Intermittent file copies, occasional DVD writes, and misplaced hope are what constituted the backup system for our home network. Two days ago that changed when I successfully configured BackupPC.
BackupPC (http://backuppc.sourceforge.net/) is an application that creates and manages backups to disk, as opposed to tapes or other media. Assuming that BackupPC is installed on the server (see for example the installation instructions) and enough disk space is available, the next step is configuration.
Most of the configuration will be accomplished using the web
interface. In case there is a need to change the login and password
for the BackupPC user (e.g. backuppc
), then make the modifications as an
administrative user. Invoking the htpasswd
command as follows will
prompt for a new password for backuppc
(after, of course, asking for
the sudo
password).
sudo htpasswd /etc/backuppc/htpasswd backuppc
At this point the web interface at http://localhost/backuppc should be available using the loging and password. If not, then there are some installation and system issues that must be resolved before the remainder of this article is applicable.
During the initial configuration I used the BackupPC SSH FAQ and was a
bit confused. To be sure, the first half of this article distills the
steps to generate and exchange keys for the rsync
method in the
hopes of reducing that confusion in the future. The remainder points
out a few configuration items that were accomplished using the web
interface.
Create keys on BackupPC host (e.g. nitrogen
) and send the public one
to the remote machine (e.g. carbon
).
-
Login as the BackupPC user (e.g.
backuppc
).su - backuppc
-
Change to the secure shell directory (e.g.
~backuppc/.ssh
).cd ~backuppc/.ssh
-
Create private (e.g.
id_rsa
) and public (e.g.id_rsa.pub
) keys for the local host.ssh-keygen -t rsa
-
Copy the public key to a local file with a clearly-identifiable
name (e.g.
BackupPC_id_rsa.pub
).cp id_rsa.pub BackupPC_id_rsa.pub
-
Limit file permissions.
chmod 600 id_rsa id_rsa.pub BackupPC_id_rsa.pub
-
Copy the public key to the remote host into the root user's ssh
area (e.g.
~root/.ssh
).scp BackupPC_id_rsa.pub root@carbon:~root/.ssh
Create keys on the remote host send the public one to the BackupPC host, and add the BackupPC's public key to list of authorized keys.
-
Login as an administrative user (e.g.
pwrusr
).su - pwrusr
-
Create private and public keys for the local host.
sudo ssh-keygen -t rsa -f ~root/.ssh/id_rsa
-
Copy the public key to a local file with a clearly-identifiable
name (e.g.
carbon_id_rsa.pub
).sudo cp ~root/.ssh/id_rsa.pub ~root/.ssh/carbon_id_rsa.pub
-
Limit file permissions.
chmod 600 id_rsa id_rsa.pub carbon_id_rsa.pub
-
Copy the public key to the BackupPC host (e.g.
nitrogen
) into the root user's ssh area (e.g.~root/.ssh
).sudo scp ~root/.ssh/carbon_id_rsa.pub root@nitrogen:~root/.ssh
-
Append the public key for the BackupPC to root's authorized keys
file (e.g.
~root/.ssh/authorized_keys2
).sudo touch ~root/.ssh/authorized_keys2 sudo cat ~root/.ssh/BackupPC_id_rsa.pub >> ~root/.ssh/authorized_keys2
Add the remote host's public key to the list of known hosts then test the connection.
-
Login as the BackupPC user.
su - backuppc
-
Change to the secure shell directory (e.g.
~backuppc/.ssh
).cd ~backuppc/.ssh
-
Append the public key for the remote host to the
list of known hosts (e.g.
known_hosts
).touch known_hosts cat carbon_id_rsa.pub >> known_hosts
-
Ensure that the BackupPC user can connect as root to the remote
machine without the need for a password. The test below should
return the string
root
. Note: The first time this connection is made the password may need to be entered, but subsequent logins should not request a password.ssh root@carbon whoami ssh root@carbon whoami
Repeat the key generation and exchange for all hosts that BackupPC will be serving.
Now that the machines can communicate securely, the backups themselves
need to be defined. Log into the web interface
(e.g. http://localhost/backuppc). To declare the machines to be
backed up, choose the Edit Hosts
link in the table of contents area.
Under the Hosts
tab press Add
and provide the host name to be
backed up (e.g. carbon
), the normal user of that host
(e.g. ksburt
). If the BackupPC server is currently a host that
needs to be backed up, it might be wise to add a host with the
explicit name (e.g. nitrogen
) and its normal user (e.g. tcburt
).
This choice is driven less by necessity (since localhost
is a
default host), and more by the desire to prepare for the
future. Additionally, the key generation and exchange described above
needs to be done. Be sure to press the Save
button.
Next select the Xfer
tab.
-
Change
XferMethod
torsync
. -
Change
RsyncShareName
to be/home
. -
Choose the
Add
button to add/etc
. -
Choose the
Add
button to add other default directories.-
Caution: If the root filesystem is chosen for backup, then
BackupFilesExclude
should be configured to exclude certain directories (e.g./proc
).
-
Caution: If the root filesystem is chosen for backup, then
-
Press the
Save
button.
Return to the table of contents area and choose a particular host to
configure (e.g. nitrogen
) by using the Select a host...
dropdown. This creates a new section in the table of contents that is
specific to the host. Choose the Edit Config
link under the
host-specific section. Ensure that XferMethod
is rsync
and that
the default directories (e.g. /home
and /etc
) are in
RsyncShareName
. Let us consider the situation where this host has a
filesystem (e.g. /DATA01
) that is shared to the network. Since
directories on this disk (e.g. /DATA01/Music
, /DATA01/Pictures
)
should be backed up only once, add them to the RsyncShareName
only
on this host. Save the configuration. Repeat the host-specific
configuration for each host to be backed up.
An immediate test can be run. First, select the host's homepage from the
table of contents. Ensure that the current time is not in a blackout
period (see the Schedule
configuration tab). Press the Start Full Backup
button and confirm, then the homepage should return. Wait a
few seconds and refresh the page to see if any errors are reported.
Once BackupPC is working, enjoy the peace of mind that comes with having a history of your data stored regularly. Of course, the next step is to test whether you can actually recover the data.
No comments:
Post a Comment