Discussion:
[BackupPC-users] Initiate backup from client?
Meel Me
2009-11-11 22:02:44 UTC
Permalink
Hello,

I want to know if it's possible to initiate a backup from the client machine, in a way
that the clients connects to the backuppc server over the internet to start the backup?

*My (desired) situation*
I've got a laptop. I'm abroad for many months once and a while. While I'm abroad I want to be able to backup my laptop regularly and to restore the data on my laptop if it crashes (or gets stolen).

I want to place my backuppc server in a total other region than my home is. So that a disaster like heavy earthquake, explosion, etc. will never effect and my backuppc server and my laptop at once.
The location where I can place my backuppc server is not in my local area network. The backuppc server will only be available through the internet.


*Question*
I've read the documentation of backuppc. There are several methods for backing up laptops (smb, rsync, rsyncd, tar). All methods are initiated from the backuppc server, so the backuppc server will set up a connection to the client.
If the client (my laptop) is not in the local area network, then the backuppc server can't find the client and won't make a backup of it.

In the situation I described above, my laptop will never be in the local area network of the backuppc server. Therefor my laptop will never be backuped.

Is it possible to initiate a backup from the client machine, in a way
that the clients connects to the backuppc server over the internet to start the backup? Instead of that the backuppc server makes a connection to the client?

If so, how?

Thanks,

Wim
Jeffrey J. Kosowsky
2009-11-11 22:38:13 UTC
Permalink
ssh...
Use putty or write a bash script to:
1. Set up a tunnel over a port that rsync will use to connect to your
machine (use Putty or cygwin ssh)
2. Initiate backup by issuing a command to the BackupPC server (over
the same ssh tunnel) or just wait for the next (hourly) backup attempt
3. Use something like DumpPostUserCmd to take down the tunnel when
backup is finished.
Post by Meel Me
Hello,
I want to know if it's possible to initiate a backup from the client machine, in a way
that the clients connects to the backuppc server over the internet to start the backup?
*My (desired) situation*
I've got a laptop. I'm abroad for many months once and a while. While I'm abroad I want to be able to backup my laptop regularly and to restore the data on my laptop if it crashes (or gets stolen).
I want to place my backuppc server in a total other region than my home is. So that a disaster like heavy earthquake, explosion, etc. will never effect and my backuppc server and my laptop at once.
The location where I can place my backuppc server is not in my local area network. The backuppc server will only be available through the internet.
*Question*
I've read the documentation of backuppc. There are several methods for backing up laptops (smb, rsync, rsyncd, tar). All methods are initiated from the backuppc server, so the backuppc server will set up a connection to the client.
If the client (my laptop) is not in the local area network, then the backuppc server can't find the client and won't make a backup of it.
In the situation I described above, my laptop will never be in the local area network of the backuppc server. Therefor my laptop will never be backuped.
Is it possible to initiate a backup from the client machine, in a way
that the clients connects to the backuppc server over the internet to start the backup? Instead of that the backuppc server makes a connection to the client?
If so, how?
Thanks,
Wim
----------------------------------------------------------------------
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
----------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Peter Walter
2009-11-11 22:22:39 UTC
Permalink
Post by Meel Me
Hello,
I want to know if it's possible to initiate a backup from the client
machine, in a way that the clients connects to the backuppc server
over the internet to start the backup?
*My (desired) situation*
I've got a laptop. I'm abroad for many months once and a while. While
I'm abroad I want to be able to backup my laptop regularly and to
restore the data on my laptop if it crashes (or gets stolen).
I want to place my backuppc server in a total other region than my
home is. So that a disaster like heavy earthquake, explosion, etc.
will never effect and my backuppc server and my laptop at once.
The location where I can place my backuppc server is not in my local
area network. The backuppc server will only be available through the
internet.
*Question*
I've read the documentation of backuppc. There are several methods for
backing up laptops (smb, rsync, rsyncd, tar). All methods are
initiated from the backuppc server, so the backuppc server will set up
a connection to the client.
If the client (my laptop) is not in the local area network, then the
backuppc server can't find the client and won't make a backup of it.
In the situation I described above, my laptop will never be in the
local area network of the backuppc server. Therefor my laptop will
never be backuped.
Is it possible to initiate a backup from the client machine, in a way
that the clients connects to the backuppc server over the internet to
start the backup? Instead of that the backuppc server makes a
connection to the client?
If so, how?
Thanks,
Wim
I am working towards exactly the same idea, but for laptops that almost
*never* come into the office. For example, you can kick off a full
backup as follows:

BackupPC_serverMesg backup HOSTIP HOST USER FULL

I am working on (somehow) using cygwin on the Windows laptop to issue
the *nix command, and I intend to use OpenVPN to establish the necessary
network path whenever the laptop is connected to the internet. I will
post when I have a working procedure, if someone else doesn't beat me to
it first :-)

Peter
Jeffrey J. Kosowsky
2009-11-12 00:11:28 UTC
Permalink
Post by Peter Walter
Post by Meel Me
Hello,
I want to know if it's possible to initiate a backup from the client
machine, in a way that the clients connects to the backuppc server
over the internet to start the backup?
*My (desired) situation*
I've got a laptop. I'm abroad for many months once and a while. While
I'm abroad I want to be able to backup my laptop regularly and to
restore the data on my laptop if it crashes (or gets stolen).
I want to place my backuppc server in a total other region than my
home is. So that a disaster like heavy earthquake, explosion, etc.
will never effect and my backuppc server and my laptop at once.
The location where I can place my backuppc server is not in my local
area network. The backuppc server will only be available through the
internet.
*Question*
I've read the documentation of backuppc. There are several methods for
backing up laptops (smb, rsync, rsyncd, tar). All methods are
initiated from the backuppc server, so the backuppc server will set up
a connection to the client.
If the client (my laptop) is not in the local area network, then the
backuppc server can't find the client and won't make a backup of it.
In the situation I described above, my laptop will never be in the
local area network of the backuppc server. Therefor my laptop will
never be backuped.
Is it possible to initiate a backup from the client machine, in a way
that the clients connects to the backuppc server over the internet to
start the backup? Instead of that the backuppc server makes a
connection to the client?
If so, how?
Thanks,
Wim
I am working towards exactly the same idea, but for laptops that almost
*never* come into the office. For example, you can kick off a full
BackupPC_serverMesg backup HOSTIP HOST USER FULL
I am working on (somehow) using cygwin on the Windows laptop to issue
the *nix command, and I intend to use OpenVPN to establish the necessary
network path whenever the laptop is connected to the internet. I will
post when I have a working procedure, if someone else doesn't beat me to
it first :-)
What is there to work on?

Probably best to use rsyncd over an ssh tunnel you are creating

Simply run the following from Windoze cygwin: (I won't guarantee that
there are no syntax errors here though)

# Start rsyncd server
cygrunsrv -S rsyncd

#Setup ssh tunnel, send server message to start backup, and wait to finish
ssh ***@yourserver -R 8873:localhost:873 BackupPC_serverMesg backup localhost hostname-or-alias backuppc [0/1] && while [ 1 ]; do sleep 60; BackupPC_serverMesg status jobs | grep '"cmd" => "BackupPC_dump[^"]*hostname-or-alias"' > /dev/null || break;done

# Stop rsyncd server
cygrunsrv -E rsyncd


Then in your config.pl set up rsyncd transfer method to localhost
(127.0.0.1) on port 8873 (or whatever port you want to use). You may
want to use a host alias too rather than using the generic hostname localhost

Note you could use rsync over ssh here but might as well do rsyncd
since you already have an ssh tunnel set up and no need to add the overhead.
Adam Goryachev
2009-11-11 23:02:48 UTC
Permalink
Post by Meel Me
Is it possible to initiate a backup from the client machine, in a way
that the clients connects to the backuppc server over the internet to
start the backup? Instead of that the backuppc server makes a connection
to the client?
If so, how?
As others have suggested, use some sort of tunnel or vpn so that the
laptop/client is on the "LAN" of the backuppc server... You should
probably add some firewall to the VPN (or port forwarding) so no
additional unexpected traffic is also passed over the connection.

You don't really need to initiate the connection from the client, just
allow the backuppc server to "see" the client, and set it to attempt
backups as frequently as required (every 10 minutes if you wanted to)...

Another option which I've used in the past is to configure port
forwarding (for a home user) on the router to the desktop, and then use
dynamic dns so the server knows where it is...

Hope that helps...

Regards,
Adam
Les Mikesell
2009-11-12 00:20:44 UTC
Permalink
Post by Meel Me
Hello,
I want to know if it's possible to initiate a backup from the client
machine, in a way that the clients connects to the backuppc server over
the internet to start the backup?
*My (desired) situation*
I've got a laptop. I'm abroad for many months once and a while. While
I'm abroad I want to be able to backup my laptop regularly and to
restore the data on my laptop if it crashes (or gets stolen).
I want to place my backuppc server in a total other region than my home
is. So that a disaster like heavy earthquake, explosion, etc. will never
effect and my backuppc server and my laptop at once.
The location where I can place my backuppc server is not in my local
area network. The backuppc server will only be available through the
internet.
*Question*
I've read the documentation of backuppc. There are several methods for
backing up laptops (smb, rsync, rsyncd, tar). All methods are initiated
from the backuppc server, so the backuppc server will set up a
connection to the client.
If the client (my laptop) is not in the local area network, then the
backuppc server can't find the client and won't make a backup of it.
In the situation I described above, my laptop will never be in the local
area network of the backuppc server. Therefor my laptop will never be
backuped.
Is it possible to initiate a backup from the client machine, in a way
that the clients connects to the backuppc server over the internet to
start the backup? Instead of that the backuppc server makes a connection
to the client?
There are ways to make it work through ssh tunnels established either
direction, but for machines where you control both sides, just install
openvpn on them, establish the vpn connection when you want a backup or
access to the backup copies, and use the web interface to start one when
you want.
--
Les Mikesell
***@gmail.com
Christian Völker
2009-11-12 06:58:21 UTC
Permalink
Hi,
Post by Les Mikesell
There are ways to make it work through ssh tunnels established either
direction, but for machines where you control both sides, just install
openvpn on them, establish the vpn connection when you want a backup or
access to the backup copies, and use the web interface to start one when
you want.
That's the way I do it here, too.

Laptop will be backed up through OpenVPN. OpenVPN will be started with
system boot, so as soon as the laptop has Internet he's connected
through OpenVPN to the BackupPC server.
As soon as BackupPC wakes up, he schedules a backup for the laptop, who
is connected. Backup runs fine. And as long as there is no Internet
connectiong the BackupPC server just tells me "No ping".

Works great!

No need to perform a manual backup.

Greetings

Christian
Tyler J. Wagner
2009-11-12 07:37:19 UTC
Permalink
The "try every hour" method works just fine for me, even for users that only
come in once a month.

But if you really want to have the client initiate the backup, the easiest way
I can think of is to write a script that uses curl or wget to press the "start
incremental backup" button as the user:

curl -u user:password
http://bacckupserver/backuppc/index.cgi?host=hostname.example.com&hostIP=hostname.example.com&doit=1&action=Start_Incr_Backup

Regards,
Tyler
Post by Meel Me
Hello,
I want to know if it's possible to initiate a backup from the client
machine, in a way that the clients connects to the backuppc server over
the internet to start the backup?
*My (desired) situation*
I've got a laptop. I'm abroad for many months once and a while. While I'm
abroad I want to be able to backup my laptop regularly and to restore the
data on my laptop if it crashes (or gets stolen).
I want to place my backuppc server in a total other region than my home is.
So that a disaster like heavy earthquake, explosion, etc. will never
effect and my backuppc server and my laptop at once. The location where I
can place my backuppc server is not in my local area network. The backuppc
server will only be available through the internet.
*Question*
I've read the documentation of backuppc. There are several methods for
backing up laptops (smb, rsync, rsyncd, tar). All methods are initiated
from the backuppc server, so the backuppc server will set up a connection
to the client. If the client (my laptop) is not in the local area network,
then the backuppc server can't find the client and won't make a backup of
it.
In the situation I described above, my laptop will never be in the local
area network of the backuppc server. Therefor my laptop will never be
backuped.
Is it possible to initiate a backup from the client machine, in a way
that the clients connects to the backuppc server over the internet to start
the backup? Instead of that the backuppc server makes a connection to the
client?
If so, how?
Thanks,
Wim
--
"A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders, give
orders, cooperate, act alone, solve equations, analyze a new problem,
pitch manure, program a computer, cook a tasty meal, fight efficiently,
die gallantly. Specialization is for insects."
-- Lazarus Long, "Time Enough for Love", by Robert A. Heinlein
Jeffrey J. Kosowsky
2009-11-12 08:18:58 UTC
Permalink
Post by Tyler J. Wagner
The "try every hour" method works just fine for me, even for users that only
come in once a month.
But if you really want to have the client initiate the backup, the easiest way
I can think of is to write a script that uses curl or wget to press the "start
curl -u user:password
http://bacckupserver/backuppc/index.cgi?host=hostname.example.com&hostIP=hostname.example.com&doit=1&action=Start_Incr_Backup
How is that easier than just sending the single line:
BackupPC_serverMsg backup HOSTIP HOST 0/1

You will need to have ssh connection or vpn anyway if you are
remote.
Tyler J. Wagner
2009-11-12 12:04:07 UTC
Permalink
Post by Jeffrey J. Kosowsky
BackupPC_serverMsg backup HOSTIP HOST 0/1
You will need to have ssh connection or vpn anyway if you are
remote.
It's not easier, but it is more secure. Assuming you have a reachable IP link
from server to client (IE, no NAT), using HTTP auth as the user is far safer
than leaving SSH keys on the client that can SSH into the server.
Post by Jeffrey J. Kosowsky
You offer a good solution for people who connect to the Local Area Network
one a month or so. But I will never connect to the Local Area Network. And
when I'm abroad for months, I'll (almost) always connect to the internet
from behind a firewall. So the BackupPC server can never connect to my
laptop, because: * The BackupPC server doesn't know the ip-address of my
laptop.
* Even if the BackupPC server would know my ip-address, then the request of
the BackupPC server would be blocked by the firewall.
If you absolutely have to do it in reverse, ignore my previous advice and use
Jeffrey's suggestion of SSH, and use SSH port forwarding (reverse forwarding,
in this case).

First configure your ssh or rsync args for this client to access a high-
numbered port like 10100. Then have your client:

ssh -t -R 10100:localhost:22 ***@backupserver 'BackupPC_serverMsg backup
HOSTIP HOST 0/1'

This will forward port 10100 on the backup server back to your PC's SSH port,
so you can run rsync.

Regards,
Tyler
--
"A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders, give
orders, cooperate, act alone, solve equations, analyze a new problem,
pitch manure, program a computer, cook a tasty meal, fight efficiently,
die gallantly. Specialization is for insects."
-- Lazarus Long, "Time Enough for Love", by Robert A. Heinlein
Tino Schwarze
2009-11-12 12:29:21 UTC
Permalink
Post by Tyler J. Wagner
Post by Jeffrey J. Kosowsky
BackupPC_serverMsg backup HOSTIP HOST 0/1
You will need to have ssh connection or vpn anyway if you are
remote.
It's not easier, but it is more secure. Assuming you have a reachable IP link
from server to client (IE, no NAT), using HTTP auth as the user is far safer
than leaving SSH keys on the client that can SSH into the server.
Well, there is one very safe way to use ssh-keys into the server: Limit
the command to execute via authorized_keys. That way, _only_ the command
you gave within the authorized_keys file will be executed by sshd, no
matter what you try.

For example, we use the following for establishing a one-port ssh-tunnel
with keepalive:
command="while read ; do echo $REPLY ; done",no-agent-forwarding,no-X11-forwarding,no-pty,permitopen="127.0.0.1:1234" ssh-dss AAAAB3...

On the server side we have running
while read -t 70 ; do echo -n . ; done | ssh -R1234:localhost:abc $targethost

HTH,

Tino.
--
"What we nourish flourishes." - "Was wir nähren erblüht."

www.lichtkreis-chemnitz.de
www.tisc.de
Meel Me
2009-11-12 08:23:35 UTC
Permalink
Hello Tyler,

Thanks for your quick reply!

You offer a good solution for people who connect to the Local Area Network one a month or so.
But I will never connect to the Local Area Network. And when I'm abroad for months, I'll (almost) always connect to the internet from behind a firewall. So the BackupPC server can never connect to my laptop, because:
* The BackupPC server doesn't know the ip-address of my laptop.
* Even if the BackupPC server would know my ip-address, then the request of the BackupPC server would be blocked by the firewall.

That's why I want to set up the connection (over the internet) from my laptop to the BackupPC server.

Do you know another solution?

Thanks,

Wim

--- On Thu, 11/12/09, Tyler J. Wagner
wrote:

From: Tyler J. Wagner
Subject: Re: [BackupPC-users] Initiate backup from client?
To: backuppc-***@lists.sourceforge.net
Cc: "Meel Me" <***@yahoo.com>
Date: Thursday, November 12, 2009, 8:37 AM

The "try every hour" method works just fine for me, even for users that only
come in once a month.

But if you really want to have the client initiate the backup, the easiest way
I can think of is to write a script that uses curl or wget to press the "start
incremental backup" button as the user:

curl -u user:password
http://bacckupserver/backuppc/index.cgi?host=hostname.example.com&hostIP=hostname.example.com&doit=1&action=Start_Incr_Backup

Regards,
Tyler
Christian Völker
2009-11-12 08:44:15 UTC
Permalink
Hi,
Post by Meel Me
I'll (almost) always connect to the internet from behind a firewall.
Where's the issue of being behind a firewall as long as we can start a
connection from the laptop to the BackupPC server?
Post by Meel Me
* The BackupPC server doesn't know the ip-address of my laptop.
As soon as you use OpenVPN as several times suggested here, the BackupPC
server *knows* the private IP address of the laptop and can connect as
usual.
Post by Meel Me
* Even if the BackupPC server would know my ip-address, then the request
of the BackupPC server would be blocked by the firewall.
Wrong as the VPN connection works as a tunnel. You can even use OpenVPN
through http-proxy...

Greetings

Christian
Les Mikesell
2009-11-12 13:45:27 UTC
Permalink
Post by Meel Me
You offer a good solution for people who connect to the Local Area
Network one a month or so.
But I will never connect to the Local Area Network. And when I'm abroad
for months, I'll (almost) always connect to the internet from behind a
* The BackupPC server doesn't know the ip-address of my laptop.
* Even if the BackupPC server would know my ip-address, then the request
of the BackupPC server would be blocked by the firewall.
That's why I want to set up the connection (over the internet) from my
laptop to the BackupPC server.
Do you know another solution?
A connection through openvpn is just like being directly on a LAN segment (or as
much like that as you want it to be) even though it is going over the internet.
You can configure it with known private IP addresses. It just needs one
(prefereably UDP) port permitted or forwarded (NAT is OK) in through the firewall.
--
Les Mikesell
***@gmail.com
Meel Me
2009-11-12 13:14:11 UTC
Permalink
Hello Jeffrey,

Thanks for your reply!

I tried your solution, but unfortunately I got an error message.

This is what I did:
I sshed successfully to my backuppc server.

Then I ran the following command:
/usr/share/backuppc/bin$ ./BackupPC_serverMesg backup <HOSTIP> <HOSTNAME> 1
(Where <HOSTIP> is the ip-address of my host and <HOSTNAME> is the name of my host)

This resulted in the following error:
Wrong user: my userid is <uid (number)>, instead of <uid (number)> (backuppc)
BackupPC::Lib->new failed

Then I tried to login as backuppc, but this failed. Probably because backuppc is a HTTP user.

When I run the ./BackupPC_serverMesg backup <HOSTIP> <HOSTNAME> 1 command locally on the backuppc server,
then I get the same error message.

FYI: I've got /usr/bin/sperl5.8.8
So perl should be installed with setuid emulation.

Can you tell me what I could do to make "./BackupPC_serverMesg backup <HOSTIP> <HOSTNAME> 1" working?
Or do you know a total other solution to reach the situation that I desire?

Thnx,

Wim


--- On Thu, 11/12/09, Jeffrey J. Kosowsky <***@kosowsky.org> wrote:
How is that easier than just sending the single line:
BackupPC_serverMsg backup HOSTIP HOST 0/1

You will need to have ssh connection or vpn anyway if you are
remote.
Jeffrey J. Kosowsky
2009-11-12 15:07:30 UTC
Permalink
Post by Meel Me
Hello Jeffrey,
Thanks for your reply!
I tried your solution, but unfortunately I got an error message.
I sshed successfully to my backuppc server.
/usr/share/backuppc/bin$ ./BackupPC_serverMesg backup <HOSTIP> <HOSTNAME> 1
(Where <HOSTIP> is the ip-address of my host and <HOSTNAME> is the name of my host)
Wrong user: my userid is <uid (number)>, instead of <uid (number)> (backuppc)
BackupPC::Lib->new failed
Then I tried to login as backuppc, but this failed. Probably because backuppc is a HTTP user.
When I run the ./BackupPC_serverMesg backup <HOSTIP> <HOSTNAME> 1 command locally on the backuppc server,
then I get the same error message.
FYI: I've got /usr/bin/sperl5.8.8
So perl should be installed with setuid emulation.
Can you tell me what I could do to make "./BackupPC_serverMesg backup <HOSTIP> <HOSTNAME> 1" working?
Or do you know a total other solution to reach the situation that I desire?
Thnx,
Just about all of the command line BackupPC commands need to be run as
user 'backuppc'. However, as you noticed, 'backuppc' is not set up as
a login account.

I guess you could enable it as a login account (using
your standard *nix command line or favorite gui) but while easy that
might not be best security practice. If you do that then you can either:
1. Set up the ssh connection to log in as user backuppc (i.e.,
put your public key in ~backuppc/.ssh on the remote server).
Then use ssh ***@server...
This way everything will be run as user backuppc
or
2. 'su' to user backuppc after you log in via ssh

Alternatively, you could run the individual commands as uid backuppc
using 'sudo -u backuppc' (You can also of course increase security by
restricting usage of 'sudo' to just the commands you need by
configuring /etc/sudoers).

I suppose you could also try 'suidperl' by doing something like
chown backuppc.<group you belong to> /usr/share/backupPC/bin/BackupPC_serverMsg
(or you could make the group 'backuppc' and add yourself to the
backuppc group)
chmod 4754 /usr/share/backupPC/bin/BackupPC_serverMsg
(If you don't have a recent enough version of Perl you may need to
also change the first line of the file to #!/usr/bin/suidperl)
Tyler J. Wagner
2009-11-12 23:18:25 UTC
Permalink
Post by Jeffrey J. Kosowsky
Just about all of the command line BackupPC commands need to be run as
user 'backuppc'. However, as you noticed, 'backuppc' is not set up as
a login account.
Note: "backuppc" has shell /bin/sh by default in the Debian/Ubuntu packages.
Which is by far the easiest way to setup and use BackupPC. apt-get install,
login via browser.

Regards,
Tyler
--
"A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders, give
orders, cooperate, act alone, solve equations, analyze a new problem,
pitch manure, program a computer, cook a tasty meal, fight efficiently,
die gallantly. Specialization is for insects."
-- Lazarus Long, "Time Enough for Love", by Robert A. Heinlein
Continue reading on narkive:
Loading...