1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
|
#+TITLE: boxbackup testing notes
#+DATE: <2017-06-17 Sat>
#+AUTHOR: Reinhard Tartler
#+EMAIL: siretart@debian.org
* Installing vagrant
These are my personal notes on how I've tested the boxbackup
packages. Surely there are many other ways (and even better ones) how
test the packages, but this is a way that works for me. Please do
provide me with your thoughts and suggestions.
I'm using vagrant in KVM mode, which is included in debian/stretch. I've
tested this on a relatively modern Intel I5-7260U CPU with a Debian
amd64 installation. Other architectures and non-virtualized environments
should work exactly the same. The basic testing idea is to install the
CA signature server, the boxbackup server and the boxbackup client on
the same (virtual) machine, and backup to localhost for
simplicity. Production installations will place them all on different
host, but that would make testing unnecessarily hard.
Let's first start with installing vagrant:
#+BEGIN_SRC bash
sudo apt install vagrant-libvirt virt-manager
sudo adduser $(whoami) libvirt
newgrp
#+END_SRC
Now we can get a new box, get it up and login:
#+BEGIN_SRC bash
vagrant init debian/stretch64
vagrant up
vagrant ssh
#+END_SRC
You might get some password prompts, not sure how to avoid those.
* Testing boxbackup
First install the debian packages. This assumes that the Vagrant file is
in the same directory that contains the =*.deb= packages to test.
#+BEGIN_SRC bash
sudo apt install /vagrant/boxbackup*0.13*.deb
#+END_SRC
First, we need to create a certificate authority.
#+BEGIN_SRC bash
cd /root
bbstored-certs ca init
#+END_SRC
Setup the server:
#+BEGIN_SRC bash
mkdir /boxbackup/
dpkg-reconfigure -p low boxbackup-server
#+END_SRC
Output might look like this:
#+BEGIN_EXAMPLE
Configuring boxbackup-server
----------------------------
The package configuration scripts can create the configuration files for the BoxBackup server.
You should choose this option if you are not familiar with BoxBackup's configuration options. The configuration can be done manually with
the 'raidfile-config' and 'bbstored-config' scripts.
The server will not start if it is not configured. In all cases, reading the /usr/share/doc/boxbackup-server/README.Debian is recommended.
Should BoxBackup be configured automatically? [yes/no]
Should BoxBackup be configured automatically? [yes/no] yes
yes
Please choose the location for the three RAID file directories.
To enable RAID, the directory names should be a space-separated list of three partitions, each on different physical hard drives (for
example: '/raid/0.0 /raid/0.1 /raid/0.2').
If you don't want to enable RAID, just specify the path to one directory where the backups will be stored (for example,
/usr/local/lib/boxbackup).
These directories will be created if they do not exist.
Location of the RAID directories: /boxbackup/0
/boxbackup/0
BoxBackup uses userland RAID techniques.
Please choose the block size to use for the storage. For maximum efficiency, you should choose the block size of the underlying file
system (which can be displayed for ext2 filesystems with the 'tune2fs -l' command).
This value should be set even if you don't plan to use RAID.
Block size for the userland RAID system: 4096
4096
The BoxBackup server needs an RSA private key and the corresponding X.509 certificate to perform client-server authentication and
communication encryption.
Both can be generated automatically. You will need to sign the certificate with your root CA (see the boxbackup-server package) and put
this signed certificate and the root CA certificate in the configuration folder.
Generate a server private key and X.509 certificate request? [yes/no] yes
yes
User bbstored already exists.
Creating /boxbackup/0/backup directory...
Generating RSA private key, 2048 bit long modulus
...................+++
............+++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:perl: warning: Setting locale failed.
Creating config file /etc/boxbackup/raidfile.conf with new version
Creating config file /etc/boxbackup/bbstored.conf with new version
#+END_EXAMPLE
Now we need to sign the server certificate:
#+BEGIN_EXAMPLE
cd /root
bbstored-certs ca sign-server /etc/boxbackup/bbstored/boxbackup-server-cert-req.pem
This certificate is for backup server
localhost
Signing the wrong certificate compromises the security of your backup system.
Would you like to sign this certificate? (type 'yes' to confirm)
yes
yes
Signature ok
subject=CN = localhost
Getting CA Private Key
Certificate signed.
Install the files
ca/servers/localhost-cert.pem
ca/roots/clientCA.pem
on the server.
#+END_EXAMPLE
After this, we need to install them:
#+BEGIN_SRC bash
cp -v ca/roots/clientCA.pem /etc/boxbackup/bbstored/boxbackup-client-ca-cert.pem
cp -v ca/servers/localhost-cert.pem /etc/boxbackup/bbstored/boxbackup-server-cert.pem
#+END_SRC
Create a new user:
#+BEGIN_SRC bash
bbstoreaccounts create 1 0 1G 2G
#+END_SRC
Now we can start the server:
#+BEGIN_EXAMPLE
# systemctl restart boxbackup-server
# systemctl status boxbackup-server
● boxbackup-server.service - Box Backup Server
Loaded: loaded (/lib/systemd/system/boxbackup-server.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2017-06-17 23:59:32 UTC; 2s ago
Main PID: 2574 (bbstored)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/boxbackup-server.service
├─2574 /usr/sbin/bbstored -F -c /etc/boxbackup/bbstored.conf
└─2575 /usr/sbin/bbstored -F -c /etc/boxbackup/bbstored.conf
Jun 17 23:59:32 stretch systemd[1]: Started Box Backup Server.
Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Box Backup Store Server v0.12~gitcf52058f-1, (c) Ben Summers and contributors 2003-2014
Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Starting daemon, version: 0.12~gitcf52058f-1
Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Starting daemon, version: 0.12~gitcf52058f-1
Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Using configuration file: /etc/boxbackup/bbstored.conf
Jun 17 23:59:32 stretch bbstored[2574]: NOTICE: Using configuration file: /etc/boxbackup/bbstored.conf
#+END_EXAMPLE
Let's create setup the client:
#+BEGIN_SRC bash
# dpkg-reconfigure -plow boxbackup-client
dpkg-reconfigure -plow boxbackup-client
debconf: unable to initialize frontend: Dialog
debconf: (Dialog frontend will not work on a dumb terminal, an emacs shell buffer, or without a controlling terminal.)
debconf: falling back to frontend: Readline
Configuring boxbackup-client
----------------------------
The package configuration scripts can create the configuration files for the BoxBackup client.
You should choose this option if you are not familiar with BoxBackup's configuration options.
Please read the /usr/share/doc/boxbackup-client/README.Debian for details about the configuration of the BoxBackup client.
Should the BoxBackup client be configured automatically? [yes/no] yes
yes
The BoxBackup client supports two modes of backup:
In the 'lazy' mode, the backup daemon will regularly scan the file system searching for modified files. It will then upload the files
older than a specified age to the backup server.
In the 'snapshot' mode the backup will be explicitly run at regular intervals. A cron file (/etc/cron.d/boxbackup-client) is provided with
the package and should be adapted to suit your needs.
1. lazy 2. snapshot
Run mode for the BoxBackup client: 2
2
The administrator of the BoxBackup server should have assigned this client a hexadecimal account number.
If no account number has been assigned yet, leave this field blank and configure it later by running 'dpkg-reconfigure boxbackup-client'
as root.
Account number for this node on the backup server: 1
1
Please enter the fully qualified domain name of the BoxBackup server which your client will use.
The client will connect to the server on TCP port 2201.
Fully qualified domain name of the backup server: localhost
localhost
Please give a space-separated list of directories to be backed up onto the remote server.
Those directories should not contain mounted file systems at any level in their subdirectories.
List of directories to backup: /etc /home
/etc /home
The BoxBackup client sends alert notifications when a problem occurs during the backup.
Please enter either a local user name (for example 'root') or an email address (for example 'admin@example.org').
Recipient for alert notifications: root
root
The BoxBackup client needs an RSA private key and the corresponding X.509 certificate to authenticate itself with the server.
Both can be generated automatically. You will need to send the certificate request to the BoxBackup server administrator who will sign it
and send it back to you along with the server's Certification Authority certificate.
These files should be copied into BoxBackup's configuration directory. The file names to use are given in the /etc/boxbackup/bbackupd.conf
file.
Generate the client private key and X.509 certificate request? [yes/no] yes
yes
#+END_SRC
Which we can now sign:
#+BEGIN_EXAMPLE
# cd /root
# cp -v /etc/boxbackup/bbackupd/boxbackup-client-cert-req.pem ca/clients/1-csr.pem
# bbstored-certs ca sign ca/clients/1-csr.pem
This certificate is for backup account
1
Ensure this matches the account number you are expecting. The filename is
./bbackupd/boxbackup-client-cert-req.pem
which should include this account number, and additionally, you should check
that you received it from the right person.
Signing the wrong certificate compromises the security of your backup system.
Would you like to sign this certificate? (type 'yes' to confirm)
yes
yes
Signature ok
subject=CN = BACKUP-1
Getting CA Private Key
Certificate signed.
Send the files
ca/clients/1-cert.pem
ca/roots/serverCA.pem
to the client.
#+END_EXAMPLE
Now we can install the files:
#+BEGIN_SRC bash
cp -v ca/clients/1-cert.pem /etc/boxbackup/bbackupd/boxbackup-client-cert.pem
cp -v ca/roots/serverCA.pem /etc/boxbackup/bbackupd/boxbackup-server-ca-cert.pem
#+END_SRC
Let's restart the client:
#+BEGIN_SRC bash
root@stretch:/root# systemctl restart boxbackup-client
root@stretch:/root# systemctl status boxbackup-client
● boxbackup-client.service - Box Backup Client
Loaded: loaded (/lib/systemd/system/boxbackup-client.service; disabled; vendor preset: enabled)
Active: active (running) since Sun 2017-06-18 00:01:20 UTC; 3s ago
Main PID: 2793 (bbackupd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/boxbackup-client.service
└─2793 /usr/sbin/bbackupd -F -c /etc/boxbackup/bbackupd.conf
Jun 18 00:01:20 stretch systemd[1]: Started Box Backup Client.
Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Box Backup Client v0.12~gitcf52058f-1, (c) Ben Summers and contributors 2003-2014
Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Starting daemon, version: 0.12~gitcf52058f-1
Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Starting daemon, version: 0.12~gitcf52058f-1
Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Using configuration file: /etc/boxbackup/bbackupd.conf
Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Using configuration file: /etc/boxbackup/bbackupd.conf
Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Store object info file is not enabled. Will download directory listings from store.
Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Store object info file is not enabled. Will download directory listings from store.
Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Beginning scan of local files
Jun 18 00:01:20 stretch bbackupd[2793]: NOTICE: Beginning scan of local files
#+END_SRC
And now let's do a backup. This may take a while...
#+BEGIN_EXAMPLE
bbackupctl sync-and-wait
NOTICE: Using configuration file /etc/boxbackup/bbackupd.conf
INFO: Daemon configuration summary:
AutomaticBackup = false
UpdateStoreInterval = 0 seconds
MinimumFileAge = 0 seconds
MaxUploadWait = 0 seconds
INFO: Sync started...
INFO: Sync finished.
#+END_EXAMPLE
Let's check the size of the backup store, and the number of files in backup:
#+BEGIN_EXAMPLE
root@stretch:/tmp# bbackupquery 'list -R' exit | wc -l
1184
root@stretch:/tmp# du -sh /boxbackup
5.1M /boxbackup
root@stretch:/tmp#
#+END_EXAMPLE
For automated installation, here are my boxbackup settings:
#+BEGIN_EXAMPLE
root@stretch:/tmp# debconf-get-selections | grep boxbackup
debconf-get-selections | grep boxbackup
boxbackup-client boxbackup-client/MaxUploadWait string 86400
boxbackup-client boxbackup-client/notifyMail string root
boxbackup-client boxbackup-client/accountNumber string 1
boxbackup-client boxbackup-client/UpdateStoreInterval string 3600
boxbackup-client boxbackup-client/MinimumFileAge string 21600
boxbackup-server boxbackup-server/generateCertificate boolean true
boxbackup-server boxbackup-server/raidBlockSize string 4096
boxbackup-server boxbackup-server/debconf boolean true
boxbackup-client boxbackup-client/backupMode select snapshot
boxbackup-client boxbackup-client/backupServer string localhost
boxbackup-client boxbackup-client/backupDirs string /etc /home
boxbackup-server boxbackup-server/raidDirectories string /boxbackup/0
boxbackup-client boxbackup-client/generateCertificate boolean true
boxbackup-client boxbackup-client/debconf boolean true
#+END_EXAMPLE
|