Saturday, March 27, 2010

Replacing Misplaced Hope with a Backup System: Initial Configuration of BackupPC

Intermittent file copies, occasional DVD writes, and misplaced hope are what constituted the backup system for our home network. Two days ago that changed when I successfully configured BackupPC.

BackupPC (http://backuppc.sourceforge.net/) is an application that creates and manages backups to disk, as opposed to tapes or other media. Assuming that BackupPC is installed on the server (see for example the installation instructions) and enough disk space is available, the next step is configuration.

Most of the configuration will be accomplished using the web interface. In case there is a need to change the login and password for the BackupPC user (e.g. backuppc), then make the modifications as an administrative user. Invoking the htpasswd command as follows will prompt for a new password for backuppc (after, of course, asking for the sudo password).

sudo htpasswd /etc/backuppc/htpasswd backuppc

At this point the web interface at http://localhost/backuppc should be available using the loging and password. If not, then there are some installation and system issues that must be resolved before the remainder of this article is applicable.

During the initial configuration I used the BackupPC SSH FAQ and was a bit confused. To be sure, the first half of this article distills the steps to generate and exchange keys for the rsync method in the hopes of reducing that confusion in the future. The remainder points out a few configuration items that were accomplished using the web interface.

Create keys on BackupPC host (e.g. nitrogen) and send the public one to the remote machine (e.g. carbon).

  1. Login as the BackupPC user (e.g. backuppc).
    su - backuppc
    
  2. Change to the secure shell directory (e.g. ~backuppc/.ssh).
    cd ~backuppc/.ssh
    
  3. Create private (e.g. id_rsa) and public (e.g. id_rsa.pub) keys for the local host.
    ssh-keygen -t rsa
    
  4. Copy the public key to a local file with a clearly-identifiable name (e.g. BackupPC_id_rsa.pub).
    cp id_rsa.pub BackupPC_id_rsa.pub
    
  5. Limit file permissions.
    chmod 600 id_rsa id_rsa.pub BackupPC_id_rsa.pub
    
  6. Copy the public key to the remote host into the root user's ssh area (e.g. ~root/.ssh).
    scp BackupPC_id_rsa.pub root@carbon:~root/.ssh
    

Create keys on the remote host send the public one to the BackupPC host, and add the BackupPC's public key to list of authorized keys.

  1. Login as an administrative user (e.g. pwrusr).
    su - pwrusr
    
  2. Create private and public keys for the local host.
    sudo ssh-keygen -t rsa -f ~root/.ssh/id_rsa
    
  3. Copy the public key to a local file with a clearly-identifiable name (e.g. carbon_id_rsa.pub).
    sudo cp ~root/.ssh/id_rsa.pub ~root/.ssh/carbon_id_rsa.pub
    
  4. Limit file permissions.
    chmod 600 id_rsa id_rsa.pub carbon_id_rsa.pub
    
  5. Copy the public key to the BackupPC host (e.g. nitrogen) into the root user's ssh area (e.g. ~root/.ssh).
    sudo scp ~root/.ssh/carbon_id_rsa.pub root@nitrogen:~root/.ssh
    
  6. Append the public key for the BackupPC to root's authorized keys file (e.g. ~root/.ssh/authorized_keys2).
    sudo touch ~root/.ssh/authorized_keys2
    sudo cat ~root/.ssh/BackupPC_id_rsa.pub >> ~root/.ssh/authorized_keys2 
    

Add the remote host's public key to the list of known hosts then test the connection.

  1. Login as the BackupPC user.
    su - backuppc
    
  2. Change to the secure shell directory (e.g. ~backuppc/.ssh).
    cd ~backuppc/.ssh
    
  3. Append the public key for the remote host to the list of known hosts (e.g. known_hosts).
    touch known_hosts
    cat carbon_id_rsa.pub >> known_hosts
    
  4. Ensure that the BackupPC user can connect as root to the remote machine without the need for a password. The test below should return the string root. Note: The first time this connection is made the password may need to be entered, but subsequent logins should not request a password.
    ssh root@carbon whoami
    ssh root@carbon whoami
    

Repeat the key generation and exchange for all hosts that BackupPC will be serving.

Now that the machines can communicate securely, the backups themselves need to be defined. Log into the web interface (e.g. http://localhost/backuppc). To declare the machines to be backed up, choose the Edit Hosts link in the table of contents area. Under the Hosts tab press Add and provide the host name to be backed up (e.g. carbon), the normal user of that host (e.g. ksburt). If the BackupPC server is currently a host that needs to be backed up, it might be wise to add a host with the explicit name (e.g. nitrogen) and its normal user (e.g. tcburt). This choice is driven less by necessity (since localhost is a default host), and more by the desire to prepare for the future. Additionally, the key generation and exchange described above needs to be done. Be sure to press the Save button.

Next select the Xfer tab.

  • Change XferMethod to rsync.
  • Change RsyncShareName to be /home.
  • Choose the Add button to add /etc.
  • Choose the Add button to add other default directories.
    • Caution: If the root filesystem is chosen for backup, then BackupFilesExclude should be configured to exclude certain directories (e.g. /proc).
  • Press the Save button.

Return to the table of contents area and choose a particular host to configure (e.g. nitrogen) by using the Select a host... dropdown. This creates a new section in the table of contents that is specific to the host. Choose the Edit Config link under the host-specific section. Ensure that XferMethod is rsync and that the default directories (e.g. /home and /etc) are in RsyncShareName. Let us consider the situation where this host has a filesystem (e.g. /DATA01) that is shared to the network. Since directories on this disk (e.g. /DATA01/Music, /DATA01/Pictures) should be backed up only once, add them to the RsyncShareName only on this host. Save the configuration. Repeat the host-specific configuration for each host to be backed up.

An immediate test can be run. First, select the host's homepage from the table of contents. Ensure that the current time is not in a blackout period (see the Schedule configuration tab). Press the Start Full Backup button and confirm, then the homepage should return. Wait a few seconds and refresh the page to see if any errors are reported.

Once BackupPC is working, enjoy the peace of mind that comes with having a history of your data stored regularly. Of course, the next step is to test whether you can actually recover the data.

No comments:

Post a Comment