeleted zypp-NameReqPrv appdata2solv comps2solv deltainfoxml2solv dumpsolv installcheck mergesolv repo2solv.sh repomdxml2solv rpmdb2solv rpmmd2solv rpms2solv susetags2solv testsolv updateinfoxml2solv rpm convertdb1 gendiff rpm2cpio rpmdb rpmgraph rpmkeys rpmqpack rpmquery rpmsign rpmspec rpmverify rcrpmconfigcheck )
# The PROGS_ZYPPER array is empty by default and inteded to contain additional useful programs
# that are not strictly required in the ReaR recovery system to run "rear recover":
PROGS_ZYPPER=()
# ZYPPER_ROOT_PASSWORD specifies the initial root password in the target system for BACKUP=ZYPPER:
# This initial root password should not be the actually intended root password
# because its value is stored in usually insecure files (e.g. /etc/rear/local.conf)
# which are included in the ReaR recovery system that is stored
# in also usually insecure files (like ISO images e.g. rear-HOSTNAME.iso)
# so that the actually intended root password for the target system
# should be set manually by the admin after "rear recover".
# As fallback "rear recover" sets 'root' as root password in the target system.
# If SSH_ROOT_PASSWORD is specified it is used as root password in the target system
# unless ZYPPER_ROOT_PASSWORD is specified which is used with highest priority:
ZYPPER_ROOT_PASSWORD='root'
# ZYPPER_NETWORK_SETUP_COMMANDS specifies the initial network setup in the target system for BACKUP=ZYPPER:
# This initial network setup is only meant to make the target system
# accessible from remote in a very basic way (e.g. for 'ssh').
# The actually intended network setup for the target system
# should be done manually by the admin after "rear recover".
# The by default empty ZYPPER_NETWORK_SETUP_COMMANDS array means
# that during "rear recover" no network setup happens in the target system.
# The ZYPPER_NETWORK_SETUP_COMMANDS array can be used for manual network setup for example like
# ZYPPER_NETWORK_SETUP_COMMANDS=( 'ip addr add 192.168.100.2/24 dev eth0' 'ip link set dev eth0 up' 'ip route add default via 192.168.100.1' )
# where each command in ZYPPER_NETWORK_SETUP_COMMANDS is run during "rear recover" in the target system (via 'chroot').
# When one of the commands in ZYPPER_NETWORK_SETUP_COMMANDS is the special string 'NETWORKING_PREPARATION_COMMANDS'
# the commands in NETWORKING_PREPARATION_COMMANDS (see below) are called inside the target system.
# When one of the commands in ZYPPER_NETWORK_SETUP_COMMANDS is the special string 'YAST'
# initial network setup in the target system happens by calling the hardcoded command
# 'yast2 --ncurses lan add name=eth0 ethdevice=eth0 bootproto=dhcp'
# if something else is needed an appropriate 'yast2' command can be manually specified.
# ZYPPER_NETWORK_SETUP_COMMANDS can be used together with 'YAST' for additional manual network setup like
# ZYPPER_NETWORK_SETUP_COMMANDS=( 'YAST' 'ip route add default via 192.168.100.1' 'systemctl enable sshd.service' )
ZYPPER_NETWORK_SETUP_COMMANDS=()
# End of BACKUP=ZYPPER default setings.
##
# BACKUP=YUM
##
# This method is very similar to the ZYPPER method, above, but for systems that use the YUM package manager (RHEL, CentOS, etc)
# Most options are the similar to, or the same as, the ZYPPER options.
##
YUM_INSTALL_RPMS=""
COPY_AS_IS_YUM=( '/etc/yum*' '/etc/logrotate.d/yum*' '/usr/bin/python*' '/bin/python*' /usr/lib/python2.7/site-packages/rpmUtils /usr/lib/python2.7/site-packages/yum /usr/lib/yum-plugins '/usr/share/bash-completion/completions/yum*' '/usr/share/doc/yum*' '/usr/share/yum*' '/var/lib/yum*' '/etc/rpm*' /usr/lib/rpm /usr/lib/tmpfiles.d/rpm.conf '/usr/share/bash-completion/completions/rpm*' '/usr/share/doc/rpm*' /lib/modules /usr/bin/urlgrabber /usr/libexec/urlgrabber-ext-down )
COPY_AS_IS_EXCLUDE_YUM=()
REQUIRED_PROGS_YUM=( yum rpm rpm2cpio rpmdb rpmquery rpmverify chpasswd )
PROGS_YUM=()
YUM_ROOT_PASSWORD='root'
YUM_NETWORK_SETUP_COMMANDS=()
YUM_EXCLUDE_PKGS=("")
##
# This method has the ability to also create a backup archive of the files not provided by RPM
# as well as those that have been provided by RPM but have been modified (configuration
# files, customizations, etc).
##
YUM_BACKUP_FILES=no
##
# Should we build a comprehensive exclusion list for the backup?
# Symlinks in file paths will cause excluded files from being excluded via the other path(s).
# i.e. If /sbin/ifup is excluded, /usr/sbin/ifup will still be included due to the following link:
# $ ls -ald /sbin
# lrwxrwxrwx. 1 root root 8 Jun 15 2017 /sbin -> usr/sbin
# A full, comprehensive exclusion list will find all paths to the excluded file, but takes longer.
##
YUM_BACKUP_FILES_FULL_EXCL=no
##
# This method can also capture the SELinux security contexts of every file on the source system
# and reapply those contexts after the packages have been reinstalled (and the backups, if any,
# have been extracted).
##
YUM_BACKUP_SELINUX_CONTEXTS="no"
##
# This method has the option of recreating the users and groups on the target system that are
# present on the source system at the time that the backup is created.
#
# Valid options are:
# RECREATE_USERS_GROUPS="no" # Users and groups are not recreated on the target system
# RECREATE_USERS_GROUPS="yes" # Users and groups are recreated on the target system, but passwords are locked
# RECREATE_USERS_GROUPS=("yes" "passwords") # Users and groups are recreated on the target system, including the passwords from the source system
##
RECREATE_USERS_GROUPS="no"
# End of BACKUP=YUM default setings.
##
# BACKUP=EXTERNAL
##
# Custom command backup stuff.
#
# Examples for external backup. In this mode your external program must do EVERYTHING
# In the example below we backup / to the vms host via tar and netcat
# NOTE: The EXTERNAL_* commands can be also defined as an array () to better protect
# arguments with blanks
# NOTE: The EXTERNAL_* commands will be run inside eval like this:
# eval "${EXTERNAL_BACKUP[@]}"
#
# Command to backup the required data
# This example saves the data via SSH to a remote system called vms
EXTERNAL_BACKUP="tar -c -l -z / | ssh vms 'cat >rear64/backup.tar.gz'"
# Command to restore the data (by default $TARGET_FS_ROOT is '/mnt/local')
EXTERNAL_RESTORE="ssh vms cat rear64/backup.tar.gz | tar -C $TARGET_FS_ROOT -x -z"
# The following exit codes from EXTERNAL_* should not abort the backup or recovery
# This example is useful for rsync
EXTERNAL_IGNORE_ERRORS=( 23 24 )
# Command to verify the availability of the backup resource, will be executed only if PING=1
EXTERNAL_CHECK="ssh vms date >/dev/null"
##
# BACKUP_RESTORE_MOVE_AWAY
#
# Move away restored files or directories that should not have been restored:
#
# Do not confuse it with EXCLUDE_RESTORE in the EXCLUDES section below.
# With EXCLUDE_RESTORE items are excluded during backup restore
# where each particular backup method must explicitly implement support
# for the EXCLUDE_RESTORE functionality (most do not support it).
# In contrast BACKUP_RESTORE_MOVE_AWAY works generically
# for any backup restore method.
#
# See https://github.com/rear/rear/issues/779
#
# After backup restore ReaR should move away files or directories
# that should not have been restored - mainly files or directories
# that are created and maintained by system tools where
# a restore from the backup results wrong/outdated
# content that conflicts with the actual system.
#
# The generic traditional example of such a file was /etc/mtab.
# As long as it was a regular file it must not have been restored
# with outdated content from a backup. Nowadays it is a symbolic link
# to /proc/self/mounts which should probably be restored to ensure
# that link is available.
#
# ReaR will not remove any file (any user data is sacrosanct).
# Instead ReaR moves those files away into a ReaR-specific directory
# so that the admin can inspect that directory to see what ReaR thinks
# should not have been restored:
readonly BACKUP_RESTORE_MOVE_AWAY_DIRECTORY="$VAR_DIR/moved_away_after_backup_restore/"
#
# There is nothing hardcoded in the scripts.
# Instead BACKUP_RESTORE_MOVE_AWAY_FILES is a documented list
# that explains why each file or directory is moved away.
# The BACKUP_RESTORE_MOVE_AWAY_FILES list is not readonly
# so that it can be modified as needed by the scripts.
# The items in the BACKUP_RESTORE_MOVE_AWAY_FILES list do not need to be only files.
# Also a whole directory tree can be moved away (automatically recursively).
# If an item in BACKUP_RESTORE_MOVE_AWAY_FILES is a directory only its content
# is (recursively) removed but the original (empty) directory is kept because
# the empty directory alone should not cause issues and usually only the content
# is what results wrong/outdated content that conflicts with the actual system
# or what is no longer needed after system recovery (e.g. content in /var/tmp
# is probably no longer needed but the /var/tmp directory is still needed).
# Already existing stuff in the BACKUP_RESTORE_MOVE_AWAY_DIRECTORY that would be (partially)
# overwritten by the items in the BACKUP_RESTORE_MOVE_AWAY_FILES list is removed before
# (because such stuff is considered as outdated leftover e.g. from a previous recovery)
# but already existing stuff in the BACKUP_RESTORE_MOVE_AWAY_DIRECTORY that is not
# in the curent BACKUP_RESTORE_MOVE_AWAY_FILES list is kept.
# Example:
# Probably stuff in the /var/tmp directory is not needed after a system recovery
# and /etc/udev/rules.d/70-persistent-net.rules is created and maintained
# by systemd/udev (see https://github.com/rear/rear/issues/770):
# BACKUP_RESTORE_MOVE_AWAY_FILES=( /var/tmp /etc/udev/rules.d/70-persistent-net.rules )
#
# Move away outdated information from previous boot via GRUB2
# to avoid a possible GRUB2 "error: invalid environment block."
# cf. https://github.com/rear/rear/issues/1828
# GRUB2 can use /boot/grub/grubenv or /boot/grub2/grubenv
# to remember a small amount of information from one boot to the next.
# But on a by "rear recover" recreated system there is no such thing
# as a meaningful previous boot (because "rear recover" recreates a system
# by reinstalling it completely from scratch) so that there is no meaningful
# use-case to remember any information from a possible previous boot,
# cf. https://github.com/rear/rear/issues/1828#issuecomment-399050741
# Nevertheless that information from the last boot on the original system
# could be still of interest for the user so that it is not deleted:
BACKUP_RESTORE_MOVE_AWAY_FILES=( /boot/grub/grubenv /boot/grub2/grubenv )
##
# DIRECTORY_ENTRIES_TO_RECOVER
#
# Create still missing directories and symbolic links
# after the backup was restored
# (by the 900_create_missing_directories.sh script).
#
# For background information and reasoning see
# https://github.com/rear/rear/issues/1455#issuecomment-324904017
# that reads:
# Typical backup software assumes that the restore always happens
# on top of a system that was installed the traditional way,
# so that for the backup software it is safe to assume that
# those directories are present. From the perspective
# of the backup software there is therefore no need
# to include such directories in a full backup.
# Bottom line is, it is the duty of ReaR to make sure
# that these special directories really do exist.
#
# By default a directories_permissions_owner_group file
# (named $VAR_DIR/recovery/directories_permissions_owner_group)
# is created by the 400_save_directories.sh script
# that saves permissions, owner, group of basic directories
# plus symbolic link names and targets of basic directories.
# The basic directories are those that are currently used as mountpoints
# plus the directories of the Filesystem Hierarchy Standard (FHS)
# as listed at https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
# provided such a directory actually exists on the system
# but mountpoints of mounted 'pseudofs' filesystems are
# considered as unwanted "noise" and get excluded
# (for details see the 400_save_directories.sh script).
#
# Via the DIRECTORY_ENTRIES_TO_RECOVER array additional directories
# and symbolic links that should be created can be specified.
# For each directory or symbolic link DIRECTORY_ENTRIES_TO_RECOVER
# contains an array member which is a string that specifies
# the directory or symbolic link with the following syntax:
# A directory is specified as 'directory [ mode [ owner [ group ] ] ]'
# where mode, owner, and group are optional in the following way:
# When no mode is specified the default 'rwxr-xr-x root root' is used.
# When owner should be specified also mode must be specified.
# When no owner is specified the default 'root root' is used.
# When group should be specified also mode and owner must be specified.
# When owner is specified but no group then group is set same as the owner
# so that this way e.g. 'lp lp' can be abbreviated to only 'lp'.
# A symbolic link is specified as 'symlink_name -> symlink_target'.
# Example:
# DIRECTORY_ENTRIES_TO_RECOVER=( '/path/to/mytmpdir 1770 myowner mygroup' '/var/mytmpdir -> /path/to/mytmpdir' )
# By default the DIRECTORY_ENTRIES_TO_RECOVER array is empty:
DIRECTORY_ENTRIES_TO_RECOVER=()
##
# How to exclude something ----- EXCLUDES -------
#
# You cannot exclude a device (e.g. /dev/sdg) directly. Instead you have to exclude everything
# ON that device and then the dependency tracker will automatically exclude the device from the
# recovery (because there won't be any recovery information for that "unnecessary" device).
#
# Furthermore, you have to exclude MD devices and LVM2 volume groups separately
# as there is no automatic detection of these dependencies.
# Exclude filesystems by specifying their mountpoints. Will be automatically added to the
# $BACKUP_PROG_EXCLUDE array during backup to prevent the excluded filesystems' data to
# be backed up
# examples: /tmp
# /media/bigdisk
EXCLUDE_MOUNTPOINTS=()
# Exclude MD devices
# examples: /dev/md0
# /dev/md/0
EXCLUDE_MD=()
# Exclude LVM2 volume groups. This will automatically exclude also the creation of the
# corresponding physical and logical volumes that belong to the excluded volume group.
# You must also exclude the corresponding mountpoints in EXCLUDE_MOUNTPOINTS (see above)
# otherwise "rear recover" would try to recreate the filesystems onto non-existing LVs.
EXCLUDE_VG=()
# Exclude any component from the recovery image.
# Some component types need a prefix:
# - filesystems: "fs:/var/cache"
# - physical volumes: "pv:/dev/sda2"
# - swap: "swap:/dev/mapper/system-swap"
# Volume groups look like: "/dev/system".
# If in doubt about the correct syntax, consult /var/lib/rear/layout/disktodo.conf
EXCLUDE_COMPONENTS=()
####
# Only include LVM2 volume groups - the opposite of EXCLUDE_VG (handy if you only want vg00 to be included)
# EXCLUDE_VG and EXCLUDE_MOUNTPOINTS will get populated automatically, if needed
# syntax : e.g. ONLY_INCLUDE_VG=( "vg00" "vg01" )
ONLY_INCLUDE_VG=()
# Automatically exclude disks that are not used by mounted filesystems
AUTOEXCLUDE_DISKS=y
# Automatically exclude multipath disks and their dependent components
AUTOEXCLUDE_MULTIPATH=y
# Automatically exclude automounter paths from the backup
AUTOEXCLUDE_AUTOFS=
# Automatically exclude filesystems with mountpoints that are sub-directories
# of the directories that are specified in the AUTOEXCLUDE_PATH array.
# This is different from EXCLUDE_MOUNTPOINTS, which accepts only mountpoints.
# Filesystems with mountpoints in the AUTOEXCLUDE_PATH array are not excluded.
# For details see the layout/save/default/320_autoexclude.sh script.
# For example a separated filesystem with mountpoint /tmp is not excluded
# but the files in the /tmp directory are excluded from the backup
# when an internal backup method is used by BACKUP_PROG_EXCLUDE=( '/tmp/*' ... )
# so that this filesystem will be recreated as an empty filesystem.
# The AUTOEXCLUDE_PATH default /media /run[/media] /mnt and /tmp
# intends to exclude temporarily mounted things (e.g. USB devices)
# because mountpoints for temporarily mounted things are usually
# sub-directories below /media /run[/media] /mnt and /tmp
# see https://github.com/rear/rear/issues/2239
AUTOEXCLUDE_PATH=( /media /run /mnt /tmp )
#### New Style include/excludes
# Exclude components from being backed up, recreation information is active
EXCLUDE_BACKUP=()
# Exclude components during component recreation
# will be added to EXCLUDE_BACKUP (it is not backed up)
# recreation information gathered, but commented out
EXCLUDE_RECREATE=()
# Exclude components during the backup restore phase
# Only used to exclude files from the restore.
EXCLUDE_RESTORE=()
# Exclude block devices from being viable mapping options that can be selected
# by the user during 'rear recover' (cf. layout/prepare/default/300_map_disks.sh).
# The EXCLUDE_DEVICE_MAPPING array contains 'case' patterns that must match
# the basename of block devices in the /sys/block/ directory:
EXCLUDE_DEVICE_MAPPING=( 'loop*' 'ram*' 'zram*' )
# Exclude RUNTIME_LOGFILE (useful for debugging) from initramfs
EXCLUDE_RUNTIME_LOGFILE='no'
################ ---- various warnings
#
# Warnings can be also disabled by unsetting these variables
WARN_MISSING_VOL_ID=1
################ ---- enable/disable features
#
# To enable cfg2html, if present on the system, set to 'y', 'Y' or '1'
USE_CFG2HTML=
# The SKIP_CFG2HTML variable is no longer supported since ReaR 1.18
# IP addresses that are present on the system but must be excluded when
# building the network configuration used in recovery mode; this is typically
# used when floating IP addresses are used on the system
EXCLUDE_IP_ADDRESSES=()
# Network interfaces that are present on the system but must be excluded when
# building the network configuration used in recovery mode
EXCLUDE_NETWORK_INTERFACES=()
# Simplify bonding setups by configuring always the first active device of a
# bond, except when mode is 4 (IEEE 802.3ad policy)
SIMPLIFY_BONDING=no
# Simplify bridge setups by configuring always the first active device of a bridge
SIMPLIFY_BRIDGE=no
# Simplify team setups by configuring always the first active device of a team,
# except when runner is 'lacp' (IEEE 802.3ad policy)
SIMPLIFY_TEAMING=no
# Serial console support for the ReaR rescue/recovery system:
# By default serial consoles get enabled if serial devices are found and
# then matching kernel command line parameters like 'console=ttyS0,9600 console=ttyS1,9600'
# are set when booting the rescue/recovery system (see KERNEL_CMDLINE above).
# IA64 platforms require it and people need it when no VGA console is available.
# Specify 'yes' or 'no' or leave it empty to use ReaR's automatism:
USE_SERIAL_CONSOLE=
# If you do not want to use all serial devices found as console you can specify the ones to use
# e.g. SERIAL_CONSOLE_DEVICES="/dev/ttyS0 /dev/ttyS1" provided USE_SERIAL_CONSOLE is turned on.
# By default (when empty) all serial devices found are used:
SERIAL_CONSOLE_DEVICES=
# Serial consoles for the kernel of the recovery system:
# SERIAL_CONSOLE_DEVICES_KERNEL can be device nodes like "/dev/ttyS0 /dev/ttyS1"
# or 'console=...' kernel parameters like "console=ttyS1,9600 console=tty0" or both like
# SERIAL_CONSOLE_DEVICES_KERNEL="/dev/ttyS0 console=ttyS1,9600 console=tty0"
# provided USE_SERIAL_CONSOLE is turned on.
# By default (when empty) the SERIAL_CONSOLE_DEVICES are used for the kernel:
SERIAL_CONSOLE_DEVICES_KERNEL=
# Serial console for SYSLINUX/EXTLINUX when it is used as bootloader for the recovery system:
# SYSLINUX supports only one serial device (because the last SYSLINUX 'serial' directive wins).
# The right /dev/ttyS* can be specified like SERIAL_CONSOLE_DEVICE_SYSLINUX="/dev/ttyS0"
# or a whole SYSLINUX 'serial' directive can be specified e.g. for /dev/ttyS1 like
# SERIAL_CONSOLE_DEVICE_SYSLINUX="serial 1 9600"
# provided USE_SERIAL_CONSOLE is turned on.
# By default (when empty) the first one of SERIAL_CONSOLE_DEVICES is used for SYSLINUX:
SERIAL_CONSOLE_DEVICE_SYSLINUX=
# Serial console for GRUB when it is used as bootloader for the recovery system:
# GRUB supports only one serial device (because the last GRUB 'serial' command wins).
# The right /dev/ttyS* can be specified like SERIAL_CONSOLE_DEVICE_GRUB="/dev/ttyS0"
# or a whole GRUB 'serial' command can be specified e.g. for /dev/ttyS1 like
# SERIAL_CONSOLE_DEVICE_GRUB="serial --unit=1 --speed=9600"
# provided USE_SERIAL_CONSOLE is turned on.
# By default (when empty) the first one of SERIAL_CONSOLE_DEVICES is used for GRUB:
SERIAL_CONSOLE_DEVICE_GRUB=
# Say "y", "Yes", etc, to enable or "n", "No" etc. to disable the DHCP client protocol or leave empty to autodetect.
# When enabled, lets the rescue/recovery system run dhclient to get an IP address
# instead of using the same IP address as the original system:
USE_DHCLIENT=
# Say "y", "Yes", etc, to enable static networking (overrules USE_DHCLIENT):
USE_STATIC_NETWORKING=
# USE_RESOLV_CONF specifies what to use as /etc/resolv.conf in the recovery system:
# Relax-and-Recover does no to replicate in the ReaR recovery system
# whatever complicated DNS setup there is on the original system
# (e.g. a local name server or a stub resolver like systemd-resolved).
# By default in the recovery system a plain traditional /etc/resolv.conf file
# with an entry of a remote 'nameserver DNS.server.IP.address' is needed.
# For non-default cases the user must specify what he wants via USE_RESOLV_CONF
# (e.g. to use a local name server that he manually starts in the recovery system).
# With USE_RESOLV_CONF="no" (or any value that is recognized as 'no' by the is_false function)
# there will be no /etc/resolv.conf file in the recovery system.
# With USE_RESOLV_CONF="/path/to/file" that file on the original system will be copied
# as /etc/resolv.conf in the recovery system provided the file exists and is non-empty.
# Otherwise USE_RESOLV_CONF specifies the lines for /etc/resolv.conf in the recovery system
# for example like USE_RESOLV_CONF=( "search my.domain" "nameserver 192.168.100.53" )
# The by default empty USE_RESOLV_CONF means that /etc/resolv.conf in the recovery system
# is a copy of /etc/resolv.conf (or its symlink target) on the original system.
# In case of static networking setup it would not work when /etc/resolv.conf
# in the recovery system contains only loopback IP addresses or when there is
# no nameserver entry so that "rear mkrescue/mkbackup" errors out in this case
# unless USE_DHCLIENT is true (and USE_STATIC_NETWORKING is not also set to true).
# USE_DHCLIENT is automatically true when a known 'dhclient' process is running
# on the original system and then networking setup in the recovery system also
# happens via DHCP (for details see see prep/GNU/Linux/210_include_dhclient.sh).
# In this case during recovery system startup /etc/resolv.conf will be
# generated by /bin/dhclient-script regardless what its content was before
# (for details see usr/share/rear/build/GNU/Linux/630_verify_resolv_conf_file.sh):
USE_RESOLV_CONF=()
# Commands to prepare network devices setup in the rescue/recovery system
# provided the kernel command line does not contain the 'noip' parameter.
# Each command is a quoted fixed string to get the commands separated from each other
# as in NETWORKING_PREPARATION_COMMANDS=( 'first command' 'second command' ).
# The commands in NETWORKING_PREPARATION_COMMANDS get copied at the beginning
# of /etc/scripts/system-setup.d/60-network-devices.sh that is the main script
# which runs while booting the rescue/recovery system to set up network devices.
# The primary intent is to be able to specify special commands for special cases
# as preparation so that the subsequent autogenerated network devices setup code
# in the 60-network-devices.sh script can successfully set up network devices
# (for details see usr/share/rear/rescue/GNU/Linux/310_network_devices.sh).
# But NETWORKING_PREPARATION_COMMANDS is not limited to its primary intent.
# For example it can also be used to set up networking completely manually in the rescue/recovery system via something like
# NETWORKING_PREPARATION_COMMANDS=( 'ip addr add 192.168.100.2/24 dev eth0' 'ip link set dev eth0 up' 'ip route add default via 192.168.100.1' 'return' )
# where the last command lets the 60-network-devices.sh script directly return
# so that the subsequent autogenerated network devices setup code will not be run.
# The by default empty NETWORKING_PREPARATION_COMMANDS means the 60-network-devices.sh script
# is autogenerated according to the network devices setup in the currently running system
# i.e. the default is an automated network devices setup in the rescue/recovery system
# that should match the network devices setup in the currently running system:
NETWORKING_PREPARATION_COMMANDS=()
##
# GRUB_RESCUE [ GRUB_RESCUE_USER ]
#
# Add a ReaR rescue/recovery system to the bootloader of the currently running system.
# With BIOS a ReaR rescue system is added to the GRUB/GRUB2 bootloader of the currently running system.
# With UEFI a ReaR rescue system is added to the EFI boot manager of the currently running system.
# UEFI is only supported with GRUB2. GRUB_RESCUE with UEFI and GRUB is not supported.
# It adds kernel and ReaR initrd to the bootloader directory in the currently running system.
# It adds a 'Relax-and-Recover' boot entry to boot that locally installed ReaR rescue system.
# With BIOS a 'Relax-and-Recover' boot entry is added to the GRUB/GRUB2 bootloader menu.
# With UEFI a 'Relax-and-Recover' boot entry is added to the EFI boot manager.
# With UEFI there is no 'Relax-and-Recover' boot entry in the GRUB2 bootloader menu
# (cf. https://github.com/rear/rear/pull/954 and https://github.com/rear/rear/issues/2545).
# Note that GRUB_RESCUE is the only functionality where "rear mkbackup" or "rear mkrescue"
# changes the currently running system. It changes the currently running system even
# in a critical way because it changes the bootloader of the currently running system.
# The main reason for the GRUB_RESCUE functionality is to be quickly able to recover a system
# from soft errors (like deleting all of /lib/) without digging out the ReaR recovery boot medium.
# When booting that locally installed ReaR recovery system it does the same as when booting
# the ReaR recovery system from an external ReaR boot medium - i.e. "rear recover" replaces the
# whole current system with a recreated system where all files are restored from the backup.
# To be on the safe side the GRUB_RESCUE functionality is disabled by default:
GRUB_RESCUE=n
# Optional password protection via GRUB_RESCUE_USER only works for GRUB2 with BIOS.
# GRUB_RESCUE_USER is not supported for UEFI (cf. https://github.com/rear/rear/pull/954).
# GRUB2 password protection requires an existing GRUB2 user with a password.
# If the GRUB_RESCUE functionality is enabled (e.g. via GRUB_RESCUE=y in /etc/rear/local.conf)
# a non-empty GRUB_RESCUE_USER can be optionally set to get GRUB2 password protection
# for the 'Relax-and-Recover' GRUB2 menu entry.
# When GRUB_RESCUE_USER is non-empty it must specify an already configured GRUB2 user
# except the special value 'unrestricted' is set via GRUB_RESCUE_USER="unrestricted"
# which creates the 'Relax-and-Recover' GRUB2 menu entry so that it can be booted by anyone
# which means anyone who can boot the currently running system can replace it via "rear recover".
# When GRUB_RESCUE_USER is empty ReaR does not do a GRUB2 user related setup
# so that the already existing GRUB2 users configuration determines
# which users can boot the 'Relax-and-Recover' GRUB2 menu entry.
# Usually this means anyone can boot 'Relax-and-Recover' which means anyone
# who can boot the currently running system can replace it via "rear recover".
GRUB_RESCUE_USER=""
# The former GRUB2 superuser setup support in ReaR via GRUB_SUPERUSER is dropped and
# also the former GRUB2 password setup support in ReaR via GRUB_RESCUE_PASSWORD is dropped.
# Both kind of setup can change the behaviour of the GRUB2 bootloader as a whole in unexpected ways
# but ReaR is not meant to change the general GRUB2 configuration of the currently running system.
# It works by default reasonably backward compatible when formerly a GRUB_SUPERUSER was used
# which means a GRUB2 superuser was set up by ReaR in /etc/grub.d/01_users with GRUB_RESCUE_PASSWORD
# so that the empty GRUB_RESCUE_USER results that the 'Relax-and-Recover' GRUB2 menu entry
# can only be booted by the formerly set GRUB_SUPERUSER with the formerly set GRUB_RESCUE_PASSWORD.
# For background information see https://github.com/rear/rear/pull/942
# and https://github.com/rear/rear/issues/703
# starting at https://github.com/rear/rear/issues/703#issuecomment-235506494
##
# REBUILD_INITRAMFS
#
# Whether or not the initramfs/initrd should be rebuild during "rear recover"
# in the recreated system.
# The default REBUILD_INITRAMFS="yes" rebuilds the initramfs/initrd in any case
# to be on the safe side because ReaR cannot check/verify all possible reasons
# why the initramfs/initrd may have to be rebuild in the recreated system.
# In special cases the user can explicitly skip rebuilding the initramfs/initrd in any case
# via REBUILD_INITRAMFS="no" (or any value that is recognized as 'no' by the is_false function)
# which usually means the initramfs/initrd that was restored form the backup gets used "as is"
# but that can lead to errors later when booting the recreated system.
# An empty value REBUILD_INITRAMFS="" (or any value that is neither recognized as 'yes'
# by the is_true function nor as 'no' by the is_false function) specifies the old behaviour
# where "rear recover" rebuilds the initrd/initramfs only if some storage drivers changed
# (cf. 260_storage_drivers.sh and 260_recovery_storage_drivers.sh) but in general
# that is insufficient (there are other reasons why the initramfs/initrd must be rebuild)
# see https://github.com/rear/rear/issues/1321
REBUILD_INITRAMFS="yes"
##
# BOOTLOADER
#
# What kind of bootloader is used on the original system
# (i.e. the bootloader that should be reinstalled during "rear recover").
# The by default empty BOOTLOADER means that ReaR will try to autodetect
# what bootloader is used on the original system.
# Specifying BOOTLOADER is only meant so that the user can if needed
# (in particular when the bootloader autodetection fails for him)
# enforce ReaR to set up during "rear recover" one of its supported bootloaders
# (i.e. one of what is listed in layout/save/default/450_check_bootloader_files.sh).
# What is currently listed in layout/save/default/450_check_bootloader_files.sh
# is: GRUB2-EFI EFI GRUB2 GRUB ELILO LILO PPC ARM ARM-ALLWINNER ZIPL
# - ARM is a dummy that does nothing, as on Raspberry Pi and most TI devices you just need
# to include the first FAT partition (with the MLO or bootcode.bin) in your backup
# - ARM-ALLWINNER is for Allwinner devices and will backup and restore the 2nd stage bootloader
# With an unknown or unsupported bootloader value setting ReaR would fail:
BOOTLOADER=""
##
# GRUB2_INSTALL_DEVICES
#
# When GRUB2 is used as bootloader GRUB2_INSTALL_DEVICES is a string of devices
# where GRUB2 should be installed like GRUB2_INSTALL_DEVICES="/dev/sda /dev/sdb".
# When GRUB2_INSTALL_DEVICES is specified, GRUB2 will be installed
# on each grub2_install_device in GRUB2_INSTALL_DEVICES via a command like
# chroot /mnt/local /bin/bash --login -c "grub2-install $grub2_install_device"
# Careful when you use more than one disk like /dev/sda for the system
# plus a USB disk /dev/sdb for the ReaR recovery system and the backup.
# The two disk devices may get interchanged on the replacement hardware
# so that during "rear recover" /dev/sda could be the USB disk.
# In this case GRUB2_INSTALL_DEVICES="/dev/sda" would install GRUB2
# with the system's GRUB2 configuration on the USB disk which would
# overwrite/destroy the ReaR recovery system bootloader.
# In MIGRATION_MODE disk mappings (in var/lib/rear/layout/disk_mappings)
# are applied when devices in GRUB2_INSTALL_DEVICES match so that enforcing
# MIGRATION_MODE helps to avoid that GRUB2 gets installed on a wrong disk
# when more than one disk is used.
# When GRUB2 is used on POWER architecture e.g. on PPC64 or PPC64LE
# the GRUB2_INSTALL_DEVICES have to be PPC PReP partition(s).
# On POWER architecture the OpenFirmware is configured to read
# the ELF image embedded in the PReP partition (like how the MBR
# is used by PC-BIOS to embed boot code).
# When GRUB2_INSTALL_DEVICES is not specified, ReaR tries to automatically determine
# where to install GRUB2 but then the bootloader installation could get wrong.
# For details see the finalize/Linux-i386/660_install_grub2.sh script.
# GRUB2_INSTALL_DEVICES is set to a default value here only
# if not already set so that the user can set it also via
# export GRUB2_INSTALL_DEVICES="/dev/sdb"
# to the right device directly before he calls "rear recover":
test "$GRUB2_INSTALL_DEVICES" || GRUB2_INSTALL_DEVICES=""
##
# GRUB2_MODULES_UEFI_LOAD
# List of modules that will be included into Grub2 based UEFI boot loader (the core image).
# When empty ReaR will use the defaults of grub-mkstandalone
# (a reasonable set of default modules), and add modules needed to access /boot
# and /boot/efi, if applicable.
# More modules can be installed into the Grub2 standalone image ramdisk without
# being included in the core image, see GRUB2_MODULES_UEFI.
# This variable currently applies when building Grub2 boot loader for UEFI in two scenarios:
# 1. UEFI boot without secure boot (SECURE_BOOT_BOOTLOADER="")
# and / or
# 2. UEFI boot with GRUB_RESCUE="y"
# Incorrect use of this variable can lead to unusable ReaR recovery system.
# When you modify this variable, verify that your ReaR recovery system works.
GRUB2_MODULES_UEFI_LOAD=()
##
# GRUB2_MODULES_UEFI
# List of modules that will be installed into Grub2 based UEFI boot loader ramdisk.
# Those will not be preloaded in the core image, but will be available for autoloading
# or manual loading via insmod.
# When empty ReaR will use the defaults of grub-mkstandalone
# (install all modules in the standalone image ramdisk)
# This variable currently applies in the same scenarios as GRUB2_MODULES_UEFI_LOAD.
# Incorrect use of this variable can lead to unusable ReaR recovery system.
# When you modify this variable, verify that your ReaR recovery system works.
GRUB2_MODULES_UEFI=()
##
# GRUB2_DEFAULT_BOOT
# The default GRUB2 menu entry to boot
# when GRUB2 is used as bootloader for the ReaR recovery system.
# Valid values are (see the create_grub2_cfg function in lib/bootloader-functions.sh):
# rear : Relax-and-Recover (BIOS or UEFI without Secure Boot)
# Relax-and-Recover (BIOS or UEFI in legacy BIOS mode)
# rear_secure_boot : Relax-and-Recover (UEFI and Secure Boot)
# chainloader : Boot next EFI
# Boot from second disk hd1 (usually the original system disk)
# reboot : Reboot
# exit : Exit to EFI shell
# Exit (possibly continue bootchain)
GRUB2_DEFAULT_BOOT="chainloader"
##
# GRUB2_TIMEOUT
# The timeout in seconds to automatically boot GRUB2_DEFAULT_BOOT
# when GRUB2 is used as bootloader for the ReaR recovery system.
GRUB2_TIMEOUT="$USER_INPUT_TIMEOUT"
##
# USING_UEFI_BOOTLOADER
#
# UEFI (Secure booting) support is partly available in ReaR (at least for Fedora, RHEL)
# SLES, openSUSE do not work out of the box due to issues with making an UEFI bootable ISO image.
# SLES, openSUSE need the additional tool 'ebiso' to make an UEFI bootable ISO image
# (via ISO_MKISOFS_BIN=/usr/bin/ebiso - see the ISO_MKISOFS_BIN variable above).
# The next variable can explitly specify whether or not an UEFI bootloader should be used:
# USING_UEFI_BOOTLOADER= means let ReaR try to find it out by itself (default)
# USING_UEFI_BOOTLOADER=0 means we do not want UEFI capable ISO and no efi tools in ReaR image
# USING_UEFI_BOOTLOADER=1 means we want UEFI ISO image and all efi tools to recreate the secure boot
# instead of '0' also any value that is recognized as 'no' by the is_false function can be used
# instead of '1' also any value that is recognized as 'yes' by the is_true function can be used
USING_UEFI_BOOTLOADER=
##
# UEFI_BOOTLOADER
#
# When a filename (with path) is specified in UEFI_BOOTLOADER in /etc/rear/local.conf
# this file is used as UEFI bootloader provided it is a regular file,
# for example UEFI_BOOTLOADER="/boot/efi/grub.efi".
# Alternatively or additionally one can specify UEFI_BOOTLOADER as a single string
# or as an array of filename globbing patterns that are used as '-iname' arguments
# for 'find' calls to find a UEFI bootloader file in the /boot directory, for example
# like UEFI_BOOTLOADER="elilo.efi" or UEFI_BOOTLOADER=( 'grub*.efi' 'boot*.efi' '*.efi' )
# where the first filename pattern that results a regular file is used as UEFI bootloader.
# When both a file (with path) and filename globbing patterns are specified
# as UEFI_BOOTLOADER array, the first array member must be the filename
# like UEFI_BOOTLOADER=( '/boot/efi/grub.efi' 'grub*.efi' '*.efi' )
# where the first match that results a regular file is used as UEFI bootloader.
# The by default empty UEFI_BOOTLOADER means that ReaR will try to autodetect
# what to use as UEFI bootloader. First ReaR tries to find a 'well known file'
# and then ReaR autodetects from EFI variables in /sys/firmware/efi/vars
# or /sys/firmware/efi/efivars what to use as UEFI bootloader.
UEFI_BOOTLOADER=""
##
# SECURE_BOOT_BOOTLOADER
#
# When using Secure Boot set full path of your signed boot loader here.
# e. g.
# SECURE_BOOT_BOOTLOADER="/boot/efi/EFI/BOOT/shim.efi"
#
# SECURE_BOOT_BOOTLOADER overrides UEFI_BOOTLOADER
#
# c.f. https://github.com/rear/rear/pull/1385
SECURE_BOOT_BOOTLOADER=""
##
# EFI_STUB
# Enforce EFISTUB booting.
# If enabled and OS is currently using some boot loader (Grub, Grub2, elilo, ...), restored
# system will be using EFISTUB.
# Should original OS be setup with EFISTUB, there will be no change in boot loader setup.
# ReaR will trigger some basic check if kernel currently used, is EFISTUB capable and will
# end with error if EFISTUB support is not available in detected Linux kernel.
EFI_STUB="no"
# Full path to Systemd boot loader that will be used to boot ReaR rescue system.
OUTPUT_EFISTUB_SYSTEMD_BOOTLOADER="/usr/lib/systemd/boot/efi/systemd-bootx64.efi"
# Options passed to efibootmgr --unicode ...
# E.g. EFI_STUB_EFIBOOTMGR_ARGS="initrd=initramfs-linux.img root=/dev/sda2"
EFI_STUB_EFIBOOTMGR_ARGS=
##
# REAR_INITRD_COMPRESSION
#
# What compression to use when creating the initramfs/initrd for the ReaR rescue/recovery system.
# By default and also as fallback an initrd.cgz with gzip default compression is created.
# The default is known to work well in practice.
# The ReaR rescue/recovery system initrd is loaded by various bootloaders (normally syslinux).
# Usually any bootloader should be able to load any initrd file but then
# the initrd must be usable by the kernel which means a specially compressed initrd
# may not always work, in particular not with older kernels.
# When booting on ppc64 with the yaboot bootloader the initrd must be less than 32MB (or 32MiB?)
# so that in this case the lzma compression could be even required
# see https://github.com/rear/rear/issues/1142
# In genaral a smaller initrd is loaded faster by the ReaR rescue/recovery system bootloader
# so that a small initrd could make the whole system recovery a bit faster.
# With REAR_INITRD_COMPRESSION="fast"
# an initrd.cgz with gzip --fast compression is created (fast creating but less compression).
# With REAR_INITRD_COMPRESSION="best"
# an initrd.cgz with gzip --best compression is created (best gzip compression but slower creating).
# With REAR_INITRD_COMPRESSION="lzma"
# an initrd.xz with xz using the lzma compression is created (very best compression but very slow).
# With REAR_INITRD_COMPRESSION="lz4"
# an initrd.lz4 with lz4 default -1 compression is created (fast speed but less compression).
# An initrd.xz with lzma or lz4 compression may not work in this or that case.
# An initrd.xz with lzma or lz4 compression is known not to work together with DRLM prior to version 2.1.1
# see https://github.com/rear/rear/pull/1182#issuecomment-275423441
# but at least lzma compression works with DRLM since version 2.1.1
# see https://github.com/rear/rear/pull/1182#issuecomment-282252770
REAR_INITRD_COMPRESSION=""
##
# advanced handling of Relax-and-Recover result (boot image)
##
# Relax-and-Recover can do something with the resulting files, here we say what
#
# The list of resulting files that make up the DR environment.
# RESULT_FILES array elements get added as needed by various scripts.
# For example such an automatically added RESULT_FILES array element
# is the bootable ISO image of the ReaR rescue/recovery system.
# The resulting files will get copied to the output location
# specified via OUTPUT_URL (or inherited from BACKUP_URL).
# Initially this array is empty, but a user could specify additional files:
RESULT_FILES=()
# we can send a mail with the resulting files. We even support multiple recipients,
# each array variable is one recipient. When you set this variable to a value without
# using an array, it will still work.
RESULT_MAILTO=()
# set the sender, your local sendmail will expand this to a FQDN if you don't
# supply a full name here.
RESULT_MAILFROM=root
# set the subject to empty here, later script will fill in our default
RESULT_MAILSUBJECT=
# path to your sendmail
RESULT_SENDMAIL="$( type -p sendmail || echo /usr/lib/sendmail )"
# extra sendmail options. On my system -t makes sendmail read the recipients
# from the mail headers
# Use array to properly handle args with spaces ("some arg")
RESULT_SENDMAIL_OPTIONS=( -oi -t )
################ ---- ia64 specific stuff
#
# full path to elilo.efi file. Leave empty to use automatic search for it
ELILO_BIN=
################ ---- custom scripts
#
# The scripts can be defined as an array to better handle spaces in parameters.
# The scripts are called like this:
# eval "${PRE_RECOVERY_SCRIPT[@]}"
#
# Alternatively, commands can be executed by using the corresponding
# PRE_RECOVERY_COMMANDS and POST_RECOVERY_COMMANDS array variables
# which evaluate like this:
# for command in "${PRE_RECOVERY_COMMANDS[@]}" ; do
# eval "$command"
# done
#
# Using PRE_RECOVERY_COMMANDS and POST_RECOVERY_COMMANDS
# is simpler when multiple commands should be executed.
# For example,
# PRE_RECOVERY_SCRIPT=( 'echo Hello' ';' 'sleep 3' )
# can be rewritten as
# PRE_RECOVERY_COMMANDS=( 'echo Hello' 'sleep 3' )
# or
# PRE_RECOVERY_COMMANDS=( 'echo Hello' )
# PRE_RECOVERY_COMMANDS+=( 'sleep 3' )
# Those get called at the very beginning of "rear recover".
# The PRE_RECOVERY_COMMANDS are called directly before the PRE_RECOVERY_SCRIPT.
# Nothing was recreated and you have only the plain ReaR rescue/recovery system:
PRE_RECOVERY_COMMANDS=()
PRE_RECOVERY_SCRIPT=
# Those get called at the very end of "rear recover".
# The POST_RECOVERY_COMMANDS are called directly after the POST_RECOVERY_SCRIPT.
# Use $TARGET_FS_ROOT (by default '/mnt/local') to access the recreated target system.
POST_RECOVERY_SCRIPT=
POST_RECOVERY_COMMANDS=()
# PRE_BACKUP_SCRIPT and POST_BACKUP_SCRIPT are called at the beginning and
# at the end of the backup part in the mkbackup/mkbackuponly workflow like this:
# eval "${PRE_BACKUP_SCRIPT[@]}"
# For example:
# When a database is running on a filesystem which is included in the backup
# you may need to stop a database service before backup via PRE_BACKUP_SCRIPT
# and restart it after the backup was done via POST_BACKUP_SCRIPT.
# In case of an error exit during backup and provided PRE_BACKUP_SCRIPT is set,
# ReaR will run the POST_BACKUP_SCRIPT as exit task (via ReaR's EXIT_TASKS array).
# This prevents that the database remains stopped in case of an error exit during backup
# which also means the database is active after there was an error exit during backup
# when the POST_BACKUP_SCRIPT restarts the database unconditioned.
# When only POST_BACKUP_SCRIPT is set without a PRE_BACKUP_SCRIPT
# then POST_BACKUP_SCRIPT is not run in case of an error exit during backup.
# POST_BACKUP_SCRIPT is run if there is some error but no error exit during backup.
# Called at the beginning of the backup part in the mkbackup/mkbackuponly workflow:
PRE_BACKUP_SCRIPT=
# Called at the end of the backup part in the mkbackup/mkbackuponly workflow:
POST_BACKUP_SCRIPT=
# Some external backup software request user input
# (e.g. to enter paths to exclude or date and time values for point in time restore).
# We use here the same default timeout as USER_INPUT_TIMEOUT was set above
# because also this timeout here interrupts a possibly ongoing user input
# (in particular when the bash builtin 'read -t timeout' is used)
# see the above explanation where USER_INPUT_TIMEOUT is set.
# WAIT_SECS is set to a default value here only
# if not already set so that the user can set it also like
# export WAIT_SECS=30
# directly before he calls "rear ...":
test "$WAIT_SECS" || WAIT_SECS="$USER_INPUT_TIMEOUT"
# to force adding multipath related executables so a recovered system would be able to boot via SAN disks only
# instead of the internal ones (no success guaranteed although). E.g. in case the destination has no internal disks.
# making the variable (y,Y,1) to enable
BOOT_OVER_SAN=
# ReaR default certificates location. ReaR will use it to store its required certificates.
# If used with '--capath $REAR_CAPATH' curl option (see: man curl) the following commands
# must be executed:
# cd $REAR_CAPATH
# for file in *.crt *.pem; do ln -sf $file `openssl x509 -hash -noout -in $file`.0; done
# If '--cacert $REAR_CAPATH/certname.crt' curl option (see: man curl) is used
# there is no need to rehash.
# See http://stackoverflow.com/questions/9879688/difference-between-cacert-and-capath-in-curl
REAR_CAPATH="/etc/rear/cert"
####################
# DRLM (Disaster Recovery Linux Manager) Variables
# Specify if ReaR is managed from DRLM (y/n) [ default (n) ].
DRLM_MANAGED=n
# Specify the DRLM certificate location. DRLM can provide the certificate with it's 'instclient' workflow or you can get it from
# /etc/drlm/cert/*.crt on a DRLM server.
# By default is defined with '--capath' curl option (see: man curl). Take care on using (-k|--insecure) only use it on trusted networks.
# DRLM use a RESTful API and in future more REST required options could be added.
DRLM_REST_OPTS="--capath $REAR_CAPATH"
# Specify DRLM Server name or ip address. This name must be the same as defined in CN of the certificate (DRLM server hostname by default).
# If is not possible because you're using other DRLM server for recovery or system migration, get the certificate from the new DRLM server
# or use (-k or --insecure) on DRLM_REST_OPTS.
DRLM_SERVER=""
# Specify DRLM Client name. The hostname is used by default, but must be set to the DRLM client name if is different.
# The client hostname is the recommended but not mandatory.
DRLM_ID="$HOSTNAME"
# DRLM_REST_OPTS, DRLM_SERVER and DRLM_ID variables can be changed in /etc/rear/local.conf and also can be updated at runtime.
# e.g.
# rear recover SERVER=1.1.1.1 REST_OPTS="-k" ID=client01
Zerion Mini Shell 1.0