Tuesday, January 1, 2013

Simple Solution - Part I


Overview

I wanted to share my simple, no frills home backup solution which can be implement fairly quickly.  Note this solution is completely command line driven and is meant for individuals comfortable using Linux command line.  This solution will not have all the "bells and whistles" of other software solutions, but will do the job.


Screenshots
Here are some screen shots of the backed up files, as seen from Windows.  Notice how each point in time backup is organized in its own directory.   There is also a folder called "_current" which points to the most recent backup.



fig.1  Windows file browsing to the Raspberry Pi backup appliance.  _current points to the most recent backup.
























fig.2  Windows file properties of entire backup shows 39.5TB even though there is actually only 2 GB of real data.  The snapshot mechanism gives the illusion that we have multiple full backups per day.


Goals
  • Leverage a cheap Raspberry Pi solution with external USB storage to provide a simple home backup solution for Windows computers on my network.
  • Provide a file-level "Snap shot"point in time restore capability.  Only files which change or added are updated while maintaining the illusion of multiple full backups.
  • System will self purge old backups and run regularly scheduled backups.
  • Data is encrypted on the external USB storage and can be easily expanded as your data volume increases (just add more disks and grow the filesystem).  Note: there is no drive redundancy in this solution since it is a backup of my main data. I preferred to have more storage space than to increase resilience. 
  • Should be relatively simple to configure.
Encryption Setup
  • Configure and install a Raspberry Pi with "wheezy-raspbian".
  • Attach an external self powered USB storage device.
  • Install required software packages:
#apt-get install cryptsetup rsync autofs lvm2 xfsprogs xfsdump samba
  • Create a logical volume to allow for future expansion.  If you only have one USB device connected, your device is more than likely called /dev/sda .  WARNING: the following steps will destroy existing data on that disk. 
#dd if=/dev/urandom of=/dev/sda bs=1024k
#cryptsetup luksFormat /dev/sda
#cryptsetup luksOpen /dev/sda sda_crypt
  • Create logical volumes
#pvcreate -f /dev/mapper/sda_crypt
#vgcreate vgbackup /dev/mapper/sda_crypt
#lvcreate -l `vgdisplay vgbackup|grep Free|awk '{print$5}'` -n lvbackup1 /dev/vgbackup
#dd if=/dev/urandom of=/etc/keyfile bs=1024 count=4 && chmod 0400 /etc/keyfile

  • Skip the next two steps if you prefer to key in a password at each reboot.  This will help protect your data in the event your backup appliance is stolen.  Please see the note at the bottom regarding rebooting.

#cryptsetup luksAddKey /dev/sda /etc/keyfile
  • Add the following line to the /etc/crypttab  . This will allow you to mount the filesystem at boot without having to issue a cryptsetup command.
sda_crypt  /dev/sda /etc/keyfile  luks

  • Add the following to the end of the  /etc/auto.master file
/backup /etc/auto.backup
  • Create a new file called  /etc/auto.backup with the following contents
vol1            -fstype=xfs             :/dev/vgbackup/lvbackup1
  • Unlock the new encrypted device.  You will be prompted for the volume password.
  • Format the new device
#mkfs.xfs /dev/vgbackup/lvbackup1

  • Test mounting the new disk
#mkdir /backup;mount /backup
  • Unmount the disk and lock it
#umount /backup;cryptsetup luksClose lvbackup1_crypt
  • Retest mounting without a password.  Just by listing the directory, autofs will take care of mounting the  new filesystem.  
#/etc/init.d/autofs restart;ls /backup/vol1
  • You should see something like this if the mount was successful .
# df /backup/vol1
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/vgbackup-lvbackup1 7815168 32928 7782240 1% /backup/vol1

Congratulations, you now have an encrypted file sytem.



The backup script

#chmod +x /usr/local/bin/snapshotit.sh
  • Copy the following configuration file to /etc/snapshotit.conf . Modify DATASRC to reflect windows shares you want to backup.  Also modify the AGE variable = how long to keep daily backups, and mAGE = how long to keep monthly backups.
  • Copy the following exclude list file to /etc/snapshotit.exclude.Modify the exclude list to reflect folders/files you do not want to backup.
  • Manually execute the backup script.
#/usr/local/bin/snapshotit.sh


  • Schedule automated backups through cron
#crontab -e


  • Paste the following in the crontab then save (shift-Z-Z)
0 2,10,13,19 * * * /usr/local/bin/snapshotit.sh >/var/log/snapshotit.log 2>&1


Create a Windows accessible share



  • Edit the /etc/samba/smb.conf, add the following to the end.  Replace USER1 with any user you like

[backup]
comment = backupfolder
browseable = yes
path = /backup/vol1
guest ok = no
read only = yes
valid users = USER1

  • Add that user to samba , replace USER1 with your user  (NOTE: for those of you familiar with traditional samba, it appears that smbpasswd has been replaced with bdbedit).

#pdbedit -a USER1

  • Restart samba to allow access to the backup files via Windows: \\RASPBERRYPI\backup , assuming  you called your raspberrypi RASBERRYPI.

#service samba restart








fig3: Your share should look something like this from your Windows PC.









  • NOTE: If you chose not to add the keyfile to your encrypted disk, then you will need to manually enter a password everytime you reboot the Raspberry Pi in order to mount the backup disk.



  • After rebooting, you will need to logon and type in the following commands
#cryptsetup luksOpen /dev/sda sda_crypt  && service lvm2 start && service autofs restart






That's IT!   Next I'll talk about how to add additional disks and expand the backup volume as you run out of space.







snapshotit.exclude Exclude list


*/Thumbs.db
*/System Volume Information
*/\$RECYCLE.BIN*



snapshotit.conf Configuration file



## Change each DATASRC to shares you have created in your environment
# Space delimited.
#Data you want to backup with versioning
DATASRC="/cifs/a /cifs/b /cifs/c"

#Cleanup age in days
AGE=35
mAGE=85

#Base destination dir
BASEDIR=/backup/vol1


snapshotit.sh backup script



#!/bin/sh


#
#Snapshotit backup script
#
#V1.0
#Haim Lichaa
#
#
. /etc/snapshotit.conf

date=`date "+%Y-%m-%d_%H-%M"`
day=`date "+%d"`
hour=`date "+%H"`

backtype=back

if [ $day -eq 7 ] && [ $hour -lt 4 ];then
backtype=monthly
fi

for iDATASRC in $DATASRC;do
[ ! -d $iDATASRC ] && echo "[$date] Skipping $iDATASRC: Not available" && continue
echo "[$date] Starting Backup for $iDATASRC"
#Destination Snapshot folder
SNAPDST=$BASEDIR/$backtype-$date/

#Excludes (add to file)
EXCLUDES="/etc/snapshotit.exclude"

#Current Snapshot backup
CURRDATA=$BASEDIR/_current

[ ! -x $CURRDATA ] && ln -s . $CURRDATA

cd $BASEDIR

rsync -aHltv --exclude-from=$EXCLUDES --link-dest=$CURRDATA $DATASRC $SNAPDST/ >$BASEDIR/$backtype-$date.log 2>&1
echo "[$date] Backup complete for $iDATASRC"
done

#File cleanup
rm -f $CURRDATA
ln -s $backtype-$date $CURRDATA
touch $backtype-$date
date=`date "+%Y-%m-%d_%H-%M"`
echo "[$date] starting file cleanup"
### Keep this many dailies
find $BASEDIR -maxdepth 1 -type d -name "back-*" -ctime +$AGE -exec rm -r {} \;
### Delete old logfiles
find $BASEDIR -maxdepth 1 -type f -name "back-*.log" -ctime +$AGE -exec rm -r {} \;
### Keep this many monthlies
find $BASEDIR -maxdepth 1 -type d -name "monthly-*" -ctime +$mAGE -exec rm -r {} \;
date=`date "+%Y-%m-%d_%H-%M"`
echo "[$date] Cleanup complete"