You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

227 lines
17 KiB

8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
7 years ago
8 years ago
7 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
8 years ago
8 years ago
7 years ago
8 years ago
7 years ago
8 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
8 years ago
7 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
  1. # rs-backup-suite
  2. rs-backup-suite is a set of shell scripts for setting up a custom NAS on a computer in the network. It uses [rsync](http://rsync.samba.org/) and [rsnapshot](http://www.rsnapshot.org/).
  3. ## How it works
  4. rs-backup-suite is designed for push backups, which means the client pushes its files to the server. This is ideal for computers which are not always on such as most desktop PCs.
  5. It is also a user-centric backup system. That means each user creates his own backup on the NAS instead of root backing up the whole machine at once (although this is possible). That also means that each user has a UNIX account on the NAS. The NAS username is usually `<hostname>-<local user name>` (e.g. `mymachine-johndoe`).
  6. On the client machine(s) each user can create a file called `.rs-backup/include` (name is configurable) inside his home directory which includes the list of files that should be considered by the backup. Additionally root can maintain a similar file located at `/etc/rs-backup/include-files` for the system files.
  7. ## Setup (please read this carefully before performing any actions!)
  8. rs-backup-suite is split into two parts: a client part for pushing the backup to the NAS and a server part which runs on the NAS itself.
  9. **NOTE:** Any command that necessarily needs to be run as root is preceded by `sudo` in this document. If `sudo` is not available on your system, make sure you are running the command in a root shell (e.g. using `su`).
  10. ### Server
  11. For installing the server component run
  12. sudo ./install.sh server
  13. on your server machine. This installs all the necessary files into the right location on your system.
  14. #### Tweaking the configuration file
  15. If you need to tweak the server settings, simply edit `/etc/rs-backup/server-config` to your needs. There you can configure the following directives:
  16. * `BACKUP_ROOT`: The directory under which the home directories of the backup users are stored. The default is `/bkp`
  17. * `FILES_DIR`: The directory under which the actual backups are kept (relative to the backup user's home directory). The default is `files`.
  18. * `SET_QUOTA`: Whether to set disk quota for the users or not (for Ext3/4 file systems). Default is `false`.
  19. * `QUOTA_SOFT_LIMIT`, `QUOTA_HARD_LIMIT`, `QUOTA_INODE_SOFT_LIMIT`, `QUOTA_INODE_HARD_LIMIT`: The individual limits for disk quota. Ignored, if `SET_QUOTA` is `false`.
  20. **WARNING:** Adjust these settings *before* you create backup users, because they won't be re-applied for already existing users!
  21. #### Adding a backup user
  22. A backup user is an unprivileged UNIX account on the server. Normally each user on each client has one corresponding backup user which he uses to log into the NAS. A backup user can be created by running
  23. sudo rs-add-user hostname username [ssh-public-key-file]
  24. on the server where `hostname` is the name of the client host and `username` is the name of the user on that machine for whom this account is made. Of course you can use any other names for `hostname` and `username` as well, but it's generally a good idea to stick to this naming convention. The resulting UNIX username will be the combination of both.
  25. The optional third parameter specifies the path to the SSH public key file which the user will use to log into the NAS. If you don't specify it, the user won't be able to log in at all. But you can add one later at any time by running
  26. sudo rs-add-ssh-key hostname username ssh-public-key-file
  27. `hostname` and `username` are the same as above and mandatory for identifying the user that should get the new key.
  28. **TIP:** If you don't remember the parameters for all these commands, simply run them without any and you'll get simple usage instructions.
  29. #### Making the chroot work
  30. rs-backup-suite can chroot backup users into the backup home base directory. For this to work you need to create a few bind mounts. The install script already created the respective lines in your `/etc/fstab` for you. If you don't need any special configuration on your system, all you need to do is to uncomment everything between the `BEGIN` and `END` lines (do NOT change these two lines, though):
  31. # BEGIN: rs-backup-suite
  32. #/bin /bkp/bin none bind 0 0
  33. #/bin /bkp/bin none remount,ro,bind 0 0
  34. #/lib /bkp/lib none bind 0 0
  35. #/lib /bkp/lib none remount,ro,bind 0 0
  36. #/dev /bkp/dev none bind 0 0
  37. #/dev /bkp/dev none remount,ro,bind 0 0
  38. #/usr/bin /bkp/usr/bin none bind 0 0
  39. #/usr/bin /bkp/usr/bin none remount,ro,bind 0 0
  40. #/usr/lib /bkp/usr/lib none bind 0 0
  41. #/usr/lib /bkp/usr/lib none remount,ro,bind 0 0
  42. #/usr/share/perl5 /bkp/usr/share/perl5 none bind 0 0
  43. #/usr/share/perl5 /bkp/usr/share/perl5 none remount,ro,bind 0 0
  44. # END: rs-backup-suite
  45. The necessary mounts may differ from system to system. For instance, Ubuntu needs `/usr/share/perl` instead of `/usr/share/perl5`. Synology DSM doesn't need `/usr/share/*` at all, but requires `/opt/bin`, `/opt/lib` and `/opt/libexec`. But in most cases you don't need to worry about that since the install script tries to make the correct decisions for you.
  46. **NOTE:** If your 64-bit system doesn't have a `/lib` folder but only `/lib64` you may need to change the `/lib` line in your `/etc/fstab` as follows:
  47. /lib64 /bkp/lib64 none bind 0 0
  48. /lib64 /bkp/lib64 none remount,ro,bind 0 0
  49. Don't forget to rename `/bkp/lib` to `/bkp/lib64`. The do the same with `/usr/lib` / `/usr/lib64`.
  50. When you're done, add this to the end of your `/etc/ssh/sshd_config`:
  51. Match Group backup
  52. ChrootDirectory /bkp/
  53. and restart OpenSSH. Your backup users are now chrooted into `/bkp`.
  54. **NOTE:** When using a chroot environment and you change anything in your user configuration (e.g. the username) you need to run `rs-update-passwd` or your user might not be able to log in anymore.
  55. **NOTE about logging:** Be aware that logging of backup success or failure on the server side will not work in a chroot environment since we mounted all our binds read-only. Additionally, certain files and libraries needed by the syslog facility may not be available. So if you want server-side logging, you cannot use chroot. Client-side logging will still work, of course.
  56. #### Changing the rotation options/backup levels
  57. To change how many increments of which level are kept, edit the file `/bkp/etc/rsnapshot.global.conf`. This is the global configuration file for rsnapshot which will be included in each user-specific configuration. There you can tweak the names and numbers for all backup levels.
  58. If you add or remove any backup levels, make sure you also update the cron scripts. By default three cron scripts are installed: `/etc/cron.daily/rs-backup-rotate`, `/etc/cron.weekly/rs-backup-rotate` and `/etc/cron.monthly/rs-backup-rotate`.
  59. #### Quota support
  60. rs-backup-suite directly supports Linux file system quota. To make use of it, you need to enable quota for your backup drive first (i.e install the necessary utility packages, mount the backup drive with needed mount options and initialize quota files). This is pretty much straight-forward and not in any way different to any other Linux system. If you need assistance with setting up quota, I recommend you read [this quota guide](http://www.linux.com/learn/tutorials/393886-enable-per-user-disk-quotas-in-linux).
  61. Once disk quota are set up, you can change the value of `SET_QUOTA` in `/etc/rs-backup/server-config` to `true` and tweak the `QUOTA_*` directives to your liking. Any new user you create with `rs-add-user` will now be assigned these initial default quota.
  62. Of course you can change these default quota at any time using `rs-setquota`. For instance:
  63. sudo rs-setquota local-username 500G 505G 4M 5M
  64. This sets soft quota for the user `local-username` to 500GiB, hard quota to 505GiB, inode soft limit to 4194304 and inode hard limit to 5242880. You can, of course, set quota like this even when `SET_QUOTA` is `false`.
  65. Editing quota using native Linux quota tools (i.e. `setquota` or `edquota`) is also possible (in fact, `rs-setquota` only provides a more user-friendly frontend to `setquota`).
  66. ### Client
  67. To set up the client you simply need to run
  68. sudo ./install.sh client
  69. on your client machine. Then open the file `/etc/rs-backup/client-config` as root and replace the value of `REMOTE_HOST` with the hostname or IP address of your NAS.
  70. On the client machines the script `/usr/bin/rs-backup-run` is used for performing the backups. This script can either be run as root or as an unprivileged user. The behavior differs in both cases:
  71. * If run as root, all files and folder specified in `/etc/rs-backup/include-files` will be backed up. The backup user used for logging into the NAS is `hostname-root` by default (where `hostname` is the hostname of the current machine). Additionally the home directories of all users will be scanned. If a home directory contains a file called `.rs-backup/include` all files and folders specified inside that file will be backed up under this user's privileges. The username used for logging into the NAS is `hostname-username` (where `hostname` is again substituted for the hostname of the current machine and `username` for the user whose home directory is being backed up).
  72. * If run as a normal user, only the files that are specified in your own `.rs-backup/include` will be backed up.
  73. #### Changing the default configuration
  74. All the client configuration options are defined in `/etc/rs-backup/client-config`. You can edit the file as you wish. All parameters are documented clearly by comments. Most of these configuration options can also be overridden at runtime by passing command line arguments to `rs-backup-run`. For a list and a description of all possible command line arguments run
  75. rs-backup-run --help
  76. ## Installing client and server on the same machine
  77. You can of course also install server and client on the same machine. This may be useful if you want, e.g. save your data to an external USB drive instead of a real NAS. A shortcut for running both `sudo ./install server` and `sudo ./install client` is simply running
  78. sudo ./install all
  79. ## Uninstalling
  80. For uninstalling run
  81. sudo ./uninstall.sh [all|server|client]
  82. This removes all the scripts but preserves the data in `/bkp` (or whatever your backup folder is).
  83. ## Backup strategies
  84. The intended use case for rs-backup-suite is as follows: you set up the server part on your NAS. Then you create a backup user for each user on each client machine.
  85. ### Cron
  86. In the next step you edit the crontab for root on each client and add a job for running `/usr/bin/rs-backup-run` at certain times. You can of course also create a shell script that calls `rs-backup-run` and put it in `/etc/cron.daily` to perform a global backup once a day.
  87. ### Alternative: systemd
  88. Since version 0.2.5, rs-backup-run comes with systemd unit files which you can use for automatically running daily backups instead.
  89. To enable the timer, run
  90. systemctl enable rs-backup-run.timer
  91. systemctl start rs-backup-run.timer
  92. This will enable the timer when booting the system. By default, the timer is set to run once every day (or immediately if the system was down during the last timer tick).
  93. You can also start a full system backup manually at any time by running
  94. systemctl start rs-backup-run.service
  95. ### Inclusion patterns
  96. After everything is set up that way you create the file `/etc/rs-backup/include-file` and write to it a list of files and folders you want to back up as root (e.g. you can specify `/etc/***` to backup the whole `/etc` directory and all its subdirectories). Furthermore each user creates a file called `.rs-backup/include` inside his home directory that serves the same purpose for his own home directory instead of the global system. Such a file could look like this:
  97. - /home/johndoe/.cache/***
  98. /home
  99. /home/johndoe/***
  100. Lines that start with a `-` are treated as excludes, all other lines as includes. The three asterisks mean “Include this directory and everything below”. For more information about these globbing patterns read the FILTER RULES section of the rsync(1) man page.
  101. **NOTE:** To include a directory you need to mark all parent directories for inclusion, too. For instance to include `/home/johndoe` you also need to include `/home` as shown above. But don't confuse `/home` with `/home/`! `/home` without the trailing slash only selects the (empty) directory itself, not its contents.
  102. ## Restoring files from the NAS
  103. To restore files from the NAS server simply run:
  104. rsync -a -e ssh backupuser@remotehost::pull/source/path /destination/path
  105. Replace `backupuser` with the proper backup user (e.g. `mymachine-johndoe`) and `remotehost` with the hostname of the NAS. `/source/path` is the file name on the remote side (e.g. `/daily.2/home/johndoe/foobar`) and `/destination/path` is the local destination file name.
  106. You can also log into the NAS using SFTP or SSHFS. This is probably more convenient for browsing available files.
  107. Be aware that both access methods are strictly read-only! Write access is only granted via rsync through the `push` module:
  108. rsync -a -e ssh backupuser@remotehost::push/destination/path /source/path
  109. ## Side note
  110. Because rs-backup-suite uses rsync for the client-server communication you don't necessarily need both parts. As long as you have a working rsync server on your NAS you can use the client script to push files to it. On the other hand you can use the rs-backup-suite server part with any other rsync client, as well.
  111. ## Special systems
  112. rs-backup-suite is designed to work on most generic Linux systems, but some embedded systems may require some extra love (especially those running on busybox):
  113. ### Synology DSM
  114. To run the server component on Synology DSM, you need to install the following packages via [Entware-ng / opkg](https://github.com/Entware-ng/Entware-ng/wiki/Install-on-Synology-NAS):
  115. * `rsnapshot`
  116. * `openssh-sftp-server`
  117. * `util-linux-ng`
  118. * `logger`
  119. In `/etc/ssh/sshd_config` make sure you replace whatever line contains the subsystem configuration for the sftp server with
  120. Subsystem sftp /opt/libexec/sftp-server
  121. and restart the SSH server using the configuration utility from the web interace. If you are using the `synoservicectl` utility from the command line instead, make sure you are actually starting the correct SSH server from `/usr/sbin` and not from `/opt/sbin` (although that works as well, but would have a different configuration file).
  122. If you want to run your backups in a chroot environment please note that `/etc/fstab` will be reset to its defaults when rebooting the disk station. To avoid configuration loss, no mount directives are added to `/etc/fstab` by the install script. Instead the following entries are added to `/etc/rc` (which won't be overwritten upon reboot):
  123. # BEGIN: rs-backup-suite
  124. #mount -o bind /bin /var/services/homes/bin
  125. #mount -o remount,ro,bind /var/services/homes/bin
  126. #mount -o bind /lib /var/services/homes/lib
  127. #mount -o remount,ro,bind /var/services/homes/lib
  128. #mount -o bind /dev /var/services/homes/dev
  129. #mount -o remount,ro,bind /var/services/homes/dev
  130. #mount -o bind /usr/bin /var/services/homes/usr/bin
  131. #mount -o remount,ro,bind /var/services/homes/usr/bin
  132. #mount -o bind /opt/bin /var/services/homes/opt/bin
  133. #mount -o remount,ro,bind /var/services/homes/opt/bin
  134. #mount -o bind /opt/lib /var/services/homes/opt/lib
  135. #mount -o remount,ro,bind /var/services/homes/opt/lib
  136. #mount -o bind /opt/libexec /var/services/homes/opt/libexec
  137. #mount -o remount,ro,bind /var/services/homes/opt/libexec
  138. # END: rs-backup-suite
  139. To enable the mounts, uncomment everything between the `BEGIN` and `END` block. Afterwards either run these commands by hand once or reboot. Of course, don't forget to also set the correct chroot path in `/etc/ssh/sshd_config` and restart the SSH daemon:
  140. Match Group backup
  141. ChrootDirectory /var/services/homes/
  142. ### Cygwin
  143. The server component is incompatible with Cygwin for several reasons, but the client component works just fine. At the moment, though, there is no root mode for backing up all home directories at once. Desktop notifications are also unsupported.
  144. ## Warning to users of older versions
  145. `rs-backup` used to reside in `/usr/local` instead of `/usr`. With the addition of a proper Makefile in version 0.2.0 this has changed. The consequence is that older setups won't work with the new version without modifications. In order to update your setup you need to update the path to `rs-run-ssh-cmd` (now at `/usr/bin/rs-run-ssh-cmd`) inside your users' `~/.ssh/authorized_keys` files as well as the path to `rs-rotate` (`/usr/bin/rs-rotate`) inside their `rsync.conf` files. Alternatively just create symlinks to the old locations.
  146. Moving `rs-backup` to `/usr` also means that for chroot setups the `/bkp/usr/local` mountpoint is no longer needed.