Difference between revisions of "btrbk"
From wiki
(improve client setup) |
|||
| Line 10: | Line 10: | ||
== Setup Backup Server == | == Setup Backup Server == | ||
| − | The backup server will be the machine that will receive the backup data. | + | The backup server will be the machine that will receive the backup data. Clients will connect to it to sent their backup data. As a consequence, your server must be reachable from all your clients. |
=== Destination Disk === | === Destination Disk === | ||
| Line 33: | Line 33: | ||
== Setup New Client == | == Setup New Client == | ||
| + | For each machine that you want to backup, you will need to register it as a client in the backup server. This step need to be done only once per machine (even if you want to backup several disks). | ||
| + | |||
| + | '''Note:''' On the instructions bellow, the token <code><client></code> must be replace by the machine name. | ||
=== Create Destination Folder === | === Create Destination Folder === | ||
| − | '''On the backup server''', create a new folder for the client<syntaxhighlight lang="console"> | + | '''On the backup server''', create a new folder for the client.<syntaxhighlight lang="console"> |
# mkdir /backup/<client> | # mkdir /backup/<client> | ||
# chmod 700 /backup/<client> | # chmod 700 /backup/<client> | ||
| − | |||
| − | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | |||
=== SSH Key === | === SSH Key === | ||
Create an SSH key dedicated to your backups<syntaxhighlight lang="console"> | Create an SSH key dedicated to your backups<syntaxhighlight lang="console"> | ||
| Line 47: | Line 47: | ||
# chmod 700 /etc/btrbk/ssh | # chmod 700 /etc/btrbk/ssh | ||
# ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519 | # ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519 | ||
| − | ... | + | Generating public/private ed25519 key pair. |
| + | Your identification has been saved in /etc/btrbk/ssh/id_ed25519. | ||
| + | Your public key has been saved in /etc/btrbk/ssh/id_ed25519.pub. | ||
| + | The key fingerprint is: | ||
| + | SHA256:y5VremJsz5wHiO2KKrtupPZYbaqNeURxeLdznaCw450 root@client.example.org | ||
| + | The key's randomart image is: | ||
| + | +--[ED25519 256]--+ | ||
| + | | . | | ||
| + | | o + . . | | ||
| + | | + + o o . | | ||
| + | | . o + . + | | ||
| + | | . . ooS.o | | ||
| + | | . ....Eoo.. | | ||
| + | |o .. o oo o. | | ||
| + | |oo*.o. *=... | | ||
| + | |*X==. .+.+=. | | ||
| + | +----[SHA256]-----+ | ||
# cat /etc/btrbk/ssh/id_ed25519.pub | # cat /etc/btrbk/ssh/id_ed25519.pub | ||
| − | + | AAAAC3NzaC1lZDI1NTE5AAAAIB5ScAgJnpqYCipj6PyrOjbXpsaQZIzys7uHcVe1J3ay root@client.example.org | |
</syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>. | </syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>. | ||
<syntaxhighlight lang="sh"> | <syntaxhighlight lang="sh"> | ||
| − | command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup/<client> --sudo",restrict,from="client.example.org" ssh-ed25519 | + | command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup/<client> --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5ScAgJnpqYCipj6PyrOjbXpsaQZIzys7uHcVe1J3ay root@client.example.org |
</syntaxhighlight> | </syntaxhighlight> | ||
| − | {{TODO|msg = }} | + | |
| + | == Add a Backup Disk == | ||
| + | <syntaxhighlight lang="console"> | ||
| + | # btrfs subvolume create /backup/<client>/<volume> | ||
| + | </syntaxhighlight>{{TODO|msg = }} | ||
[[Category:Debian Release]] | [[Category:Debian Release]] | ||
[[Category:Linux Desktop]] | [[Category:Linux Desktop]] | ||
[[Category:Linux Server]] | [[Category:Linux Server]] | ||
Revision as of 19:50, 29 August 2016
btrbk is a backup tool for Btrfs disks.
 Warning: | This page is a work in progress and is not completed. Important informations might be missing or wrong. |
Install
btrbk is not yet included in Debian Jessie. Make sure you configure stretch source before running the command bellow.
# apt install btrbk
Setup Backup Server
The backup server will be the machine that will receive the backup data. Clients will connect to it to sent their backup data. As a consequence, your server must be reachable from all your clients.
Destination Disk
Create a Btrfs volume and mount it on /backup.
User
# adduser --system --shell /bin/sh --home /backup/ --group --no-create-home btrbk
Adding system user `btrbk' (UID 122) ...
Adding new group `btrbk' (GID 124) ...
Adding new user `btrbk' (UID 122) with group `btrbk' ...
Not creating home directory `/backup/'.
# mkdir /backup/.ssh
# touch /backup/.ssh/authorized_keys
# chown root:btrbk /backup/
# chmod 710 /backup/
This user will need to run btrfs tools as root. Let’s add this to the /etc/sudoers file
btrbk ALL=NOPASSWD:/bin/btrfs
If you limited access to certain users through SSH, add btrbk to the AllowUsers list and restart SSH
Setup New Client
For each machine that you want to backup, you will need to register it as a client in the backup server. This step need to be done only once per machine (even if you want to backup several disks).
Note: On the instructions bellow, the token <client> must be replace by the machine name.
Create Destination Folder
On the backup server, create a new folder for the client.
# mkdir /backup/<client>
# chmod 700 /backup/<client>
SSH Key
Create an SSH key dedicated to your backups
# mkdir /etc/btrbk/ssh
# chmod 700 /etc/btrbk/ssh
# ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519
Generating public/private ed25519 key pair.
Your identification has been saved in /etc/btrbk/ssh/id_ed25519.
Your public key has been saved in /etc/btrbk/ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:y5VremJsz5wHiO2KKrtupPZYbaqNeURxeLdznaCw450 root@client.example.org
The key's randomart image is:
+--[ED25519 256]--+
| . |
| o + . . |
| + + o o . |
| . o + . + |
| . . ooS.o |
| . ....Eoo.. |
|o .. o oo o. |
|oo*.o. *=... |
|*X==. .+.+=. |
+----[SHA256]-----+
# cat /etc/btrbk/ssh/id_ed25519.pub
AAAAC3NzaC1lZDI1NTE5AAAAIB5ScAgJnpqYCipj6PyrOjbXpsaQZIzys7uHcVe1J3ay root@client.example.org
Then, on the backup server, add the following line to /backup/.ssh/authorized_keys.
command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup/<client> --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5ScAgJnpqYCipj6PyrOjbXpsaQZIzys7uHcVe1J3ay root@client.example.org
Add a Backup Disk
# btrfs subvolume create /backup/<client>/<volume>
TODO
