Managing SSH chroots to backup a lot of machines
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jeremy Dubois 1fb0af4255 /srv is not on bsd systems 2 days ago
docs better install documentation (cron jobs) 1 month ago
lib Do not run inc / rm in background when not using btrfs 2 weeks ago
test Rewrite bats test 1 year ago
tpl Use lastlog in sshrc 1 year ago
.gitignore Add a Vagrantfile for test with Vagrant 2 years ago
LICENSE fix file name 2 years ago Improved and adjacent files. 1 year ago
Vagrantfile Don't force Vagrant::DEFAULT_SERVER_URL (doesn't work with recent Vagrant version) 2 months ago
bash_completion Subcommand list are now dynamic in bash completion 1 year ago
bkctld Do not create dirs in bkctld script 1 year ago
bkctld.8 Fix default bkctld.conf path in docs 1 year ago
bkctld.conf bkctld.conf: Add NODE by default 1 year ago
bkctld.conf.5 Fix default bkctld.conf path in docs 1 year ago
bkctld.service Transform bkctld SysVinit script into systemd oneshot service 1 year ago : whitespaces and braces 3 months ago : new script to quickly check last inc for jails 3 months ago
evobackup-incl.5 Switch documentation to mdoc(7) 1 year ago
zzz_evobackup /srv is not on bsd systems 2 days ago

Bkctld (aka evobackup)

Bkctld is a shell script that creates and manages a backup server which can handle the backups of many other servers (clients). It is licensed under the AGPLv3.

It uses SSH chroots (called “jails” in the FreeBSD world) to sandbox every clients backups. Each client will upload it's data every day using rsync in it's chroot (using the root account). Prior backups are stored incrementally outside of the chroot using hard links or BTRFS snapshots. (So they can not be affected by the client).

Using this method, we can keep a large quantity of backups of each client securely and efficiently.

                                    Backup server
Server 1 ------ SSH/rsync ------->  * tcp/2222 *
                                    *          *
Server 2 ------ SSH/rsync ------->  * tcp/2223 *

This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume) and has been used for many years by Evolix to backup hundreds of servers, totaling many terabytes of data, each day. bkctld has been tested on Debian Jessie and should be compatible with other Debian versions or derived distributions like Ubuntu.

A large enough volume must be mounted on /backup, we recommend the usage of BTRFS so you can use sub-volumes and snapshots. This volume can also be encrypted with LUKS.


See the installation guide for instructions.


You can deploy test environments with Vagrant :

vagrant up


Launch rsync-auto in a terminal for automatic synchronization of your local code with Vagrant VM :

vagrant rsync-auto


You can run bats tests with the test provision :

vagrant provision --provision-with test


See docs/

The man(1) page, in troff(7) language, can be generated with pandoc:

pandoc -f markdown \
	-t man \
	--template \
	-V title=bkctld \
	-V section=8 \
	-V date="$(date '+%d %b %Y')" \
	-V footer="$(git describe --tags)" \
	-V header="bkctld man page"

Client configuration

You can save various systems in the evobackup jails : Linux, BSD, Windows, MacOSX. The only prerequisite is the rsync command.

rsync -av -e "ssh -p SSH_PORT" /home/ root@SERVER_NAME:/var/backup/home/

An example synchronization script is present in zzz_evobackup, clone the evobackup repository and read the CLIENT CONFIGURATION section of the manual.

git clone
cd evobackup
man ./docs/bkctld.8