Esta obra está bajo una licencia de Creative Commons.
v0.1 (07.02.05 SBM) : creación del documento
v0.2 (01.03.05 SBM) : añado sección sobre backup de
estación linux (portatil)
v0.3 (03.03.05 SBM) : añado sección sobre creación
de archivos
Instalamos paquetes (backuppc, smbfs, libfile-rsyncp-perl):
| genie:~# apt-get install backuppc
smbfs libfile-rsyncp-perl Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: libarchive-zip-perl libcompress-zlib-perl perl-suid smbclient wwwconfig-common Suggested packages: w3m www-browser par2 postgresql-client The following NEW packages will be installed: backuppc libarchive-zip-perl libcompress-zlib-perl libfile-rsyncp-perl perl-suid smbclient smbfs wwwconfig-common 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. Need to get 3524kB of archives. After unpacking 9803kB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://ftp.es.debian.org testing/main libcompress-zlib-perl 1.33-3 [50.2kB] Get:2 http://ftp.es.debian.org testing/main libarchive-zip-perl 1.14-1 [85.1kB] Get:3 http://ftp.es.debian.org testing/main wwwconfig-common 0.0.42 [20.4kB] Get:4 http://ftp.es.debian.org testing/main perl-suid 5.8.4-5 [31.7kB] Get:5 http://ftp.es.debian.org testing/main smbclient 3.0.10-1 [2482kB] Get:6 http://ftp.es.debian.org testing/main backuppc 2.1.0-8 [410kB] Get:7 http://ftp.es.debian.org testing/main libfile-rsyncp-perl 0.52-1 [80.7kB] Get:8 http://ftp.es.debian.org testing/main smbfs 3.0.10-1 [363kB] Fetched 3524kB in 40s (88.1kB/s) Preconfiguring packages ... Selecting previously deselected package libcompress-zlib-perl. (Reading database ... 27949 files and directories currently installed.) Unpacking libcompress-zlib-perl (from .../libcompress-zlib-perl_1.33-3_i386.deb) ... Selecting previously deselected package libarchive-zip-perl. Unpacking libarchive-zip-perl (from .../libarchive-zip-perl_1.14-1_all.deb) ... Selecting previously deselected package wwwconfig-common. Unpacking wwwconfig-common (from .../wwwconfig-common_0.0.42_all.deb) ... Selecting previously deselected package perl-suid. Unpacking perl-suid (from .../perl-suid_5.8.4-5_i386.deb) ... Selecting previously deselected package smbclient. Unpacking smbclient (from .../smbclient_3.0.10-1_i386.deb) ... Selecting previously deselected package backuppc. Unpacking backuppc (from .../backuppc_2.1.0-8_all.deb) ... Selecting previously deselected package libfile-rsyncp-perl. Unpacking libfile-rsyncp-perl (from .../libfile-rsyncp-perl_0.52-1_i386.deb) ... Selecting previously deselected package smbfs. Unpacking smbfs (from .../smbfs_3.0.10-1_i386.deb) ... Setting up libcompress-zlib-perl (1.33-3) ... Setting up libarchive-zip-perl (1.14-1) ... Setting up wwwconfig-common (0.0.42) ... Setting up perl-suid (5.8.4-5) ... Setting up smbclient (3.0.10-1) ... Setting up backuppc (2.1.0-8) ... Adding password for user backuppc Starting backuppc: ok. Setting up libfile-rsyncp-perl (0.52-1) ... Setting up smbfs (3.0.10-1) ... |
Add aliases for /backuppc/ to your apache config files ? [yes]
Se crea por defecto un usuario para la web 'backuppc' con password
'backuppc'. Cambiar con htpasswd
/etc/backuppc/htpasswd backuppc .
Siguiendo las instrucciones del manual de BackupPC, añadimos
la siguiente opción a /etc/samba/smb.conf
:
unix charset = ISO8859-1
Descomentamos el parámetro '--checksum-seed=32761', de las
opciones RsyncArgs y RsyncRestoreArgs del fichero
principal de configuración /etc/backuppc/config.pl
.
Las copias de seguridad de las estaciones de trabajo Windows las
haremos via rsyncd, tal como se recomienda en diversos lugares de la
documentación de BackupPC. Para ello, instalamos el paquete
autónomo rsyncd descargable desde la propia página del
proyecto BackupPC. (seguir las instrucciones del README.txt).
Utilizaremos siempre el mismo nombre de usuario y password para los
rsyncd, configurandolo en el fichero c:\rsyncd\rsyncd.secrets para
cada estación de trabajo, y en las opciones RsyncdPasswd y RsyncdUserName en el fichero de
configuración del servidor.
Para las estaciones de trabajo Linux utilizaremos rsyncd igualmente.
Pese a que leyendo la documentación la opción recomendada
parece SSH. Para utilizar rsync sobre ssh hemos de permitir que el
servicio de backup se conecte a la estación de trabajo como
root. Eso implicaria abrir el acceso root via ssh, que por seguridad yo
siempre cierro. Aún peor, necesitariamos habilitar el acceso de
manera automática, normalmente con un certificado, lo cual
aún seria mas grave.
Obviamente, tendriamos que limitar ese acceso a permitir sólo
rsync mediante una herramienta como rssh.
Por todo lo anterior, creo que la opción de rsyncd es
más útil en este caso, ya que separa claramente el
servicio de copia de seguridad del acceso a la máquina.
Para cada estación de trabajo Windows sobre la que queremos
aplicar copias de seguridad, además de la instalación del
servidor rsync (documentado anteriormente) hemos de configurar el
fichero c:\rsyncd\rsyncd.conf:
| # # A sample rsyncd.conf file usable with BackupPC. This file does not # completely document all of the settings for rsyncd.conf - see the # man page that comes with the rsync ditribution for a comprehensive # overview off all available settings. # # # Allow rsync to change the root directory to the module location # upon connection of a client. This is disabled for Win32 as we do # not provide a full Cygwin environment. # # Warning: with a setting of "false", absolute symlinks will be # stripped of their leading "/". See "use chroot" in the rsyncd.conf # man page. This is relevant for machines that support symlinks # (WinXX machines do not). # use chroot = false # # Limit the simultaneous rsync connections to 4. Changing # this to '1' should be sufficient for BackupPC. # max connections = 4 # # Uncomment this line and change the path if # you would like to log rsync messages. # # log file = c:/rsyncd/rsyncd.log # # The location of the rsync process ID file # pid file = c:/rsyncd/rsyncd.pid # # The locations of the rsync lock file # lock file = c:/rsyncd/rsyncd.lock # # This is where we define the rsyncd modules. Add as many directories or # files are you wish. To backup this module using BackupPC, set # $Conf{RsyncShareName} to "docs" in this client's config.pl. # [docs] # # Exact DOS style path to the file or directory to be rsync accessible # path = c:/Documents and Settings # # A short description of the module. This is what is printed when # using rsync to "browse" the server for what modules are available. # comment = Documents and Settings # # Does rsyncd ensure that the secrets file is read only by the # user running the process? If this is false then no check is # performed (useful for Win32 systems). However, you can change # this to "true" and make the secrets file READ ONLY by the user # running the rysncd process. If running from the command line # or upon login, this should be the user who is logged in. If # running as a Win32 service, then the SYSTEM account should be # the only account that can read the secrets file. # strict modes = false # # What user(s) have access to this module. The user(s) must be # defined in the secrets file. A comma or space separated list. # # Example: # auth users = backup, root, larry # auth users = backup root larry # auth users = bkpuser # # The location of the secrets file. Permissions must be READ ONLY # for the account running the rsyncd process unless # strict modes = false is set above. # secrets file = c:/rsyncd/rsyncd.secrets # # What hosts are allowed access to this module? By default, all # hosts are allowed access. If you wish to further strengthen # the security of your setup, uncomment and replace with the IP # address your BackupPC server. This is a flexible setting and # can be one of: # # a dotted decimal IP address: 172.16.0.17 # a address/mask in the form a.b.c.d/n: 172.16.0.0/24 # an address/mask in the form ipaddr/maskaddr: 172.16.0.0/255.255.255.0 # a hostname: backupserver # a hostname pattern using wildcards: backup* # hosts allow = 192.168.1.1 # # Only allow clients to READ from the server. This prevents uploads # from remote machines. If you wish to allow uploads, change this too # "true". # # WARNING: Setting this to true means that BackupPC restores via # rsyncd will fail. You most likely want to set this to "false". # read only = true # # Don't list this module if a client asks (provides another modest # layer of security since an attacker also has to guess the module # name - you could make it obscure if you want - but remember the # module name is sent in plain text so it can be sniffed). # list = false # # Example of how to share the entire C: drive. For BackupPC "cDrive" # is the share name (ie: the value of $Conf{RsyncShareName}). # [cDrive] path = c: comment = Entire Drive auth users = UUU secrets file = c:/rsyncd/rsyncd.secrets # hosts allow = 172.16.0.17 strict modes = false read only = true list = false [cc] path = c:/cc comment = compiladores y herramientas de desarrollo auth users = bkpuser secrets file = c:/rsyncd/rsyncd.secrets hosts allow = 192.168.1.1 strict modes = false read only = true list = false [almacen] path = c:/Almacen comment = almacen con datos a almacenar auth users = bkpuser secrets file = c:/rsyncd/rsyncd.secrets hosts allow = 192.168.1.1 strict modes = false read only = true list = false [prj] path = c:/prj comment = proyectos de desarrollo propios auth users = bkpuser secrets file = c:/rsyncd/rsyncd.secrets hosts allow = 192.168.1.1 strict modes = false read only = true list = false |
En el servidor hemos de añadir una linea al fichero /etc/backuppc/hosts y un
fichero de configuración de esa estación de trabajo. Por
ejemplo, para la anterior configuración (host athlon) los ficheros
resultantes son:
| genie:/etc/backuppc# cat hosts #============================================================= -*-perl-*- # # Host file list for BackupPC. # # DESCRIPTION # # This file lists all the hosts that should be backed up by # BackupPC. # # Each line in the hosts file contains three fields, separated # by white space: # # - The host name. If this host is a static IP address this # must the machine's IP host name (ie: something that can # be looked up using nslookup or DNS). If this is a DHCP # host then the host name must be the netbios name of the # machine. It is possible to have a host name that contains # spaces, but that is discouraged. Escape a space with "\", eg: # # craigs\ pc # # - DHCP flag. Set to 0 if this is a static IP address host # or if the machine can be found using nmblookup. Otherwise, # if the client can only be found by looking through the DHCP # pool then set this to 1. # # - User name (unix login/email name) of the user who "owns" # or uses this machine. This is the user who will be sent # email about this machine, and this user will have permission # to stop/start/browse/restore backups for this host. This # user name must match the name the user authenticates with # via apache. # # - Optional additional user names (comma separated, no white space) of # users who are also allowed to stop/start/browse/restore backups # for this client via the CGI interface. These users are not sent # email. These do not need to be valid email names; they simply # need to match the name the user authenticates with via apache. # # AUTHOR # Craig Barratt <craig@arraycomm.com> # # COPYRIGHT # Copyright (C) 2001 Craig Barratt # # See http://backuppc.sourceforge.net. # #======================================================================== # # The first non-comment non-empty line gives the field names and should # not be edited!! # host dhcp user moreUsers # <--- do not edit this line #farside 0 craig jill,jeff # <--- example static IP host entry #larson 1 bill # <--- example DHCP host entry localhost 0 backuppc athlon 0 sbaila@ticop.com miniyo 0 anna@thewebspain.com archive 0 sbaila@ticop.com genie:/etc/backuppc# cat athlon.pl # # athlon # $Conf{XferMethod} = 'rsyncd'; $Conf{RsyncShareName} = ['docs','cc','almacen','prj']; |
Para las estaciones linux sólo tenemos que instalar el
paquete rsync en el cliente
(la estación de trabajo). Crear los ficheros /etc/rsyncd.conf y /etc/rsyncd.secrets como por
ejemplo:
| enterprise:/etc# ls -l rsy* -rw-r--r-- 1 root root 415 Mar 1 09:39 rsyncd.conf -rw------- 1 root root 483 Mar 1 09:40 rsyncd.secrets enterprise:/etc# cat rsyncd.conf # # rsyncd para enterprise # pid file=/var/run/rsyncd.pid lock file = /var/lock/rsyncd read only = yes list = false auth users = bkpuser strict modes = true secrets file = /etc/rsyncd.secrets hosts allow = 192.168.1.1 [root] comment = home de root path = /root [home] comment = homes path = /home [etc] comment = configuraciones path = /etc [var] comment = datos de programas path = /var enterprise:/etc# cat rsyncd.secrets # # The format of this file is user:password. You can have as many entries # as you wish. These accounts are sepecifc to the rsync daemon and share # no relation to Windows local/domain accounts, nor Cywin entries in the # passwd file. # # SECURITY WARNING: Don't use these defaults of UUU for the user name # and PPP for the password! Change them!! # # Also: make sure this file ends in a newline. Otherwise the last # username/password pair will be ignored. # bkpuser:xxxxxxxxx |
La configuración para este caso de ejemplo del BackupPC
sería básicamente añadir en el servidor una linea
al fichero /etc/backuppc/hosts
y crear el fichero /etc/backuppc/enterprise.pl:
| genie:/etc/backuppc# cat
enterprise.pl $Conf{XferMethod} = 'rsyncd'; $Conf{RsyncShareName} = ['etc','home','var','root']; |
También, en el servidor, es necesario que pueda encontrar el nombre de la máquina. En el caso de una IP fija, la opción más sencilla es mediante una entrada en /etc/hosts.
Por último tenemos que ejectuar el daemon rsync en el
cliente. Tenemos dos opciones, ejecutarlo permanentemente o bajo
demanda mediante inetd. Escogemos la primera opción, ya que en
mi caso no uso inetd para nada y usarlo sólo para rsync no me
parece procedente.
Cambio la configuración en /etc/default/rsync para que el
daemon esté activo por defecto y ejecuto dpkg-reconfigure rsync para que
me prepare el entorno y auto-ejecute el servicio.
Aunque este software nos crea varias copias de seguridad, y aunque
podamos proteger ese servidor usando un RAID 1 o mejor aún un
RAID 5, sigue siendo un sólo punto de copias de seguridad.
Además, está en la misma red que los PCs que protege
(normalmente). Es posible que nuestros requerimientos nos lleven a
hacer copias de seguridad externas al servidor, en soporte DVD,
cinta... cualquier cosa.
BackupPC proporciona un
mecanismo para generar archivos bajo demanda. Su uso es similar a
configurar un nuevo host, pero indicando como método la palabra
'archive'. Por ejemplo, en mi caso tengo el fichero /etc/backuppc/archive.pl para
preparar copias de seguridad externas en DVD:
| sargue@genie:~$ cat
/etc/backuppc/ apache.conf athlon.pl enterprise.pl htgroup localhost.pl archive.pl config.pl hosts htpasswd miniyo.pl sargue@genie:~$ cat /etc/backuppc/archive.pl # # archivo de backups externo (en DVD-5) # $Conf{XferMethod} = 'archive'; sargue@genie:~$ |
Como véis es muy sencillo, pero claro, porque he modificado
las opciones globales de archivado. Se pueden crear tantos hosts para archivo como se
necesiten, con opciones específicas. Las opciones de archivado
están en el fichero general de configuración y son estas:
# |
Hay que tener en cuenta que el tipo de compresión, la paridad
si se quiere y el tamaño nos los pide de nuevo al ordenar el
archivo, por si los queremos modificar.