source: box/boxbackup-web/client.html @ 1901

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
<title>Box Backup client configuration</title>
<link rel="stylesheet" href="bbstyles.css" type="text/css" />
</head>
<body>
<div align="center">
<div id="header">
<div id="logo">
<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
</div>
<div id="page">


<h1>Box Backup client configuration</h1>

<h2>Before you start</h2>

<p>Before you can do any configuration, you need to know the hostname of the server
you will be using, and your account number on that server.</p>

<p>Later in the process, you will need to send a certificate request to the administrator
of that server for it to be signed.</p>

<p>Installation is covered in the <a href="install.html">compiling and installing</a> section.
You only need the backup-client parcel.</p>

<p><b>It is important that you read all the output of the config scripts.</b> See the end
of this page for an example.</p>

<p>The backup client has to be run as root, because it needs to read all your files to
back them up, although it is possible to back up a single user's files by running it as that user.
(Tip: specify a directory other than /etc/box, and then give the alternate config file
as the first argument to bbackupd). However, it will fall over if you don't give yourself
read access to one of your files.</p>

<h2>Step 1</h2>

<p>Run the <tt>bbackupd-config</tt> script to generate the configuration files
and generate a private key and certificate request.</p>

<pre>
/usr/local/bin/bbackupd-config /etc/box lazy <b>999</b> <b>hostname</b> /var/bbackupd <b>/home</b>
</pre>

<p>(See <a href="openssl.html">OpenSSL notes</a> if you get an OpenSSL error)</p>

<p>The items in bold need to be changed. In order, they are the account number, the hostname
of the server you're using, and finally, the directories you want backed up. You can include as
many you want here.</p>

<p>However, the directories you specify <b>must not</b> contain other mounted file systems within them
at any depth. Specify them separately, one per mount point. No checks are currently made to
catch bad configuration of this nature!</p>

<p>You may also want to consider changing the mode from <i>lazy</i> to <i>snapshot</i>, depending on
what your system is used for.</p>

<dl>
<dt>lazy
<dd>This mode regularly scans the files, with only a rough schedule. It uploads files as and
when they are changed, if the latest version is more than a set age. This is good for backing up
user's documents stored on a server, and spreads the load out over the day.
<dt>snapshot
<dd>This mode emulates the traditional backup behaviour of taking a snapshot of the filesystem.
The backup daemon does absolutely nothing until it is instructed to make a backup using the
<tt>bbackupctl</tt> utility (probably as a cron job), at which point it uploads all files which
have been changed since the last time it uploaded.
</dl>

<p>When you run the config script, it will tell you what you need to do next. Don't forget to read
all the output. An example is shown at the end of this page, but the instructions for your installation
may be different.</p>

<h2>Step 2</h2>

<p>After you have sent your certificate request off to the server administrator and received your
certificate and CA root back, install them where instructed by the <tt>bbackupd-config</tt> script in step 1.</p>

<p>You can then run the daemon (as root) by typing <tt>/usr/local/bin/bbackupd</tt>, and of course, adding
it to your system's startup scripts. The first time it's run it will upload everything. Interrupting
it and restarting it will only upload files which were not uploaded before - it's very tolerant.</p>

<p>If you run in snapshot mode, you will need to add a cron job to schedule backups. The config
script will tell you the exact command to use for your system.</p>

<p>Please read the <a href="trouble.html">Troubleshooting</a> page if you have problems.</p>


<p><b>Remember</b> to make a traditional backup of the keys file, as instructed. You cannot restore
files without it.</p>

<p>It is recommended that you backup up all of <tt>/etc/box</tt> as it will make things easier if you
need to restore files. But only the keys are absolutely essential.</p>

<p>If you want to see what it's doing in more detail (probably a good idea), follow the instructions in the server setup
to create new log files with syslog.</p>


<h2>Adding and removing backed up locations</h2>

<p>By editing the <tt>/etc/box/bbackupd.conf</tt> file, you can add and remove directories
to back up -- see comments in this file for help. Send <tt>bbackupd</tt> a HUP signal after you modify it.</p>

<p>When you remove a location, it will not be marked as deleted immediately. Instead,
<tt>bbackupd</tt> waits about two days before doing so, just in case you change your mind.
After this, it will be eventually removed from the store by the housekeeping process.</p>


<h2>Run as root</h2>

<p>The backup client is designed to be run as root. It is possible to
<a href="nonroot.html">run without root</a>, but this is not recommended.</p>


<h2>Clock synchronisation for file servers</h2>

<p>If you are using the backup client to backup a filesystem served from a fileserver,
you should ideally ensure that the fileserver clocks are synchronised with the fileserver.</p>

<p><tt>bbackupd</tt> will cope perfectly well if the clocks are not synchronised. Errors up
to about half an hour cause no problems. Larger discrepancies cause a loss of efficiency
and the potential to back up a file during a write process.</p>

<p>There is a configuration parameter <tt>MaxFileTimeInFuture</tt>, which specifies how far
in the future a file must be for it to be uploaded as soon as it is seen. You should not need
to adjust this (default is 2 days). Instead, get those clocks synchronised.</p>


<h2>Excluding files and directories from the backup</h2>

<p>Within the <tt>bbackupd.conf</tt> file, there is a section named
<tt>BackupLocations</tt> which specifies which locations on disc should be backed up.
It has subsections, each of which is in the format</p>

<pre>
  <i>name</i>
  {
     Path = <i>/path/of/directory</i>
     <i>(optional exclude directives)</i>
  }
</pre>

<p><i>name</i> is derived from the Path by the config script, but should merely be
unique.</p>

<p>The exclude directives are of the form</p>

<pre>
  [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname
</pre>

<p>(The regex suffix is shown as 'sRegex' to make File or Dir plural)</p>

<p>For example:</p>

<pre>
  ExcludeDir = /home/guest-user
  ExcludeFilesRegex = *.(mp3|MP3)\$
  AlwaysIncludeFile = /home/username/veryimportant.mp3
</pre>

<p>This excludes the directory /home/guest-user from the backup along with all mp3
files, except one MP3 file in particular.</p>

<p>In general, Exclude excludes a file or directory, unless the directory is
explicitly mentioned in a AlwaysInclude directive.</p>

<p>If a directive ends in Regex, then it is a regular expression rather than a
explicit full pathname. See</p>

<pre>
  man 7 re_format
</pre>

<p>for the regex syntax on your platform.</p>




<h2>Example configuration output</h2>

<p>This is an example of output from the bbstored-config script. <b>Important:</b>
Follow the instructions output by your script, not the ones here -- they may be different
for your system.</p>

<pre>
# /usr/local/bin/bbackupd-config /etc/box lazy 51 server.example.com /var/bbackupd /home /etc/samba

Setup bbackupd config utility.

Configuration:
   Writing configuration file: /etc/box/bbackupd.conf
   Account: 51
   Server hostname: server.example.com
   Directories to back up:
      /home
      /etc/samba

Note: If other file systems are mounted inside these directories, then problems may occur
with files on the store server being renamed incorrectly. This will cause efficiency
problems, but not affect the integrity of the backups.

WARNING: Directories not checked against mountpoints. Check mounted filesystems manually.

Creating /etc/box...
Creating /etc/box/bbackupd
Generating private key...
 [OpenSSL output omitted]

Generating keys for file backup
Writing notify script /etc/box/bbackupd/NotifyStoreFull.sh
Writing configuration file /etc/box/bbackupd.conf

===================================================================

bbackupd basic configuration complete.

What you need to do now...

1) Make a backup of /etc/box/bbackupd/51-FileEncKeys.raw
   This should be a secure offsite backup.
   Without it, you cannot restore backups. Everything else can
   be replaced. But this cannot.
   KEEP IT IN A SAFE PLACE, OTHERWISE YOUR BACKUPS ARE USELESS.

2) Send /etc/box/bbackupd/51-csr.pem
   to the administrator of the backup server, and ask for it to
   be signed.

3) The administrator will send you two files. Install them as
      /etc/box/bbackupd/51-cert.pem
      /etc/box/bbackupd/serverCA.pem
   after checking their authenticity.

4) You may wish to read the configuration file
      /etc/box/bbackupd.conf
   and adjust as appropraite.
   
   There are some notes in it on excluding files you do not
   wish to be backed up.

5) Review the script
      /etc/box/bbackupd/NotifyStoreFull.sh
   and check that it will email the right person when the store
   becomes full. This is important -- when the store is full, no
   more files will be backed up. You want to know about this.

6) Start the backup daemon with the command
      /usr/local/bin/bbackupd
   in /etc/rc.local, or your local equivalent.
   Note that bbackupd must run as root.

===================================================================

Remember to make a secure, offsite backup of your backup keys,
as described in step 1 above. If you do not, you have no backups.
</pre>

<p>&nbsp;</p>
<p>&copy; Ben Summers, 2003, 2004</p>
<p>&nbsp;</p>
</div>
</div>
</body>
</html>