BackupPC

From Gentoo Linux Wiki

Jump to: navigation, search


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Contents

[edit] HOWTO Install BackupPC

[edit] Introduction

BackupPC is a high-performance, enterprise-grade system for backing up Linux and WinXX PCs and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain. BackupPC is written in Perl and extracts backup data via SMB using Samba, tar over ssh/rsh/nfs, or rsync. It is robust, reliable, well documented and freely available as Open Source on SourceForge.

[edit] How to Install

Edit /etc/portage/package.keywords and add 

 app-backup/backuppc
 dev-perl/File-RsyncP


Install BackupPC and mod_perl 

emerge backuppc
emerge mod_perl

Additional Infos not needed for this howto, but may helps some people. There is no need to run an additional Apache as user backuppc. But setting the uid bit for the BackupPC_Admin does not work out of the box since BackupPC_Admin is a Script (so the setuid-bit is ignored) but you can do the following:

1) 

 cd /var/www/localhost/cgi-bin/
 mv BackupPC_Admin core_BackupPC_Admin

2) get the userid for backuppc for example 

 cat /etc/passwd | grep backuppc | cut -d ":" -f 3

3) create a file BackupPC_Admin.c with following Input: 

 #include <stdlib.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 int main(){
   setuid(108);
   system("./core_BackupPC_Admin");
   return 0;
 }

where 108 must be replaced with the userid of you backuppc-user (see (2))

4) compile it with 

 gcc BackupPC_Admin.c -o BackupPC_Admin

5) set owner of the file to root 

 chown root:apache BackupPC_Admin

6) change permission and set the setuid-bit 

 chmod 755 BackupPC_Admin
 chmod u+s BackupPC_Admin

What happens is, that apache will now execute the BackupPC_Admin binary. The system will set the userid to root ((5) and (6)). The binary drop its rootrights to user backuppc (on my system uid(backuppc)=108) and call the original BackupPC_Admin.

[edit] Configuration

Edit the config.pl to your liking, at least check these lines:

File: /etc/backuppc/config.pl 
...
$Conf{CgiURL} = 'http://localhost:8080/BackupPC_Admin';
$Conf{CgiImageDir} = '/var/www/localhost/htdocs/backuppc/image';
$Conf{CgiImageDirURL} = '/image';
...


If you want to do per-PC based backups, you need to create a config.pl file in a particular host's directory (__TOPDIR__/pc/$host/config.pl). You only need to put settings in that file that are different (override) the master config.pl. With the ebuild used in this example, the __TOPDIR__ is /var/lib/backuppc/.

File: /var/lib/backuppc/pc/linux-server.org/config.pl 
$Conf{RsyncShareName} = ['/etc', '/var/www' ] ;


For easier maintenance, create symlinks. 

# ln -s /var/lib/backuppc/pc/linux-server.org/config.pl /etc/backupp/linux-server.conf

BackupPC backups data to /var/lib/backuppc. Therefore make the location writable to backuppc user. 

# chown -R backuppc /var/lib/backuppc

Edit /etc/backuppc/hosts and add required hosts and user names.

For *NIX machine use resolvable domain name for host and valid user name for user. 

        host             dhcp    user      moreUsers
  eg :host1.domanin.tld   0       username

For Windows machines use NetBios name as host name. 

      host      dhcp    user      moreUsers
 eg:netbiosname    0    username


Tip: The user name in the hosts file should correspond with a user in the htpasswd.users file that will be created in the next section.

[edit] CGI interface on Apache

It is advisable to run a separate instance of Apache as the backuppc user. For that, you need mod_perl installed and loaded. The advantage of the mod_perl setup is that no setuid script is needed, and there is a huge performance advantage. Not only does all the perl code need to be parsed just once, the config.pl and hosts files, plus the connection to the BackupPC server are cached between requests. The typical speedup is around 15 times.

Make sure you have defined the mod_perl module somewhere. 

# grep modules.d /etc/apache2/httpd.conf
# grep -l mod_perl /etc/apache2/modules.d/*

Now let's create the backup admin first: 

# htpasswd2 -c /etc/backuppc/htpasswd.users admin
New password:
Re-type new password:
Adding password for user admin

# chown backuppc:backuppc /etc/backuppc/htpasswd.users
# chmod 640 /etc/backuppc/htpasswd.users

ONLY IF you run other www services, THEN create another instance of Apache. Otherwise you may just use the default port, conf file and the init script.

Edit the conf file accordingly, this is an example that works with app-backup/backuppc-2.1.2-r1 ebuild. (The only ebuild in portage in November 2006)

File: /etc/apache2/httpd-backuppc.conf 
Listen 8080
PidFile "/var/run/apache2-backuppc.pid"
Include /etc/apache2/modules.d/*.conf
User backuppc
Group backuppc

AddHandler cgi-script .cgi
ScriptAlias /cgi-bin/ /var/www/localhost/cgi-bin/
<Directory "/var/www/localhost/cgi-bin/">
    AllowOverride None
    Options None
    Options ExecCGI
    SetHandler cgi-script
    Order allow,deny
    Allow from all
</Directory>

<Directory "/var/www/localhost/htdocs/backuppc">
    AllowOverride AuthConfig
    Options Indexes FollowSymLinks ExecCGI Includes
    SetHandler cgi-script
    Order allow,deny
    Allow from 127.0.0.1 192.168.0.0/24
    AuthName "BackupPC admin"
    AuthType Basic
    AuthUserFile /etc/backuppc/htpasswd.users
    Require valid-user
</Directory>

<Directory "/var/www/localhost/htdocs/backuppc/image">
    Options Indexes FollowSymLinks Includes
    SetHandler none
    Order allow,deny
    Allow from all
</Directory>


<IfModule mod_perl.c>
	PerlModule ModPerl::Registry
	PerlTaintCheck On
	<Location /cgi-bin/BackupPC_Admin>   # <--- change path as needed
	   SetHandler perl-script
	   PerlHandler ModPerl::Registry
	   Options ExecCGI
	   PerlSendHeader On
	</Location>
	<Directory /backuppc>
	   SetHandler perl-script
	   PerlHandler ModPerl::Registry
	   Options ExecCGI
	   PerlSendHeader On
	</Directory>
</IfModule>


The above http-backuppc.conf file gave me some errors so here is mine that worked for me. Could use some more cleaning.


File: /etc/apache2/httpd-backuppc.conf 
ServerRoot "/usr/lib/apache2"

PidFile "/var/run/apache2-backuppc.pid"

Timeout 300

KeepAlive On

MaxKeepAliveRequests 100

KeepAliveTimeout 15

Listen 8080

LoadModule access_module                 modules/mod_access.so
LoadModule auth_module                   modules/mod_auth.so
LoadModule auth_anon_module              modules/mod_auth_anon.so
LoadModule auth_dbm_module               modules/mod_auth_dbm.so
LoadModule auth_digest_module            modules/mod_auth_digest.so

LoadModule charset_lite_module           modules/mod_charset_lite.so
LoadModule env_module                    modules/mod_env.so
LoadModule expires_module                modules/mod_expires.so
LoadModule headers_module                modules/mod_headers.so
LoadModule mime_module                   modules/mod_mime.so
LoadModule negotiation_module            modules/mod_negotiation.so
LoadModule setenvif_module               modules/mod_setenvif.so

LoadModule cgi_module                    modules/mod_cgi.so
LoadModule cgid_module                   modules/mod_cgid.so

LoadModule suexec_module                 modules/mod_suexec.so

LoadModule alias_module                  modules/mod_alias.so
LoadModule rewrite_module                modules/mod_rewrite.so

LoadModule actions_module                modules/mod_actions.so
LoadModule autoindex_module              modules/mod_autoindex.so
LoadModule dir_module                    modules/mod_dir.so

Include /etc/apache2/modules.d/*.conf

User backuppc
Group backuppc

ServerName backuppc

DirectoryIndex index.html index.html.var

AccessFileName .htaccess

ScriptAlias /cgi-bin/ /var/www/localhost/cgi-bin/

<Directory "/var/www/localhost/cgi-bin/">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all

    SetHandler cgi-script
    Options ExecCGI
</Directory>

AddHandler cgi-script .cgi

Include /etc/apache2/vhosts.d/01_backuppc.conf

<Directory "/var/www/localhost/htdocs/backuppc">
    AllowOverride AuthConfig
    Options Indexes FollowSymLinks ExecCGI Includes
    SetHandler cgi-script
    Order allow,deny
    Allow from 127.0.0.1 192.168.0.0/24
    AuthName "BackupPC admin"
    AuthType Basic
    AuthUserFile /etc/backuppc/htpasswd.users
    Require valid-user
</Directory>

<Directory "/var/www/localhost/htdocs/backuppc/image">
    Options Indexes FollowSymLinks Includes
    SetHandler none
    Order allow,deny
    Allow from all
</Directory>

<IfModule mod_perl.c>
	PerlModule ModPerl::Registry
	PerlTaintCheck On
	<Location /cgi-bin/BackupPC_Admin>   # <--- change path as needed
	   SetHandler perl-script
	   PerlHandler ModPerl::Registry
	   Options ExecCGI
	   PerlSendHeader On
	</Location>
	<Directory /backuppc>
	   SetHandler perl-script
	   PerlHandler ModPerl::Registry
	   Options ExecCGI
	   PerlSendHeader On
	</Directory>
</IfModule>


BEWARE Both scripts won't work with the latest apache 2.2 auth modules goto http://httpd.apache.org/docs/2.2/new_features_2_2.html#module for what's changed and how.


File: /etc/apache2/vhosts.d/01_backuppc.conf 
NameVirtualHost *:8080
<VirtualHost *:8080>
    DocumentRoot "/var/www/localhost/htdocs/backuppc"

</VirtualHost>

Link the CGI file to DocumentRoot: 

# cd /var/www/localhost/htdocs/backuppс/
# ln -s /var/www/localhost/cgi-bin/BackupPC_Admin .
# ln -s BackupPC_Admin index.html
# chown backuppc:backuppc BackupPC_Admin


Create a init.d script for your backuppc apache 

# cp /etc/init.d/apache2 /etc/init.d/apache2-backuppc

Edit the newly created init script and change the httpd.conf to httpd-backuppc.conf


Start the Apache and BackupPC 

/etc/init.d/apache2-backuppc start        <-- apache2-backuppc is not existent! Perhaps just restart apache2? - what do you mean? its created 3 lines before...
/etc/init.d/backuppc start

Access the BackupPC Administrator web page. 

http://localhost:8080/BackupPC_Admin


Tip: I found a small bug in version app-backup/backuppc-2.1.2-r1 where the documentation files are not showing up correctly. To fix this: 
# mkdir /usr/share/doc/backuppc
# mv /usr/share/doc/BackupPC.* /usr/share/doc/backuppc

[edit] SSH connection

Good. Now you need to let backuppc to access the files on the hosts boxes. Create the ssh rsa keypair. 

# chsh -s /bin/bash backuppc
# chown backuppc /etc/backuppc
# usermod -d /etc/backuppc/ backuppc
# su - backuppc
$ ssh-keygen -t rsa
$ exit
# chsh -s /usr/sbin/nologin backuppc

Then copy the generated public key to the boxes you need to backup. Eg. 

# ssh-copy-id -i /etc/backuppc/.ssh/id_rsa.pub root@client.homelinux.org

To prevent ssh from hanging at the HostKey identification process, create the file /etc/ssh/ssh_known_hosts and make it world-readable. see man ssh for more information on security. 

# tail -n 1 /root/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts
# chmod 644 /etc/ssh/ssh_known_hosts

[edit] Adding a new client

  1. create the entry to the /etc/backuppc/hosts file
  2. create the appropriate config (/var/lib/backuppc/pc/$host/config.pl)
  3. copy the backuppc's id_rsa.pub key to the client
  4. ssh to the client as root, and update /etc/ssh/ssh_known_hosts

[edit] test-cgi script

Put this into your DocumentRoot and go to http://localhost/test-cgi 

#!/bin/sh

# disable filename globbing
set -f

echo Content-type: text/plain
echo

echo CGI/1.0 test script report:
echo

echo argc is $#. argv is "$*".
echo

echo SERVER_SOFTWARE = $SERVER_SOFTWARE
echo SERVER_NAME = $SERVER_NAME
echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE
echo SERVER_PROTOCOL = $SERVER_PROTOCOL
echo SERVER_PORT = $SERVER_PORT
echo REQUEST_METHOD = $REQUEST_METHOD
echo HTTP_ACCEPT = "$HTTP_ACCEPT"
echo PATH_INFO = "$PATH_INFO"
echo PATH_TRANSLATED = "$PATH_TRANSLATED"
echo SCRIPT_NAME = "$SCRIPT_NAME"
echo QUERY_STRING = "$QUERY_STRING"
echo REMOTE_HOST = $REMOTE_HOST
echo REMOTE_ADDR = $REMOTE_ADDR
echo REMOTE_USER = $REMOTE_USER
echo AUTH_TYPE = $AUTH_TYPE
echo CONTENT_TYPE = $CONTENT_TYPE
echo CONTENT_LENGTH = $CONTENT_LENGTH
Retrieved from "http://gentoo-wiki.com/BackupPC"
Personal tools