Minimal Server Install (Centos)

http://wiki.centos.org/HowTos/BackupPC

cd /etc/yum.repos.d
wget http://dev.centos.org/centos/5/CentOS-Testing.repo
yum update -y
reboot

yum --enablerepo=c5-testing install backuppc httpd mod_perl sudo wget rsync
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/ssmtp-2.61-14.el5.i386.rpm

vi /etc/ssmtp/ssmtp.conf

root=postmaster@yourdomain.tld
mailhub=mail.yourdomain.tld:465
RewriteDomain=yourdomain.tld
UseTLS=YES
AuthUser=smtpuser
AuthPass=smtppass

vi /etc/httpd/conf/httpd.conf

User backuppc
Servername backuppc.domain.com:80

vim /etc/httpd/conf.d/backuppc.conf

Allow from all

htpasswd -c /var/lib/backuppc/passwd/htpasswd admin

(enter password for web user 'admin' twice)

visudo

Comment out 'Defaults requiretty' and add the two lines

#Defaults    requiretty
Defaults !lecture
backuppc ALL=NOPASSWD:/bin/gtar,/bin/tar

vim /etc/BackupPC/config.pl

(many edits)

service httpd start
service backuppc start
chkconfig httpd on
chkconfig backuppc on

http://ip.of.backuppc.server

vi /etc/fstab

/dev/VolGroup00/LogVol00 /      ext3    defaults,noatime        1 1

Copy old BackupPC to new server:

rsync -arv /home/backuppc/* root@123.123.123.123:/var/lib/backuppc/

reboot

http://www.mantic.org/wiki/Installing_BackupPC

useradd backuppc
passwd backuppc

http://easynews.dl.sourceforge.net/sourceforge/backuppc/BackupPC-3.0.0.tar.gz

vi /etc/xen/appserv
#disk = [ 'tap:aio:/vm/Xen/appserv.img,xvda,w', ]
disk = [ 'tap:aio:/vm/Xen/appserv.img,xvda,w', 'phy:sda6,sda1,w', ]

fdisk -l

(shows no valid partition table on /dev/sda - mount it anyway)

copy backuppc user (dot) files to newly mounted space

mount /dev/sda1 /home/backuppc/

Use 'noatime' option to reduce disk writes to update the file access times:

vim /etc/fstab

/dev/sda1      /home/backuppc          ext3    defaults,noatime        1 2

mount -a

perl configure.pl --batch \
                  --cgi-dir /var/www/cgi-bin/backuppc \
                  --data-dir /home/backuppc \
                  --hostname hostname.yourdomain.tld \
                  --html-dir /var/www/html/backuppc \
                  --html-dir-url /backuppc \
                  --install-dir /opt/backuppc

yum install perl-IO-Dirent --enablerepo=rpmforge

These settings determine who can access the BackupPC web console.

htpasswd -c /etc/httpd/conf.d/backuppc.users admin

(-c creates file - use for first user)

htpasswd /etc/httpd/conf.d/backuppc.users username

You can configure the IP addresses/ranges from which the BackupPC Admin web pages are available by editing /etc/httpd/conf.d/backuppc.conf. Signal the web server that changes were made with:

httpd -k graceful

vim /etc/httpd/conf.d/backuppc.conf

Redirect permanent /backup https://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin

<Directory /var/www/cgi-bin/backuppc/>
    AddHandler cgi-script .pl
    Options +ExecCGI
    Order deny,allow
    Deny from all
    Allow from 123.123.123.123 234.234.234
    AuthName "Backup Admin"
    AuthType Basic
    AuthUserFile /etc/httpd/conf.d/backuppc.users
    Require valid-user
</Directory>

Added to /etc/httpd/conf/httpd.conf just before last (Include) line:

Redirect permanent /backup https://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin

• Web server runs as user 'apache'
• BackupPC_Admin runs 'suid'

http://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin

yum install perl-suidperl 

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

yum install perl-File-RsyncP --enablerepo=rpmforge

Added to /etc/httpd/conf/httpd.conf just before last (Include) line:

Redirect permanent /backup https://hostname.yourdomain.tld/cgi-bin/backuppc/BackupPC_Admin

backuppc.conf

$sshPath -q -x -l backuppc $host nice -n 19 /usr/bin/sudo /usr/bin/rsync --server --sender $argList+

$sshPath -l root $host /usr/bin/mysqldump --add-drop-table -A -Q > /root/backup/mysql_backup.sql

$sshPath -l root $host /usr/bin/pg_dumpall --clean -U postgres > /root/backup/postgres_backup.dump

Used on www and a variation on appserv (localhost) or anywhere more security is required

This methodology would insulate the remote host (or even localhost) from a hacked backuppc user on the BackupPC server.

Create backuppc user on remote host to be backed up.

Create SSH key files:

su -s /bin/bash backuppc                # use -s to specify a shell if backuppc user has no shell
                                        # configure backuppc user with no shell for added security
ssh-keygen -t rsa -b 2048               # use a blank passphrase

Use a modified command to exchange keys:

scp ~backuppc/.ssh/id_rsa.pub backuppc@$remote_host:~/.ssh/authorized_keys

Check the password-less login to the remote host from the BackupPC server like this:

su -s /bin/bash backuppc                #become backuppc user
ssh -l backuppc <host_or_IP_to_be_backed_up>
exit                                    #from the remote_host
exit                                    #from the backuppc user back to root

visudo

#Defaults    requiretty

## Allow non-privileged user to back up
backuppc  ALL=NOPASSWD: /usr/bin/rsync --server --sender *

## Allow non-privileged user to back up AND restore
backuppc  ALL=NOPASSWD: /usr/bin/rsync --server *

## Allow non-privileged user to dump databases
backuppc  ALL=NOPASSWD: /usr/local/bin/db_backup.sh *

vi /usr/local/bin/db_backup.sh

chmod 700 /usr/local/bin/db_backup.sh

(updated) will dump both Postgresql and Mysql databases

$sshPath -l backuppc $host /usr/bin/sudo /usr/local/bin/db_backup.sh

$sshPath -l backuppc $host /usr/bin/sudo /usr/bin/mysqldump -u root -par15fal --add-locks --add-drop-table -A -Q > /opt/backuppc/sql_backup/mysql_backup.sql

/usr/bin/ssh -l root bla 'mysqldump -u root -pxyz
all-databases --add-locks > /var/backuppc-prepare/backup-all-databases.sql

[root@sol ~]# cat /etc/e-smith/events/pre-backup/S10mysql-delete-dumped-tables
#!/bin/sh

exec /bin/rm -f /home/e-smith/db/mysql/*.dump

[root@sol ~]# cat /etc/e-smith/events/pre-backup/S20mysql-dump-tables         
#!/bin/sh

status=$(/sbin/e-smith/config getprop mysqld status)
if [ "$status" = "disabled" ]
then
    echo "mysqld is disabled - no tables dumped" >&2
    exit 0
fi
for db in $(mysql -BNre "show databases;")
do
    mysqldump --add-drop-table -QB "$db" -r /home/e-smith/db/mysql/"$db".dump || exit 1
done

Configure backuppc User RSA Keys on Server and on Remote Hosts Used with Sudo for Extra Security

su -s /bin/bash backuppc
ssh-keygen -t rsa
exit

Sonora Comm's default client configuration is for SME Server. For other Linux servers, be sure to override the shares and paths to be backed up.

Run these commands as 'root' on the BackupPC server.

su -s /bin/bash backuppc
remote_host=xxxx
ssh-keyscan -t rsa $remote_host >> ~backuppc/.ssh/known_hosts

Then install the BackupPC server's public key to the remote server using one of the three following equivalent commands:

If 'ssh-copy-id' tool is present:

ssh-copy-id user@$remote_host

If it is not:

scp ~/.ssh/id_rsa.pub root@$remote_host:/root/.ssh/authorized_keys

If the remote host SSH daemn listens on a non-standard SSH port (2222 in this case):

cat ~/.ssh/id_rsa.pub | ssh -p 2222 root@$remote_host 'umask 077; cat >>.ssh/authorized_keys'

If the SSH keys have not been set up on the remote host (creating the ~/.ssh folder), do this as 'root' on the remote host:

ssh-keygen -t rsa

You can test the key exchange, as the backuppc user:

ssh -l root $remote_host
exit

Using the BackupPC Hosts panel, add a host to be backed up.

Leave the DHCP flag off ('0') if the host name can be resolved. You can use the following to test name resolution if you aren't sure.

perl -e 'print(gethostbyname("remote.host.name") ? "ok\n" : "not found\n");'

http://wpkg.org/BackupPC_-_restoring_backups_from_command_line

http://www.howtoforge.com/forums/showthread.php?t=2717

Strategy: Exclude large directories then add them bit by bit

Break host backups into pieces rather than one large share.

1. Edit /etc/BackupPC/hosts
2. Rename (if it exists) /etc/BackupPC/pc/hostname.pl
3. Rename /var/lib/backuppc/pc/hostname folder
4. service restart backuppc

1. More Memory
2. Fast disks!
   • Particularly with Lots of Small Files
3. Enable Write-Caching on RAID Card
   • Battery Required
4. Use XFS Filesystem
   • noatime,nodiratime,logbufs=8
5. Mount Backup Partition with noatime Option
6. Mounting the backuppc data partition with data=ordered option may help too
   • The default is data=writeback
7. IO::Direct perl module
   • For BackupPC 3.1?
8. Implement rsync checksum-seed option

vmstat 3
iostat

• Multiple BackupPC Servers
• Lower compression level
• Don't use RAID5
• Use tar instead of rsync (LAN ?)
• Fewer simultaneous backups

View currentlly running backup log:

BackupPC_zcat /var/lib/backuppc/pc/hostname.clientdomain.tld/XferLOG.z |tail

Use the PID of the rsync process to see what files are open/being processed:

lsof -p <pid>

Using this method, you can start the backup job in the background then view the resultant log file even if you disconnect and reconnect later.

At the BackupPC server, manually fire off a backup job, redirect the output to a log file, then view it:

su -s /bin/bash -c "/usr/bin/BackupPC_dump -v -f your.remote.host" - backuppc > test_backup.log &

tail -f test_backup.log