User Tools

Site Tools


computing:backup:backuppc

BackupPC

Installation on Centos 5

Minimal Server Install (Centos)

http://wiki.centos.org/HowTos/BackupPC

cd /etc/yum.repos.d
wget http://dev.centos.org/centos/5/CentOS-Testing.repo
yum update -y
reboot
yum --enablerepo=c5-testing install backuppc httpd mod_perl sudo wget rsync
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/ssmtp-2.61-14.el5.i386.rpm
vi /etc/ssmtp/ssmtp.conf

root=postmaster@yourdomain.tld
mailhub=mail.yourdomain.tld:465
RewriteDomain=yourdomain.tld
UseTLS=YES
AuthUser=smtpuser
AuthPass=smtppass
vi /etc/httpd/conf/httpd.conf

User backuppc
Servername backuppc.domain.com:80
vim /etc/httpd/conf.d/backuppc.conf

Allow from all
htpasswd -c /var/lib/backuppc/passwd/htpasswd admin

(enter password for web user 'admin' twice)

visudo

Comment out 'Defaults requiretty' and add the two lines

#Defaults    requiretty
Defaults !lecture
backuppc ALL=NOPASSWD:/bin/gtar,/bin/tar
vim /etc/BackupPC/config.pl

(many edits)

service httpd start
service backuppc start
chkconfig httpd on
chkconfig backuppc on

http://ip.of.backuppc.server

vi /etc/fstab

/dev/VolGroup00/LogVol00 /      ext3    defaults,noatime        1 1

Move Data to New Server

Copy old BackupPC to new server:

rsync -arv /home/backuppc/* root@123.123.123.123:/var/lib/backuppc/

reboot

Older Info

http://www.mantic.org/wiki/Installing_BackupPC

useradd backuppc
passwd backuppc

http://easynews.dl.sourceforge.net/sourceforge/backuppc/BackupPC-3.0.0.tar.gz

vi /etc/xen/appserv
#disk = [ 'tap:aio:/vm/Xen/appserv.img,xvda,w', ]
disk = [ 'tap:aio:/vm/Xen/appserv.img,xvda,w', 'phy:sda6,sda1,w', ]
fdisk -l

(shows no valid partition table on /dev/sda - mount it anyway)

copy backuppc user (dot) files to newly mounted space

mount /dev/sda1 /home/backuppc/

Use 'noatime' option to reduce disk writes to update the file access times:

vim /etc/fstab

/dev/sda1      /home/backuppc          ext3    defaults,noatime        1 2
mount -a
perl configure.pl --batch \
                  --cgi-dir /var/www/cgi-bin/backuppc \
                  --data-dir /home/backuppc \
                  --hostname hostname.yourdomain.tld \
                  --html-dir /var/www/html/backuppc \
                  --html-dir-url /backuppc \
                  --install-dir /opt/backuppc

yum install perl-IO-Dirent --enablerepo=rpmforge

Add BackupPC Users

:!: These settings determine who can access the BackupPC web console.

htpasswd -c /etc/httpd/conf.d/backuppc.users admin

(-c creates file - use for first user)

htpasswd /etc/httpd/conf.d/backuppc.users username

You can configure the IP addresses/ranges from which the BackupPC Admin web pages are available by editing /etc/httpd/conf.d/backuppc.conf. Signal the web server that changes were made with:

httpd -k graceful

Web Server Configuration

vim /etc/httpd/conf.d/backuppc.conf

Redirect permanent /backup https://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin

<Directory /var/www/cgi-bin/backuppc/>
    AddHandler cgi-script .pl
    Options +ExecCGI
    Order deny,allow
    Deny from all
    Allow from 123.123.123.123 234.234.234
    AuthName "Backup Admin"
    AuthType Basic
    AuthUserFile /etc/httpd/conf.d/backuppc.users
    Require valid-user
</Directory>

Added to /etc/httpd/conf/httpd.conf just before last (Include) line:

Redirect permanent /backup https://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin

Notes

  • Web server runs as user 'apache'
  • BackupPC_Admin runs 'suid'

http://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin

yum install perl-suidperl 

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

yum install perl-File-RsyncP --enablerepo=rpmforge

Added to /etc/httpd/conf/httpd.conf just before last (Include) line:

Redirect permanent /backup https://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin

backuppc.conf

$sshPath -q -x -l backuppc $host nice -n 19 /usr/bin/sudo /usr/bin/rsync --server --sender $argList+

$sshPath -l root $host /usr/bin/mysqldump --add-drop-table -A -Q > /root/backup/mysql_backup.sql

$sshPath -l root $host /usr/bin/pg_dumpall --clean -U postgres > /root/backup/postgres_backup.dump

Used on www and a variation on appserv (localhost) or anywhere more security is required

This methodology would insulate the remote host (or even localhost) from a hacked backuppc user on the BackupPC server.

Create backuppc user on remote host to be backed up.

Create SSH key files:

su -s /bin/bash backuppc                # use -s to specify a shell if backuppc user has no shell
                                        # configure backuppc user with no shell for added security
ssh-keygen -t rsa -b 2048               # use a blank passphrase

Use a modified command to exchange keys:

scp ~backuppc/.ssh/id_rsa.pub backuppc@$remote_host:~/.ssh/authorized_keys

Check the password-less login to the remote host from the BackupPC server like this:

su -s /bin/bash backuppc                #become backuppc user
ssh -l backuppc <host_or_IP_to_be_backed_up>
exit                                    #from the remote_host
exit                                    #from the backuppc user back to root
visudo

#Defaults    requiretty

## Allow non-privileged user to back up
backuppc  ALL=NOPASSWD: /usr/bin/rsync --server --sender *

## Allow non-privileged user to back up AND restore
backuppc  ALL=NOPASSWD: /usr/bin/rsync --server *

## Allow non-privileged user to dump databases
backuppc  ALL=NOPASSWD: /usr/local/bin/db_backup.sh *
vi /usr/local/bin/db_backup.sh

chmod 700 /usr/local/bin/db_backup.sh

db_backup.sh

(updated) will dump both Postgresql and Mysql databases

$sshPath -l backuppc $host /usr/bin/sudo /usr/local/bin/db_backup.sh

$sshPath -l backuppc $host /usr/bin/sudo /usr/bin/mysqldump -u root -par15fal --add-locks --add-drop-table -A -Q > /opt/backuppc/sql_backup/mysql_backup.sql

/usr/bin/ssh -l root bla 'mysqldump -u root -pxyz
all-databases --add-locks > /var/backuppc-prepare/backup-all-databases.sql

MySQL Backup Scripts (SME 7) (example)

[root@sol ~]# cat /etc/e-smith/events/pre-backup/S10mysql-delete-dumped-tables
#!/bin/sh

exec /bin/rm -f /home/e-smith/db/mysql/*.dump

[root@sol ~]# cat /etc/e-smith/events/pre-backup/S20mysql-dump-tables         
#!/bin/sh

status=$(/sbin/e-smith/config getprop mysqld status)
if [ "$status" = "disabled" ]
then
    echo "mysqld is disabled - no tables dumped" >&2
    exit 0
fi
for db in $(mysql -BNre "show databases;")
do
    mysqldump --add-drop-table -QB "$db" -r /home/e-smith/db/mysql/"$db".dump || exit 1
done

Configure backuppc User RSA Keys on Server and on Remote Hosts Used with Sudo for Extra Security

su -s /bin/bash backuppc
ssh-keygen -t rsa
exit

Add Linux Host

:!: Sonora Comm's default client configuration is for SME Server. For other Linux servers, be sure to override the shares and paths to be backed up.

Run these commands as 'root' on the BackupPC server.

su -s /bin/bash backuppc
remote_host=xxxx
ssh-keyscan -t rsa $remote_host >> ~backuppc/.ssh/known_hosts

Then install the BackupPC server's public key to the remote server using one of the three following equivalent commands:

If 'ssh-copy-id' tool is present:

ssh-copy-id user@$remote_host

If it is not:

scp ~/.ssh/id_rsa.pub root@$remote_host:/root/.ssh/authorized_keys

If the remote host SSH daemn listens on a non-standard SSH port (2222 in this case):

cat ~/.ssh/id_rsa.pub | ssh -p 2222 root@$remote_host 'umask 077; cat >>.ssh/authorized_keys'

If the SSH keys have not been set up on the remote host (creating the ~/.ssh folder), do this as 'root' on the remote host:

ssh-keygen -t rsa

You can test the key exchange, as the backuppc user:

ssh -l root $remote_host
exit

Using the BackupPC Hosts panel, add a host to be backed up.

Leave the DHCP flag off ('0') if the host name can be resolved. You can use the following to test name resolution if you aren't sure.

perl -e 'print(gethostbyname("remote.host.name") ? "ok\n" : "not found\n");'

Complete Backup/Restore

Getting that First Full Backup

Strategy: Exclude large directories then add them bit by bit

Break host backups into pieces rather than one large share.

Change Client Hostname

  1. Edit /etc/BackupPC/hosts
  2. Rename (if it exists) /etc/BackupPC/pc/hostname.pl
  3. Rename /var/lib/backuppc/pc/hostname folder
  4. service restart backuppc

Performance Tweaks

  1. More Memory
  2. Fast disks!
    • Particularly with Lots of Small Files
  3. Enable Write-Caching on RAID Card
    • Battery Required
  4. Use XFS Filesystem
    • noatime,nodiratime,logbufs=8
  5. Mount Backup Partition with noatime Option
  6. Mounting the backuppc data partition with data=ordered option may help too
    • The default is data=writeback
  7. IO::Direct perl module
    • For BackupPC 3.1?
  8. Implement rsync checksum-seed option
vmstat 3
iostat
  • Multiple BackupPC Servers
  • Lower compression level
  • Don't use RAID5
  • Use tar instead of rsync (LAN ?)
  • Fewer simultaneous backups

Testing and Troubleshooting

View currentlly running backup log:

BackupPC_zcat /var/lib/backuppc/pc/hostname.clientdomain.tld/XferLOG.z |tail

Use the PID of the rsync process to see what files are open/being processed:

lsof -p <pid>

Test Backup

Using this method, you can start the backup job in the background then view the resultant log file even if you disconnect and reconnect later.

At the BackupPC server, manually fire off a backup job, redirect the output to a log file, then view it:

su -s /bin/bash -c "/usr/bin/BackupPC_dump -v -f your.remote.host" - backuppc > test_backup.log &

tail -f test_backup.log
computing/backup/backuppc.txt · Last modified: 2016/01/15 10:26 by gcooper