1. Introduction

RolidBackup is a specialized, agentless backup appliance designed for Linux infrastructure. Unlike traditional backup software that requires installing agents on every client, RolidBackup works on a pull-basis using standard SSH and Rsync protocols.

It provides a robust "Time Machine" style history using Hard-Links, meaning every daily backup looks like a full backup but only consumes storage for changed files.

2. Architecture

• Core Engine: Python 3.12+ (FastAPI) with a custom multi-threaded scheduler.
• Storage: Standard Linux filesystem (Ext4/XFS/NTFS) with Hard-Link deduplication.
• Database: SQLite (SQLAlchemy ORM) for storing job configurations and logs.
• Protocol: SSH (Secure Shell) with Ed25519 Public Key Authentication.

3. Installation

RolidBackup is designed to run on a dedicated server or VM (The Backup Appliance).

System Requirements

• OS: AlmaLinux 9, Rocky Linux 9, or Debian 12.
• Disk: Sufficient storage mounted at /ZALOHOVADLO (or custom path).
• Network: Port 22 (SSH) access to client servers.

Automatic Install

curl -sL https://rolid.com/install_backup.sh | bash

Manual Steps

# 1. Dependencies
dnf install python3 python3-pip rsync git chrony -y

# 2. Setup Directory
mkdir -p /opt/rolidbackup
cd /opt/rolidbackup

# 3. Python Env
python3 -m venv venv
source venv/bin/activate
pip install fastapi uvicorn jinja2 python-multipart requests apscheduler sqlalchemy aiofiles passlib[bcrypt] argon2-cffi pytz

# 4. Init
./venv/bin/python3 init_user.py

4. Configuration

Global Settings

Navigate to the Settings page in the Web GUI to configure:

• SSH Identity: This is the key RolidBackup uses to identify itself. Copy the Public Key to all your client servers.
• Destinations: Define where data is stored (e.g., Local Disk, NAS Mount).
• SMTP / Notifications: Configure email reports and Discord webhooks.

Adding a Job

To back up a new server:

1. Click Add Server.
2. Remote Host: IP address or hostname.
3. Source Path: Directory to backup (e.g., /var/www).
4. Schedule: Cron expression (e.g., 03:00 * * *).
5. Rotation Type:
   • Weekly: Rotates 7 folders (Mon-Sun). efficient.
   • Monthly: Rotates 31 folders (01-31).
   • Timestamp: Unlimited history (until disk full).

5. Security & Authentication

Passwords

User passwords for the Web GUI are hashed using Argon2id, the winner of the Password Hashing Competition. This makes them resistant to GPU brute-force attacks.

Input Validation

All inputs (IP addresses, paths, commands) are strictly validated using Regex on the backend to prevent Command Injection attacks.

Integrity Check

On every startup, RolidBackup calculates MD5 checksums of its own core files (main.py, engine.py) to ensure no unauthorized modifications have occurred.

6. Database Backup Strategy

RolidBackup can automatically dump MySQL/MariaDB databases before transferring files. This ensures data consistency.

The Secure Way (.my.cnf)

To avoid storing database passwords in the backup software, we use client-side authentication.

On the client server (the one being backed up):

# Create config file for root
nano /root/.my.cnf

# Add content:
[client]
user=root
password=YOUR_DB_PASSWORD

[mysqldump]
user=root
password=YOUR_DB_PASSWORD

# Secure it!
chmod 600 /root/.my.cnf

Once this is set, simply enable Backup MySQL in the job settings. RolidBackup will trigger mysqldump via SSH, and the server will authenticate locally.

7. Restore Process

RolidBackup adheres to a Non-Destructive Restore policy.

How to Restore

1. Go to Job History for the specific server.
2. Find the backup point you want to recover.
3. Click the yellow Restore button.
4. The system will copy the data from the backup archive to a local staging folder on the backup server:
   /ZALOHOVADLO/restore/JOBNAME_DATE/
5. You can then verify the files and manually transfer them back to the production server (using SCP, SFTP, or Rsync).

8. Troubleshooting

Log Locations

• System Log: /opt/rolidbackup/app.log
• Job Specific Logs: /opt/rolidbackup/logs/job_{ID}.log

Common Errors