How do I backup multiple Movable Type blogs?
December 12, 2003 1:42 PM Subscribe
I have four blogs on one Movable Type installation. I'd like to set up a system to make backups of all my entries and templates in one click. [More inside...]
The manual process is to go into each blog in a browser, click Export Entries, then connect to my FTP server and download each of the 4 folders that contain my "external" template files.
There are two solutions that I've thought of already. One, a complete dump of the mySQL database -- definitely does the job, but the filesize would be a lot bigger than it has to be, and it's clumsy.
Two, I could make a BAT file to grab the entry exports via HTTP, and then the templates via FTP (Windows command line FTP?). This is very efficient, but not robust -- if I were to change hosts, I'd have to redo the BAT file accordingly. Also, to be truly one-click, it'd need my FTP login and password to be stored in the file in plain text, which I'd rather avoid.
Any plugin gurus know of a versatile solution? Maybe a cron job?
The manual process is to go into each blog in a browser, click Export Entries, then connect to my FTP server and download each of the 4 folders that contain my "external" template files.
There are two solutions that I've thought of already. One, a complete dump of the mySQL database -- definitely does the job, but the filesize would be a lot bigger than it has to be, and it's clumsy.
Two, I could make a BAT file to grab the entry exports via HTTP, and then the templates via FTP (Windows command line FTP?). This is very efficient, but not robust -- if I were to change hosts, I'd have to redo the BAT file accordingly. Also, to be truly one-click, it'd need my FTP login and password to be stored in the file in plain text, which I'd rather avoid.
Any plugin gurus know of a versatile solution? Maybe a cron job?
How have you got MT set-up? Is it storing your entries in MySQL?
The easist solution would be to write a shell/perl script that tar/gzips everything and stores it somewhere, and then get cron to run it daily, then download it from a secret page on your server.
posted by cheaily at 5:27 PM on December 12, 2003
The easist solution would be to write a shell/perl script that tar/gzips everything and stores it somewhere, and then get cron to run it daily, then download it from a secret page on your server.
posted by cheaily at 5:27 PM on December 12, 2003
Crap. Something like this (this is just an algorithm):
in ~/backup.sh
posted by cheaily at 5:33 PM on December 12, 2003
in ~/backup.sh
- export entries from mysql, copy sql file to ~/mtbackup/sql
- copy your mt installation directory to ~/mtbackup
- tar czf ~/mtbackup mtbackup.tar.gz
- cp mtbackup.tar.gz ~/public_html/secretfolderthatonlyyouknowabout/
wget http://yourhost/yourdirectory/mtbackup.tar.gz
posted by cheaily at 5:33 PM on December 12, 2003
Response by poster: Okay, here's a sub-question:
Is there a variable I can use in my crontab file to indicate the current date? So it makes a daily backup named like "mt_20031212.tar", for example.
posted by Aaorn at 5:45 PM on December 12, 2003
Is there a variable I can use in my crontab file to indicate the current date? So it makes a daily backup named like "mt_20031212.tar", for example.
posted by Aaorn at 5:45 PM on December 12, 2003
Not that I'm aware of, but your crontab should only be invoking a shell or Perl script that lives elsewhere (which can understand the date) so that shouldn't matter.
posted by majick at 6:05 PM on December 12, 2003
posted by majick at 6:05 PM on December 12, 2003
The problem with ~/public_html/secretfolderthatonlyyouknowabout/ is that there's no guarantee that it will remain secret, either via a malicious party guessing, making a dictionary attack, etc. Once someone has that tarball, they have unfettered access to your weblog (if not your entire account.) Security through obscurity is always a gamble.
If you have a static IP address for your desktop, you could theoretically include an .htaccess file that denies access to all IPs except yours, but I still wouldn't trust that degree of protection. (You'd also have to update the file if/when you change IPs.)
Personally, I would install a Win32 copy of `scp` and use that to transfer the file from server to desktop. SCP is encrypted (thus, not spamming your password in plaintext over untrusted connections.) You'd have to put your password into the SCP command on your desktop, but if someone has physical access to/has rooted your home machine, you have far more to worry about than your Web server.
posted by Danelope at 6:41 PM on December 12, 2003
If you have a static IP address for your desktop, you could theoretically include an .htaccess file that denies access to all IPs except yours, but I still wouldn't trust that degree of protection. (You'd also have to update the file if/when you change IPs.)
Personally, I would install a Win32 copy of `scp` and use that to transfer the file from server to desktop. SCP is encrypted (thus, not spamming your password in plaintext over untrusted connections.) You'd have to put your password into the SCP command on your desktop, but if someone has physical access to/has rooted your home machine, you have far more to worry about than your Web server.
posted by Danelope at 6:41 PM on December 12, 2003
Response by poster: There's nothing about the backup itself that would need to be private/secure -- it's just an export of my entries and photos, and the HTML templates for presenting them.
wget is proving quite useful, thanks for that suggestion.
posted by Aaorn at 7:00 PM on December 12, 2003
wget is proving quite useful, thanks for that suggestion.
posted by Aaorn at 7:00 PM on December 12, 2003
Danelope: "security through obscurity" describes nearly every password based system in existence. What's to stop me from guessing or making a dictionary-based attack on Aaorn's ftp password? There's no guarantee that that would remain a secret either, despite his best efforts.
Besides, it's not like he's storing ASIO records... it's a weblog. Who's going to try to come along and steal his backups?
posted by cheaily at 7:13 PM on December 12, 2003
Besides, it's not like he's storing ASIO records... it's a weblog. Who's going to try to come along and steal his backups?
posted by cheaily at 7:13 PM on December 12, 2003
You can use the Template plugin to include the code of templates in an MT-generated page. (Even when you're using the "Link to an External File" feature, the code is duplicated from the file into the database.)
So maybe you could create a template that's basically a dump of all the templates you want to back up, and grab the resulting built page via HTTP, eliminating the need for the FTP part of the process.
posted by staggernation at 7:54 PM on December 12, 2003
So maybe you could create a template that's basically a dump of all the templates you want to back up, and grab the resulting built page via HTTP, eliminating the need for the FTP part of the process.
posted by staggernation at 7:54 PM on December 12, 2003
Hmm, ShowTemplates may actually be better--you could loop through all the templates for a given blog without having to specify them all by ID or name.
posted by staggernation at 8:04 PM on December 12, 2003
posted by staggernation at 8:04 PM on December 12, 2003
Danelope: "security through obscurity" describes nearly every password based system in existence. What's to stop me from guessing or making a dictionary-based attack on Aaorn's ftp password?
A competent sysadmin, automated systems in place on the Web server to temporarily stop allowing logins after $n attempts, automated systems to notify sysadmins of brute force attacks...
Who's going to try to come along and steal his backups?
It doesn't matter whether or not someone would attempt to steal the data in question; if the possibility exists, due diligence would require you to mitigate it. If the data in question are merely HTML and images, the damage done by having said data stolen is minimal. If we're talking about a full MySQL dump (which Aaorn mentioned in the original post), the database may contain information that can be used to compromise the system.
posted by Danelope at 8:20 PM on December 12, 2003
A competent sysadmin, automated systems in place on the Web server to temporarily stop allowing logins after $n attempts, automated systems to notify sysadmins of brute force attacks...
Who's going to try to come along and steal his backups?
It doesn't matter whether or not someone would attempt to steal the data in question; if the possibility exists, due diligence would require you to mitigate it. If the data in question are merely HTML and images, the damage done by having said data stolen is minimal. If we're talking about a full MySQL dump (which Aaorn mentioned in the original post), the database may contain information that can be used to compromise the system.
posted by Danelope at 8:20 PM on December 12, 2003
Just FYI, I'm taking note of this request, it's a feature I want too. :) I'll pass it along to our dev peoples.
posted by anildash at 11:26 PM on December 12, 2003
posted by anildash at 11:26 PM on December 12, 2003
anil: Please note that I know and/or work with a whole bunch of people who between them have dozens of MT installations, and this is the single most requested feature I've heard of. If 6a does *nothing* else this year, I beg you: Please get this feature implemented!!!
posted by oissubke at 9:06 AM on December 13, 2003
posted by oissubke at 9:06 AM on December 13, 2003
This thread is closed to new comments.
posted by majick at 4:51 PM on December 12, 2003