/zbackup

Backup scripts using zfs and rsync

Primary LanguagePython

zbackup is a backup script written in python that performs backups
using rsync and ZFS. The backup script runs on the backup server
and pulls files from clients using rsync and ssh keys.

Features:
- Fast file tranfer using rsync
- Data channel encrypted via ssh
- Incremental backups using rsync and ZFS snapshots
- Support pruning of old snapshots
- Email reports

Supported Backup Servers:
Any UNIX Operating System with ZFS*

Supported Backup Clients:
Any UNIX Operating System with sshd

*Only FreeBSD 9.0 has been tested by the author. In theory
Solaris should be supported. If anyone is trying to run this script
on Solaris I'd be very interested to hear if it works.

==================
Requirements:
==================
On the backup server:
zfs
rsync
python 2.6 or higher
a zbackup user account
ssh

On the client machines:
A UNIX operating system
sshd running
a zbackup user account with scp access (see below)
rssh (highly recommended)


==================
Server setup
==================
1) Installing the software
If you checked out from git, you'll need automake 1.11 and autoconf 2.68. If you
downloaded a tarball with a configure script, you can skip this.
$ autoreconf -ifv

Configure and install the scripts
$ ./configure
$ make
# make install

2) Set up the backup filesystem
zbackup requires a ZFS filesystem. Use the zpool create command
to create a new pool. See the ZFS documentation for more
information on creating zpools and zvolumes.

It is recommended that this zpool be used solely for backups and nothing
else. If you must share the same pool with something else, use quotas to
prevent zbackup from filling the entire pool.

3) Create a zbackup user
Create a user account and optionally a group for zbackup 
to run as. This user/group must have
write access to the backup filesystems.
Be sure to set the zbackup user's shell to /usr/sbin/nologin
or some equivalent on your system. Do not enable password
authentication.

4) Give zbackup user ZFS permissions
The user needs permissions to create and destroy snapshots. Use the 
following command:
#zfs allow -ud zbackup snapshot,destroy,mount <FILESYSTEM>

5) Create an ssh key
You will need to create an ssh key for the zbackup user to access
client machines. Change the zbackup users shell to /bin/sh and login
as them. Then run ssh-keygen, do not create a passphrase.
Finally logout and change the users shell back to /usr/sbin/nologin

On freebsd the relevant commands would be:
#pw usermod zbackup -s /bin/sh
#su zbackup
$ssh-keygen -t rsa
$exit
#pw usermod zbackup -s /usr/sbin/nologin

6) Write a zbackup config file
An example config file is provided in the source distribution with comments.
The default location for the config file is 
/etc/zbackup.conf
Additional config files can also be placed in
/etc/zbackup.conf.d
See below for additional information about defining volumes

=====================
Client Machine Setup
=====================
For each client machine you wish to perform backups on
perform the following:

1) Install rssh on the client (highly recommended)
zbackup accesses files using rsync over ssh with passwordless
public access. By default this method of file transfer 
is very insecure because. If the backup server becomes compromised,
the adversary has immediate passwordless shell access to all clients.

Rssh allows us to install a shell that allows only rsync access
by the zbackup user. Install rssh using your package manager. Be sure
to create an rssh.conf file (/etc/rssh.conf on linux, 
/usr/local/etc/rssh.conf on FreeBSD) to enable rsync which is usually
disabled by default.

2) Enable public key authentication and ssh login access for the zbackup user
You may need to edit your sshd configuration (usually /etc/ssh/sshd_config)
to enable Public key authentication.

3) Create a zbackup user on the client machine
The zbackup user on the client will need to access
files through scp. This user will need read access
to all of the files and directories you wish to backup.
Be sure to set the users shell to rssh.

4) Copy the public key from the server
Install the public ssh key (/home/zbackup/.ssh/id_rsa.pub on the server)
into your zbackup users authorized_keys file (/home/zbackup/.ssh/authorized_keys on client)

=====================
Volume creation
=====================
zbackup does backups in terms of volumes. A zbackup volume
is synonymous with a zfs file system. To define a volume, 2
config file sections are required.

The first is the volume section, which looks like
[volume VOLNAME]
This section contains key = value pairs describing volumes.
See the example config file for details.

The next is the files section, which looks like
[files VOLNAME]
This section contains shell glob patterns on each line.
These are paths on the client machine that will be copied to the 
zfs filesystem. A second path can be optionally specified to place it
in a different location in the filesystem.