Difference between revisions of "btrbk"
From wiki
(improve client setup) |
(sudo) |
||
| Line 6: | Line 6: | ||
btrbk is not yet included in Debian Jessie. Make sure you configure [[Apt|stretch source]] before running the command bellow. | btrbk is not yet included in Debian Jessie. Make sure you configure [[Apt|stretch source]] before running the command bellow. | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
| − | + | $ sudo apt install btrbk | |
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 17: | Line 17: | ||
=== User === | === User === | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
| − | + | $ sudo adduser --system --shell /bin/sh --home /backup/ --group --no-create-home btrbk | |
Adding system user `btrbk' (UID 122) ... | Adding system user `btrbk' (UID 122) ... | ||
Adding new group `btrbk' (GID 124) ... | Adding new group `btrbk' (GID 124) ... | ||
Adding new user `btrbk' (UID 122) with group `btrbk' ... | Adding new user `btrbk' (UID 122) with group `btrbk' ... | ||
Not creating home directory `/backup/'. | Not creating home directory `/backup/'. | ||
| − | + | $ sudo mkdir /backup/.ssh | |
| − | + | $ sudo touch /backup/.ssh/authorized_keys | |
| − | + | $ sudo chown root:btrbk /backup/ | |
| − | + | $ sudo chmod 710 /backup/ | |
</syntaxhighlight> | </syntaxhighlight> | ||
This user will need to run <code>btrfs</code> tools as root. Let’s add this to the <code>/etc/sudoers</code> file | This user will need to run <code>btrfs</code> tools as root. Let’s add this to the <code>/etc/sudoers</code> file | ||
| Line 39: | Line 39: | ||
=== Create Destination Folder === | === Create Destination Folder === | ||
'''On the backup server''', create a new folder for the client.<syntaxhighlight lang="console"> | '''On the backup server''', create a new folder for the client.<syntaxhighlight lang="console"> | ||
| − | + | $ sudo mkdir /backup/<client> | |
| − | + | $ sudo chmod 700 /backup/<client> | |
</syntaxhighlight> | </syntaxhighlight> | ||
=== SSH Key === | === SSH Key === | ||
Create an SSH key dedicated to your backups<syntaxhighlight lang="console"> | Create an SSH key dedicated to your backups<syntaxhighlight lang="console"> | ||
| − | + | $ sudo mkdir /etc/btrbk/ssh | |
| − | + | $ sudo chmod 700 /etc/btrbk/ssh | |
| − | + | $ sudo ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519 | |
Generating public/private ed25519 key pair. | Generating public/private ed25519 key pair. | ||
Your identification has been saved in /etc/btrbk/ssh/id_ed25519. | Your identification has been saved in /etc/btrbk/ssh/id_ed25519. | ||
| Line 64: | Line 64: | ||
|*X==. .+.+=. | | |*X==. .+.+=. | | ||
+----[SHA256]-----+ | +----[SHA256]-----+ | ||
| − | + | $ sudo cat /etc/btrbk/ssh/id_ed25519.pub | |
AAAAC3NzaC1lZDI1NTE5AAAAIB5ScAgJnpqYCipj6PyrOjbXpsaQZIzys7uHcVe1J3ay root@client.example.org | AAAAC3NzaC1lZDI1NTE5AAAAIB5ScAgJnpqYCipj6PyrOjbXpsaQZIzys7uHcVe1J3ay root@client.example.org | ||
</syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>. | </syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>. | ||
| Line 73: | Line 73: | ||
== Add a Backup Disk == | == Add a Backup Disk == | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
| − | + | $ sudo btrfs subvolume create /backup/<client>/<volume> | |
</syntaxhighlight>{{TODO|msg = }} | </syntaxhighlight>{{TODO|msg = }} | ||
Revision as of 13:07, 4 February 2017
btrbk is a backup tool for Btrfs disks.
 Warning: | This page is a work in progress and is not completed. Important informations might be missing or wrong. |
Install
btrbk is not yet included in Debian Jessie. Make sure you configure stretch source before running the command bellow.
$ sudo apt install btrbk
Setup Backup Server
The backup server will be the machine that will receive the backup data. Clients will connect to it to sent their backup data. As a consequence, your server must be reachable from all your clients.
Destination Disk
Create a Btrfs volume and mount it on /backup.
User
$ sudo adduser --system --shell /bin/sh --home /backup/ --group --no-create-home btrbk
Adding system user `btrbk' (UID 122) ...
Adding new group `btrbk' (GID 124) ...
Adding new user `btrbk' (UID 122) with group `btrbk' ...
Not creating home directory `/backup/'.
$ sudo mkdir /backup/.ssh
$ sudo touch /backup/.ssh/authorized_keys
$ sudo chown root:btrbk /backup/
$ sudo chmod 710 /backup/
This user will need to run btrfs tools as root. Let’s add this to the /etc/sudoers file
btrbk ALL=NOPASSWD:/bin/btrfs
If you limited access to certain users through SSH, add btrbk to the AllowUsers list and restart SSH
Setup New Client
For each machine that you want to backup, you will need to register it as a client in the backup server. This step need to be done only once per machine (even if you want to backup several disks).
Note: On the instructions bellow, the token <client> must be replace by the machine name.
Create Destination Folder
On the backup server, create a new folder for the client.
$ sudo mkdir /backup/<client>
$ sudo chmod 700 /backup/<client>
SSH Key
Create an SSH key dedicated to your backups
$ sudo mkdir /etc/btrbk/ssh
$ sudo chmod 700 /etc/btrbk/ssh
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519
Generating public/private ed25519 key pair.
Your identification has been saved in /etc/btrbk/ssh/id_ed25519.
Your public key has been saved in /etc/btrbk/ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:y5VremJsz5wHiO2KKrtupPZYbaqNeURxeLdznaCw450 root@client.example.org
The key's randomart image is:
+--[ED25519 256]--+
| . |
| o + . . |
| + + o o . |
| . o + . + |
| . . ooS.o |
| . ....Eoo.. |
|o .. o oo o. |
|oo*.o. *=... |
|*X==. .+.+=. |
+----[SHA256]-----+
$ sudo cat /etc/btrbk/ssh/id_ed25519.pub
AAAAC3NzaC1lZDI1NTE5AAAAIB5ScAgJnpqYCipj6PyrOjbXpsaQZIzys7uHcVe1J3ay root@client.example.org
Then, on the backup server, add the following line to /backup/.ssh/authorized_keys.
command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup/<client> --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5ScAgJnpqYCipj6PyrOjbXpsaQZIzys7uHcVe1J3ay root@client.example.org
Add a Backup Disk
$ sudo btrfs subvolume create /backup/<client>/<volume>
TODO
