Backing Up Files with Snapback

Snapback2 is based on original work done by Art Mulder. He deserves credit for making this happen. It's a perl CPAN module that can be installed quite easily by doing the following:

perl -MCPAN -e shell
cpan> install Backup::Snapback

This only needs to be installed on the client machine - that is, the machine that is running the backup. I prefer installing via MCPAN rather than downloading directly because any dependencies can get automatically resolved. I actually did have a few dependencies that needed to get installed, as I previously had not used the Config::ApacheFormat module, nor it's dependency Class::MethodMaker.

The CPAN documentation mentions something very important - the server running the backup, and the server which serves as the source of the backup need to be time synchronized, otherwise you may run into problems. I actually have not been running ntp for a number of years because there were security issues with it way back when, but I couldn't escape the responsibility any longer.

One concern with ntp and using pooled servers, for instance 0.pool.ntp.org, is that you could very well end up syncing up multiple machines with different clocks, and therefore run into problems the same as if you had never set up ntp in the first place. I perused the list of stratum 2 public servers available and selected servers that were geographically friendly with the location of my web servers and backup machines. Down the road, I will have a server that can serve as a proxy for all my machines, but currently I don't have the resource in place. Just for fun, I also synced my windows machines to these time servers and for once I actually have the same time on the clocks on both machines in front of me.

Now that I have time synced, it's time to build the configuration file. Snapback2 uses the Apache configuration file format, which I'm familiar with already. One thing of note is that I don't want to tax my network or my servers by backing everything up on initial configuration. My plan involved backing up a small website first to verify functionality. Once that is done, I'm going to back up all my live web sites and databases (via mysqldump, though for some databases, I may start working with mysqlhotcopy. Slowly but surely over the next several weeks, I plan on adding the complete set of files from my machines.

Rsync is a great linux solution, but I do have several windows machines that need backing up as well. Frankly, I'm not entirely sure how I'm going to attack that problem, but DeltaCopy looks like it might just work without modifying anything. I'm also tempted to install Unison and migrate this solution appropriately. One thing I like about Unison is that it can deal with an update directly to your backup and sync it in reverse. It's also cross platform. Why after all this time is there no open source rsync for Windows XP?

So at this point, I have the clocks synced, I have a configuration file ready, now the only thing remaining is to set up key-based authentication and run the script. For putty users, I have a page that spells out how to get ssh key based authentication working, but taking things a step further, I followed the instructions that Troy Johnson put together for using the forced-commands feature of ssh - although for anyone else doing this, I strongly agree with the mention that you should not allow remote root access to your server. In situations where you absolutely have to have root, run your backups manually. The shell script needs a little bit of work to truly be secure, but I figure I'll attack that with Perl down the road. For now, it's enough to get a test running.

The configuration file that I used is not dissimilar to the simple example on the CPAN documentation. The notable exceptions are:

• I added an RsyncShell directive including my private key. (RsyncShell 'ssh -i /dest/to/my_private_key')
• I don't allow ICMP 0 requests, and that includes pings, so I added a directive to handle that: PingCommand "/bin/true"
• I had to add a user on my local machine to match the name of the user I'm mapping to on the server. There doesn't seem to be a username directive in the configuration file paramters. I then added a cron job to that user's crontab.