diff options
Diffstat (limited to 'debian/testing-notes.org')
-rw-r--r-- | debian/testing-notes.org | 406 |
1 files changed, 406 insertions, 0 deletions
diff --git a/debian/testing-notes.org b/debian/testing-notes.org new file mode 100644 index 00000000..b948c100 --- /dev/null +++ b/debian/testing-notes.org @@ -0,0 +1,406 @@ +#+TITLE: boxbackup testing notes +#+DATE: <2017-06-17 Sat> +#+AUTHOR: Reinhard Tartler +#+EMAIL: siretart@debian.org + +* Installing vagrant + +These are my personal notes on how I've tested the boxbackup +packages. Surely there are many other ways (and even better ones) how +test the packages, but this is a way that works for me. Please do +provide me with your thoughts and suggestions. + +I'm using vagrant in KVM mode, which is included in debian/stretch. I've +tested this on a relatively modern Intel I5-7260U CPU with a Debian +amd64 installation. Other architectures and non-virtualized environments +should work exactly the same. The basic testing idea is to install the +CA signature server, the boxbackup server and the boxbackup client on +the same (virtual) machine, and backup to localhost for +simplicity. Production installations will place them all on different +host, but that would make testing unnecessarily hard. + +Let's first start with installing vagrant: + +#+BEGIN_SRC bash +sudo apt install vagrant-libvirt virt-manager +sudo adduser $(whoami) libvirt +newgrp +#+END_SRC + +Now we can get a new box, get it up and login: + +#+BEGIN_SRC bash +vagrant init debian/stretch64 +vagrant up +vagrant ssh +#+END_SRC + +You might get some password prompts, not sure how to avoid those. + +* Testing boxbackup + +First install the debian packages. This assumes that the Vagrant file is +in the same directory that contains the =*.deb= packages to test. + +#+BEGIN_SRC bash +sudo apt install /vagrant/boxbackup*0.13*.deb +#+END_SRC + +First, we need to create a certificate authority. + +#+BEGIN_SRC bash +cd /root +bbstored-certs ca init +#+END_SRC + +Setup the server: + +#+BEGIN_SRC bash +mkdir /boxbackup/ +dpkg-reconfigure -p low boxbackup-server +#+END_SRC + +Output might look like this: + +#+BEGIN_EXAMPLE +Configuring boxbackup-server +---------------------------- + +The package configuration scripts can create the configuration files for the BoxBackup server. + +You should choose this option if you are not familiar with BoxBackup's configuration options. The configuration can be done manually with +the 'raidfile-config' and 'bbstored-config' scripts. + +The server will not start if it is not configured. In all cases, reading the /usr/share/doc/boxbackup-server/README.Debian is recommended. + +Should BoxBackup be configured automatically? [yes/no] + + +Should BoxBackup be configured automatically? [yes/no] yes +yes + + +Please choose the location for the three RAID file directories. + +To enable RAID, the directory names should be a space-separated list of three partitions, each on different physical hard drives (for +example: '/raid/0.0 /raid/0.1 /raid/0.2'). + +If you don't want to enable RAID, just specify the path to one directory where the backups will be stored (for example, +/usr/local/lib/boxbackup). + +These directories will be created if they do not exist. + +Location of the RAID directories: /boxbackup/0 +/boxbackup/0 + + +BoxBackup uses userland RAID techniques. + +Please choose the block size to use for the storage. For maximum efficiency, you should choose the block size of the underlying file +system (which can be displayed for ext2 filesystems with the 'tune2fs -l' command). + +This value should be set even if you don't plan to use RAID. + +Block size for the userland RAID system: 4096 +4096 + + +The BoxBackup server needs an RSA private key and the corresponding X.509 certificate to perform client-server authentication and +communication encryption. + +Both can be generated automatically. You will need to sign the certificate with your root CA (see the boxbackup-server package) and put +this signed certificate and the root CA certificate in the configuration folder. + +Generate a server private key and X.509 certificate request? [yes/no] yes +yes + + +User bbstored already exists. +Creating /boxbackup/0/backup directory... +Generating RSA private key, 2048 bit long modulus +...................+++ +............+++ +e is 65537 (0x010001) +You are about to be asked to enter information that will be incorporated +into your certificate request. +What you are about to enter is what is called a Distinguished Name or a DN. +There are quite a few fields but you can leave some blank +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []:Email Address []: +Please enter the following 'extra' attributes +to be sent with your certificate request +A challenge password []:An optional company name []:perl: warning: Setting locale failed. + +Creating config file /etc/boxbackup/raidfile.conf with new version + +Creating config file /etc/boxbackup/bbstored.conf with new version + +#+END_EXAMPLE + +Now we need to sign the server certificate: + +#+BEGIN_EXAMPLE +cd /root +bbstored-certs ca sign-server /etc/boxbackup/bbstored/boxbackup-server-cert-req.pem + +This certificate is for backup server + + localhost + +Signing the wrong certificate compromises the security of your backup system. + +Would you like to sign this certificate? (type 'yes' to confirm) +yes +yes +Signature ok +subject=CN = localhost +Getting CA Private Key + + +Certificate signed. + +Install the files + + ca/servers/localhost-cert.pem + ca/roots/clientCA.pem + +on the server. + +#+END_EXAMPLE + +After this, we need to install them: + +#+BEGIN_SRC bash +cp -v ca/roots/clientCA.pem /etc/boxbackup/bbstored/boxbackup-client-ca-cert.pem +cp -v ca/servers/localhost-cert.pem /etc/boxbackup/bbstored/boxbackup-server-cert.pem +#+END_SRC + +Create a new user: + +#+BEGIN_SRC bash +bbstoreaccounts create 1 0 1G 2G +#+END_SRC + +Now we can start the server: + +#+BEGIN_EXAMPLE +# systemctl restart boxbackup-server +# systemctl status boxbackup-server +● boxbackup-server.service - Box Backup Server + Loaded: loaded (/lib/systemd/system/boxbackup-server.service; disabled; vendor preset: enabled) + Active: active (running) since Sat 2017-06-17 23:59:32 UTC; 2s ago + Main PID: 2574 (bbstored) + Tasks: 2 (limit: 4915) + CGroup: /system.slice/boxbackup-server.service + ├─2574 /usr/sbin/bbstored -F -c /etc/boxbackup/bbstored.conf + └─2575 /usr/sbin/bbstored -F -c /etc/boxbackup/bbstored.conf + +Jun 17 23:59:32 stretch systemd[1]: Started Box Backup Server. +Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Box Backup Store Server v0.12~gitcf52058f-1, (c) Ben Summers and contributors 2003-2014 +Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Starting daemon, version: 0.12~gitcf52058f-1 +Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Starting daemon, version: 0.12~gitcf52058f-1 +Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Using configuration file: /etc/boxbackup/bbstored.conf +Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Using configuration file: /etc/boxbackup/bbstored.conf +#+END_EXAMPLE + + +Let's create setup the client: + +#+BEGIN_SRC bash +# dpkg-reconfigure -plow boxbackup-client +dpkg-reconfigure -plow boxbackup-client +debconf: unable to initialize frontend: Dialog +debconf: (Dialog frontend will not work on a dumb terminal, an emacs shell buffer, or without a controlling terminal.) +debconf: falling back to frontend: Readline +Configuring boxbackup-client +---------------------------- + +The package configuration scripts can create the configuration files for the BoxBackup client. + +You should choose this option if you are not familiar with BoxBackup's configuration options. + +Please read the /usr/share/doc/boxbackup-client/README.Debian for details about the configuration of the BoxBackup client. + +Should the BoxBackup client be configured automatically? [yes/no] yes +yes + + +The BoxBackup client supports two modes of backup: + +In the 'lazy' mode, the backup daemon will regularly scan the file system searching for modified files. It will then upload the files +older than a specified age to the backup server. + +In the 'snapshot' mode the backup will be explicitly run at regular intervals. A cron file (/etc/cron.d/boxbackup-client) is provided with +the package and should be adapted to suit your needs. + + 1. lazy 2. snapshot + +Run mode for the BoxBackup client: 2 +2 + + +The administrator of the BoxBackup server should have assigned this client a hexadecimal account number. + +If no account number has been assigned yet, leave this field blank and configure it later by running 'dpkg-reconfigure boxbackup-client' +as root. + +Account number for this node on the backup server: 1 +1 + + +Please enter the fully qualified domain name of the BoxBackup server which your client will use. + +The client will connect to the server on TCP port 2201. + +Fully qualified domain name of the backup server: localhost +localhost + + +Please give a space-separated list of directories to be backed up onto the remote server. + +Those directories should not contain mounted file systems at any level in their subdirectories. + +List of directories to backup: /etc /home +/etc /home + + +The BoxBackup client sends alert notifications when a problem occurs during the backup. + +Please enter either a local user name (for example 'root') or an email address (for example 'admin@example.org'). + +Recipient for alert notifications: root +root + + +The BoxBackup client needs an RSA private key and the corresponding X.509 certificate to authenticate itself with the server. + +Both can be generated automatically. You will need to send the certificate request to the BoxBackup server administrator who will sign it +and send it back to you along with the server's Certification Authority certificate. + +These files should be copied into BoxBackup's configuration directory. The file names to use are given in the /etc/boxbackup/bbackupd.conf +file. + +Generate the client private key and X.509 certificate request? [yes/no] yes +yes +#+END_SRC + +Which we can now sign: + + + +#+BEGIN_EXAMPLE +# cd /root +# cp -v /etc/boxbackup/bbackupd/boxbackup-client-cert-req.pem ca/clients/1-csr.pem +# bbstored-certs ca sign ca/clients/1-csr.pem + +This certificate is for backup account + + 1 + +Ensure this matches the account number you are expecting. The filename is + + ./bbackupd/boxbackup-client-cert-req.pem + +which should include this account number, and additionally, you should check +that you received it from the right person. + +Signing the wrong certificate compromises the security of your backup system. + +Would you like to sign this certificate? (type 'yes' to confirm) +yes +yes +Signature ok +subject=CN = BACKUP-1 +Getting CA Private Key + + +Certificate signed. + +Send the files + + ca/clients/1-cert.pem + ca/roots/serverCA.pem + +to the client. + +#+END_EXAMPLE + +Now we can install the files: + +#+BEGIN_SRC bash + cp -v ca/clients/1-cert.pem /etc/boxbackup/bbackupd/boxbackup-client-cert.pem + cp -v ca/roots/serverCA.pem /etc/boxbackup/bbackupd/boxbackup-server-ca-cert.pem +#+END_SRC + + +Let's restart the client: + +#+BEGIN_SRC bash +root@stretch:/root# systemctl restart boxbackup-client +root@stretch:/root# systemctl status boxbackup-client +● boxbackup-client.service - Box Backup Client + Loaded: loaded (/lib/systemd/system/boxbackup-client.service; disabled; vendor preset: enabled) + Active: active (running) since Sun 2017-06-18 00:01:20 UTC; 3s ago + Main PID: 2793 (bbackupd) + Tasks: 1 (limit: 4915) + CGroup: /system.slice/boxbackup-client.service + └─2793 /usr/sbin/bbackupd -F -c /etc/boxbackup/bbackupd.conf + +Jun 18 00:01:20 stretch systemd[1]: Started Box Backup Client. +Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Box Backup Client v0.12~gitcf52058f-1, (c) Ben Summers and contributors 2003-2014 +Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Starting daemon, version: 0.12~gitcf52058f-1 +Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Starting daemon, version: 0.12~gitcf52058f-1 +Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Using configuration file: /etc/boxbackup/bbackupd.conf +Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Using configuration file: /etc/boxbackup/bbackupd.conf +Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Store object info file is not enabled. Will download directory listings from store. +Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Store object info file is not enabled. Will download directory listings from store. +Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Beginning scan of local files +Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Beginning scan of local files +#+END_SRC + +And now let's do a backup. This may take a while... + +#+BEGIN_EXAMPLE +bbackupctl sync-and-wait +NOTICE: Using configuration file /etc/boxbackup/bbackupd.conf +INFO: Daemon configuration summary: + AutomaticBackup = false + UpdateStoreInterval = 0 seconds + MinimumFileAge = 0 seconds + MaxUploadWait = 0 seconds +INFO: Sync started... +INFO: Sync finished. +#+END_EXAMPLE + +Let's check the size of the backup store, and the number of files in backup: + +#+BEGIN_EXAMPLE +root@stretch:/tmp# bbackupquery 'list -R' exit | wc -l +1184 +root@stretch:/tmp# du -sh /boxbackup +5.1M /boxbackup +root@stretch:/tmp# +#+END_EXAMPLE + +For automated installation, here are my boxbackup settings: + +#+BEGIN_EXAMPLE +root@stretch:/tmp# debconf-get-selections | grep boxbackup +debconf-get-selections | grep boxbackup +boxbackup-client boxbackup-client/MaxUploadWait string 86400 +boxbackup-client boxbackup-client/notifyMail string root +boxbackup-client boxbackup-client/accountNumber string 1 +boxbackup-client boxbackup-client/UpdateStoreInterval string 3600 +boxbackup-client boxbackup-client/MinimumFileAge string 21600 +boxbackup-server boxbackup-server/generateCertificate boolean true +boxbackup-server boxbackup-server/raidBlockSize string 4096 +boxbackup-server boxbackup-server/debconf boolean true +boxbackup-client boxbackup-client/backupMode select snapshot +boxbackup-client boxbackup-client/backupServer string localhost +boxbackup-client boxbackup-client/backupDirs string /etc /home +boxbackup-server boxbackup-server/raidDirectories string /boxbackup/0 +boxbackup-client boxbackup-client/generateCertificate boolean true +boxbackup-client boxbackup-client/debconf boolean true +#+END_EXAMPLE |