Difference between revisions of "btrbk"
m (Fix bold) |
|||
Line 10: | Line 10: | ||
== Setup Backup Server == | == Setup Backup Server == | ||
+ | The backup server will be the machine that will receive the backup data. Client will connect to it to sent their backup data. As a consequence, your server must be reachable from all your clients. | ||
=== Destination Disk === | === Destination Disk === |
Revision as of 14:44, 30 May 2016
btrbk is a backup tool for Btrfs disks.
Warning: | This page is a work in progress and is not completed. Important informations might be missing or wrong. |
Install
btrbk is not yet included in Debian Jessie. Make sure you configure stretch source before running the command bellow.
# apt install btrbk
Setup Backup Server
The backup server will be the machine that will receive the backup data. Client will connect to it to sent their backup data. As a consequence, your server must be reachable from all your clients.
Destination Disk
Create a Btrfs volume and mount it on /backup
.
User
# adduser --system --shell /bin/sh --home /backup/ --group --no-create-home btrbk
Adding system user `btrbk' (UID 122) ...
Adding new group `btrbk' (GID 124) ...
Adding new user `btrbk' (UID 122) with group `btrbk' ...
Not creating home directory `/backup/'.
# mkdir /backup/.ssh
# touch /backup/.ssh/authorized_keys
# chown root:btrbk /backup/
# chmod 710 /backup/
This user will need to run btrfs
tools as root. Let’s add this to the /etc/sudoers
file
btrbk ALL=NOPASSWD:/bin/btrfs
If you limited access to certain users through SSH, add btrbk
to the AllowUsers list and restart SSH
Setup New Client
Create Destination Folder
On the backup server, create a new folder for the client
# mkdir /backup/<client>
# chmod 700 /backup/<client>
# btrfs subvolume create /backup/<client>/<volume>
SSH Key
Create an SSH key dedicated to your backups
# mkdir /etc/btrbk/ssh
# chmod 700 /etc/btrbk/ssh
# ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519
...
# cat /etc/btrbk/ssh/id_ed25519.pub
AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org
Then, on the backup server, add the following line to /backup/.ssh/authorized_keys
.
command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup/<client> --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org