Difference between revisions of "btrbk"

From wiki
(Fix source)
(Create folders)
Line 23: Line 23:
 
# mkdir /backup/.ssh
 
# mkdir /backup/.ssh
 
# touch /backup/.ssh/authorized_keys
 
# touch /backup/.ssh/authorized_keys
 +
# chown root:btrbk /backup/
 +
# chmod 710 /backup/
 
</syntaxhighlight>
 
</syntaxhighlight>
 
This user will need to run <code>btrfs</code> tools as root. Let’s add this to the <code>/etc/sudoers</code> file
 
This user will need to run <code>btrfs</code> tools as root. Let’s add this to the <code>/etc/sudoers</code> file
Line 29: Line 31:
 
</syntaxhighlight>If you limited access to certain users through SSH, add <code>btrbk</code> to the [[SSH#Authentication|AllowUsers]] list and [[SSH#Restart|restart SSH]]
 
</syntaxhighlight>If you limited access to certain users through SSH, add <code>btrbk</code> to the [[SSH#Authentication|AllowUsers]] list and [[SSH#Restart|restart SSH]]
  
== Setup Client ==
+
== Setup New Client ==
 +
 
 +
=== Create Destination Folder ===
 +
O'''n the backup server''', create a new folder for the client<syntaxhighlight lang="console">
 +
# mkdir /backup/<client>
 +
# chmod 700 /backup/<client>
 +
</syntaxhighlight><syntaxhighlight lang="console">
 +
# btrfs subvolume create /backup/<client>/<volume>
 +
</syntaxhighlight>
  
 
=== SSH Key ===
 
=== SSH Key ===
Line 37: Line 47:
 
# ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519
 
# ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519
 
...
 
...
# cat /etc/btrbk/ssh/id_ed25519
+
# cat /etc/btrbk/ssh/id_ed25519.pub
 
AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org
 
AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org
 
</syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>.
 
</syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>.
 
<syntaxhighlight lang="sh">
 
<syntaxhighlight lang="sh">
command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwxT6AaiAjahdUBeitkRDK6FXeZhI10rVN8BIeVriXG root@client.example.org
+
command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup/<client> --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org
 
</syntaxhighlight>
 
</syntaxhighlight>
 
{{TODO|msg = }}
 
{{TODO|msg = }}

Revision as of 07:37, 31 March 2016

btrbk is a backup tool for Btrfs disks.


Warning Warning: This page is a work in progress and is not completed. Important informations might be missing or wrong.

Install

btrbk is not yet included in Debian Jessie. Make sure you configure stretch source before running the command bellow.

# apt install btrbk

Setup Backup Server

Destination Disk

Create a Btrfs volume and mount it on /backup.

User

# adduser --system --shell /bin/sh --home /backup/ --group --no-create-home btrbk
Adding system user `btrbk' (UID 122) ...
Adding new group `btrbk' (GID 124) ...
Adding new user `btrbk' (UID 122) with group `btrbk' ...
Not creating home directory `/backup/'.
# mkdir /backup/.ssh
# touch /backup/.ssh/authorized_keys
# chown root:btrbk /backup/
# chmod 710 /backup/

This user will need to run btrfs tools as root. Let’s add this to the /etc/sudoers file

btrbk   ALL=NOPASSWD:/bin/btrfs

If you limited access to certain users through SSH, add btrbk to the AllowUsers list and restart SSH

Setup New Client

Create Destination Folder

On the backup server, create a new folder for the client

# mkdir /backup/<client>
# chmod 700 /backup/<client>
# btrfs subvolume create /backup/<client>/<volume>

SSH Key

Create an SSH key dedicated to your backups

# mkdir /etc/btrbk/ssh
# chmod 700  /etc/btrbk/ssh
# ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519
...
# cat /etc/btrbk/ssh/id_ed25519.pub
AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org

Then, on the backup server, add the following line to /backup/.ssh/authorized_keys.

command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup/<client> --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org
TODO