Managing SSH chroots to backup a lot of machines
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
Victor Laborie 0044d6ed4b Merge branch 'use-mdoc' of evolix/evobackup into master il y a 2 semaines
docs Fix default bkctld.conf path in docs il y a 2 semaines
lib Do not create dirs in bkctld script il y a 2 semaines
test Rewrite bats test il y a 2 semaines
tpl Use lastlog in sshrc il y a 2 semaines
.gitignore Add a Vagrantfile for test with Vagrant il y a 11 mois
LICENSE fix file name il y a 1 an Improved and adjacent files. il y a 1 mois
Vagrantfile Fix shell error on vagrant provision il y a 2 semaines
bash_completion Subcommand list are now dynamic in bash completion il y a 2 semaines
bkctld Do not create dirs in bkctld script il y a 2 semaines
bkctld.8 Fix default bkctld.conf path in docs il y a 2 semaines
bkctld.conf Improved and adjacent files. il y a 1 mois
bkctld.conf.5 Fix default bkctld.conf path in docs il y a 2 semaines
bkctld.service Transform bkctld SysVinit script into systemd oneshot service il y a 2 semaines
evobackup-incl.5 Switch documentation to mdoc(7) il y a 1 mois
zzz_evobackup Break line after every contributor name il y a 2 semaines

Bkctld (aka evobackup)

Bkctld is a shell script that creates and manages a backup server which can handle the backups of many other servers (clients). It is licensed under the AGPLv3.

It uses SSH chroots (called “jails” in the FreeBSD world) to sandbox every clients backups. Each client will upload it’s data every day using rsync in it’s chroot (using the root account). Prior backups are stored incrementally outside of the chroot using hard links or BTRFS snapshots. (So they can not be affected by the client).

Using this method, we can keep a large quantity of backups of each client securely and efficiently.

                                    Backup server
Server 1 ------ SSH/rsync ------->  * tcp/2222 *
                                    *          *
Server 2 ------ SSH/rsync ------->  * tcp/2223 *

This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume) and has been used for many years by Evolix to backup hundreds of servers, totaling many terabytes of data, each day. bkctld has been tested on Debian Jessie and should be compatible with other Debian versions or derived distributions like Ubuntu.

A large enough volume must be mounted on /backup, we recommend the usage of BTRFS so you can use sub-volumes and snapshots. This volume can also be encrypted with LUKS.


See the installation guide for instructions.


You can deploy test environments with Vagrant :

vagrant up


Launch rsync-auto in a terminal for automatic synchronization of your local code with Vagrant VM :

vagrant rsync-auto


You can run bats tests with the test provision :

vagrant provision --provision-with test


See docs/

The man(1) page, in troff(7) language, can be generated with pandoc:

pandoc -f markdown \
	-t man \
	--template \
	-V title=bkctld \
	-V section=8 \
	-V date="$(date '+%d %b %Y')" \
	-V footer="$(git describe --tags)" \
	-V header="bkctld man page"

Client configuration

You can save various systems in the evobackup jails : Linux, BSD, Windows, MacOSX. The only prerequisite is the rsync command.

rsync -av -e "ssh -p SSH_PORT" /home/ root@SERVER_NAME:/var/backup/home/

An example synchronization script is present in zzz_evobackup, clone the evobackup repository and read the CLIENT CONFIGURATION section of the manual.

git clone
cd evobackup
man ./docs/bkctld.8