PROBLEM: Backup Hangs when using BackupPC / rsync over ssh to a Windows 2003
server.
WORKAROUND SUMMARY: Backup a Windows 2003 server using by using BackupPC's
Pre and Post commands to establish a forwarding ssh tunnel and a locally
bound Windows rsyncd service. I know what you are thinking - I don't want
to load rsyncd as a service because this creates another security issue.
Wait, we are going to BIND the rsyncd service to 127.0.0.1 and then connect
to it via the forwarding tunnel! Awesome. Performing a backup using this
method will seem weird because you'll be issuing an rsync command on your
BackupPC server against localhost, 127.0.0.1::module, which is forwarded
over to the Windows 2003 server where it then connect to the rsync service
on 127.0.0.1:873. Believe me - it works. I've been using this method for
over a month now without any problems.
HOWTO:
How to backup a Windows 2003 server using BackupPC, rsyncd, and a forwarding
ssh tunnel. The goal was to develop a secure backup method that actually
works. Rsync over ssh from Linux to Windows fails (for me). So, we
developed a secure method that meshes nicely with BackupPC and rsyncd.
Caution: these are my personal notes, following them may crash your system
and result in data loss.
FAILURE: Linux --rsync/ssh--> Windows 2003(sshd):
We spent about a week trying to resolve problems backing up a Windows 2003
server from Linux using rsync over ssh. Almost all of our attempts at
getting a clean backup of Windows 2003 server from a Linux server using
rsync over ssh failed miserably - the backup would simply hang on certain
files. This problem persisted even when we replaced the original Windows
source files with a Volume Shadow Copy - ouch!
SUCCESS: Linux ==rsync (modules)/ssh==> Windows 2003(sshd/rsyncd)
All of our tests using module-based rsync from Linux to Windows 2003 rsyncd
services worked perfectly. So, we developed a simple workaround to secure
rsyncd connections through a forwarding ssh connection. To do this, we bind
rsyncd to localhost on a Window 2003 server and then connect to this service
from our Linux backup server through a forwarding SSH tunnel.
-------------------------------
ESTABLISHING RSYNCD (localhost) AND SSHd ON WINDOWS 2003 SERVER:
* Install cygwin, be sure to include cygrunsrv, openssh and rsync.
* Follow one of the many online guides for setting up cygwin's sshd
(reference: http://pigtail.net/LRP/printsrv/cygwin-sshd.html)
To setup rsync as service in Windows 2003 do the following:
(reference: http://www.gaztronics.net/rsync.php)
Start cygwin:
% vi /etc/rsyncd.conf
use chroot = false
strict mode = false
[backupwww]
path = /cygdrive/c/webserver
read only = false
list = true
comment = BACKUP
ESTABLISH CYGWIN AS A SERVICE
% cygrunsrv -I "Rsyncd" -p /cygdrive/c/cygwin/bin/rsync.exe -a
"--config=/cygdrive/c/cygwin/etc/rsyncd.conf --daemon --no-detach --address=
127.0.0.1" -f "Rsyncd daemon service on localhost" -u Administrator
********************************************************************
***IMPORTANT: BE SURE TO USE "--address=127.0.0.1" *
********************************************************************
START SERVICE:
% cygrunsrv --list
% cygrunsrv --start sshd
% cygrunsrv --start Rsynd
Now, we are ready to test our new services.
TESTING: ESTABLISH THE FORWARDING TUNNEL:
TESTING: On your Linux backup server issue this command:
TESTING: linux% ssh -L 1500:127.0.0.1:873 -l user myserver.my.domain
TESTING: This command will establish a tunnel to "myserver" where new
connections to the local linux port on 1500 are forwarded over to the remote
side and actually connect to 127.0.0.1:873. That is to say, local
connections to 127.0.0.1:1500 are: (a) FORWARDED through the tunnel and (b)
connected to 127.0.0.1:873 on the remote side.
TESTING: Now that we have this incredibly useful tunnel in place, all we
need to do is run rsync against the localhost:1500 to actually backup the
remote side.
TESTING: Here is an example of the rsync command:
TESTING: linux% "rsync -av --port 1500 127.0.0.1::backupwww /home/backups"
TESTING: In this example, backupwww is the name of your Windows 2003 rsyncd
module. Obviously, /home/backups is the destination on your backup server
where you want to store these test backups.
---------------------------
If everything works, you are ready to configure BackupPC.
====================== BACKUPPC ==========
BACKUPPC: BackupPC (rsyncd method) ------ssh tunnel-----> Windows 2003
Server (sshd/rsyncd)
LINUX: Install BackupPC
LINUX: Setup ssh keys such that user backuppc can ssh over to your Windows
2003 server without supplying a password
(reference: http://backuppc.sourceforge.net/faq/ssh.html)
Pick an alias for your Windows 2003 server to be used by BackupPC. Any name
will do - we'll map this alias to 127.0.0.1 later with "ClientNameAlias".
For this example, I selected securewww1 as an alias for our Windows 2003
server.
linux% vi /BackupPC/conf/hosts
securewww1 0 root webteam
linux% mkdir /BackupPC/pc/securewww1
linux% vi /BackupPC/pc/securewww1/config.pl
do "/BackupPC/conf/securewww1.pl";
LINUX: Install screen
linux% mkdir /BackupPC/scripts
linux% vi /BackupPC/scripts/www1tunnel
#!/bin/bash
TERM=vt100
/usr/bin/screen -d -m -S tunwww1 /usr/bin/ssh -q -x -L 1500:
127.0.0.1:873 -l user myserver.my.domain
/bin/sleep 10
Note: sleep 10? we needed to introduce a small delay to ensure the tunnel
was fully established before rsync started
Note: "-S tunww1" helps us identify the process - so we can kill it when the
backups are finished
Note: This could be done with dtach instead of screen
linux% chown backuppc /BackupPC/scripts/www1tunnel
linux% chmod u+x /BackupPC/scripts/www1tunnel
linux% vi /BackupPC/conf/securewww1.pl
$Conf{ClientNameAlias}='127.0.0.1';
$Conf{DumpPreUserCmd}='/BackupPC/scripts/www1tunnel';
$Conf{DumpPostUserCmd}='/usr/bin/pkill -u backuppc -f tunwww1';
$Conf{RestorePreUserCmd}='/BackupPC/scripts/www1tunnel';
$Conf{RestorePostUserCmd}='/usr/bin/pkill -u backuppc -f tunwww1';
$Conf{XferMethod}='rsyncd';
$Conf{RsyncdClientPort}='1500';
$Conf{RsyncShareName}='backupwww';
$Conf{RsyncdAuthRequired}=0;
-------------
>From the Backuppc management page, reload the configuration file and start a
full backup of securewww1.
I hope this helps someone :-)
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
