3.8 KiB
3.8 KiB
BKCTLD(8) - System Manager's Manual
NAME
bkctld - tool to manage evobackup jails
SYNOPSIS
bkctld
*operand...*]
# DESCRIPTION
**bkctld**
is a shell script that creates and manages a backup server
which can handle the backups of many other servers (clients).
It uses
ssh(1)
and
chroot(8)
to sandbox every client's backups.
Each client will upload it's data every day
using
rsync(1)
in it's
chroot(8)
(using the root account).
Dated copies (_incs_) of the data are stored outside of the
chroot(8)
using
ln(1)
hard links or BTRFS snapshots.
(So they can not be affected by the client),
Old dated copies (_incs_) are deleted every day according to the jail's policy, configured in
evobackup-incs-policy(5)
configuration file.
A large enough volume must be mounted on
*/backup*,
if the filesystem is formatted with BTRFS,
**bkctld**
will use sub-volumes and snapshots to save space.
It's default settings can be overridden in
bkctld.conf(5)
file.
The following operands are available:
**init** *jailname*
> Create an evobackup jail
**update** **all** | *jailname*
> Update an evobackup jail
**remove** \[-f|--force\] **all** | *jailname*
> Remove an evobackup jail
**start** **all** | *jailname*
> Start an evobackup jail
**stop** **all** | *jailname*
> Stop an evobackup jail
**reload** **all** | *jailname*
> Reload an evobackup jail
**restart** **all** | *jailname*
> Restart an evobackup jail
**sync** **all** | *jailname*
> Sync an evobackup jail, the mirror server is defined by the
> `$NODE`
> variable in
> */etc/default/bkctld*
**status** \[*jailname*]
> Print the status of all jails or only
> \[*jailname*].
**key** *jailname* \[*keyfile*]
> Print or set the
> ssh(1)
> public key of an evobackup jail
**port** *jailname* \[**auto** | *port*]
> Print or set the
> ssh(1)
> \[*port*]
> of an evobackup jail.
> Using
> \[**auto**]
> will set it to the next available port.
**ip** *jailname* \[**all** | *address*]
> Print or set the whitelisted IP
> \[*address*]
> for an evobackup jail.
> \[**all**]
> allows unrestricted access and is the default.
**inc**
> Generate a dated copy of the jail
**rm**
> Remove old dated copies of the jail
# FILES
*/etc/default/bkctld*
> Template for
> bkctld.conf(5)
*/usr/share/bkctld/incs-policy.tpl*
> Default rules for the dated copies retention policy.
# EXAMPLES
Before creating a jail and backing up a client,
the backup server administrator will need:
* The host name of the client system.
* The public SSH key
ssh(1)
key for the
"root"
user of the client system,
it is recommended the private key be password-less if automation is desired.
* The IPv4 address of the client system is needed
if the administrator wishes to maintain a whitelist,
see
*FIREWALL\_RULES*
in
bkctld.conf(5)
He can then create the jail:
# bkctld init <JAIL_NAME>
# bkctld key-add <JAIL_NAME> /root/<JAIL_NAME>.pub
# bkctld ip-add <JAIL_NAME> <IP_OR_CIDR>
# bkctld start <JAIL_NAME>
# bkctld status <JAIL_NAME>
And override the default
evobackup-incs-policy(5)
rules
# $EDITOR /etc/evobackup/<JAIL_NAME>.d/incs_policy
To sync itself,
the client server will need to install
rsync(1).
It can then be run manually:
# rsync -av -e "ssh -p <JAIL_PORT>" /home/ root@<BACKUP_SERVER>:/var/backup/home/
If a more automated setup is required,
a script can be written in any programming language.
In this case,
it may be useful to validate the backup server's identity before hand.
# ssh -p <JAIL_PORT> root@<BACKUP_SERVER> -t exit
A
bash(1)
example to be run under the
"root"
user's
crontab(5)
can be found in the
[source repository](https://gitea.evolix.org/evolix/evobackup/src/branch/master/zzz_evobackup)
# SEE ALSO
rsync(1),
ssh-keygen(1),
bkctld(5),
evobackup-incs-policy(5),
chroot(8),
cron(8),
sshd(8)
# AUTHORS
Victor Laborie, Jérémy Lecour and others at Evolix
OpenBSD 6.4 - December 27, 2018