Monday, 02 September 2019 16:23

CentOS and BackupPC Part 2

Rate this item
(0 votes)

Installing BackupPC on CentOS

The definitive guide to installing...

or close enough.

Part 2 of 3

 

This is part 2 of a 3-part article.  If you haven't seen the other parts, you can find them here:  Part 1 and Part 3

Part 2 goes through configuring the BackupPC Server.  If something doesn't make sense, please leave a comment.


  • If you are interested in accessing BackupPC from another computer on the network, edit the Firewall with your tool of choice and allow port 80 through it
  • Additionally, you will need to edit the apache BackupPC configuration file
    • Edit: /etc/httpd/conf.d/BackupPC.conf
    • Add the two lines below containing the IP address of the local network that needs access.  Add identical lines below them, as needed, for any other network that needs web access to the server.
      	<IfModule mod_authz_core.c>
      	  # Apache 2.4
      	  <RequireAll>
      	    Require valid-user
      	    <RequireAny>
      	      Require local
                    Require ip 192.168.1  # Add this line
      	    </RequireAny>
      	  </RequireAll>
      	</IfModule>
      	<IfModule !mod_authz_core.c>
      	  # Apache 2.2
      	allow from 127.0.0.1
              allow from 192.168.1  # Add this line
      	require valid-user
      	</IfModule>
      

  • Sometimes, I have run into trouble where the temporary folder doesn't exist, gets deleted, or otherwise, disappears, so I wrote a startup script to check it and create it, if not found.  This is optional, but is something I do, just in case.
    • First, create a file.  I'll put this one in the root folder and call it backuppccheck.sh:
      #  vi /root/backuppccheck.sh
      
    • Paste the following in the file:
      #!/bin/sh
      # backuppccheck
      # description: Makes sure the backuppc Temp Folder Exist on startup
      
              if [ -d /var/run/BackupPC ]; then
                      logger "BackupPC temp folder exists"
              else
                      mkdir -p /var/run/BackupPC
                      chown backuppc:backuppc /var/run/BackupPC
                      logger "BackupPC temp folder created"
              fi
    • This will check if the folder exists and create it, if needed.  Either way, it will write a note to the logfile what it does.
    • Make the file executable:
      #  chmod u=rwx /root/backuppccheck.sh
    • Make the service file that will execute this file on startup:
      #  vi /etc/systemd/system/backuppccheck.service
    • Paste the following in the file, changing the file name and location as needed:
      [Unit]
      Description=Check if BackupPC Temp Folder Exists on startup
      After=network.target
      
      [Service]
      Type=simple
      ExecStart=/root/backuppccheck.sh
      TimeoutStartSec=0
      
      [Install]
      WantedBy=default.target
    • Start and Enable the service:
      #  systemctl start backuppccheck.service
      #  systemctl enable backuppccheck.service

To have the BackupPC server find and ping other computers, you'll need to configure the Router and/or the BackupPC Server

  • Depending on how you're network is configured, you may have to tell the router AND the backuppc server where to find computers on the network that you want to back up.  To do this, you need to assign static IP addresses in the router configuration.  For example, I want to back up the following workstations and I'm assigning the corresponding IP addresses.  Each router is different, but search the internet how to do this for your specific router, if needed.
    • MY EXAMPLE:
      • MyPCLaptop is assigned 192.168.1.50
      • MyLinuxLaptop is assigned 192.168.1.55
      • MyMacLaptop is assigned 192.168.1.60
      • MyDesktop is assigned 192.168.1.70
  • Once you have these IP addresses entered in the router, go to the BackupPC server and find the hosts file.
  • In CentOS, it is located in the following file: /etc/hosts
  • Edit the Hosts file and add the same IP addresses and Hostnames as you did in the Router
    #  vi /etc/hosts
    • Add the same hostnames and IP addresses
      127.0.0.1     localhost
      ::1           localhost
      192.168.1.50  MyPCLaptop
      192.168.1.55  MyLinuxLaptop
      192.168.1.60  MyMacLaptop
      192.168.1.70  MyDesktop
  • After adding these to the BackupPC server, you should be able to PING these computers.  For fun, you can ping as the backuppc user.
  • As root, type:
    #  sudo -u backuppc ping MyPCLaptop

  • Sending test Email
    • As root, type:
    • #  sudo -u backuppc /usr/share/BackupPC/bin/BackupPC_sendEmail -u This email address is being protected from spambots. You need JavaScript enabled to view it.
    • If the email doesn't send, you should be able to see the errors and/or troubleshoot the problem.  There are many resources on the internet to help with sendmail.

One, last, optional, thing you can do on the Server:

Encrypt the BackupPC Data

This is a little advanced and I won't go into great detail on how to encrypt a drive as there is plenty of CentOS information to be found, but once the drive is formatted and encrypted, mount the drive where you want BackupPC to store the data and configure the drive as shown in Part 1.  So, for example, if I have an encrypted drive mounted at /media/encBackup, I run through all the parts and get BackupPC working.  Since the whole point of the encryption is to keep it secure, the encrypted drive is not automatically mounted at startup so, if the computer is restarted, you will have to manually mount the drive and start the backuppc services. 

With the script below, the only thing you'll do when the computer is restarted is (1) login as root, (2) run the script, (3) type the password to unlock the drive. 

I put the script in the /root folder so when I login as root, all I have to do is run the script, but you can put it anywhere. It's really easy.  First, we need to get the encrypted drive information.

  • Unlock the Encrypted Drive and, from root, type:
    blkid
  • Locate the Encrypted Drive's:
    • Device Name (ex. /dev/sdb)
    • UUID (ex. fc3333f1-1bf3-3333-af33-333a333f33af)
    • Device Name after being unlocked (ex. /dev/mapper/fc3333f1-1bf3-3333-af33-333a333f33af)
      [root@localhost ~]# blkid
      ...
      /dev/sdb: UUID="fc3333f1-1bf3-3333-af33-333a333f33af" TYPE="crypto_LUKS" 
      ...
      /dev/mapper/fc3333f1-1bf3-3333-af33-333a333f33af: LABEL="Backups" UUID="fc8888f1-1bf8-8888-af88-888a888f88af" TYPE="ext4" 
  • Once the above information has been determined, create a file...I'll call mine: start_backuppc.sh
    #  vi /root/start_backuppc.sh
  • Paste the following information in the file and replace the Device and UUID information with your Encrypted drive information.
    #!/bin/bash
    
    # Device Name of locked drive and UUID
    cryptsetup luksOpen /dev/sdb "fc3333f1-1bf3-3333-af33-333a333f33af"
    
    # Mount encrypted drive after unlocking it
    # mount /dev/mapper/UUID  /mount/point
    mount /dev/mapper/fc3333f1-1bf3-3333-af33-333a333f33af /media/encBackup
    
    #Restart BackupPC service
    systemctl restart backuppc.service
    
  • Save the file and make it executable
    #  chmod -u=rwx /root/start_backuppc.sh
  • Now, once the computer has been restarted, login as root and type:
    #  sh start_backuppc.sh
  • Type the Encrypted Drive's Password and logout.  If there were no errors, BackupPC starts.

 

Congrats! You should have a working BackupPC server...whether it is encrypted or not.  To add different hosts, jump to Part 3

 

Read 8144 times Last modified on Sunday, 08 September 2019 19:36

Leave a comment

Because of spammers, I've changed the comments so they do not auto-show, but if you leave a comment, it should post within 24 hours.