Search Knowledgebase

BackupPC configuration of Server and Client

We will now configure the server and backup client (in my case another centos server)

 

Firstly let’s generate a RSA key pair for the backuppc user on the backup server:

ssh root@backup01

mkdir /var/lib/BackupPC/.ssh
 chown backuppc:backuppc /var/lib/BackupPC/.ssh
chmod 700 /var/lib/BackupPC/.ssh

 

Now use the backuppc user to create a key pair:

su -s /bin/bash backuppc

 

You will get a bash-4.1$ or something similar prompt:

type:

ssh-keygen -t dsa

Press Enter a few times, defaults and no password is fine:

Generating public/private dsa key pair.
Enter file in which to save the key (/var/lib/backuppc/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/backuppc/.ssh/id_dsa.
Your public key has been saved in /var/lib/backuppc/.ssh/id_dsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx backup01@host.domain.name

 

You only have to create the keypair once.

 

We should also make any emails going to backuppc system user go to the proper systems/ it team admin email address:

 printf "backuppc:\temail@example.com\n" >> /etc/aliases

 

We also now need to edit the sudoers file so that the user backuppc can access tar and other programmes:

visudo

 

Add at the end of the file :

Defaults !lecture
backuppc ALL=NOPASSWD:/bin/gtar,/bin/tar

ESC, wq

 

Configuring the client (Backup PC will back this up):

 

We have to configure the firewall, and user on the client like so:

ssh clientserver@ip

 

useradd backuppc
passwd backuppc

 

We are setting a temporary password for this user. After we will remove the password by typing passwd -d backuppc

Now we will also add the user backuppc in “sudo” file to allow it to use rsync and other services without errrors:

 

just type

visudo

 

then go to the bottom of the file and insert this code:

#BackupPC user allowed
backuppc ALL=NOPASSWD: /usr/bin/rsync --server --sender *

 

We have to ensure that port 22 (used by Rsync) is open to the backup servers IP address:

 

If the backuppc server is behind the same ip range / natted behind the same public IP as your management workstation then you don’t have to do this:

vim /etc/sysconfig/iptables

 

insert this:  | Edit the IP as required.

-A INPUT -s 123.45.6.78/32 -p tcp --dport 22 -j ACCEPT

save it:

 iptables-restore < /etc/sysconfig/iptables

 

Copying the ssh id_dsa.pub file accross

 ssh-copy-id -i /var/lib/BackupPC/.ssh/id_dsa.pub backuppc@clientserver.domain.name

 

Type yes | Then enter in the backuppc password you created on the client.

 

bash-4.1$ ssh-copy-id -i /var/lib/BackupPC/.ssh/id_dsa.pub backuppc@clientserver.domain.name
The authenticity of host ‘web.technical.network (176.58.100.83)’ can’t be established.
RSA key fingerprint is e4:57:b5:fc:a3:23:cfbfgshsfdhsfsfdh0f:23:03.
Are you sure you want to continue connecting (yes/no)y es
Warning: Permanently added ‘clientserver.domain.name,176. 58.100.83’ (RSA) to the list of known hosts.
backuppc@clientserver.domain.names password:
Now try logging into the machine, with “ssh ‘backuppc@ clientserver.domain.name'”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you were n’t expecting.

 

NOTE: Now try ssh’ing from the backuppc server as the backuppc user like so:

bash-4.1$ ssh backuppc@web.technical.network

and you should be able to login. If not then make sure the keys have copied correclty etc. Double-check everything.

 

Adding the host from the front-end:

 

Go to the backupPC front end website and on the left click on “Edit hosts” and then select ADD after putting the name of the server in:

 

 

Press Save.

 

We need to also do one more thing:

 

Click on the Xfer tab,

Find the settings that say:

 

$sshPath -q -x -l root $host $rsyncPath $argList+

and change it to | then click save

$sshPath -q -x -l backuppc $host sudo $rsyncPath $argList+

This is because we are using the backuppc user for backups not root. We only have to do this once to allow it for global configuration which gets applied to all hosts.

 

We also want to avoid backing up /sys /proc and /dev folders from the root directory:

The Global configuration page should look like this:

 

 

Click on the left hand side, the drop down where it has “Hosts” and select the newly added host (sometimes you have to refresh)

 

Now click on “Start Full Backup” and wala | click on the status page to see that your backup is happening:

 

 

Well Done! 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *