====== BackupPC ======
===== Installation on Centos 5 =====
[[computing:linux:minimal_centos_install|Minimal Server Install (Centos)]]
http://wiki.centos.org/HowTos/BackupPC
cd /etc/yum.repos.d
wget http://dev.centos.org/centos/5/CentOS-Testing.repo
yum update -y
reboot
yum --enablerepo=c5-testing install backuppc httpd mod_perl sudo wget rsync
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/ssmtp-2.61-14.el5.i386.rpm
vi /etc/ssmtp/ssmtp.conf
root=postmaster@yourdomain.tld
mailhub=mail.yourdomain.tld:465
RewriteDomain=yourdomain.tld
UseTLS=YES
AuthUser=smtpuser
AuthPass=smtppass
vi /etc/httpd/conf/httpd.conf
User backuppc
Servername backuppc.domain.com:80
vim /etc/httpd/conf.d/backuppc.conf
Allow from all
htpasswd -c /var/lib/backuppc/passwd/htpasswd admin
(enter password for web user 'admin' twice)
visudo
Comment out 'Defaults requiretty' and add the two lines
#Defaults requiretty
Defaults !lecture
backuppc ALL=NOPASSWD:/bin/gtar,/bin/tar
vim /etc/BackupPC/config.pl
(many edits)
service httpd start
service backuppc start
chkconfig httpd on
chkconfig backuppc on
http://ip.of.backuppc.server
vi /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,noatime 1 1
===== Move Data to New Server =====
Copy old BackupPC to new server:
rsync -arv /home/backuppc/* root@123.123.123.123:/var/lib/backuppc/
reboot
===== Older Info =====
http://www.mantic.org/wiki/Installing_BackupPC
useradd backuppc
passwd backuppc
http://easynews.dl.sourceforge.net/sourceforge/backuppc/BackupPC-3.0.0.tar.gz
vi /etc/xen/appserv
#disk = [ 'tap:aio:/vm/Xen/appserv.img,xvda,w', ]
disk = [ 'tap:aio:/vm/Xen/appserv.img,xvda,w', 'phy:sda6,sda1,w', ]
fdisk -l
(shows no valid partition table on /dev/sda - mount it anyway)
copy backuppc user (dot) files to newly mounted space
mount /dev/sda1 /home/backuppc/
Use 'noatime' option to reduce disk writes to update the file access times:
vim /etc/fstab
/dev/sda1 /home/backuppc ext3 defaults,noatime 1 2
mount -a
perl configure.pl --batch \
--cgi-dir /var/www/cgi-bin/backuppc \
--data-dir /home/backuppc \
--hostname hostname.yourdomain.tld \
--html-dir /var/www/html/backuppc \
--html-dir-url /backuppc \
--install-dir /opt/backuppc
yum install perl-IO-Dirent --enablerepo=rpmforge
===== Add BackupPC Users =====
:!: These settings determine who can access the BackupPC web console.
htpasswd -c /etc/httpd/conf.d/backuppc.users admin
(-c creates file - use for first user)
htpasswd /etc/httpd/conf.d/backuppc.users username
You can configure the IP addresses/ranges from which the BackupPC Admin web pages are available by editing /etc/httpd/conf.d/backuppc.conf. Signal the web server that changes were made with:
httpd -k graceful
===== Web Server Configuration =====
vim /etc/httpd/conf.d/backuppc.conf
Redirect permanent /backup https://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin
AddHandler cgi-script .pl
Options +ExecCGI
Order deny,allow
Deny from all
Allow from 123.123.123.123 234.234.234
AuthName "Backup Admin"
AuthType Basic
AuthUserFile /etc/httpd/conf.d/backuppc.users
Require valid-user
Added to /etc/httpd/conf/httpd.conf just before last (Include) line:
Redirect permanent /backup https://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin
===== Notes =====
* Web server runs as user 'apache'
* BackupPC_Admin runs 'suid'
http://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin
yum install perl-suidperl
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install perl-File-RsyncP --enablerepo=rpmforge
Added to /etc/httpd/conf/httpd.conf just before last (Include) line:
Redirect permanent /backup https://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin
backuppc.conf
$sshPath -q -x -l backuppc $host nice -n 19 /usr/bin/sudo /usr/bin/rsync --server --sender $argList+
$sshPath -l root $host /usr/bin/mysqldump --add-drop-table -A -Q > /root/backup/mysql_backup.sql
$sshPath -l root $host /usr/bin/pg_dumpall --clean -U postgres > /root/backup/postgres_backup.dump
Used on www and a variation on appserv (localhost) or anywhere more security is required
This methodology would insulate the remote host (or even localhost) from a hacked backuppc user on the BackupPC server.
Create backuppc user on remote host to be backed up.
Create SSH key files:
su -s /bin/bash backuppc # use -s to specify a shell if backuppc user has no shell
# configure backuppc user with no shell for added security
ssh-keygen -t rsa -b 2048 # use a blank passphrase
Use a modified command to exchange keys:
scp ~backuppc/.ssh/id_rsa.pub backuppc@$remote_host:~/.ssh/authorized_keys
Check the password-less login to the remote host from the BackupPC server like this:
su -s /bin/bash backuppc #become backuppc user
ssh -l backuppc
exit #from the remote_host
exit #from the backuppc user back to root
visudo
#Defaults requiretty
## Allow non-privileged user to back up
backuppc ALL=NOPASSWD: /usr/bin/rsync --server --sender *
## Allow non-privileged user to back up AND restore
backuppc ALL=NOPASSWD: /usr/bin/rsync --server *
## Allow non-privileged user to dump databases
backuppc ALL=NOPASSWD: /usr/local/bin/db_backup.sh *
vi /usr/local/bin/db_backup.sh
chmod 700 /usr/local/bin/db_backup.sh
===== db_backup.sh =====
(updated) will dump both Postgresql and Mysql databases
$sshPath -l backuppc $host /usr/bin/sudo /usr/local/bin/db_backup.sh
$sshPath -l backuppc $host /usr/bin/sudo /usr/bin/mysqldump -u root -par15fal --add-locks --add-drop-table -A -Q > /opt/backuppc/sql_backup/mysql_backup.sql
/usr/bin/ssh -l root bla 'mysqldump -u root -pxyz
all-databases --add-locks > /var/backuppc-prepare/backup-all-databases.sql
===== MySQL Backup Scripts (SME 7) (example) =====
[root@sol ~]# cat /etc/e-smith/events/pre-backup/S10mysql-delete-dumped-tables
#!/bin/sh
exec /bin/rm -f /home/e-smith/db/mysql/*.dump
[root@sol ~]# cat /etc/e-smith/events/pre-backup/S20mysql-dump-tables
#!/bin/sh
status=$(/sbin/e-smith/config getprop mysqld status)
if [ "$status" = "disabled" ]
then
echo "mysqld is disabled - no tables dumped" >&2
exit 0
fi
for db in $(mysql -BNre "show databases;")
do
mysqldump --add-drop-table -QB "$db" -r /home/e-smith/db/mysql/"$db".dump || exit 1
done
Configure backuppc User RSA Keys on Server and on Remote Hosts Used with Sudo for Extra Security
su -s /bin/bash backuppc
ssh-keygen -t rsa
exit
===== Add Linux Host =====
:!: Sonora Comm's default client configuration is for SME Server. For other Linux servers, be sure to override the shares and paths to be backed up.
Run these commands as 'root' on the BackupPC server.
su -s /bin/bash backuppc
remote_host=xxxx
ssh-keyscan -t rsa $remote_host >> ~backuppc/.ssh/known_hosts
Then install the BackupPC server's public key to the remote server using **one of the three** following equivalent commands:
If 'ssh-copy-id' tool is present:
ssh-copy-id user@$remote_host
If it is not:
scp ~/.ssh/id_rsa.pub root@$remote_host:/root/.ssh/authorized_keys
If the remote host SSH daemn listens on a non-standard SSH port (2222 in this case):
cat ~/.ssh/id_rsa.pub | ssh -p 2222 root@$remote_host 'umask 077; cat >>.ssh/authorized_keys'
If the SSH keys have not been set up on the remote host (creating the ~/.ssh folder), do this as 'root' on the remote host:
ssh-keygen -t rsa
You can test the key exchange, as the backuppc user:
ssh -l root $remote_host
exit
Using the BackupPC Hosts panel, add a host to be backed up.
Leave the DHCP flag off ('0') if the host name can be resolved. You can use the following to test name resolution if you aren't sure.
perl -e 'print(gethostbyname("remote.host.name") ? "ok\n" : "not found\n");'
===== Complete Backup/Restore =====
http://wpkg.org/BackupPC_-_restoring_backups_from_command_line
http://www.howtoforge.com/forums/showthread.php?t=2717
===== Getting that First Full Backup =====
Strategy: Exclude large directories then add them bit by bit
Break host backups into pieces rather than one large share.
===== Change Client Hostname =====
- Edit /etc/BackupPC/hosts
- Rename (if it exists) /etc/BackupPC/pc/hostname.pl
- Rename /var/lib/backuppc/pc/hostname folder
- service restart backuppc
===== Performance Tweaks =====
- More Memory
- Fast disks!
* Particularly with Lots of Small Files
- Enable Write-Caching on RAID Card
* Battery Required
- Use XFS Filesystem
* ''noatime,nodiratime,logbufs=8''
- Mount Backup Partition with ''noatime'' Option
- Mounting the backuppc data partition with ''data=ordered'' option may help too
* The default is data=writeback
- IO::Direct perl module
* For BackupPC 3.1?
- Implement rsync ''checksum-seed'' option
vmstat 3
iostat
* Multiple BackupPC Servers
* Lower compression level
* Don't use RAID5
* Use ''tar'' instead of ''rsync'' (LAN ?)
* Fewer simultaneous backups
===== Testing and Troubleshooting =====
View currentlly running backup log:
BackupPC_zcat /var/lib/backuppc/pc/hostname.clientdomain.tld/XferLOG.z |tail
Use the PID of the rsync process to see what files are open/being processed:
lsof -p
==== Test Backup ====
Using this method, you can start the backup job in the background then view the resultant log file even if you disconnect and reconnect later.
At the BackupPC server, manually fire off a backup job, redirect the output to a log file, then view it:
su -s /bin/bash -c "/usr/bin/BackupPC_dump -v -f your.remote.host" - backuppc > test_backup.log &
tail -f test_backup.log