Introduction:
In this multi-step tutorial we will discuss how to set up a complete backup system on your freshly installed arch linux. We will be using duplicity as a backup program, which will perform automatic backups of your system to a remote server. To automate the backup process, we will use systemd units and timers. Once the back-end is set, we'll implement a front-end GUI that is integrated with Thunar file browser to make the restoring of backed up files more comfortable and user friendly.
List of tools:
Back-end:
- Backup program: Duplicity
- Backup automation: Systemd units and timers
- Scripting: Shell
Front-end:
- File browser: Thunar
- Plugin API: Thunarx-python
- Scripting: Python 2.7
Installing Duplicity and Configuring ssh on the Client Side:
Installing duplicity on arch linux is pretty straight forward. Execute the following command:
sudo pacman -Syu duplicity
Enter your password, seat back and relax. Once the installation is complete it is time to configure the remote repository. We will be using ssh for transferring the files between the server and the local machine. There is a number of tutorials and how-toes on the internet describing how to properly set up ssh access on a remote server, thus I will omit detailed descriptions and will only concentrate on the basic configurations on the client side.
We will split the backup system into two parts. First part will be running on the system level, and be responsible for backing up your system files such as /var, /usr, /boot, etc. The second part will be running on the user level and will be responsible for backing up user files i.e. /home/USER.
Preparing system level backups:
How to Configure SSH for automated remote login:
First things first, you need to write/configure ssh config file for the root user. If you do not have the file already you need to create /root/.ssh/config to do so type:sudo vim /root/.ssh/config
Inside of this file you need to add the following content:
Where my_domain.me should be replaced by the domain name or the ip address of your server. Note, that it can also be a server in your local network described by the local ip address. The important thing is that the server should be accessible from your machine. In this example we are using port 22 since it is the default ssh port. For security reasons it is recommended to set the port to a higher number. This can be done by editing /etc/ssh/sshd_config on your server and changing the .ssh/config Port parameter correspondingly.
Next you need to generate a pair of public and local keys for secure ssh access to the server. To do so type the following in the command line:
Now it is time to set up duplicity to perform backups to the remote server. First of all you will need a folder on the remote server where duplicity will store its files. Since we are planning to split the backup process into two subsystems we will create two folders. One for system backups and one for user backups. Type the following in to the command line:
Duplicity is highly configurable, and there are many options that can be set. We will discuss a few of them here for more information please refer to [1] and [2]. Due to a minor bug in the current version of duplicity (0.7.09) there are some issues with gpg encryption for the root user. When testing I discovered that duplicity fails to fetch the gpg key if the last backup session has been interrupted, thus the usage of --no-encryption option. If you are using a later version of duplicity or want to tackle the problem on your own, I would refer you to [3] for more information on how to set up encryption on the remote server. Duplicity can perform two types of backup full or incremental. Full backups are the full backups of the not excluded folders and files, where as the incremental backups track the changes in the files and folders from last full backup. Incremental backups are small and fast. They put less strain on your network, but in order to restore a file from a backup multiple multiple incremental backups must be downloaded along side with the full backup in order to reconstruct the file. This means that the longer the chain of incremental backups the longer it takes to reconstruct the file. Therefore it makes sense to force a full backup once in a while. --full-if-older-than 15D forces duplicity to perform a full backup every 15 days.
Run the following command in order to create your first full backup:
Where my_domain.me should be replaced by the domain name or the ip address of your server. Note, that it can also be a server in your local network described by the local ip address. The important thing is that the server should be accessible from your machine. In this example we are using port 22 since it is the default ssh port. For security reasons it is recommended to set the port to a higher number. This can be done by editing /etc/ssh/sshd_config on your server and changing the .ssh/config Port parameter correspondingly.
Next you need to generate a pair of public and local keys for secure ssh access to the server. To do so type the following in the command line:
Answer all of the question correctly. When promoted to enter a password leave it blank, otherwise you will not be able to automate the ssh login to the remote server. Next you need to copy your public key to your server, to do so type:sudo ssh-keygen
Once you type in your sudo password followed by your my_user password on the remote server your public key will be copied. To test if your password-less ssh login works type the following into the command line:sudo ssh-copy-id server
now you should be logged in your remote server as my_user. Type exit to return to your local machine. Now that the automated ssh login is configured for the root user, you need to configure it for the regular user as well. Perform all of the actions in this sub-chapter without the using sudo in front.sudo ssh server
How to set up Duplicity:
Now it is time to set up duplicity to perform backups to the remote server. First of all you will need a folder on the remote server where duplicity will store its files. Since we are planning to split the backup process into two subsystems we will create two folders. One for system backups and one for user backups. Type the following in to the command line:lets write the backup scripts for the system backup first. Create a folder in the home directory of your root to store all of the duplicity related stuff.ssh servermkdir /home/my_user/repos/system
mkdir /home/my_user/repos/me
Now fill in the following content:sudo mkdir /root/scripts/system_backupvim /root/scripts/system_backup/back_sys_up.sh
Duplicity is highly configurable, and there are many options that can be set. We will discuss a few of them here for more information please refer to [1] and [2]. Due to a minor bug in the current version of duplicity (0.7.09) there are some issues with gpg encryption for the root user. When testing I discovered that duplicity fails to fetch the gpg key if the last backup session has been interrupted, thus the usage of --no-encryption option. If you are using a later version of duplicity or want to tackle the problem on your own, I would refer you to [3] for more information on how to set up encryption on the remote server. Duplicity can perform two types of backup full or incremental. Full backups are the full backups of the not excluded folders and files, where as the incremental backups track the changes in the files and folders from last full backup. Incremental backups are small and fast. They put less strain on your network, but in order to restore a file from a backup multiple multiple incremental backups must be downloaded along side with the full backup in order to reconstruct the file. This means that the longer the chain of incremental backups the longer it takes to reconstruct the file. Therefore it makes sense to force a full backup once in a while. --full-if-older-than 15D forces duplicity to perform a full backup every 15 days.
Run the following command in order to create your first full backup:
Now you are done with the first part of this tutorial. We will be discussing the automation process in the next part.sudo chmod +x /root/scripts/system_backup/back_sys_up.shsudo /root/scripts/system_backup/back_sys_up.sh
