Welcome to the new location of Alien's Wiki, sharing a single dokuwiki install with the SlackDocs Wiki.

Welcome to Eric Hameleers (Alien BOB)'s Wiki pages.

If you want to support my work, please consider a small donation:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
linux:rsnapshot [2006/03/20 13:54] – created alienlinux:rsnapshot [2010/04/24 19:25] (current) – Add a link to my article about the NSLU2 alien
Line 1: Line 1:
 ===== The rsnapshot backup solution ===== ===== The rsnapshot backup solution =====
-=========================================+-----------------------------------------
  
 Rsnapshot is a filesystem snapshot utility for making backups of local and remote systems. Using rsync and hard links, it is possible to keep multiple, full backups instantly available. The disk space required is just a little more than the space of one full backup, plus incrementals. See the [[http://rsnapshot.org/ | rsnapshot web site]] for more information.\\ Rsnapshot is a filesystem snapshot utility for making backups of local and remote systems. Using rsync and hard links, it is possible to keep multiple, full backups instantly available. The disk space required is just a little more than the space of one full backup, plus incrementals. See the [[http://rsnapshot.org/ | rsnapshot web site]] for more information.\\
 A good read is the [[http://www.rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html | Rsnapshot HOWTO]]. A good read is the [[http://www.rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html | Rsnapshot HOWTO]].
  
 +Another article worth checking is my companion article about [[linux:slug | using a Linksys NAS as rsnapshot server]].
 +
 +==== Getting the software ====
 +
 +I have created a Slackware package for rsnapshot that you can download from my [[http://www.slackware.com/~alien/slackbuilds/rsnapshot/ | SlackBuilds repository]].
  
  
 ==== Installing rsnapshot ==== ==== Installing rsnapshot ====
-============================== 
  
 These are my notes on setting up "rsnapshot" so that it can start backing up (creating multiple snapshots) remote servers on the LAN or even on the Internet(at least those that have sshd running and ssh as well as rsync installed). In this document, is will call the machine that is running rsnapshot the //backupserver//. The machines that are going to be backed up are called the //target servers// or the //remote servers//.\\ Basically, using rsync over an ssh connection means that you have to do two things: These are my notes on setting up "rsnapshot" so that it can start backing up (creating multiple snapshots) remote servers on the LAN or even on the Internet(at least those that have sshd running and ssh as well as rsync installed). In this document, is will call the machine that is running rsnapshot the //backupserver//. The machines that are going to be backed up are called the //target servers// or the //remote servers//.\\ Basically, using rsync over an ssh connection means that you have to do two things:
Line 16: Line 20:
  
 Good example docs about how to set this up are:\\ Good example docs about how to set this up are:\\
-  http://blog.innerewut.de/articles/2005/05/25/remote-filesystem-snapshots-with-rsnapshot+http://blog.innerewut.de/articles/2005/05/25/remote-filesystem-snapshots-with-rsnapshot 
 and it's follow-up article:\\ and it's follow-up article:\\
-  http://blog.innerewut.de/articles/2005/06/03/follow-up-on-remote-filesystem-snapshots-with-rsnapshot+http://blog.innerewut.de/articles/2005/06/03/follow-up-on-remote-filesystem-snapshots-with-rsnapshot 
 as well as some improvements to this:\\ as well as some improvements to this:\\
-  http://sourceforge.net/mailarchive/forum.php?thread_id=8991705&forum_id=41320+http://sourceforge.net/mailarchive/forum.php?thread_id=8991705&forum_id=41320
  
  
 Now, some detailed instructions compiled from the above sources: Now, some detailed instructions compiled from the above sources:
-================================================================+----------------------------------------------------------------
  
  
Line 35: Line 41:
     local# ssh remote-server     local# ssh remote-server
     ; you might have to create the directory ~/.ssh if it doesnt exist:     ; you might have to create the directory ~/.ssh if it doesnt exist:
-    ; "chmod 600 ~/.ssh ; chown rbackup ~/.ssh"+    ; "chmod 700 ~/.ssh ; chown rbackup ~/.ssh"
     ; if you don't get the permissions on ~/.ssh and ~/.ssh/authorized_keys right,     ; if you don't get the permissions on ~/.ssh and ~/.ssh/authorized_keys right,
     ; passwordless login will FAIL!     ; passwordless login will FAIL!
Line 57: Line 63:
   * Create a user "//rbackup//", which should be un-privileged, i.e. should not be part of the "//wheel//" group.   * Create a user "//rbackup//", which should be un-privileged, i.e. should not be part of the "//wheel//" group.
   * Append the //BACKUPSERVER//'s rbackup user's public key to the //REMOTE// rbackup's ''~/.ssh/authorized_keys'' and modify it to allow access from one specific machine (the backupserver), only allowed to run one specific command. This is for security reasons of course. <code>   * Append the //BACKUPSERVER//'s rbackup user's public key to the //REMOTE// rbackup's ''~/.ssh/authorized_keys'' and modify it to allow access from one specific machine (the backupserver), only allowed to run one specific command. This is for security reasons of course. <code>
-    from="192.168.200.34",command="/home/rbackup/validate-rsync.sh" ssh-rsa  +from="192.168.200.34",command="/home/rbackup/validate-rsync.sh" ssh-rsa  
-    AAAAB3NzaC1yc2EAAAAB.......0i9yTN7QTrcqKU9ugIesi3+EZnw5ES5wbpo8= +AAAAB3NzaC1yc2EAAAAB.......0i9yTN7QTrcqKU9ugIesi3+EZnw5ES5wbpo8= 
-    rbackup@TheVault</code> +rbackup@TheVault 
-  * Create the ''/home/rbackup/validate-rsync.sh'' validation script with these contents: <code> +</code> Make sure your version of **''from="192.168.200.34"''** contains the IP address of your rsnapshot server! 
-    #!/bin/sh +  * Create the ''/home/rbackup/validate-rsync.sh'' validation script with these contents: <code bash
-    case "$SSH_ORIGINAL_COMMAND" in +#!/bin/sh 
-    *\&*)+case "$SSH_ORIGINAL_COMMAND" in 
 +  *\&*)
     echo "Rejected 1"     echo "Rejected 1"
     ;;     ;;
-    *\;*)+  *\;*)
     echo "Rejected 2"     echo "Rejected 2"
     ;;     ;;
Line 72: Line 79:
     $SSH_ORIGINAL_COMMAND     $SSH_ORIGINAL_COMMAND
     ;;     ;;
-    *true*)+  *true*)
     echo $SSH_ORIGINAL_COMMAND     echo $SSH_ORIGINAL_COMMAND
     ;;     ;;
-    *)+  *)
     echo "Rejected 3"     echo "Rejected 3"
     ;;     ;;
-    esac +esac 
-</code>  and ''chmod 754 /home/rbackup/validate-rsync.sh'' to make it executable.+</code>  and run the following commands to make it executable for user ''rbackup'': <code> 
 +chown rbackup /home/rbackup/validate-rsync.sh 
 +chmod 754 /home/rbackup/validate-rsync.sh 
 +</code> 
   * Create a wrapper script for rsync (which uses sudo) in ''/usr/local/bin/rsync_wrapper.sh'' which contains: <code>#!/bin/sh   * Create a wrapper script for rsync (which uses sudo) in ''/usr/local/bin/rsync_wrapper.sh'' which contains: <code>#!/bin/sh
 /usr/bin/sudo /usr/bin/rsync "$@"; /usr/bin/sudo /usr/bin/rsync "$@";
 </code> </code>
-  * Add this line to ''/etc/sudoers'': <code>rbackup ALL = NOPASSWD: /usr/bin/rsync</code>+  * Add this line to ''/etc/sudoers'' so that user ''rbackup'' can run the wrapper's ''rsync'' command with //root// privileges: <code>rbackup ALL = NOPASSWD: /usr/bin/rsync</code> 
 + 
 +=== Testing remote login === 
 + 
 +When all configuration is complete, and before your scheduled cron jobs start, you should test whether the non-interactive passwordless login from the rsnapshot server to the remote //rbackup// account is functional.\\ You need to make a ssh connection at least once, to add the public key of the remote machine to your root account's //''known_hosts''// file. <code> 
 +# ssh rbackup@client.my.lan 
 +Rejected 3 
 +Connection to client.my.lan closed. 
 +</code> The "''Rejected 3''" message actually means that your configuration was successful!
  

Trace:

The rsnapshot backup solution ()
SlackDocs