Remote Backup Using Flexbackup and SSH

December 26th, 2005

I have a server running Gentoo Linux which hosts a Subversion repository, a vpopmail and qmail system, a MySql database and more. I’m going to make a backup copy of the data on this machine in the event that I need to rebuild this server. I have chosen Flexbackup to perform this task. Here’s how I did it.

  1. Install Flexbackup
  2. Prepare Subversion Repositories for Flexbackup
  3. Prepare MySql Database for Flexbackup
  4. Prepare for qmail/vpopmail Flexbackup
  5. Configuring Passwordless SSH
  6. Configuring Flexbackup

1. Install Flexbackup

Thanks to Gentoo’s portage, this is as easy as

emerge flexbackup

2. Prepare Subversion Repositories for Backup

It is not wise to simply recursively copy Subversion repositories unless you have first ensured no one is using it. The Berkeley Databases used by Subversion can be in an unrecoverable state while someone is writing to it. Luckily, a script is provided by Subversion called hot-backup.py. In Gentoo this script is named svn-hot-backup and allows us to safely copy a live Berkeley Database. Lets perform a backup now. I’ve created a backup directory called /var/flexbackup/svn which is owned by root and only readable by root. I also have 3 svn repositories named project1, project2 and project3.

svn-hot-backup /var/svn/project1 /var/flexbackup/svn/project1/
svn-hot-backup /var/svn/project2 /var/flexbackup/svn/project2/
svn-hot-backup /var/svn/project3 /var/flexbackup/svn/project3/

This will create a backup copy of each of our repositories. Since I want to automate this process I will add the above lines to a cron job which will run daily.

crontab -e

And add the following

01 0 * * * svn-hot-backup /var/svn/project1/ /var/flexbackup/svn/project1/ >/dev/null 2>&1
02 0 * * * svn-hot-backup /var/svn/project2/ /var/flexbackup/svn/project2/ >/dev/null 2>&1
03 0 * * * svn-hot-backup /var/svn/project3/ /var/flexbackup/svn/project3/ >/dev/null 2>&1

3. Prepare MySql Database for Flexbackup

We will use the mysqldump utility to backup all of our MySql databases. We will store this backup in a file /var/flexbackup/mysql/mysql_backup.sql

mysqldump -uroot --password=yourpassword -hlocalhost --all-databases --opt --allow-keywords --flush-logs --hex-blob --master-data --max_allowed_packet=16M --quote-names --result-file=/var/flexbackup/mysql/mysql_backup.sql

Again, I wish to automate this process and have added it as a cronjob which runs daily.

4. Prepare for qmail/vpopmail Flexbackup
Backing up qmail and vpopmail is more straightforward. We just need to tell Flexbackup the directory locations these programs use and we’re done. In my case these locations are /var/qmail and /var/vpopmail.

5. Configuring Passwordless SSH

So that we can use the Flexbackup command in a cronjob, we need to make sure we can ssh into our remote server without being prompted for a password. The solution is passwordless SSH. There are security implications in using this system. I am fairly comfortable with it, if you are concerned I suggest you read up on the process so that you understand the implications.

Ok lets go. On the client machine (The machine containing the important data) as root we must generate a public/private key pair. I am using SSH2 and will use the dsa algorithm to generate my keys. When asked for a passphrase just press enter.

ssh-keygen -t dsa

Our keys have now been created. By default these will be in ~/.ssh/ directory. The file named id_dsa.pub is your public key. This key must be stored in the backup server users home directory in a file called ~/.ssh/authorized_keys. Lets use scp to copy our newly created public key id_dsa.pub to our backup server. I have created a user called backup on my backup server.

scp id_dsa.pub backup@backupserver.org:

Remember that trailing colon! Now ssh into your backup server as your backup user and append this public key to ~/.ssh/authorized_keys.

mkdir .ssh
chmod 700 .ssh
cat id_dsa.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
rm id_dsa.pub

That’s it. We should now be able to ssh to our backup server with no password prompt.

Now we must tell Flexbackup to backup all of these directories.

6. Configuring Flexbackup

We can now edit the Flexbackup configuration file, /etc/flexbackup.conf. I’ve added these lines under sets

$set{'subversion'} = "/var/backup/svn";
$set{'mysql'} = "/var/backup/mysql";
$set{'qmail'} = "/var/qmail";
$set{'vpopmail'} = "/var/vpopmail";

The title of this article is a little misleading. I could not get Flexbackup to use SSH to backup to a remote server. Instead I’ve had to cheat a little. I had to run Flexbackup locally and then use scp to copy the backup files to a remote server. This works but some of the features of Flexbackup are lost. If you have Flexbackup working with SSH please let me know. In the mean time, here is my inelegant hack. Edit the $device variable in /etc/flexbackup.conf to point to location on your local filesystem. Here is my entry

$device = 'var/backup';

Now we can test that this works before adding it to cron by typing

flexbackup -set all

Now we need to copy this information to our backup server using scp. Since we have already set up passwordless ssh, this is quite straightforward.

scp backupfile.tar.gz backup@backupserver.org:

If this works we can now edit our crontab and add the following lines.

30 1 * * * flexbackup -set all >/dev/null 2>&1
45 1 * * * scp /var/backup/*.tar.gz backup@backupserver.org: >/dev/null 2>&1

We’re done. Every night your Subversion repositories, MySql database, Qmail and Vpopmail information should be backed up to a remote server.

Useful Links

Improving apache start up times on Gentoo Linux

December 21st, 2005

On my Gentoo virtual server, apache was taking up to 3 minutes to startup. The problem is caused by the system having too little entropy to generate random numbers needed for the PID. You can check the value on your machine using

cat /proc/sys/kernel/random/entropy_avail

A value below 20 is quite low. Emerging rng-tools can increase entropy and allow apache to start up more quickly.

emerge rng-tools
/etc/init.d/rngd start
/etc/init.d/apache2 start

Apache should now start in seconds.

Useful Links

Installing awstats on Gentoo Linux

December 21st, 2005

Here is what we are going to do.

  1. emerge awstats
  2. Install awstats using webapp-config
  3. Edit the apache configuration file /etc/apache2/httpd.conf
  4. Edit the awstats config file
  5. Update Statistics
  6. Update Cron

1. emerge awstats

Before emerging awstats, add “vhosts” to your use variables in your /etc/make.conf file. This will allow multiple copies of awstats to be installed, updated and deleted using the webapp-config tool.

emerge awstats

2. Install awstats using webapp-config

Since we are using the “vhost” use variable, emerging awstats does not fully install. We need to use the webapp-config tool to complete the installation.

webapp-config -I awstats 6.5 -h yourdomain.org -d awstats

This will install a copy of awstats in the directory /var/www/yourdomain.org/htdocs/awstats. The “6.5” is the version of awstats that you emerged in the previous section. It is important to note the output from this command as we will need this information for apache.

3. Edit the apache configuration file /etc/apache2/httpd.conf

We must now append the output from the webapp-config command to the /etc/apache2/httpd.conf file.

It’s also a good idea at this point to check if the CustomLog logs/access_log combined directive in httpd.conf is uncommented. This will ensure that awstats can read your apache logfile.

After these lines have been added, we must restart apache.

/etc/init.d/apache2 restart

4. Edit the awstats config file

Firstly, make a copy of the example file for yourdomain.org.

cp /etc/awstats/awstats.model.conf
/etc/awstats/awstats.yourdomain.org.conf

Next we edit this file. The main change we need to make is to the SiteDomain and HostAliases value pairs.

SiteDomain=yourdomain.org
HostAliases="www.yourdomain.org

awstats should now be configured.

5. Update Statistics

We must now run awstats on our log files.

/usr/share/webapps/awstats/6.5/hostroot/cgi-bin/awstats.pl -config=yourdomain.org -update

Update Cron

It would be useful if we didn’t need to run this command manually every time we want to update our stats. One solution is to edit your config file allowing updates to be performed from the webapage. However, you need to mess around with permissions to get this working. My preferred solution is to add the update script to my crontab. Typing

crontab -e

brings up your crontab using your default editor (as defined in /etc/rc.conf). You can now add the line

37 0 * * * /usr/share/webapps/awstats/6.5/hostroot/cgi-bin/awstats.pl -config=yourdomain.org -update >/dev/null 2>&1

This means this command will be run nightly, by cron at 12:37am. The extra code on the end ensures that cron doesn’tt automatically email the user every night when this job runs.

Congratulations, you should now be able to navigate to http://yourdomain.org/awstats/.

Useful Links

Installing WordPress on Gentoo Linux

December 20th, 2005

The following steps need to be performed

  1. emerge WordPress
  2. Install WordPress using webapp-config
  3. Configure the MySql database
  4. Edit the wp-config.php file

1. emerge WordPress

Before emerging WordPress, add “vhosts” to your use variables in your /etc/make.conf file. This will allow multiple copies of WordPress to be installed, updated and deleted using the webapp-config tool.

emerge -av wordpress

2. Install WordPress using webapp-config

Since we are using the “vhost” use variable, emerging WordPress does not fully install it. We need to use the webapp-config tool to complete the installation.

webapp-config -I wordpress 1.5.2 -h yourhostname.org

This will install a copy of WordPress in the directory /var/www/yourhostname.org/htdocs. If you wish to install wordpress in another location, you can edit the /etc/vhosts/webapp-config file and change the VHOST_ROOT settings. Note that “1.5.2” refers to the version of WordPress that you have previously emerged.

3. Configure the MySql database

Firstly login to Mysql.

mysql -uroot -p

Next we need to create a database for WordPress to use. Keep a note of this information as we will need it later to configure the wp-config.php file.

CREATE DATABASE yourdatabase;

We also need to create a user to access this database.

GRANT ALL PRIVILEGES ON yourdatabase.* TO 'yourusername'@'localhost' IDENTIFIED by 'yourpassword';

Now flush the privileges and exit.

FLUSH PRIVILEGES;
exit

4. Edit the wp-config.php file

In the directory where you have installed WordPress copy the example config file to w-config.php.

cp wp-config-sample.php wp-config.php

My copy of wp-config.php had those nasty control-m characters at the end so let’s remove them just in case.

dos2unix wp-config.php

Now edit this file and enter the information for the database you created in the previous step. Assuming you have set up your web server correctly, you can now use a browser to navigate to http://yourhostname.org/wp-admin/install.php.

Congratulations, you should now have a working WordPress installation.

Useful Links

Hello!

December 19th, 2005

This blog will act as a storage space for information I, and hopefully other people, will find useful.