btrbk: Difference between revisions
From wiki
Fix source |
Create folders |
||
| Line 23: | Line 23: | ||
# mkdir /backup/.ssh | # mkdir /backup/.ssh | ||
# touch /backup/.ssh/authorized_keys | # touch /backup/.ssh/authorized_keys | ||
# chown root:btrbk /backup/ | |||
# chmod 710 /backup/ | |||
</syntaxhighlight> | </syntaxhighlight> | ||
This user will need to run <code>btrfs</code> tools as root. Let’s add this to the <code>/etc/sudoers</code> file | This user will need to run <code>btrfs</code> tools as root. Let’s add this to the <code>/etc/sudoers</code> file | ||
| Line 29: | Line 31: | ||
</syntaxhighlight>If you limited access to certain users through SSH, add <code>btrbk</code> to the [[SSH#Authentication|AllowUsers]] list and [[SSH#Restart|restart SSH]] | </syntaxhighlight>If you limited access to certain users through SSH, add <code>btrbk</code> to the [[SSH#Authentication|AllowUsers]] list and [[SSH#Restart|restart SSH]] | ||
== Setup Client == | == Setup New Client == | ||
=== Create Destination Folder === | |||
O'''n the backup server''', create a new folder for the client<syntaxhighlight lang="console"> | |||
# mkdir /backup/<client> | |||
# chmod 700 /backup/<client> | |||
</syntaxhighlight><syntaxhighlight lang="console"> | |||
# btrfs subvolume create /backup/<client>/<volume> | |||
</syntaxhighlight> | |||
=== SSH Key === | === SSH Key === | ||
| Line 37: | Line 47: | ||
# ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519 | # ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519 | ||
... | ... | ||
# cat /etc/btrbk/ssh/id_ed25519 | # cat /etc/btrbk/ssh/id_ed25519.pub | ||
AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org | AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org | ||
</syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>. | </syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>. | ||
<syntaxhighlight lang="sh"> | <syntaxhighlight lang="sh"> | ||
command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup --sudo",restrict,from="client.example.org" ssh-ed25519 | command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup/<client> --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org | ||
</syntaxhighlight> | </syntaxhighlight> | ||
{{TODO|msg = }} | {{TODO|msg = }} | ||
Revision as of 07:37, 31 March 2016
btrbk is a backup tool for Btrfs disks.
 Warning: | This page is a work in progress and is not completed. Important informations might be missing or wrong. |
Install
btrbk is not yet included in Debian Jessie. Make sure you configure stretch source before running the command bellow.
# apt install btrbk
Setup Backup Server
Destination Disk
Create a Btrfs volume and mount it on /backup.
User
# adduser --system --shell /bin/sh --home /backup/ --group --no-create-home btrbk
Adding system user `btrbk' (UID 122) ...
Adding new group `btrbk' (GID 124) ...
Adding new user `btrbk' (UID 122) with group `btrbk' ...
Not creating home directory `/backup/'.
# mkdir /backup/.ssh
# touch /backup/.ssh/authorized_keys
# chown root:btrbk /backup/
# chmod 710 /backup/
This user will need to run btrfs tools as root. Let’s add this to the /etc/sudoers file
btrbk ALL=NOPASSWD:/bin/btrfs
If you limited access to certain users through SSH, add btrbk to the AllowUsers list and restart SSH
Setup New Client
Create Destination Folder
On the backup server, create a new folder for the client
# mkdir /backup/<client>
# chmod 700 /backup/<client>
# btrfs subvolume create /backup/<client>/<volume>
SSH Key
Create an SSH key dedicated to your backups
# mkdir /etc/btrbk/ssh
# chmod 700 /etc/btrbk/ssh
# ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519
...
# cat /etc/btrbk/ssh/id_ed25519.pub
AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org
Then, on the backup server, add the following line to /backup/.ssh/authorized_keys.
command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup/<client> --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org
TODO
