BackupPC On Red Hat (Enterprise) Linux

Disclaimer #0

Below given instructions are what I used to get BackupPC (v3.0.0) compiled/running and these may very well work for you. However, please note that you are using these instructions at your very own risk and this website, sgowtham.com, is not responsible for any/all damage caused to your property, intellectual or otherwise.


What is BackupPC?

In a nutshell can be defined as

BackupPC is a high-performance, enterprise-grade system for backing up Linux, WinXX and MacOSX PCs and laptops to a server’s disk. BackupPC is highly configurable and easy to install and maintain. It is written in Perl and extracts backup data via SMB using Samba, tar over ssh/rsh/nfs/rsync. It is robust, reliable, well documented and freely available as Open Source from SourceForge.


Features of BackupPC

Citing from the website, BackupPC comes with following features/characteristics:

  1. A clever pooling scheme minimizes disk storage and disk I/O. Identical files across multiple backups of the same or different PCs are stored only once resulting in substantial savings in disk storage and disk I/O.
  2. One example of disk use: 95 latops with each full backup averaging 3.6GB each, and each incremental averaging about 0.3GB. Storing three weekly full backups and six incremental backups per laptop is around 1200GB of raw data, but because of pooling and compression only 150GB is needed.
  3. Optional compression support further reducing disk storage. Since only new files (not already pooled) need to be compressed, there is only a modest impact on CPU time.
  4. No client-side software is needed. The standard smb protocol is used to extract backup data on WinXX clients. On linux clients, tar over ssh/rsh/nfs is used to backup the data. With version 2.0.0, rsync is also supported on any client that has rsync or rysncd.
  5. A powerful web (http/cgi) user interface allows administrators to view log files, configuration, current status and allows users to initiate and cancel backups and browse and restore files from backups.
  6. A full set of restore options is supported, including direct restore (via smbclient, tar, or rsync/rsyncd) or downloading a zip or tar file.
  7. Supports mobile environments where laptops are only intermittently connected to the network and have dynamic IP addresses (DHCP).
  8. Flexible configuration parameters allow multiple backups to be performed in parallel, specification of which shares to backup, which directories to backup or not backup, various schedules for full and incremental backups, schedules for email reminders to users and so on. Configuration parameters can be set system-wide or also on a per-PC basis.
  9. Users are sent periodic email reminders if their PC has not recently been backed up. Email content, timing and policies are configurable.
  10. Tested on Linux, Freenix &Solaris hosts and Linux, Win95, Win98, Win2000 & WinXP clients.
  11. Detailed documentation.
  12. Open Source hosted by SourceForge and freely availble under GPL.


BackupPC on Other Linux Distributions

Getting BackupPC to work on some (real) linux distributions – especially Debian (and some of its descendants like Ubuntu) – is as easy as typing a one line command:

apt-get install backuppc

It probably doesn’t get any easier than that. Does it?


BackupPC on Red Hat (Enterprise) Linux

Either by choice or chance or force, not all of us get to use Debian (or its descendants) and for reasons that lot of my friends/folks know about, I use Red Hat Enterprise Linux (RHEL) AS (v4.4). Although it’s not difficult to get BackupPC working on RHEL but it’s not all that trivial. As such, this document(ation) entails a step by step procedure to make it work. To keep instructions generic enough, I assume the following set up of two computers on network:

  1. kramer : a linux box that will act as the server. In other words, BackupPC will be installed on this machine. This has two non-root accounts, backuppc and brady.
  2. newman : a linux box that will act as the client. In other words, (some/all) of it will be backed up on kramer. This has one non-root account, brady.


Preparing for Installation

  1. Whenever I install the Operating System, I do a Full installation – meaning I include every package that comes with the given release. This has its advantages and disadvantages but for me, it saves the trouble of searching (and researching) for some missing dependencies, etc.
  2. It is recommended that kramer has an additional drive to store the backed up data (you can decide the capacity – based on what you wish to back up and how frequently you wish to back them up). In my personal case, kramer has a second internal hard drive of 250 GB capacity and is mounted at /storage.
  3. As root, create the user called backuppc with backuppc as the default group and apache as the additional group.
    useradd -g backuppc -G apache backuppc
    passwd backuppc
  4. This account will be used to start Apache (the web server) as well as BackupPC. This account, backuppc, also needs to have sudo previliges on kramer. Still as root, edit the file /etc/sudoers and add the following line. I understand that these are very generous previliges and might cause security holes. Take caution and tighten it as you feel necessary.
    %backuppc       ALL=(ALL)       NOPASSWD: ALL
  5. Still as root, install the PERL modules File::RsyncP and Compress::Zlib. If it’s the first time using this command, you will go through an interactive process and picking default options is more than sufficient. Be sure to pick the repository that is geographically closer though. From within the cpan shell, execute the following commands. You may use the this syntax to get any other (missing) PERL module installed on your machine.
    1
    2
    3
    
    perl -MCPAN -e shell
    install File::RsyncP
    install Compress::Zlib
  6. Still as root, disable SELinux. Open /etc/sysconfig/selinux. You should see something like:
    SELINUX=enforcing
  7. Make that line look like
    SELINUX=disabled
  8. Reboot the machine for this setting to take effect.
  9. For reasons that will become clear a bit later on, Apache needs to be run as backuppc user. To this effect, open the file as root/etc/httpd/conf/httpd.conf – and search for the string, User. There should be two lines that look like:
    1
    2
    
    User apache
    Group apache
  10. Make them look like
    1
    2
    
    User backuppc
    Group apache
  11. Save and close the file. Restart Apache using the following command:
    /etc/init.d/httpd restart


Passwordless SSH Communication

backuppc user on kramer should be able to securely login to newman as brady (or root) without being prompted for password. To that effect, the following procedure may be used:

  1. On kramer, login as backuppc
  2. Execute the following command to generate RSA Private-Public Key pair. From SSH documentation, 1024 bytes key is sufficiently strong. Just keep pressing Enter and DO NOT enter anything for passphrase. The key pair should be stored in /home/backuppc/.ssh as id_rsa and id_rsa.pub.
    ssh-keygen -t rsa -b 1024
  3. Copy /home/backuppc/.ssh/id_rsa.pub from kramer to newman. Enter brady‘s password (on newman) when prompted.
    scp /home/backuppc/.ssh/id_rsa.pub brady@newman:/home/brady/.ssh/id_rsa.pub.kramer
  4. In newman, login as brady.
  5. Add backuppc‘s public key (from kramer) to authorized_keys list:
    cat /home/brady/.ssh/id_rsa.pub.kramer >> /home/brady/.ssh/authorized_keys
  6. From kramer, as backuppc, try the following command:
    sudo -u backuppc ssh brady@newman
  7. If the command succeeds and you find yourself logged into newman as brady, you are good and can expect BackupPC to work properly.


Installing BackupPC on kramer

  1. Login as backuppc
  2. Download the latest/stable version of tar-gzipped file from the Backup PC Download Page on Source Forge. As of writing this article, version 3.0.0 was the latest/stable release and let us suppose that the file is downloaded to /home/backuppc/Desktop/BackupPC-3.0.0.tar.gz
  3. Login as root
  4. Extract the tar-gzipped file to get a folder called BackupPC-3.0.0.
    cd /home/backuppc
    tar -zxvpf /home/backuppc/Desktop/BackupPC-3.0.0.tar.gz
  5. Run the configure.pl script to install BackupPC:
    cd BackupPC-3.0.0
    perl ./configure.pl
  6. First the interactive installation process checks whether it’s a fresh installation or an upgrade. Since it was a fresh installation, I just hit the Enter key.
    --> Full path to existing main config.pl []?
  7. Next it checks the path to various different utilities – most of which come installed by default. Like in the previous case, I just hit the Enter key.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    
    bzip2        => /usr/bin/bzip2
    cat          => /bin/cat
    df           => /bin/df
    gtar/tar     => /bin/gtar
    gzip         => /bin/gzip
    hostname     => /bin/hostname
    nmblookup    => /usr/bin/nmblookup
    par2         =>
    perl         => /usr/bin/perl
    ping         => /bin/ping
    rsync        => /usr/bin/rsync
    sendmail     => /usr/sbin/sendmail
    smbclient    => /usr/bin/smbclient
    split        => /usr/bin/split
    ssh/ssh2     => /usr/bin/ssh
    --> Are these paths correct? [y]?
  8. Next, it needs to know the host name of the machine (server) the BackupPC will be installed on. I hit the Enter key.
    --> BackupPC will run on host [kramer]?
  9. BackupPC should run as a dedicated user with limited privileges. This user will need read/write permission on the main data directory and read/execute permission on the install directory (these directories will be setup shortly). The primary group for this user should also be chosen carefully. The data directories and files will have group read permission, so group members can access backup files. On Debian-like distribution, the installation process creates this user-account automatically. Since this user-account was created already, I just hit the Enter key.
    --> BackupPC should run as user [backuppc]?
  10. Next, the process prompts for a location to install BackupPC (executables, libraries, documentation, etc.). Suggested location seemed reasonable enough and as such, I just hit the Enter key.
    --> Install directory (full path) [/usr/local/BackupPC]?
  11. Next, it prompts for a data directory for BackupPC. This is where all the PC backup data is stored. This file system needs to be big enough to accommodate all the PCs you expect to backup (eg: at least several GB per machine; from Step #2 of Preparing for Installation).
    --> Data directory (full path) [/data/BackupPC]? /storage/BackupPC
  12. BackupPC can compress pool files, but it needs the Compress::Zlib package installed (see www.cpan.org). Compression will provide around 40% reduction in pool size, at the expense of CPU time. You can leave compression off and run BackupPC without compression, in which case you should leave the compression level at 0 (which means off). You could install Compress::Zlib and turn compression on later, but read the documentation first about how to do this. Or the better choice is to quit, install Compress::Zlib, and re-run configure.pl. Since Compress::Zlib module was already installed, I chose a level of 3 and hit the Enter key.
    --> Compression level [0]? 3
  13. BackupPC has a powerful CGI perl interface that runs under Apache. A single executable needs to be installed in a cgi-bin directory. This executable needs to run as set-uid backuppc, or it can be run under mod_perl with Apache running as user backuppc. Leave this path empty if you don’t want to install the CGI interface. This was the reason for editing Apache configuration file and restarting it as backuppc user earlier. And, since I do prefer to have a web interface, I chose /var/www/cgi-bin and pressed the Enter key.
    --> CGI bin directory (full path) []? /var/www/cgi-bin
  14. BackupPC’s CGI script needs to display various GIF images that should be stored where Apache can serve them. They should be placed somewhere under Apache’s DocumentRoot. BackupPC also needs to know the URL to access these images. The URL for the image directory should start with a slash. The DocumentRoot variable of Apache, in default Red Hat Linux installations, is set to /var/www/html. As such, I chose /var/www/html/BackupPC and /BackupPC for these two questions respectively.
    --> Apache image directory (full path) []? /var/www/html/BackupPC
    --> URL for image directory (omit http://host; starts with '/') []? /BackupPC
  15. Last question is to make sure that we actually want to continue with the installation process. Needless to say, I hit the Enter key once more.
    --> Do you want to continue? [y]?
  16. That’s it. Assuming that it (the installation process) finds everything it needs, installation should complete smoothly and in about a minute. Be sure to read all the information that’s flashed on the screen.


Before Customizing BackupPC on kramer

Following are the file/folder locations that may be useful to know/keep in mind:

  1. Overall configuration file is /etc/BackupPC/config.pl.
  2. List of hosts (clients) to be backed is in /etc/BackupPC/hosts.
  3. Host (client) specific configuration file up can be found under /etc/BackupPC/pc/CLIENT_NAME/
  4. BackupPC executables are located in /usr/local/BackupPC/bin
  5. Libraries associated with these executables are located in /usr/local/BackupPC/lib
  6. Documentation is in /usr/local/BackupPC/docs
  7. Backed up data will be in /storage/BackupPC


Customizing /etc/BackupPC/config.pl on kramer

Either as root or as backuppc user, open /etc/BackupPC/config.pl for editing:

  1. Line # 118: The first entry of $Conf{WakeupSchedule} is when BackupPC_nightly is run. No other backups can run while BackupPC_nightly is running. You might want to re-arrange the entries in $Conf{WakeupSchedule} (they don’t have to be ascending) so that the first entry is when you want BackupPC_nightly to run (eg: when you don’t expect a lot of regular backups to run). My entry looks as follows:
    1
    
    $Conf{WakeupSchedule} = [1, 4, 7, 13, 19, 22];
  2. Line # 198: Maximum number of log files we keep around in log directory. These files are aged nightly. A setting of 14 means the log directory will contain about 2 weeks of old log files, in particular at most the files LOG, LOG.0, LOG.1, … LOG.13 (except today’s LOG, these files will have a .z extension if compression is on). If you decrease this number after BackupPC has been running for a while you will have to manually remove the older log files. My entry looks as follows:
    1
    
    $Conf{MaxOldLogFiles} = 28;
  3. Line # 337-338: Path to init.d script and command to use that script to start the server from the CGI interface. The following variables are substituted at run-time. My entry looks like:
    1
    2
    3
    4
    
    $Conf{ServerInitdPath}     = '/etc/init.d/backuppc';
    $Conf{ServerInitdStartCmd} = '$sshPath -q -x -l root $serverHost'
                                . ' $serverInitdPath start'
                                . ' < /dev/null >& /dev/null';
  4. Line # 440: Number of full backups to keep. Must be >= 1. In the steady state, each time a full backup completes successfully the oldest one is removed. If this number is decreased, the extra old backups will be removed. My entry looks as follows:
    1
    
    $Conf{FullKeepCnt} = 4;
  5. Line # 468: Very old incremental backups are removed after $Conf{IncrAgeMax} days. However, we keep at least $Conf{IncrKeepCntMin} incremental backups no matter how old they are. My entry looks as follows:
    1
    
    $Conf{IncrKeepCntMin} = 6;
  6. Line # 665: List of directories or files to backup. If this is defined, only these directories or files will be backed up. This can be set to a string, an array of strings, or, in the case of multiple shares, a hash of strings or arrays. A hash is used to give a list of directories or files to backup for each share (the share name is the key). If a hash is used, a special key “*” means it applies to all shares that don’t have a specific entry. My entry looks as follows:
    1
    
    $Conf{BackupFilesOnly} = {  '*' => [ '/home/brady', '/var/www/brady'  ] };
  7. Line # 788-794: One or more blackout periods can be specified. If a client is subject to blackout then no regular (non-manual) backups will be started during any of these periods. hourBegin and hourEnd specify hours fro midnight and weekDays is a list of days of the week where 0 is Sunday, 1 is Monday etc. My entry looks as follows:
    1
    2
    3
    4
    5
    6
    7
    
    $Conf{BlackoutPeriods} = [
        {
            hourBegin =>  6.0,
            hourEnd   =>  1.0,
            weekDays  => [0, 1, 2, 3, 4, 5, 6],
        },
    ]
  8. Line # 833: What transport method to use to backup each host. If you have a mixed set of WinXX and linux/unix hosts you will need to override this in the per-PC config.pl. My entry looks as follows:
    1
    
    $Conf{XferMethod} = 'rsync';
  9. Line # 840: Level of verbosity in Xfer log files. 0 means be quiet, 1 will give will give one line per file, 2 will also show skipped files on incrementals, higher values give more output. My entry looks as follows:
    1
    
    $Conf{XferLogLevel} = 5;
  10. Line # 1361: Archive Compression type. My entry looks as follows:
    1
    
    $Conf{ArchiveComp} = 'bzip2';
  11. Line # 1507: Maximum round-trip ping time in milliseconds. This threshold is set to avoid backing up PCs that are remotely connected through WAN or dialup connections. The output from ping -s (assuming it is supported on your system) is used to check the round-trip packet time. On your local LAN round-trip times should be much less than 20msec. On most WAN or dialup connections the round-trip time will be typically more than 20msec. My entry looks as follows:
    1
    
    $Conf{PingMaxMsec} = 500;
  12. Line # 1857: CGI user interface configuration settings. Administrative users have full access to all hosts, plus overall status and log information. My entry looks as follows. I understand that this is a very liberal setting and will explain later about restricting access to the CGI/web interface.
    1
    
    $Conf{CgiAdminUsers}     = '*';

Save and close the file.


Securing CGI Interface on kramer

For time being, I have restricted the list of machines from where the CGI/web interface can be accessed from. Follow the procedure below to do the same:

  1. Login as root
  2. Open /etc/httpd/conf/httpd.conf for editing.
  3. Search for Options Indexes FollowSymLinks and make that line look like
    1
    
    Options +Indexes Includes FollowSymLinks MultiViews ExecCGI
  4. Search for ScriptAlias /cgi-bin/ “/var/www/cgi-bin/” and make the Directory section below it look as follows:
    1
    2
    3
    4
    5
    6
    7
    8
    
    <Directory "/var/www/cgi-bin">
      AllowOverride All
      Options None
      Order allow,deny
      Allow from kramer_ip_address newman_ip_address any_other_ip_address_you_wish
    #  My entry looks like below
    # Allow from 192.168.1.2 192.168.1.3
    </Directory>
  5. Save and close the file.
  6. Restart Apache with the following command:
    /etc/init.d/httpd restart


Starting BackupPC on kramer

  1. Login as root
  2. Copy the /home/backuppc/BackupPC-3.0.0/init.d/linux-backuppc to /etc/init.d:
    cd /home/backuppc/BackupPC-3.0.0/init.d
    cp linux-backuppc backuppc
    chmod 755 backuppc
    mv backuppc /etc/init.d/
  3. In order to make sure that BackupPC starts after machine reboots, do the following – as root:
    chkconfig --add backuppc
    chkconfig --level 345 backuppc on
  4. Start BackupPC
    /etc/init.d/backuppc start
  5. Open the browser and point the URL to:
    http://kramer/cgi-bin/BackupPC_Admin

    The browser should display something like:



    BackupPC

    BackupPC Initial Screen : An indication that installation and configuration was successful.


Adding Clients

Click on Edit Hosts link in the above screen. Then click Add button and enter the following information:



BackupPC

BackupPC : Adding Hosts



Click on Save. What I have done here is to include kramer as well into the list of hosts (clients) that need to be backed up along with newman. The following section will describe per-client configuration file.


Configuring kramer As A Client

Since we have root previlige on kramer, we can back up pretty much anything we want. But I just chose /etc, /boot, /home, /usr/local and /var folders. To this effect, do the following (this could also be accomplished using the CGI interface by selecting kramer from the drop-down list and editing the settings):

  1. Login as backuppc
  2. Create the following directory
    cd /etc/BackupPC
    mkdir pc
  3. Create the file, kramer.pl with following contents:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    
    $Conf{XferMethod} = 'rsync';
    $Conf{RsyncClientCmd} = '$sshPath -q -x -l root $host $rsyncPath $argList+';
    $Conf{RsyncClientRestoreCmd} = '$sshPath -q -x -l root $host $rsyncPath $argList+';
    $Conf{BackupFilesOnly} = {
      '*' => [
        '/boot',
        '/etc',
        '/home',
        '/usr/local',
        '/var'
      ]
    };
  4. Save and close the file.


Configuring newman As A Client

Since we do not have root previlige on newman, we can only back up files/folders owned by user brady. I chose to back up /home/brady and /var/www/brady folders. To this effect, do the following (this could also be accomplished using the CGI interface by selecting newman from the drop-down list and editing the settings):

  1. Login as backuppc in kramer
  2. In /etc/BackupPC/pc, create the file, newman.pl with following contents:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    
    $Conf{XferMethod} = 'rsync';
    $Conf{RsyncClientCmd} = '$sshPath -q -x -l brady $host $rsyncPath $argList+';
    $Conf{RsyncClientRestoreCmd} = '$sshPath -q -x -l brady $host $rsyncPath $argList+';
    $Conf{BackupFilesOnly} = {
      '*' => [
        '/home/brady',
        '/var/www/brady'
      ]
    };
  3. Save and close the file.


Starting Back Up

Select kramer from the drop-down list in CGI/web interface and click on Start Full Backup. Repeat the same process for newman. That’s about it. Depending on $Conf{WakeupSchedule}, back ups will continue to work. If it fails for any reason, one can learn in detail about the cause by doing the following (Thanks to Kyle Schneider for this tip):

  1. Login as backuppc on kramer
  2. Change over to the folder with BackupPC binaries/executables:
    cd /usr/local/BackupPC/bin
  3. Run the following command:
    ./BackupPC_dump -v -f kramer
    ./BackupPC_dump -v -f newman
  4. In most cases, the error will be due to an rsync / tar / smb in a non-default location in client machine, or unsupported option for rsync / tar / smb or missing PERL module or something like that.


Restoring Files

Restoring files/folders takes just a few clicks. Select the machine (kramer or newman) and select the backup from which the files/folders need to be restored. Click on Restore and pick an option to restore (rsync, zipped file, local download). That’s about it.


Disclaimer #1

I have only tried this on linux machines but a friend of mine has configured a Macintosh (laptop) client and I am working getting mine to do the same. If you find technical/factual errors in this write-up and/or have other tips/tricks to share with, please do post them as comments using the form below. I am sure the readers, including myself, will be very grateful.

9 Replies to “BackupPC On Red Hat (Enterprise) Linux”

  1. Just a quick message to say thanks! I’ve been trying to set this up for two days, getting closer and closer but never managing to actually complete the whole setup. This is exactly what I was looking for! 🙂

  2. Excellent walk-through. Saved me many many sanity points. the only thing that caught me that wasn’t stated was that I needed to have perl-suidperl installed and didn’t …oops.
    Again, thanks for this walk-through!!

  3. @Dfused:
    I am glad to know that it was useful to you and saved you some time. I probably missed perl-suidperl because my default OS installation took care of it.

    Thanks for posting about it though – I am sure others will find it useful 🙂

  4. GREAT!! Works on the latest version of CentOS as well!! One step to include if you get a failed hardlink test while starting backuppc is to chmod 755 the /data directory.

Comments are closed.