Introduction BackupPC part 1

Posted by martijnvanb on Thu 27 Mar 2008 at 10:07

This HOWTO will describe how to install BackupPC and how to create a simple backup using backuppc. BackupPC can offer a nice solution for both simple and complex backups.

I will describe how to backup one client with rsync and ssh with key-based authentication. We will create a special user which uses sudo powers to read the whole filesystem.

By using a combination of rsync/ssh and BackupPC we will create a fast secure and reliable backup system.

Both machines have Debian Lenny installed, but I think most flavours will do.

One machine is called aikido with ip address 192.168.1.1 we will use this machine to install the BackupPC server upon.

The other machine is called hapkido, we will use this as a backup client, this machine has ip address 192.168.1.2. On this client we will need to place our public key and create a special user.

Both names are resolvable in my own DNS, if you can't resolve your own hostnames, you can add them to your /etc/hosts file or use IP adresses.

Server Installation

We are going to install BackupPC with the following command:

aikido:~#  aptitude install backuppc

You will have to answer some question, one about which webserver you will use, most likely this will be apache or apache2. Backuppc will create a default user "backuppc" with a random password write it down, you will need it later!

If you forget the password or you want a other password you can change it with:

aikido:~# htpasswd /etc/backuppc/htpasswd backuppc
New password:
Re-type new password:
Updating password for user backuppc

We need to create a ssh-key pair for the backuppc user which we will use to connect to our client.

We will create a key pair without a passphrase.

aikido:~# su - backuppc
backuppc@aikido:~$ ssh-keygen -t rsa -C "backuppc"
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa):
Created directory '/var/lib/backuppc/.ssh'.
Enter passphrase (empty for no passphrase):  Leave this empty!
Enter same passphrase again:  Leave this empty!
Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa.
Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub.
The key fingerprint is:
96:6e:b0:ee:09:06:e9:82:e4:f9:68:21:06:f3:85:a5 backuppc@aikido

The server is now setup.

Client part

Now we will need to install rsync (and sudo if it wasn't installed):

hapkido:~# aptitude install sudo rsync

We will also need to add a special user with rsync super powers.

First we will add the user backuppc:

hapkido:~# adduser backuppc

Lets give backkuppc some superpowers!

hapkido:~# echo "backuppc  ALL=NOPASSWD: /usr/bin/rsync" >> /etc/sudoers

This will add a line to the sudoers file which will allow the user backuppc to run rsync with root privileges without entering a password, this is needed for a full backup.

Back to the server

We need to copy the public key to the client hapkido.

backuppc@aikido:~$ ssh-copy-id backuppc@hapkido
The authenticity of host 'hapkido (192.168.1.2)' can't be established.
RSA key fingerprint is 15:c0:63:cf:af:74:c4:23:a6:f5:b4:80:ce:3b:0f:30.
Are you sure you want to continue connecting ( yes /no)
backuppc@hapkido's password:

Now try logging into the machine, with "ssh backuppc@hapkido", and check in ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.

This would be a good time to see if our key is being accepted. We should be able to make a connect without a password/passphrase:

backuppc@aikido:~$ ssh backuppc@hapkido

We will add an extra line to ~/.ssh/authorized_keys. This option makes it possible to connect from only one host(aikido). This will improve security a bit:

backuppc@aikido:~$ vi ~/.ssh/authorized_keys

Add "from='aikido'" before ssh-rsa, this should make the start of the file look like this:

from="aikido" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvWh3e

Browsertime

Now we are almost done, let's browse to http://aikido/backuppc, and login with the username backuppc and the given password

Let's add our client to our backup:

• click on "edit" host
• Click on "delete" localhost
• Click on "add" host
• Fill in the hostname hapkido
• Click "xfer"
• Change "xfermethod" from "smb" to "rsync"
• Change the value of "RsyncClientCmd" from $sshPath -q -x -l root $host $rsyncPath $argList+ to $sshPath -q -x -l backuppc $host sudo $rsyncPath $argList+
• Change the value of "RsyncClientRestoreCmd" from $sshPath -q -x -l root $host $rsyncPath $argList+ to $sshPath -q -x -l backuppc $host sudo $rsyncPath $argList+
• Click "save"

Congratulations you are now ready to start your first backup:

• Click on "host summary"
• Click on "hapkido"
• Click on "start backup"
• Click on "Start full backup"

That wasn't so hard right!

Have fun.
Martijn

This article can be found online at the Debian Administration website at the following bookmarkable URL:

• http://www.debian-administration.org/articles/588

This article is copyright 2008 martijnvanb - please ask for permission to republish or translate.