Managing SSH chroots to backup a lot of machines
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jérémy Lecour 242153b472 Make local and sync tasks skipable. 9 hours ago
docs Fix default bkctld.conf path in docs 6 months ago
lib Use mktemp for keepfile and rm it after usage (Fix #9) 6 months ago
test Rewrite bats test 7 months ago
tpl Use lastlog in sshrc 7 months ago
.gitignore Add a Vagrantfile for test with Vagrant 1 year ago
LICENSE fix file name 2 years ago Improved and adjacent files. 7 months ago
Vagrantfile Fix shell error on vagrant provision 7 months ago
bash_completion Subcommand list are now dynamic in bash completion 7 months ago
bkctld Do not create dirs in bkctld script 7 months ago
bkctld.8 Fix default bkctld.conf path in docs 6 months ago
bkctld.conf bkctld.conf: Add NODE by default 5 months ago
bkctld.conf.5 Fix default bkctld.conf path in docs 6 months ago
bkctld.service Transform bkctld SysVinit script into systemd oneshot service 7 months ago Add a script 4 months ago
evobackup-incl.5 Switch documentation to mdoc(7) 7 months ago
zzz_evobackup Make local and sync tasks skipable. 9 hours ago

Bkctld (aka evobackup)

Bkctld is a shell script that creates and manages a backup server which can handle the backups of many other servers (clients). It is licensed under the AGPLv3.

It uses SSH chroots (called “jails” in the FreeBSD world) to sandbox every clients backups. Each client will upload it’s data every day using rsync in it’s chroot (using the root account). Prior backups are stored incrementally outside of the chroot using hard links or BTRFS snapshots. (So they can not be affected by the client).

Using this method, we can keep a large quantity of backups of each client securely and efficiently.

                                    Backup server
Server 1 ------ SSH/rsync ------->  * tcp/2222 *
                                    *          *
Server 2 ------ SSH/rsync ------->  * tcp/2223 *

This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume) and has been used for many years by Evolix to backup hundreds of servers, totaling many terabytes of data, each day. bkctld has been tested on Debian Jessie and should be compatible with other Debian versions or derived distributions like Ubuntu.

A large enough volume must be mounted on /backup, we recommend the usage of BTRFS so you can use sub-volumes and snapshots. This volume can also be encrypted with LUKS.


See the installation guide for instructions.


You can deploy test environments with Vagrant :

vagrant up


Launch rsync-auto in a terminal for automatic synchronization of your local code with Vagrant VM :

vagrant rsync-auto


You can run bats tests with the test provision :

vagrant provision --provision-with test


See docs/

The man(1) page, in troff(7) language, can be generated with pandoc:

pandoc -f markdown \
	-t man \
	--template \
	-V title=bkctld \
	-V section=8 \
	-V date="$(date '+%d %b %Y')" \
	-V footer="$(git describe --tags)" \
	-V header="bkctld man page"

Client configuration

You can save various systems in the evobackup jails : Linux, BSD, Windows, MacOSX. The only prerequisite is the rsync command.

rsync -av -e "ssh -p SSH_PORT" /home/ root@SERVER_NAME:/var/backup/home/

An example synchronization script is present in zzz_evobackup, clone the evobackup repository and read the CLIENT CONFIGURATION section of the manual.

git clone
cd evobackup
man ./docs/bkctld.8