BackupPC Howto
From LUGOP
Contents |
Howto for BackupPC
This howto is 100% based on Fedora. This was done in F7, but I think FC6 should be the same. Additionally, hopefully only minor modifications will be required for other *NIX distributions. I can't confirm that, it's just a theory.
The official documentation for BackupPC is of course found at SourceForge
Install from Fedora
yum -y install BackupPC
Setup your clients
Now we are onto configuring the clients. Sure, you could start with the server, but why? :)
Edit /etc/BackupPC/hosts
Here is a diff of what was there orignially vs what I added. All of one line here to add x2 as a client. The hostname must be dns resolvable, or just use an IP address. Obviously you should put your own information there. If you don't have a static IP for the client box, you need to use Samba and have a Netbios name that is the same regardless of IP. If that sounds un-fun, (and I think it does), try using a static IP for your internal network.
/etc/BackupPC/hosts
--- hosts.fedora_orig 2007-06-23 14:14:38.000000000 -0500 +++ hosts 2007-06-23 14:15:33.000000000 -0500 @@ -52,5 +52,6 @@ # not be edited!! # host dhcp user moreUsers # <--- do not edit this line +x2 0 stahnma #farside 0 craig jill,jeff # <--- example static IP host entry #larson 1 bill # <--- example DHCP host entry
Create a link directory for client information
I create a link here because I like all configuration information to be somehow available in /etc. By default most files are in /var/libexec/BackupPC, that's fine and all, but I don't like to go scouring through there. So, I make a link and forget about it.
cd /etc/BackupPC ln -s /var/lib/BackupPC/pc .
Create the client config file (if desired)
In this case $hostname is the name of the box you wish to backup. Throughout this example, I have only worked with x2.stahnkage.com. I wanted to only backup /home, /srv, and /etc. I might change that later. If you don't specify the BackupFilesOnly directive, you get everything from / on down. That's fine if you have tons of disk. Sadly, I don't.
I created a client config file because I didn't mess with the defaults much. Since I only have one system, I guess I could have just edited the master configuration, but I know I will soon will have the rest of stahnkage infrastructure on this backup program, and probably don't want to have weird master options and then odd overrides. Instead the client config will only specifiy the location and method for transport.
Create a file named /etc/BackupPC/pc/$hostname/config.pl
/etc/BackupPC/pc/x2/config.pl
$Conf{XferMethod} = 'rsync';
$Conf{BackupFilesOnly} = [ '/home' , '/srv', '/etc'];
Fix Ownership
chmod 644 /etc/BackupPC/pc/$hostname/config.pl
Server Side Work
Setup the BackupPC account
By default the backuppc user is disabled. But to setup `rsync` backups, you need to have a key. Odd. So I just enabled it and used it.
usermod -s /bin/bash backuppc su - backuppc ssh-keygen ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/var/lib/BackupPC/.ssh/id_rsa): <enter> Enter passphrase (empty for no passphrase): <enter> Enter same passphrase again: <enter> Your identification has been saved in /var/lib/BackupPC/.ssh/id_rsa. Your public key has been saved in /var/lib/BackupPC/.ssh/id_rsa.pub. The key fingerprint is: 13:fb:90:14:4d:04:8e:c5:e6:75:ae:91:5d:59:1e:94 backuppc@x2.stahnkage.com
Copy your public key over to your client system(s). This can be done running as the backuppc user, using the ssh-copy-id command.
-bash-3.2$ ssh-copy-id -i id_rsa.pub root@x2 10 The authenticity of host 'x2 (192.168.1.101)' can't be established. RSA key fingerprint is 17:2a:8d:3d:64:18:03:db:7b:d7:7c:f7:88:b7:f2:3d. Are you sure you want to continue connecting (yes/no)? <yes> Warning: Permanently added 'x2,192.168.1.101' (RSA) to the list of known hosts. root@x2's password: <password> Now try logging into the machine, with "ssh 'root@x2'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
It is important to SSH to the host to ensure everything worked the way you hoped. Additionally, it will cache the public hostkey of the remote host, so then your backup won't error out.
-bash-3.2$ ssh root@x2 Last login: Sat Jun 23 14:29:26 2007 from duo.stahnkage.com [root@x2 ~]# logout
Configure Apache
I have been configuring all of my applications to use LDAP for authentication. If you don't have LDAP, follow the directions in /etc/httpd/conf.d/BackupPC.conf. They appear to be simple enough. Also, I am only restricting BackupPC to valid users in my LDAP directory. Ideally, I would lock it down beyond that, but my LDAP directory is very small and I don't have a good handle on it yet. Also note that by default, the web manager for BackupPC is only available on the loopback.
/etc/httpd/conf.d/BackupPC.conf
--- /tmp/BackupPC.conf 2007-06-23 14:08:24.000000000 -0500 +++ /etc/httpd/conf.d/BackupPC.conf 2007-06-23 14:11:35.000000000 -0500 @@ -10,10 +10,11 @@ deny from all allow from 127.0.0.1 AuthType Basic -AuthUserFile /etc/BackupPC/apache.users AuthName "BackupPC - require valid-user +AuthBasicProvider ldap +AuthLDAPURL ldap://x2.stahnkage.com:389/ou=People,dc=stahnkage,dc=com?uid +AuthzLDAPAuthoritative off </Directory>
If you don't already have apache running, then
/etc/init.d/httpd start chkconfig httpd on
Edit the master config file.
/etc/BackupPC/config.pl
--- config.pl.fedora-orig 2007-06-23 14:18:11.000000000 -0500
+++ config.pl 2007-06-23 14:57:10.000000000 -0500
@@ -706,11 +706,12 @@
# This specifies one blackout period from 7:00am to 7:30pm local time
# on Mon-Fri, and a second period from 11pm to 5am on Friday and
# Saturday night.
+# stahnma: I put in 3 PM - 3:30 AM as no-backup times
#
$Conf{BlackoutPeriods} = [
{
- hourBegin => 7.0,
- hourEnd => 19.5,
+ hourBegin => 15.0,
+ hourEnd => 3.5,
weekDays => [1, 2, 3, 4, 5],
},
];
@@ -1484,7 +1485,7 @@
# handler this is either a plain name (eg: "admin") or a fully-qualified
# name (eg: "admin@mydomain.com").
#
-$Conf{EMailAdminUserName} = 'backuppc';
+$Conf{EMailAdminUserName} = 'stahnma@fedoraproject.org';
#
# Destination domain name for email sent to users. By default
Start BackupPC
/etc/init.d/BackupPC start chkconfig BackupPC on
Point your web browser to http://localhost/BackupPC and you should be cooking with gas.
The rest is web-driven once you login. I think you can figure it out. By default, BackupPC uses pooling for files, (which is nice) so it won't backup multiple copies of the same file. Also, I did try a restore and it worked perfectly. Thanks!
