BackupPC Documentation

BackupPC Introduction

This documentation describes BackupPC version 4.4.0, released on 20 Jun 2020.

Overview

BackupPC is a high-performance, enterprise-grade system for backing up Unix, Linux, WinXX, and MacOSX PCs, desktops and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain.

Given the ever decreasing cost of disks and raid systems, it is now practical and cost effective to backup a large number of machines onto a server's local disk or network storage. For some sites this might be the complete backup solution. For other sites additional permanent archives could be created by periodically backing up the server to tape.

Features include:

A clever pooling scheme minimizes disk storage and disk I/O. Identical files across multiple backups of the same or different PC are stored only once, resulting in substantial savings in disk storage and disk writes.

Compression provides additional reductions in storage, depending on the type of data being backed up. The CPU impact of compression is low since only new files (those not already in the pool) need to be compressed.

A powerful http/cgi user interface allows administrators to view the current status, edit configuration, add/delete hosts, view log files, and allows users to initiate and cancel backups and browse and restore files from backups.

The http/cgi user interface has internationalization (i18n) support, currently providing English, French, German, Spanish, Italian, Dutch, Polish, Portuguese-Brazilian, Chinese, Polish, Czech, Japanese, Ukrainian, and Russian.

No client-side software is needed. On WinXX the standard smb protocol is used to extract backup data. On linux, unix or MacOSX clients, rsync, tar (over ssh/rsh/nfs) or ftp is used to extract backup data. Alternatively, rsync can also be used on WinXX (using cygwin), since rsync provides for efficient transfers and allows incremental backups to detect almost all changes.

Flexible restore options. Single files can be downloaded from any backup directly from the CGI interface. Zip or Tar archives for selected files or directories from any backup can also be downloaded from the CGI interface. Finally, direct restore to the client machine (using smb or tar) for selected files or directories is also supported from the CGI interface.

BackupPC supports mobile environments where laptops are only intermittently connected to the network and have dynamic IP addresses (DHCP). Configuration settings allow machines connected via slower WAN connections (eg: dial up, DSL, cable) to not be backed up, even if they use the same fixed or dynamic IP address as when they are connected directly to the LAN.

Flexible configuration parameters allow multiple backups to be performed in parallel, specification of which shares to backup, which directories to backup or not backup, various schedules for full and incremental backups, schedules for email reminders to users and so on. Configuration parameters can be set system-wide or also on a per-PC basis.

Users are sent periodic email reminders if their PC has not recently been backed up. Email content, timing and policies are configurable.

BackupPC is Open Source software hosted by GitHub.

BackupPC 4.0

This is the first release of 4.0, which is a significant rewrite of BackupPC. This section provides a short overview of the changes and features in 4.0.

Here's a short summary of what has changed in V4:

No use of hardlinks (except temporarily to do atomic renames). Reference counting is handled at the application level in a batch manner (hardlinks will still remain for any legacy V3 backups).

Backups are stored as "reverse deltas" - the most recent backup is always filled and older backups are reconstituted by merging all the deltas starting with the nearest future filled backup and working backwards. This is the opposite of V3 where incrementals are stored as "forward deltas" to a prior backup (typically the last full backup or prior lower-level incremental backup, or the last full in the case of rsync).

Since the most recent backup is filled, viewing/restoring that backup (which is the most common backup used) doesn't require merging any deltas from other backups.

The concepts of incr/full backups and unfilled/filled storage are decoupled. The most recent backup is always filled. By default, for the remaining backups, full backups are filled and incremental backups are unfilled, but that is configurable.

Uses full-file MD5 digests, which are stored in the directory attrib files. Each backup directory only contains an empty attrib file whose name includes its own MD5 digest, which is used to look up the attrib file's contents in the pool. In turn, that file contains the metadata for every file in that directory, including each files's MD5 digest.

The Pool layout still supports chains to handle md5 collisions. While collisions can be constructed and are now well-known, they are highly unlikely in the wild. Pool files are never renamed or moved, unlike V3.

Any backup can be deleted (deltas are merged into next older backup if it is not filled).

The reverse deltas allow "infinite incrementals" - no need for a full backup if you are willing to trade speed for the risk that a file change will not be detected if the metadata (eg, mtime or size) doesn't change.

An rsync "full" backup now uses --checksum (instead of --ignore-times), which is much more efficient on the server side - the server just needs to check the full-file checksum computed by the client, together with the mtime, nlinks, size attributes, to see if the file has changed. If you want a more conservative approach, you can change it back to --ignore-times, which requires the server to send block checksums to the client.

The use of rsync --checksum allows BackupPC to guess a potential match anywhere in the pool, even on a first-time backup. In that case, the usual rsync block checksums are still exchanged to make sure the complete file is identical.

Uses a modified rsync called rsync_bpc (currently based on rsync-3.0.9) on the server side (in place of File::RsyncP), with a C code interface to the BackupPC storage. So the whole data path for rsync is now in compiled C code, which is much faster than perl.

Due to the use of rsync-3.X, acls and xattrs are supported, and many other useful options (but not all) are supported. Rsync protocol 30 supports the efficient incremental file list, which significantly improves memory usage and startup time. It also supports MD5 full-file checksums, which match BackupPC's new digest. That allows a full-file digest to be checked as easily as an mtime on the server side.

Significant portions of the BackupPC code are now compiled C code in a new module called BackupPC::XS that is dynamically linked to perl.

Here is a more detailed discussion:

Completely new backup storage. No hardlinks! Backups are stored as reverse deltas, with the most recent backup always filled. Prior backup "n" contains the changes relative to prior backup "n+1".

Since every backup is based on the last filled backup, the concept of incremental levels is removed.

Example: let's assume backup #4 is the most recent, and therefore filled, and backups #0..3 are not filled. Backups #0..3 store just the necessary reverse changes needed to reconstruct those backups, relative to the next backup. - To view/restore backup #4, all the information is stored in backup #4. - To view/restore backup #3, backup #4 (the filled one), is merged with the deltas in #3. - To view/restore backup #2, backup #4 (the filled one), is merged with the deltas in #3 and #2 - etc. When a new backup is started (#5), we begin by renaming backup #4 to #5. At that instant, backup #4 storage is now empty (which means backups #4 and #5 are currently identical). As the backup runs, changes are made to #5 with the changed/new files in place, and the opposite changes are added to backup #4, to keep the "view" of backup #4 unchanged. After the backup is done, #5 is now the filled version of the latest backup, and #4 contains the changes necessary to turn #5 back into the state when backup #4 was done. If there are no changes detected in the new backup, the storage tree for #4 will be empty. If just one file changed, the new file will be below #5, and the prior file will be below #4 (well, technically not quite true, since files aren't stored below the backup trees; more correctly, the attrib file in #5 will point to the new pool file, and the attrib file in #4 will point to the old pool file).

The concepts of incr/full backups and unfilled/filled storage are now decoupled. The most recent backup is always filled (whether or not the last backup was a full or incr). Certain older backups can be filled for convenience to make restoring old backups faster (because fewer backups need to be merged), and are used to specify expiry schedules.

When a backup starts, there are several different cases that determine how the backups are stored and whether prior deltas are stored: No existing backups: create a new backup #0 and do a full backup in place (ie: no prior deltas are stored). V3 backups exist, but no V4 backups. The last V3 backup is duplicated into V4 format, and a full backup is done in place (ie: no prior deltas are stored). Last V4 backup is a full, or more than $Conf{FillCycle} since last filled backup. The last backup is duplicated to create a new filled backup, and the new backup is done in place (ie: no prior deltas are stored). There are V4 backups and it's less than $Conf{FillCycle} since last one is filled. Renumber the last backup to #n+1, and put the reverse deltas in initially empty backup tree #n. CompressLevel has toggled on/off between backups. This isn't well tested and it's very hard to support efficiently. We treat this as a brand new (empty) backup in place, that is therefore filled. That way we won't need to merge between backups with compress on/off. Last backup was a V4 partial. If prior V4 backup is filled (and not partial), then just do another in-place backup. Otherwise, treat as case 4. When complete (whether successful or another partial), delete the prior deltas in #n, which merges the cumulative changes into #n-1.

The treatment of a "Partial" backup has changed. Unlike in V3 where partials are removed prior to the next backup, in V4 partials are kept and are used as the starting point for the next backup. See case 6 above. If the new backup fails, if no files have been backed up, the empty backup #n is removed.

Backups are stored as mangled directory trees, but each directory only contains an "attrib" file. The attrib file is zero-length, and its name includes the MD5 digest so the contents can be looked up in the pool. The attrib contents in the pool contains the directory contents: for each file, that means the metadata, xattrs and the MD5 digest of the file contents.

A modified rsync called rsync_bpc, based on rsync 3.0.9, is used on the server side, with a C code layer that emulates all the file-system OS calls to be compatible with the BackupPC store. That means for rsync, the data path is now fully in compiled C, which should mean a significant speedup. It also means many (but not all) of the rsync options are supported natively.

Significant parts of the BackupPC storage and pooling code have been written in C (the same code is used in the server rsync_bpc). BackupPC::FileZIO, BackupPC::PoolWrite, BackupPC::Attrib, BackupPC::AttribCache and BackupPC::PoolRefCnt (reference counting and storage) are all replaced with BackupPC::XS, a C-code perl extension.

Extended attributes (xattr) are supported. Rsync is configured to "store acls using xattr", meaning both acls and xattrs are supported.

infinite incrementals with rsync are supported. The most recent backup is always filled, so an incremental will still leave the most recent backup filled.

any V4 backup can be deleted - dependencies are merged into the next older backup if it isn't already filled.

file digests are full-file MD5. Collisions are much more unlikely than V3, but still possible. Duplicates are implemented with an extension to the 16 byte MD5 digest (ie: 16 bytes for plain file, 17 bytes for next 255 duplicates etc).

V4 pool files are stored in a new hierarchy, two levels deep, with 7 bits at each level (ie: 128 directories at top-level, and each with 128 directories at next level).

V4 pool files are never moved or renamed.

Inodes for hardlinked files are stored in each backup tree. This makes backing up hardlinks accurate, compared to V3, and provides for consistent inode numbering across backups.

zero-sized files or empty attribute files don't get written or pooled.

the elimination of hardlinks means that reference counting has to be maintained by the BackupPC code. This is one of the riskiest area in terms of development and testing. Reference counts are maintained per-backup, per-host, and for the whole pool. Each operation that changes reference counts (eg: doing a new backup, deleting a backup, or duplicating (filling) a backup) creates one or more poolRefDelta files in that client's backup directory (ie: TopDir/pc/HOST/NNN). These files are lists of MD5 digests, and corresponding counts deltas. Each night, BackupPC_nightly runs BackupPC_refCountUpdate, which, for each host, updates the per-host reference count database with the new deltas. It then combines all the per-host reference count files to create the global pool reference count database. BackupPC_refCountUpdate can run concurrently with backups. If you still have V3 backups and pool, BackupPC_nightly still needs to run and check for old V3 pool files that can be deleted. But since there are no new V3 backups happening, BackupPC_nightly can run concurrently with backups.

There is a new utility BackupPC_fsck that can check/fix the per-host and global reference counts. The per-host reference count database is verified by parsing all the attrib files in each backup tree. The global reference count database is verified by combing all the per-host reference count databases and comparing them. BackupPC_fsck cannot run when BackupPC is.

When BackupPC_refCountUpdate updates the overall reference counts, it removes pool files that have a reference count of zero. To avoid race conditions, it uses a two-phase process. It first flags files that have zero reference counts using one of the file attributes. The next time it runs (typically 24 hours later), any flagged files that still have zero reference count are then removed. The rest of the code knows not to use flagged pool files to avoid race conditions.

Progress indication: a simple status that shows the number of files processed so far. It's hard to convert that to a percentage, since the total isn't known until the end of the backup. But knowing the number of files is quite helpful, since you can get an idea of the expected total based on the prior backups, or knowing what configuration you have changed (ie: adding a large new tree).

BackupPC_link is removed since it is no longer used.

Since files are no longer stored in backup trees, browsing the backup trees is even harder than V3 (where you just had to deal with mangling). A new utility BackupPC_ls acts like "ls -l", showing accurate directory listings of files, together with the MD5 digests. BackupPC_ls can be given either an explicit hostname, number, and unmangled path, or can be given the full (mangled) path, which makes it easier to use directory completion. It should be possible to configure tcsh and bash, together with some new hooks in BackupPC_ls, to give a more natural file/directory completion. BackupPC_zcat also can take just the MD5 digest (which you can paste from BackupPC_ls). Currently BackupPC_zcat doesn't support the tree parsing that BackupPC_ls does (it can only zcat actual files), but that should be easy to rectify.

Configuration for expiry: since full/incr are decoupled from filled/unfilled, expiry is a bit trickier. The convention for expiry parameters is "FullKeepPeriod/FullKeepCnt" etc refer to Filled backups, and "IncrKeepPeriod/IncrKeepCnt" refer to Unfilled backups.

V3 migration: nothing specific is needed. V4 can browse/view/restore V3 backups. When you install V4, no changes are made to any V3 backups. If you are upgrading from V3, be sure to set $Conf{PoolV3Enabled} to 1 so the old V3 pool is searched for matching files. When you install V4, it will notice that the V3 pool exists. Running configure.pl should set $Conf{PoolV3Enabled} to 1 in that case, but you should be sure to check that. When a V4 backup is first done, BackupPC_backupDuplicate is run to duplicate the most recent V3 backup to create a new V4 backup. A "filled" view of the most recent V3 backup is used to create a "filled" V4 backup tree. This step could be time consuming, since every file needs to be read (as a V3 file) and written as a V4 file. However, the V4 pooling code knows about the V3 pool, so it will move the V3 pool file into the V4 pool. So this duplication process doesn't burn a lot of pool storage space, but every file still needs to be read (to compute the MD5 digest) and "written" (really just matching/linking). Expiry: all the V3 + V4 backups are considered on a combined basis for expiry checking. On a clean new V4 install, the steps of computing and checking V3 digests is eliminated. Downgrading V4->V3: Not tested and not recommended. In theory you can remove any new V4 backups, remove the V4 pool itself, and you should be able to re-install V3 and still have access to your original full working V3 store (except for any V3 backups that V4 might have routinely removed based on normal backup expiry configuration). However, any V3 pool files moved to V4 will no longer be in the V3 pool. So subsequent V3 backups will burn more storage as files get re-added to the old V3 pool. Hopefully downgrading isn't necessary...

Optimizations: the C code implementation should give a significant performance advantage, as well as the more flexible. Potential V4 optimizations that are planned, but not yet implemented, include: rsync-bpc doesn't support checksum caching. rsync-bpc with --ignore-times actually reads each unchanged file three times, and writes it once (normal rsync reads twice and writes once; the extra one is due to compression). Some careful optimization can eliminate two reads and the write. The final read can be eliminated with checksum caching. BackupPC_refCountUpdate, BackupPC_fsck, BackupPC_backupDuplicate, BackupPC_backupDelete are all single-threaded.



Backup basics

Full Backup A full backup is a complete backup of a share. BackupPC can be configured to do a full backup at a regular interval (typically weekly). BackupPC can be configured to keep a certain number of full backups. Exponential expiry is also supported, allowing full backups with various vintages to be kept (for example, a settable number of most recent weekly fulls, plus a settable number of older fulls that are 2, 4, 8, or 16 weeks apart). Incremental Backup An incremental backup is a backup of files that have changed since the last successful backup. Rsync is the best option for BackupPC. Any files whose attributes have changed (ie: uid, gid, mtime, modes, size) since the last full are backed up. Deleted, new files and renamed files are detected by rsync incrementals. For SMB and tar, BackupPC uses the modification time (mtime) to determine which files have changed since the last backup. That means SMB and tar incrementals are not able to detect deleted files, renamed files or new files whose modification time is prior to the last lower-level backup. BackupPC can also be configured to keep a certain number of incremental backups, and to keep a smaller number of very old incremental backups. BackupPC "fills-in" incremental backups when browsing or restoring, based on the levels of each backup, giving every backup a "full" appearance. This makes browsing and restoring backups much easier: you can restore from any one backup independent of whether it was an incremental or full. Partial Backup When a full or incremental backup fails or is canceled, the most recent backup is labeled "partial". Prior to V4, that backup was incomplete, and would be deleted when the next backup completed. In V4 a partial backup denotes that the last backup is incomplete. However, since V4 does backup updating in place, it represents the best and latest backup. A partial backup can be browsed or used to restore files just like a successful full or incremental backup. And it will be used as the starting point for the next backup attempt. Identical Files BackupPC pools identical files. By "identical files" we mean files with identical contents, not necessary the same permissions, ownership or modification time. Two files might have different permissions, ownership, or modification time but will still be pooled whenever the contents are identical. This is possible since BackupPC stores the file metadata (permissions, ownership, and modification time) separately from the file contents. Prior to V4, identical files were stored using hardlinks. In V4+, hardlinks are eliminated (except for temporary atomic renames), and reference counting is done at the application level. Backup Policy Based on your site's requirements you need to decide what your backup policy is. BackupPC is not designed to provide exact re-imaging of failed disks. See "Some Limitations" for more information. However, with rsync and tar transports for linux/unix clients, plus full support for special file types, extended attributes etc, likely means an exact image of a linux/unix file system can be made. BackupPC saves backups onto disk. Because of pooling you can relatively economically keep several weeks or months of old backups. At some sites the disk-based backup will be adequate, without a secondary offsite cloud, disk or tape backup. This system is robust to any single failure: if a client disk fails or loses files, the BackupPC server can be used to restore files. If the server disk fails, BackupPC can be restarted on a fresh file system, and create new backups from the clients. The chance of the server disk failing can be made very small by spending more money on increasingly better RAID systems. However, there is still the risk of catastrophic events like fires or earthquakes that can destroy both the BackupPC server and the clients it is backing up if they are physically nearby. Some sites might choose to do periodic backups to tape or cd/dvd. This backup can be done perhaps weekly using the archive function of BackupPC. Other users have reported success with removable disks to rotate the BackupPC data drives, or using rsync to mirror the BackupPC data pool offsite. In V4, since hardlinks are not used permanently, duplicating a V4 pool is much easier, allowing remote copying of the pool.

Resources

BackupPC home page The BackupPC project page is at: https://backuppc.github.io/backuppc This page has links to the current documentation, github project source and general information. Github BackupPC development is hosted on github: https://github.com/backuppc Releases for BackupPC and the required packages BackupPC-XS and rsync-bpc are available at: https://github.com/backuppc/backuppc/releases https://github.com/backuppc/backuppc-xs/releases https://github.com/backuppc/rsync-bpc/releases BackupPC Wiki BackupPC has a Wiki at https://github.com/backuppc/backuppc/wiki. Everyone is encouraged to contribute to the Wiki. Anyone with a Github account can edit the Wiki. Mailing lists Three BackupPC mailing lists exist for announcements (backuppc-announce), developers (backuppc-devel), and a general user list for support, asking questions or any other topic relevant to BackupPC (backuppc-users). The lists are archived on SourceForge: https://sourceforge.net/p/backuppc/mailman/backuppc-users/ You can subscribe to these lists by visiting: http://lists.sourceforge.net/lists/listinfo/backuppc-announce http://lists.sourceforge.net/lists/listinfo/backuppc-users http://lists.sourceforge.net/lists/listinfo/backuppc-devel The backuppc-announce list is moderated and is used only for important announcements (eg: new versions). It is low traffic. You only need to subscribe to one of backuppc-announce and backuppc-users: backuppc-users also receives any messages on backuppc-announce. The backuppc-devel list is only for developers who are working on BackupPC. Do not post questions or support requests there. But detailed technical discussions should happen on this list. To post a message to the backuppc-users list, send an email to backuppc-users@lists.sourceforge.net Do not send subscription requests to this address! Other Programs of Interest If you want to mirror linux or unix files or directories to a remote server you should use rsync, http://rsync.samba.org. BackupPC uses rsync as a transport mechanism; if you are already an rsync user you can think of BackupPC as adding efficient storage (compression and pooling) and a convenient user interface to rsync. Two popular open source packages that do tape backup are Amanda (http://www.amanda.org) and Bacula (http://www.bacula.org). These packages can be used as complete solutions, or also as back ends to BackupPC to backup the BackupPC server data to tape. Avery Pennarun's bup (https://github.com/bup/bup) uses the git packfile format to do efficient incrementals and deduplication. Various programs and scripts use rsync to provide hardlinked backups. See, for example, Mike Rubel's site (http://www.mikerubel.org/computers/rsync_snapshots), JW Schultz's dirvish (http://www.dirvish.org/), Ben Escoto's rdiff-backup (http://www.nongnu.org/rdiff-backup), and John Bowman's rlbackup (http://www.math.ualberta.ca/imaging/rlbackup). BackupPC provides many additional features, such as compressed storage, deduplicating any matching files (rather than just files with the same name), and storing special files without root privileges. But these other programs provide simple, effective and fast solutions and are definitely worthy of consideration.

Road map

The new features planned for future releases of BackupPC are on the Wiki at https://github.com/backuppc/backuppc/wiki.

Comments and suggestions are welcome.

You can help

BackupPC is free. I work on BackupPC because I enjoy doing it and I like to contribute to the open source community.

BackupPC already has more than enough features for my own needs. The main compensation for continuing to work on BackupPC is knowing that more and more people find it useful. So feedback is certainly appreciated, both positive and negative.

Also, everyone is encouraged to contribute patches, bug reports, feature and design suggestions, new code, Wiki additions (you can do those directly) and documentation corrections or improvements. Answering questions on the mailing list is a big help too.

Installing BackupPC

Requirements

BackupPC requires:

A linux, solaris, or unix based server with a substantial amount of free disk space (see the next section for what that means). The CPU and disk performance on this server will determine how many simultaneous backups you can run. You should be able to run 4-8 simultaneous backups on a moderately configured server. It is also recommended you consider either an LVM or RAID setup so that you can expand the file system as necessary.

Perl version 5.8.0 or later. If you don't have perl, please see http://www.cpan.org.

The perl modules BackupPC::XS (version >= 0.50) is required, and several others, File::Listing, Archive::Zip, XML::RSS, JSON::XS, Net::FTP, Net::FTP::RetrHandle, Net::FTP::AutoReconnect are recommended. Try "perldoc BackupPC::XS" and "perldoc Archive::Zip" to see if you have these modules. If not, fetch them from http://www.cpan.org and see the instructions below for how to build and install them. The CGI Perl module is required for the http/cgi user interface. CGI was a core module, but from version 5.22 Perl no longer ships with it.

If you are using rsync to backup linux/unix machines you should have rsync on each client machine. Version 3+ is strongly recommended, but earlier versions will work too. See http://rsync.samba.org. Use "rsync --version" to check your version. For BackupPC to use Rsync you will also need to install rsync-bpc on the server.

If you are using smb to backup WinXX machines you need smbclient and nmblookup from the samba package. You will also need nmblookup if you are backing up linux/unix DHCP machines. See http://www.samba.org. See http://www.samba.org for source and binaries. It's pretty easy to fetch and compile samba, and just grab smbclient and nmblookup, without doing the installation. Alternatively, http://www.samba.org has binary distributions for most platforms.

If you are using tar to backup linux/unix machines, those machines should have version 1.13.20 or higher recommended. Use "tar --version" to check your version. Various GNU mirrors have the newest versions of tar; see http://www.gnu.org/software/tar/.

The Apache web server, see http://www.apache.org, preferably built with mod_perl support.

If rrdtool is installed on the BackupPC server, graphs of the pool usage will be maintained and displayed. To enable the graphs, point $Conf{RrdToolPath} to the rrdtool executable.

What type of storage space do I need?

Starting with 4.0.0, BackupPC no longer uses hardlinks for storage of deduplicated files. However, hardlinks are still used temporarily in a few places for doing atomic renames, with a fallback doing a file copy if the hardlink fails, and files are moved (renamed) across various paths that turn into expensive file copies if they span multiple file systems.

So ideally BackupPC's data store (__TOPDIR__) is a single file system that supports hardlinks. It is ok to use a single symbolic link at the top-level directory (__TOPDIR__) to point the entire data store somewhere else). You can of course use any kind of RAID system or logical volume manager that combines the capacity of multiple disks into a single, larger, file system. Such approaches have the advantage that the file system can be expanded without having to copy it.

Any standard linux or unix file system supports hardlinks. NFS mounted file systems work too (provided the underlying file system supports hardlinks). But windows based FAT and NTFS file systems will not work.

In BackupPC 3.x, hardlinks are fundamental to deduplication, so a startup check is done ensure that the file system can support hardlinks, since this is a common area of configuration problems in v3. In 4.x, that check is only done if the pool still contains v3 backups and pool files.

How much disk space do I need?

Here's one real example (circa 2002) for an environment that is backing up 65 laptops with compression off. Each full backup averages 3.2GB. Each incremental backup averages about 0.2GB. Storing one full backup and two incremental backups per laptop is around 240GB of raw data. But because of the pooling of identical files, only 87GB is used. This is without compression.

Another example, with compression on: backing up 95 laptops, where each backup averages 3.6GB and each incremental averages about 0.3GB. Keeping three weekly full backups, and six incrementals is around 1200GB of raw data. Because of pooling and compression, only 150GB is needed.

Here's a rule of thumb. Add up the disk usage of all the machines you want to backup (210GB in the first example above). This is a rough minimum space estimate that should allow a couple of full backups and at least half a dozen incremental backups per machine. If compression is on you can reduce the storage requirements by maybe 30-40%. Add some margin in case you add more machines or decide to keep more old backups.

Your actual mileage will depend upon the types of clients, operating systems and applications you have. The more uniform the clients and applications the bigger the benefit from pooling common files.

In addition to total disk space, you should make sure you have plenty of inodes on your BackupPC data partition. Some users have reported running out of inodes on their BackupPC data partition. So even if you have plenty of disk space, BackupPC will report failures when the inodes are exhausted. This is a particular problem with ext2/ext3 file systems that have a fixed number of inodes when the file system is built. Use "df -i" to see your inode usage.

Step 1: Getting BackupPC

Many linux distributions now include BackupPC, so installing BackupPC via your package manager is the best approach.

For example, for Debian, supported by Ludovic Drolez, can be found at http://packages.debian.org/backuppc and is included in the current stable Debian release. On Debian, BackupPC can be installed with the command:

apt-get install backuppc

You should also install rsync-bpc; the BackupPC package might include it already, but if not:

apt-get install rsync-bpc

If those commands work, you can skip to Step 3.

Alternatively, manually fetching and installing BackupPC is easy. Start by downloading the latest version from

https://github.com/backuppc/backuppc/releases

Step 2: Installing the distribution

Note: most information in this step is only relevant if you build and install BackupPC yourself. If you use a package provided by a distribution, the package management system should take of installing any needed dependencies.

First off, there are several perl modules you should install. The first one, BackupPC::XS, is required. The others are optional but highly recommended. Use either your linux package manager, or the cpan command, or follow the instructions in the README files to install these packages:

BackupPC::XS Significant portions of BackupPC are implemented in C code contained in this module. You can run "perldoc BackupPC::XS" to see if this module is installed. You need to have version >= 0.50. BackupPC::XS is available from: https://github.com/backuppc/backuppc-xs/releases and also CPAN. Archive::Zip To support restore via Zip archives you will need to install Archive::Zip, also from http://www.cpan.org. You can run "perldoc Archive::Zip" to see if this module is installed. XML::RSS To support the RSS feature you will need to install XML::RSS, also from http://www.cpan.org. There is not need to install this module if you don't plan on using RSS. You can run "perldoc XML::RSS" to see if this module is installed. JSON::XS To support the JSON formated metrics you will need to install JSON::XS, also from http://www.cpan.org. There is not need to install this module if you don't plan on using JSON formated metrics. You can run "perldoc JSON::XS" to see if this module is installed. CGI The CGI Perl module is required for the http/cgi user interface. CGI was a core module, but from version 5.22 Perl no longer ships with it so you'll need to install it if you are using a recent version of perl. SCGI The SCGI Perl module is required to use the S/CGI protocol for the http/cgi user interface. File::Listing, Net::FTP, Net::FTP::RetrHandle, Net::FTP::AutoReconnect To use ftp with BackupPC you will need four libraries, but actually need to install only File::Listing from http://www.cpan.org. You can run "perldoc File::Listing" to see if this module is installed. Net::FTP is a standard module. Net::FTP::RetrHandle and Net::FTP::AutoReconnect included in BackupPC distribution.

To build and install these packages you should use the cpan command. At the prompt, type

install BackupPC::XS

Alternatively, if you want to install these manually, you can fetch the tarball from http://www.cpan.org and then run these commands:

tar zxvf BackupPC-XS-0.50.tar.gz cd BackupPC-XS-0.50 perl Makefile.PL make make test make install

The same sequence of commands can be used for each module.

Next, you should install rsync_bpc if you want to use rsync to backup clients (which is the recommended approach for all client types). If you don't use your package manager, fetch the release from:

https://github.com/backuppc/rsync-bpc/releases

Then run these commands (updating the version number as appropriate):

tar zxf rsync-bpc-3.0.9.5.tar.gz cd rsync-bpc-3.0.9.5 ./configure make make install

Now let's move onto BackupPC itself. After fetching BackupPC-4.4.0.tar.gz, run these commands as root:

tar zxf BackupPC-4.4.0.tar.gz cd BackupPC-4.4.0 perl configure.pl

The configure.pl script also accepts command-line options if you wish to run it in a non-interactive manner. It has self-contained documentation for all the command-line options, which you can read with perldoc:

perldoc configure.pl

Starting with BackupPC 3.0.0, the configure.pl script by default complies with the file system hierarchy (FHS) conventions. The major difference compared to earlier versions is that by default configuration files will be stored in /etc/BackupPC rather than below the data directory, __TOPDIR__/conf, and the log files will be stored in /var/log/BackupPC rather than below the data directory, __TOPDIR__/log.

Note that distributions may choose to use different locations for BackupPC files than these defaults.

If you are upgrading from an earlier version the configure.pl script will keep the configuration files and log files in their original location.

When you run configure.pl you will be prompted for the full paths of various executables, and you will be prompted for the following information.

BackupPC User It is best if BackupPC runs as a special user, eg backuppc, that has limited privileges. It is preferred that backuppc belongs to a system administrator group so that sysadmin members can browse BackupPC files, edit the configuration files and so on. Although configurable, the default settings leave group read permission on pool files, so make sure the BackupPC user's group is chosen restrictively. On this installation, this is __BACKUPPCUSER__. For security purposes you might choose to configure the BackupPC user with the shell set to /bin/false. Since you might need to run some BackupPC programs as the BackupPC user for testing purposes, you can use the -s option to su to explicitly run a shell, eg: su -s /bin/bash __BACKUPPCUSER__ Depending upon your configuration you might also need the -l option. If the -s option is not available on your operating system, you can specify the -m option to use your login shell as invoked shell: su -m __BACKUPPCUSER__ Data Directory You need to decide where to put the data directory, below which all the BackupPC data is stored. This needs to be a big file system. On this installation, this is __TOPDIR__. Install Directory You should decide where the BackupPC scripts, libraries and documentation should be installed, eg: /usr/local/BackupPC. On this installation, this is __INSTALLDIR__. CGI bin Directory You should decide where the BackupPC CGI script resides. This will usually be below Apache's cgi-bin directory. It is also possible to use a different directory and use Apache's ``<Directory>'' directive to specify that location. See the Apache HTTP Server documentation for additional information. On this installation, this is __CGIDIR__. Apache image Directory A directory where BackupPC's images are stored so that Apache can serve them. You should ensure this directory is readable by Apache and create a symlink to this directory from the BackupPC CGI bin Directory. Config and Log Directories In this installation the configuration and log directories are located in the following locations: __CONFDIR__/config.pl main config file __CONFDIR__/hosts hosts file __CONFDIR__/pc/HOST.pl per-pc config file __LOGDIR__/BackupPC log files, pid, status The configure.pl script doesn't prompt for these locations but they can be set for new installations using command-line options.

Step 3: Setting up config.pl

After running configure.pl, browse through the config file, __CONFDIR__/config.pl, and make sure all the default settings are correct. In particular, you will need to decide whether to use smb, tar,or rsync or ftp transport (or whether to set it on a per-PC basis) and set the relevant parameters for that transport method. See the section "Step 5: Client Setup" for more details.

Step 4: Setting up the hosts file

The file __CONFDIR__/hosts contains the list of clients to backup. BackupPC reads this file in three cases:

Upon startup.

When BackupPC is sent a HUP (-1) signal. Assuming you installed the init.d script, you can also do this with "/etc/init.d/backuppc reload".

When the modification time of the hosts file changes. BackupPC checks the modification time once during each regular wakeup.

Whenever you change the hosts file (to add or remove a host) you can either do a kill -HUP BackupPC_pid or simply wait until the next regular wakeup period.

Each line in the hosts file contains three fields, separated by whitespace:

Host name This is typically the hostname or NetBios name of the client machine and should be in lowercase. The hostname can contain spaces (escape with a backslash), but it is not recommended. Please read the section "How BackupPC Finds Hosts". In certain cases you might want several distinct clients to refer to the same physical machine. For example, you might have a database you want to backup, and you want to bracket the backup of the database with shutdown/restart using $Conf{DumpPreUserCmd} and $Conf{DumpPostUserCmd}. But you also want to backup the rest of the machine while the database is still running. In the case you can specify two different clients in the host file, using any mnemonic name (eg: myhost_mysql and myhost), and use $Conf{ClientNameAlias} in myhost_mysql's config.pl to specify the real hostname of the machine. DHCP flag Starting with v2.0.0 the way hosts are discovered has changed and now in most cases you should specify 0 for the DHCP flag, even if the host has a dynamically assigned IP address. Please read the section "How BackupPC Finds Hosts" to understand whether you need to set the DHCP flag. You only need to set DHCP to 1 if your client machine doesn't respond to the NetBios multicast request: nmblookup myHost but does respond to a request directed to its IP address: nmblookup -A W.X.Y.Z If you do set DHCP to 1 on any client you will need to specify the range of DHCP addresses to search is specified in $Conf{DHCPAddressRanges}. Note also that the $Conf{ClientNameAlias} feature does not work for clients with DHCP set to 1. User name This should be the unix login/email name of the user who "owns" or uses this machine. This is the user who will be sent email about this machine, and this user will have permission to stop/start/browse/restore backups for this host. Leave this blank if no specific person should receive email or be allowed to stop/start/browse/restore backups for this host. Administrators will still have full permissions. More users Additional usernames, separated by commas and with no whitespace, can be specified. These users will also have full permission in the CGI interface to stop/start/browse/restore backups for this host. These users will not be sent email about this host.

The first non-comment line of the hosts file is special: it contains the names of the columns and should not be edited.

Here's a simple example of a hosts file:

host dhcp user moreUsers farside 0 craig jim,dave larson 1 gary andy

Step 5: Client Setup

Four methods for getting backup data from a client are supported: smb, tar, rsync and ftp. Smb or rsync are the preferred methods for WinXX clients and rsync or tar are the preferred methods for linux/unix/MacOSX clients.

The transfer method is set using the $Conf{XferMethod} configuration setting. If you have a mixed environment (ie: you will use smb for some clients and tar for others), you will need to pick the most common choice for $Conf{XferMethod} for the main config.pl file, and then override it in the per-PC config file for those hosts that will use the other method. (Or you could run two completely separate instances of BackupPC, with different data directories, one for WinXX and the other for linux/unix, but then common files between the different machine types will duplicated.)

Here are some brief client setup notes:

WinXX One setup for WinXX clients is to set $Conf{XferMethod} to "smb". Actually, rsyncd is the better method for WinXX if you are prepared to run rsync/cygwin on your WinXX client. If you want to use rsyncd for WinXX clients you can find a pre-packaged exe installer on https://github.com/backuppc/cygwin-rsyncd/releases. The package is called cygwin-rsync. It contains rsync.exe, template setup files and the minimal set of cygwin libraries for everything to run. The README file contains instructions for running rsync as a service, so it starts automatically everytime you boot your machine. If you use rsync to backup WinXX machines, be sure to set $Conf{ClientCharset} correctly (eg: 'cp1252') so that the WinXX filename encoding is correctly converted to utf8. Otherwise, to use SMB, you can either create shares for the data you want to backup or your can use the existing C$ share. To create a new share, open "My Computer", right click on the drive (eg: C), and select "Sharing..." (or select "Properties" and select the "Sharing" tab). In this dialog box you can enable sharing, select the share name and permissions. All Windows NT based OS (NT, 2000, XP Pro), are configured by default to share the entire C drive as C$. This is a special share used for various administration functions, one of which is to grant access to backup operators. All you need to do is create a new domain user, specifically for backup. Then add the new backup user to the built in "Backup Operators" group. You now have backup capability for any directory on any computer in the domain in one easy step. This avoids using administrator accounts and only grants permission to do exactly what you want for the given user, i.e.: backup. Also, for additional security, you may wish to deny the ability for this user to logon to computers in the default domain policy. If this machine uses DHCP you will also need to make sure the NetBios name is set. Go to Control Panel|System|Network Identification (on Win2K) or Control Panel|System|Computer Name (on WinXP). Also, you should go to Control Panel|Network Connections|Local Area Connection|Properties|Internet Protocol (TCP/IP)|Properties|Advanced|WINS and verify that NetBios is not disabled. The relevant configuration settings are $Conf{SmbShareName}, $Conf{SmbShareUserName}, $Conf{SmbSharePasswd}, $Conf{SmbClientPath}, $Conf{SmbClientFullCmd}, $Conf{SmbClientIncrCmd} and $Conf{SmbClientRestoreCmd}. BackupPC needs to know the smb share username and password for a client machine that uses smb. The username is specified in $Conf{SmbShareUserName}. There are four ways to tell BackupPC the smb share password: As an environment variable BPC_SMB_PASSWD set before BackupPC starts. If you start BackupPC manually the BPC_SMB_PASSWD variable must be set manually first. For backward compatibility for v1.5.0 and prior, the environment variable PASSWD can be used if BPC_SMB_PASSWD is not set. Warning: on some systems it is possible to see environment variables of running processes.

Alternatively the BPC_SMB_PASSWD setting can be included in /etc/init.d/backuppc, in which case you must make sure this file is not world (other) readable.

As a configuration variable $Conf{SmbSharePasswd} in __CONFDIR__/config.pl. If you put the password here you must make sure this file is not world (other) readable.

As a configuration variable $Conf{SmbSharePasswd} in the per-PC configuration file (__CONFDIR__/pc/$host.pl or __TOPDIR__/pc/$host/config.pl in non-FHS versions of BackupPC). You will have to use this option if the smb share password is different for each host. If you put the password here you must make sure this file is not world (other) readable. Placement and protection of the smb share password is a significant security issue, so please double-check the file and directory permissions. In a future version there might be support for encryption of this password, but a private key will still have to be stored in a protected place. Suggestions are welcome. As an alternative to setting $Conf{XferMethod} to "smb" (using smbclient) for WinXX clients, you can use an smb network filesystem (eg: ksmbfs or similar) on your linux/unix server to mount the share, and then set $Conf{XferMethod} to "tar" (use tar on the network mounted file system). Also, to make sure that filenames with special characters are correctly transferred by smbclient you should make sure that the smb.conf file has (for samba 3.x): [global] unix charset = UTF8 UTF8 is the default setting, so if the parameter is missing then it is ok. With this setting $Conf{ClientCharset} should be empty, since smbclient has already converted the filenames to utf8. Linux/Unix The preferred setup for linux/unix clients is to set $Conf{XferMethod} to "rsync", "rsyncd" or "tar". You can use either rsync, smb, or tar for linux/unix machines. Smb requires that the Samba server (smbd) be run to provide the shares. Since the smb protocol can't represent special files like symbolic links and fifos, tar and rsync are the better transport methods for linux/unix machines. (In fact, by default samba makes symbolic links look like the file or directory that they point to, so you could get an infinite loop if a symbolic link points to the current or parent directory. If you really need to use Samba shares for linux/unix backups you should turn off the "follow symlinks" samba config setting. See the smb.conf manual page.) Important note: many linux systems use sparse files for /var/log/lastlog, and have large special files below /proc and /run. Make sure you exclude those directories and files when you configure your client. The requirements for each Xfer Method are: rsync To use rsync, you need rsync-bpc installed on the BackupPC server. On the client, you should have at least rsync 3.x. Rsync is run on the remote client via ssh. The relevant configuration settings are $Conf{RsyncClientPath}, $Conf{RsyncSshArgs}, $Conf{RsyncShareName}, $Conf{RsyncArgs}, $Conf{RsyncArgsExtra}, $Conf{RsyncFullArgsExtra}, and $Conf{RsyncRestoreArgs}. rsyncd To use rsync, you need rsync-bpc installed on the BackupPC server. On the client, you should have at least rsync 3.x. In this case the rsync daemon should be running on the client machine and BackupPC connects directly to it. The relevant configuration settings are $Conf{RsyncBackupPCPath}, $Conf{RsyncdClientPort}, $Conf{RsyncdUserName}, $Conf{RsyncdPasswd}, $Conf{RsyncShareName}, $Conf{RsyncArgs}, $Conf{RsyncArgsExtra}, and $Conf{RsyncRestoreArgs}. $Conf{RsyncShareName} is the name of an rsync module (ie: the thing in square brackets in rsyncd's conf file -- see rsyncd.conf), not a file system path. Be aware that rsyncd will remove the leading '/' from path names in symbolic links if you specify "use chroot = no" in the rsynd.conf file. See the rsyncd.conf manual page for more information. tar You must have GNU tar on the client machine. Use "tar --version" or "gtar --version" to verify. The version should be at least 1.13.20. Tar is run on the client machine via rsh or ssh. The relevant configuration settings are $Conf{TarClientPath}, $Conf{TarShareName}, $Conf{TarClientCmd}, $Conf{TarFullArgs}, $Conf{TarIncrArgs}, and $Conf{TarClientRestoreCmd}. ftp FTP Xfer Method is supported in V4 but not recommended since it only handles minimal metadata, it doesn't support hardlinks or special files, and can only restore regular files (not symbolic links etc). You need to be running an ftp server on the client machine. The relevant configuration settings are $Conf{FtpShareName}, $Conf{FtpUserName}, $Conf{FtpPasswd}, $Conf{FtpBlockSize}, $Conf{FtpPort}, $Conf{FtpTimeout}, and $Conf{FtpFollowSymlinks}. You need to set $Conf{ClientCharset} to the client's charset so that filenames are correctly converted to utf8. Use "locale charmap" on the client to see its charset. Note, however, that modern versions of smbclient and rsync handle this conversion automatically, so in most cases you won't need to set $Conf{ClientCharset}. For linux/unix machines you should not backup "/proc". This directory contains a variety of files that look like regular files but they are special files that don't need to be backed up (eg: /proc/kcore is a regular file that contains physical memory). See $Conf{BackupFilesExclude}. It is safe to backup /dev since it contains mostly character-special and block-special files, which are correctly handed by BackupPC (eg: backing up /dev/hda5 just saves the block-special file information, not the contents of the disk). Similarly, on many linux systems, /var/log/lastlog is a sparse file, with a very large apparent size, so you should exclude that too. Alternatively, rather than backup all the file systems as a single share ("/"), it is easier to restore a single file system if you backup each file system separately. To do this you should list each file system mount point in $Conf{TarShareName} or $Conf{RsyncShareName}, and add the --one-file-system option to $Conf{TarClientCmd} or $Conf{RsyncArgs}. In this case there is no need to exclude /proc explicitly since it looks like a different file system. Ssh allows BackupPC to run as a privileged user on the client (eg: root), since it needs sufficient permissions to read all the backup files. Ssh is setup so that BackupPC on the server (an otherwise low privileged user) can ssh as root on the client, without being prompted for a password. However, directly enabled ssh root logins is not good practice. A better approach is the ssh as a regular user, and then configure sudo to allow just rsync to be executed. There are two common versions of ssh: v1 and v2. Here are some instructions for one way to setup ssh. (Check which version of SSH you have by typing "ssh" or "man ssh".) MacOSX In general this should be similar to Linux/Unix machines. In versions 10.4 and later, the native MacOSX tar works, and also supports resource forks. xtar is another option, and rsync works too (although the MacOSX-supplied rsync has an extension for extended attributes that is not compatible with standard rsync). SSH Setup SSH is a secure way to run tar or rsync on a backup client to extract the data. SSH provides strong authentication and encryption of the network data. Note that if you run rsyncd (rsync daemon), ssh is not used. In this case, rsyncd provides its own authentication, but there is no encryption of network data. If you want encryption of network data you can use ssh to create a tunnel, or use a program like stunnel. Setup instructions for ssh can be found on the Wiki at https://github.com/backuppc/backuppc/wiki. Clients that use DHCP If a client machine uses DHCP BackupPC needs some way to find the IP address given the hostname. One alternative is to set dhcp to 1 in the hosts file, and BackupPC will search a pool of IP addresses looking for hosts. More efficiently, it is better to set dhcp = 0 and provide a mechanism for BackupPC to find the IP address given the hostname. For WinXX machines BackupPC uses the NetBios name server to determine the IP address given the hostname. For unix machines you can run nmbd (the NetBios name server) from the Samba distribution so that the machine responds to a NetBios name request. See the manual page and Samba documentation for more information. Alternatively, you can set $Conf{NmbLookupFindHostCmd} to any command that returns the IP address given the hostname. Please read the section "How BackupPC Finds Hosts" for more details.

Step 6: Running BackupPC

The installation contains an init.d backuppc script that can be copied to /etc/init.d so that BackupPC can auto-start on boot. See init.d/README for further instructions.

BackupPC should be ready to start. If you installed the init.d script, then you should be able to run BackupPC with:

/etc/init.d/backuppc start

(This script can also be invoked with "stop" to stop BackupPC and "reload" to tell BackupPC to reload config.pl and the hosts file.)

Otherwise, just run

__INSTALLDIR__/bin/BackupPC -d

as user __BACKUPPCUSER__. The -d option tells BackupPC to run as a daemon (ie: it does an additional fork).

Any immediate errors will be printed to stderr and BackupPC will quit. Otherwise, look in __LOGDIR__/LOG and verify that BackupPC reports it has started and all is ok.

Step 7: Talking to BackupPC

You should verify that BackupPC is running by using BackupPC_serverMesg. This sends a message to BackupPC via the unix (or TCP) socket and prints the response. Like all BackupPC programs, BackupPC_serverMesg should be run as the BackupPC user (__BACKUPPCUSER__), so you should

su __BACKUPPCUSER__

before running BackupPC_serverMesg. If the BackupPC user is configured with /bin/false as the shell, you can use the -s option to su to explicitly run a shell, eg:

su -s /bin/bash __BACKUPPCUSER__

Depending upon your configuration you might also need the -l option.

If the -s option is not available on your operating system, you can specify the -m option to use your login shell as invoked shell:

su -m __BACKUPPCUSER__

You can request status information and start and stop backups using this interface. This socket interface is mainly provided for the CGI interface (and some of the BackupPC subprograms use it too). But right now we just want to make sure BackupPC is happy. Each of these commands should produce some status output:

__INSTALLDIR__/bin/BackupPC_serverMesg status info __INSTALLDIR__/bin/BackupPC_serverMesg status jobs __INSTALLDIR__/bin/BackupPC_serverMesg status hosts

The output should be some hashes printed with Data::Dumper. If it looks cryptic and confusing, and doesn't look like an error message, then all is ok.

The hosts status should produce a list of every host you have listed in __CONFDIR__/hosts as part of a big cryptic output line.

You can also request that all hosts be queued:

__INSTALLDIR__/bin/BackupPC_serverMesg backup all

At this point you should make sure the CGI interface works since it will be much easier to see what is going on. We'll get to that shortly.

Step 8: Checking email delivery

The script BackupPC_sendEmail sends status and error emails to the administrator and users. It is usually run each night by BackupPC_nightly.

To verify that it can run sendmail and deliver email correctly you should ask it to send a test email to you:

su __BACKUPPCUSER__ __INSTALLDIR__/bin/BackupPC_sendEmail -u MYNAME@MYDOMAIN.COM

BackupPC_sendEmail also takes a -c option that checks if BackupPC is running, and it sends an email to $Conf{EMailAdminUserName} if it is not. That can be used as a keep-alive check by adding

__INSTALLDIR__/bin/BackupPC_sendEmail -c

to __BACKUPPCUSER__'s cron.

The -t option to BackupPC_sendEmail causes it to print the email message instead of invoking sendmail to deliver the message.

Step 9: CGI interface

The CGI interface script, BackupPC_Admin, is a powerful and flexible way to see and control what BackupPC is doing. It is written for an Apache server. If you don't have Apache, see http://www.apache.org.

There are three options for setting up the CGI interface:

SCGI New to 4.x, SCGI uses the SCGI interface to Apache, which requires the mod_scgi.so module to be installed and loaded by Apache. This allows Apache to run as any unprivileged user. The actual SCGI server runs as the as the BackupPC user (__BACKUPPCUSER__), and handles the requests from Apache via a TCP socket. mod_perl Mod_perl required the mod_perl module to be loaded by Apache. This allows BackupPC_Admin to be run from inside Apache. Unlike SCGI, using mod_perl with BackupPC_Admin requires a dedicated Apache to be run as the BackupPC user (__BACKUPPCUSER__). This is because BackupPC_Admin needs permission to access various files in BackupPC's data directories. standard The standard mode, which is significantly slower than SCGI or mod_perl, is where Apache runs BackupPC_Admin as a separate process for every request. This adds significant startup overhead for every request, and also requires that BackupPC_Admin be run as setuid to the BackupPC user (__BACKUPPCUSER__), if Apache isn't being run as that user. Setuid scripts are discouraged, so the preference is to use SCGI or mod_perl.

Here are some specifics for each setup:

SCGI Setup First you need to install mod_scgi. If you can't find a pre-built package, the source is available at http://python.ca/scgi. The release has subdirectories for apache1 and apache2. Pick your matching version (nowadays most likely apache2). You'll need apxs, the Apache Extension Tool, installed to build from source. Once compiled, the module mod_scgi.so should be installed via the Makefile. To enable the SCGI server, set $Conf{SCGIServerPort} to an available non-privileged TCP port number, eg: 10268. The matching port number has to appear in the Apache configuration file. Typical Apache configuration entries will look like this: LoadModule scgi_module modules/mod_scgi.so SCGIMount /BackupPC_Admin 127.0.0.1:10268 <Location /BackupPC_Admin> AuthUserFile /etc/httpd/conf/passwd AuthType basic AuthName "access" require valid-user </Location> Or a typical Nginx configuration file: server { listen 80; server_name yourBackupPCServerHost; root /var/www/backuppc; access_log /var/log/nginx/backuppc.access.log; error_log /var/log/nginx/backuppc.error.log; location /BackupPC_Admin { auth_basic "BackupPC"; auth_basic_user_file conf.d/backuppc.users; include scgi_params; scgi_pass 127.0.0.1:10268; scgi_param REMOTE_USER $remote_user; scgi_param SCRIPT_NAME $document_uri; } } This allows the SCGI interface to be accessed with a URL: http://yourBackupPCServerHost/BackupPC_Admin You can use a different path or name if you prefer a different URL. Unlike traditional CGI, there is no need to specify a valid path to a CGI script. Important security warning!! The SCGIServerPort must not be accessible by anyone untrusted. That means you can't allow untrusted users access to the BackupPC server, and you should block the SCGIServerPort TCP port on the BackupPC server. If you don't understand what that means, or can't confirm you have configured SCGI securely, then don't enable SCGI - use one of the following two methods!! Mod_perl Setup The advantage of the mod_perl setup is that no setuid script is needed (like in the standard method below), and there is a significant performance advantage. Not only does all the perl code need to be parsed just once, the config.pl and hosts files, plus the connection to the BackupPC server are cached between requests. The typical speedup is around 10-15x. To use mod_perl you need to run Apache as user __BACKUPPCUSER__. If you need to run multiple Apaches for different services then you need to create multiple top-level Apache directories, each with their own config file. You can make copies of /etc/init.d/httpd and use the -d option to httpd to point each http to a different top-level directory. Or you can use the -f option to explicitly point to the config file. Multiple Apache's will run on different Ports (eg: 80 is standard, 8080 is a typical alternative port accessed via http://yourhost.com:8080). Inside BackupPC's Apache http.conf file you should check the settings for ServerRoot, DocumentRoot, User, Group, and Port. See http://httpd.apache.org/docs/server-wide.html for more details. For mod_perl, BackupPC_Admin should not have setuid permission, so you should turn it off: chmod u-s __CGIDIR__/BackupPC_Admin To tell Apache to use mod_perl to execute BackupPC_Admin, add this to Apache's 1.x httpd.conf file: <IfModule mod_perl.c> PerlModule Apache::Registry PerlTaintCheck On <Location /cgi-bin/BackupPC/BackupPC_Admin> # <--- change path as needed SetHandler perl-script PerlHandler Apache::Registry Options ExecCGI PerlSendHeader On </Location> </IfModule> Apache 2.0.44 with Perl 5.8.0 on RedHat 7.1, Don Silvia reports that this works (with tweaks from Michael Tuzi): LoadModule perl_module modules/mod_perl.so PerlModule Apache2 <Directory /path/to/cgi/> SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI Order deny,allow Deny from all Allow from 192.168.0 AuthName "Backup Admin" AuthType Basic AuthUserFile /path/to/user_file Require valid-user </Directory> There are other optimizations and options with mod_perl. For example, you can tell mod_perl to preload various perl modules, which saves memory compared to loading separate copies in every Apache process after they are forked. See Stas's definitive mod_perl guide at http://perl.apache.org/guide. Standard Setup The CGI interface should have been installed by the configure.pl script in __CGIDIR__/BackupPC_Admin. BackupPC_Admin should have been installed as setuid to the BackupPC user (__BACKUPPCUSER__), in addition to user and group execute permission. You should be very careful about permissions on BackupPC_Admin and the directory __CGIDIR__: it is important that normal users cannot directly execute or change BackupPC_Admin, otherwise they can access backup files for any PC. You might need to change the group ownership of BackupPC_Admin to a group that Apache belongs to so that Apache can execute it (don't add "other" execute permission!). The permissions should look like this: ls -l __CGIDIR__/BackupPC_Admin -swxr-x--- 1 __BACKUPPCUSER__ web 82406 Jun 17 22:58 __CGIDIR__/BackupPC_Admin The setuid script won't work unless perl on your machine was installed with setuid emulation. This is likely the problem if you get an error saying such as "Wrong user: my userid is 25, instead of 150", meaning the script is running as the httpd user, not the BackupPC user. This is because setuid scripts are disabled by the kernel in most flavors of unix and linux. To see if your perl has setuid emulation, see if there is a program called sperl5.8.0 (or sperl5.8.2 etc, based on your perl version) in the place where perl is installed. If you can't find this program, then you have two options: rebuild and reinstall perl with the setuid emulation turned on (answer "y" to the question "Do you want to do setuid/setgid emulation?" when you run perl's configure script), or switch to the mod_perl alternative for the CGI script (which doesn't need setuid to work).

BackupPC_Admin requires that users are authenticated by Apache. Specifically, it expects that Apache sets the REMOTE_USER environment variable when it runs. There are several ways to do this. One way is to create a .htaccess file in the cgi-bin directory that looks like:

AuthGroupFile /etc/httpd/conf/group # <--- change path as needed AuthUserFile /etc/http/conf/passwd # <--- change path as needed AuthType basic AuthName "access" require valid-user

You will also need "AllowOverride Indexes AuthConfig" in the Apache httpd.conf file to enable the .htaccess file. Alternatively, everything can go in the Apache httpd.conf file inside a Location directive. The list of users and password file above can be extracted from the NIS passwd file.

One alternative is to use LDAP. In Apache's http.conf add these lines:

LoadModule auth_ldap_module modules/auth_ldap.so AddModule auth_ldap.c # cgi-bin - auth via LDAP (for BackupPC) <Location /cgi-bin/BackupPC/BackupPC_Admin> # <--- change path as needed AuthType Basic AuthName "BackupPC login" # replace MYDOMAIN, PORT, ORG and CO as needed AuthLDAPURL ldap://ldap.MYDOMAIN.com:PORT/o=ORG,c=CO?uid?sub?(objectClass=*) require valid-user </Location>

If you want to disable the user authentication you can set $Conf{CgiAdminUsers} to '*', which allows any user to have full access to all hosts and backups. In this case the REMOTE_USER environment variable does not have to be set by Apache.

Alternatively, you can force a particular username by getting Apache to set REMOTE_USER, eg, to hard code the user to www you could add this to Apache's httpd.conf:

<Location /cgi-bin/BackupPC/BackupPC_Admin> # <--- change path as needed Setenv REMOTE_USER www </Location>

Finally, you should also edit the config.pl file and adjust, as necessary, the CGI-specific settings. They're near the end of the config file. In particular, you should specify which users or groups have administrator (privileged) access: see the config settings $Conf{CgiAdminUserGroup} and $Conf{CgiAdminUsers}. Also, the configure.pl script placed various images into $Conf{CgiImageDir} that BackupPC_Admin needs to serve up. You should make sure that $Conf{CgiImageDirURL} is the correct URL for the image directory.

See the section "Fixing installation problems" for suggestions on debugging the Apache authentication setup.

How BackupPC Finds Hosts

Starting with v2.0.0 the way hosts are discovered has changed. In most cases you should specify 0 for the DHCP flag in the conf/hosts file, even if the host has a dynamically assigned IP address.

BackupPC (starting with v2.0.0) looks up hosts with DHCP = 0 in this manner:

First DNS is used to lookup the IP address given the client's name using perl's gethostbyname() function. This should succeed for machines that have fixed IP addresses that are known via DNS. You can manually see whether a given host have a DNS entry according to perl's gethostbyname function with this command: perl -e 'print(gethostbyname("myhost") ? "ok

" : "not found

");'

If gethostbyname() fails, BackupPC then attempts a NetBios multicast to find the host. Provided your client machine is configured properly, it should respond to this NetBios multicast request. Specifically, BackupPC runs a command of this form: nmblookup myhost If this fails you will see output like: querying myhost on 10.10.255.255 name_query failed to find name myhost If it is successful you will see output like: querying myhost on 10.10.255.255 10.10.1.73 myhost<00> Depending on your netmask you might need to specify the -B option to nmblookup. For example: nmblookup -B 10.10.1.255 myhost If necessary, experiment with the nmblookup command which will return the IP address of the client given its name. Then update $Conf{NmbLookupFindHostCmd} with any necessary options to nmblookup.

For hosts that have the DHCP flag set to 1, these machines are discovered as follows:

A DHCP address pool ($Conf{DHCPAddressRanges}) needs to be specified. BackupPC will check the NetBIOS name of each machine in the range using a command of the form: nmblookup -A W.X.Y.Z where W.X.Y.Z is each candidate address from $Conf{DHCPAddressRanges}. Any host that has a valid NetBIOS name returned by this command (ie: matching an entry in the hosts file) will be backed up. You can modify the specific nmblookup command if necessary via $Conf{NmbLookupCmd}.

You only need to use this DHCP feature if your client machine doesn't respond to the NetBios multicast request: nmblookup myHost but does respond to a request directed to its IP address: nmblookup -A W.X.Y.Z

Other installation topics

Removing a client If there is a machine that no longer needs to be backed up (eg: a retired machine) you have two choices. First, you can keep the backups accessible and browsable, but disable all new backups. Alternatively, you can completely remove the client and all its backups. To disable backups for a client $Conf{BackupsDisable} can be set to two different values in that client's per-PC config.pl file: Don't do any regular backups on this machine. Manually requested backups (via the CGI interface) will still occur. Don't do any backups on this machine. Manually requested backups (via the CGI interface) will be ignored. This will still allow the client's old backups to be browsable and restorable. To completely remove a client and all its backups, you should remove its entry in the conf/hosts file, and then delete the __TOPDIR__/pc/$host directory. Whenever you change the hosts file, you should send BackupPC a HUP (-1) signal so that it re-reads the hosts file. If you don't do this, BackupPC will automatically re-read the hosts file at the next regular wakeup. Note that when you remove a client's backups you won't initially recover much disk space. That's because the client's files are still in the pool. Overnight, when BackupPC_nightly next runs, all the unused pool files will be deleted and this will recover the disk space used by the client's backups. Copying the pool If the pool disk requirements grow you might need to copy the entire data directory to a new (bigger) file system. Hopefully you are lucky enough to avoid this by having the data directory on a RAID file system or LVM that allows the capacity to be grown in place by adding disks. Backups prior to V4 make extensive use of hardlinks. So unless you have a virgin V4 installation, your file system will contain large numbers of hardlinks. This makes it hard to copy. Prior to V4 (or a V4 upgrade to a V3 installation), the backup data directories contain large numbers of hardlinks. If you try to copy the pool the target directory will occupy a lot more space if the hardlinks aren't re-established. Unless you have a pure V4 installation, the best way to copy a pool file system, if possible, is by copying the raw device at the block level (eg: using dd). Application level programs that understand hardlinks include the GNU cp program with the -a option and rsync -H. However, the large number of hardlinks in the pool will make the memory usage large and the copy very slow. Don't forget to stop BackupPC while the copy runs. If you have a pure V4 installation, copying the pool and PC backup directories should be quite easy. Rsync 3.x should work well.

Fixing installation problems

If you find a solution to your problem that could help other users please add it to the Wiki at https://github.com/backuppc/backuppc/wiki.

Restore functions

BackupPC supports several different methods for restoring files. The most convenient restore options are provided via the CGI interface. Alternatively, backup files can be restored using manual commands.

CGI restore options

By selecting a host in the CGI interface, a list of all the backups for that machine will be displayed. By selecting the backup number you can navigate the shares and directory tree for that backup.

BackupPC's CGI interface automatically fills incremental backups with the corresponding full backup, which means each backup has a filled appearance. Therefore, there is no need to do multiple restores from the incremental and full backups: BackupPC does all the hard work for you. You simply select the files and directories you want from the correct backup vintage in one step.

You can download a single backup file at any time simply by selecting it. Your browser should prompt you with the filename and ask you whether to open the file or save it to disk.

Alternatively, you can select one or more files or directories in the currently selected directory and select "Restore selected files". (If you need to restore selected files and directories from several different parent directories you will need to do that in multiple steps.)

If you select all the files in a directory, BackupPC will replace the list of files with the parent directory. You will be presented with a screen that has three options:

Option 1: Direct Restore With this option the selected files and directories are restored directly back onto the host, by default in their original location. Any old files with the same name will be overwritten, so use caution. You can optionally change the target hostname, target share name, and target path prefix for the restore, allowing you to restore the files to a different location. Once you select "Start Restore" you will be prompted one last time with a summary of the exact source and target files and directories before you commit. When you give the final go ahead the restore operation will be queued like a normal backup job, meaning that it will be deferred if there is a backup currently running for that host. When the restore job is run, smbclient, tar, rsync or rsyncd is used (depending upon $Conf{XferMethod}) to actually restore the files. Sorry, there is currently no option to cancel a restore that has been started. Currently ftp restores are not fully implemented. A record of the restore request, including the result and list of files and directories, is kept. It can be browsed from the host's home page. $Conf{RestoreInfoKeepCnt} specifies how many old restore status files to keep. Note that for direct restore to work, the $Conf{XferMethod} must be able to write to the client. For example, that means an SMB share for smbclient needs to be writable, and the rsyncd module needs "read only" set to "false". This creates additional security risks. If you only create read-only SMB shares (which is a good idea), then the direct restore will fail. You can disable the direct restore option by setting $Conf{SmbClientRestoreCmd}, $Conf{TarClientRestoreCmd} and $Conf{RsyncRestoreArgs} to undef. Option 2: Download Zip archive With this option a zip file containing the selected files and directories is downloaded. The zip file can then be unpacked or individual files extracted as necessary on the host machine. The compression level can be specified. A value of 0 turns off compression. When you select "Download Zip File" you should be prompted where to save the restore.zip file. BackupPC does not consider downloading a zip file as an actual restore operation, so the details are not saved for later browsing as in the first case. However, a mention that a zip file was downloaded by a particular user, and a list of the files, does appear in BackupPC's log file. Option 3: Download Tar archive This is identical to the previous option, except a tar file is downloaded rather than a zip file (and there is currently no compression option).

Command-line restore options

Apart from the CGI interface, BackupPC allows you to restore files and directories from the command line. The following programs can be used:

BackupPC_zcat For each filename argument it inflates (uncompresses) the file and writes it to stdout. To use BackupPC_zcat you could give it the full filename, eg: __INSTALLDIR__/bin/BackupPC_zcat __TOPDIR__/pc/host/5/fc/fcraig/fexample.txt > example.txt It's your responsibility to make sure the file is really compressed: BackupPC_zcat doesn't check which backup the requested file is from. BackupPC_zcat returns a nonzero status if it fails to uncompress a file. In V4, BackupPC_zcat can be invoked in several other ways: BackupPC_zcat file... BackupPC_zcat MD5_digest... BackupPC_zcat $TopDir/pc/host/num/share/mangledPath... BackupPC_zcat [-h host] [-n num] [-s share] clientPath... For example, you can do this: BackupPC_zcat d73955e08410dfc5ea8069b05d2f43b2 That digest can be pasted from the output of BackupPC_ls. The last form uses unmangled paths, so you can do this: BackupPC_zcat -h HOST -n 10 -s / /home/craig/file You can also mix real paths with unmangled paths. Both of these versions work: BackupPC_zcat /data/BackupPC/pc/HOST/10/fhome/fcraig/ffile BackupPC_zcat /data/BackupPC/pc/HOST/10/home/craig/file BackupPC_tarCreate BackupPC_tarCreate creates a tar file for any files or directories in a particular backup. Merging of incrementals is done automatically, so you don't need to worry about whether certain files appear in the incremental or full backup. The usage is: BackupPC_tarCreate [options] files/directories... Required options: -h host host from which the tar archive is created -n dumpNum dump number from which the tar archive is created A negative number means relative to the end (eg -1 means the most recent dump, -2 2nd most recent etc). -s shareName share name from which the tar archive is created; can be "*" to mean all shares. Other options: -t print summary totals -r pathRemove path prefix that will be replaced with pathAdd -p pathAdd new path prefix -b BLOCKS BLOCKS x 512 bytes per record (default 20; same as tar) -w writeBufSz write buffer size (default 1048576 = 1MB) -e charset charset for encoding filenames (default: value of $Conf{ClientCharset} when backup was done) -l just print a file listing; don't generate an archive -L just print a detailed file listing; don't generate an archive The command-line files and directories are relative to the specified shareName. The tar file is written to stdout. The -h, -n and -s options specify which dump is used to generate the tar archive. The -r and -p options can be used to relocate the paths in the tar archive so extracted files can be placed in a location different from their original location. BackupPC_zipCreate BackupPC_zipCreate creates a zip file for any files or directories in a particular backup. Merging of incrementals is done automatically, so you don't need to worry about whether certain files appear in the incremental or full backup. The usage is: BackupPC_zipCreate [options] files/directories... Required options: -h host host from which the zip archive is created -n dumpNum dump number from which the tar archive is created A negative number means relative to the end (eg -1 means the most recent dump, -2 2nd most recent etc). -s shareName share name from which the zip archive is created Other options: -t print summary totals -r pathRemove path prefix that will be replaced with pathAdd -p pathAdd new path prefix -c level compression level (default is 0, no compression) -e charset charset for encoding filenames (default: utf8) The command-line files and directories are relative to the specified shareName. The zip file is written to stdout. The -h, -n and -s options specify which dump is used to generate the zip archive. The -r and -p options can be used to relocate the paths in the zip archive so extracted files can be placed in a location different from their original location. BackupPC_ls In V3, a full (or filled) backup tree contains all the files, albeit with "mangled" names, and the file contents are compressed. Some users found it convenient to directly navigate a PC's backup tree to check for files. In V4 that is not possible, since only a single attrib file is stored per directory in the PC backup tree, so the directory contents aren't visible without looking in the attrib file. A new utility BackupPC_ls (like "ls") can be used to view PC backup trees. It shows file digests, which can be pasted to BackupPC_zcat if you want to view the file contents. The arguments are similar to BackupPC_zcat. The usage is: BackupPC_ls [-iR] [-h host] [-n bkupNum] [-s shareName] dirs/files... The -i option will show inodes (inode number and number of links). The -R option recurses into directories. If you don't specify -h, -n and -s, then you can specify the real file system path instead. For example, the following three commands are equivalent: BackupPC_ls -h HOST -n 10 -s cDrive /home/craig/file BackupPC_ls /data/BackupPC/pc/HOST/10/fcDrive/fhome/fcraig/ffile BackupPC_ls /data/BackupPC/pc/HOST/10/cDrive/home/craig/file As you can see, the portion of the full path after the backup number can be either mangled or not. Note that using the mangled form allows directory-name completion via the shell, since those directories actually exist. It would be great if someone would like to volunteer to add features to BackupPC_ls to make file and directory completion work with unmangled names via the shell. In tcsh you can specify a completion program to run - BackupPC_ls could be given special arguments to spit out the potential (unmangled) completions. I'm not sure how bash does this.

Each of these programs reside in __INSTALLDIR__/bin.

Archive functions

BackupPC supports archiving to removable media. For users that require offsite backups, BackupPC can create archives that stream to tape devices, or create files of specified sizes to fit onto cd or dvd media.

Each archive type is specified by a BackupPC host with its XferMethod set to 'archive'. This allows for multiple configurations at sites where there might be a combination of tape and cd/dvd backups being made.

BackupPC provides a menu that allows one or more hosts to be archived. The most recent backup of each host is archived using BackupPC_tarCreate, and the output is optionally compressed and split into fixed-sized files (eg: 650MB).

The archive for each host is done by default using __INSTALLDIR__/bin/BackupPC_archiveHost. This script can be copied and customized as needed.

Configuring an Archive Host

To create an Archive Host, add it to the hosts file just as any other host and call it a name that best describes the type of archive, e.g. ArchiveDLT

To tell BackupPC that the Host is for Archives, create a config.pl file in the Archive Hosts's pc directory, adding the following line:

$Conf{XferMethod} = 'archive';

To further customise the archive's parameters you can add the changed parameters in the host's config.pl file. The parameters are explained in the config.pl file. Parameters may be fixed or the user can be allowed to change them (eg: output device).

The per-host archive command is $Conf{ArchiveClientCmd}. By default this invokes

__INSTALLDIR__/bin/BackupPC_archiveHost

which you can copy and customize as necessary.

Starting an Archive

In the web interface, click on the Archive Host you wish to use. You will see a list of previous archives and a summary on each. By clicking the "Start Archive" button you are presented with the list of hosts and the approximate backup size (note this is raw size, not projected compressed size) Select the hosts you wish to archive and press the "Archive Selected Hosts" button.

The next screen allows you to adjust the parameters for this archive run. Press the "Start the Archive" to start archiving the selected hosts with the parameters displayed.

Starting an Archive from the command line

The script BackupPC_archiveStart can be used to start an archive from the command line (or cron etc). The usage is:

BackupPC_archiveStart archiveHost userName hosts...

This creates an archive of the most recent backup of each of the specified hosts. The first two arguments are the archive host and the username making the request.

Other Command Line Utilities

These utilities are automatically run by BackupPC when needed. You don't need to manually run these utilities.

BackupPC_attribPrint BackupPC_attribPrint prints the contents of an attrib file. Usage: BackupPC_attribPrint attribPath BackupPC_attribPrint inodePath/inodeNum BackupPC_backupDelete BackupPC_backupDelete deletes an entire backup, or a directory path within a backup. Usage: BackupPC_backupDelete -h host -n num [-p] [-l] [-r] [-s shareName [dirs...]] Options: -h host hostname -n num backup number to delete -s shareName don't delete the backup; delete just this share (or only dirs below this share if specified) -p don't print progress information -l don't remove XferLOG files -r do a ref count update (default: none) If a shareName is specified, just that share (or share/dirs) are deleted. The backup itself is not deleted, nor is the log file removed. BackupPC_backupDuplicate BackupPC_backupDuplicate duplicates the last backup, which is used to create a filled backup copy, and also to convert a V3 backup to a new V4 starting point. Usage: BackupPC_backupDuplicate -h host [-p] Options: -h host hostname -p don't print progress information BackupPC_fixupBackupSummary BackupPC_fixupBackupSummary is used to re-create the backups file for all the hosts if it is damaged or deleted. Usage: BackupPC_fixupBackupSummary [-l] Options: -l legacy mode: try to reconstruct backups from LOG files for backups prior to BackupPC v3.0. BackupPC_fsck BackupPC_fsck can only be run manually, and only while BackupPC isn't running. It updates the host reference counts, the overall pool reference counts and stats. Usage: BackupPC_fsck [options] Options: -f force regeneration of per-host reference counts -n don't remove zero count pool files - print only -s recompute pool stats BackupPC_migrateV3toV4 If you upgraded an existing 3.x installation, BackupPC 4.x is backward compatible with 3.x backups: it can browse, view and restore files. However, the existing 3.x backups will still use hardlinks for storage, and until those 3.x backups eventually expire, hardlinks will still be used for 3.x backups. BackupPC_migrateV3toV4 is an optional utility that can migrate existing 3.x backups to 4.x stoage format, eliminating hardlinks. This allows you to eliminate the old V3 pool and you can then set $Conf{PoolV3Enabled} to 0. BackupPC_migrateV3toV4 -a [-m] [-p] [-v] BackupPC_migrateV3toV4 -h host [-n V3backupNum] [-m] [-p] [-v] Options: -a migrate all hosts and all backups -h host migrate just a specific host -n V3backupNum migrate specific host backup; does all V3 backups for that host if not specified -m don't migrate anything; just print what would be done -p don't print progress information -v verbose The BackupPC server should not be running when you run BackupPC_migrateV3toV4. It will check and exit if the BackupPC server is running. If you want to test BackupPC_migrateV3toV4, a cautious approach is to make backup copies of the V3 backups, allowing you to restore them if there is any issue. For example, if exampleHost has three 3.x backups numbered 5, 6, 7, you can use cp -prl (preserving hardlinks) to make copies: cd /data/BackupPC/pc/exampleHost mv 5 5.orig ; cp -prl 5.orig 5 mv 6 6.orig ; cp -prl 6.orig 6 mv 7 7.orig ; cp -prl 7.orig 7 cp backups backups.save BackupPC_migrateV3toV4 -h exampleHost -n 5 BackupPC_migrateV3toV4 -h exampleHost -n 6 BackupPC_migrateV3toV4 -h exampleHost -n 7 If you want to put things back the way they were: rm -rf 5 ; mv 5.orig 5 rm -rf 6 ; mv 6.orig 6 rm -rf 7 ; mv 7.orig 7 # copy the [567] lines from backups.save into backups; # only do "cp backups.save backups" if you are sure no # new backups have been done Two important things to note with BackupPC_migrateV3toV4. First, V4 storage does use more filesystem inodes than V3 (that's the small cost of getting rid of hardlinks). In particular, each directory in a backup tree uses two inodes in V4 (one for the directory, and one for the (empty) attrib file), and only one inode in V3 (one for the directory, and the attrib and all other files are hardlinked to the pool). So before you run BackupPC_migrateV3toV4, make sure you have enough inodes in __TOPDIR__; use df -i to make sure you are under 45% inode usage. Secondly, if you run BackupPC_migrateV3toV4 on all your backups, the old V3 pool should be empty, except for old-style attrib files, which should all have only one link since no backups should reference them any longer. Before you turn off the V3 pool by setting $Conf{PoolV3Enabled} to 0, make sure BackupPC_nightly has run enough times (specifically, $Conf{PoolSizeNightlyUpdatePeriod} times) so that the V3 pool can be emptied. You could do this manually, but only if you are very careful to check that the remaining files only have one link. BackupPC_poolCntPrint BackupPC_poolCntPrint is used to print reference count information, either per-backup, per-host or for the entire pool depending on the file path you use. If you provide a hex md5 digest, the entire pool count for that digest is printed. Usage: BackupPC_poolCntPrint [poolCntFilePath|hexDigest]... BackupPC_refCountUpdate is used to either update the per-backup and per-host reference counts, or the system-wide reference counts. It is used by BackupPC_dump, BackupPC_nightly, BackupPC_backupDelete, BackupPC_backupDuplicate and BackupPC_fsck. Usage: BackupPC_refCountUpdate -h HOST [-c] [-f] [-F] [-o N] [-p] [-v] With no other args, updates count db on backups with poolCntDelta files and computers the host's total reference counts. Also builds refCnt for any >=4.0 backups without refCnts. -f - do an fsck on this HOST, which involves a rebuild of the last two backup refCnts. poolCntDelta files are ignored. Also forces fsck if requested by needFsck flag files in TopDir/pc/HOST/refCnt. Equivalent to -o 2. -F - rebuild all the >=4.0 per-backup refCnt files for this host. Equivalent to -o 3. -c - compare current count db to new db before replacing -o N - override $Conf{RefCntFsck}. -p - don't show progress -v - verbose Notes: in case there are legacy (ie: <=4.0.0alpha3) unapplied poolCntDelta files in TopDir/pc/HOST/refCnt then the -f flag is turned on. BackupPC_refCountUpdate -m [-f] [-p] [-c] [-r N-M] [-s] [-v] [-P phase] -m Updates main count db, based on each HOST -f - do an fsck on all the hosts, ignoring poolCntDelta files, and replacing each host's count db. Will wait for backups to finish if any are running. -F - rebuild all the >=4.0 per-backup refCnt files. -p - don't show progress -c - clean pool files -r N-M - process a subset of the main count db, 0 <= N <= M <= 255 -s - prints stats -v - verbose -P phase Phase from 0..15 each time we run BackupPC_nightly. Used to compute exact pool size for portions of the pool based on the phase and $Conf{PoolSizeNightlyUpdatePeriod}.

Other CGI Functions

Configuration and Host Editor

The CGI interface has a complete configuration and host editor. Only the administrator can edit the main configuration settings and hosts. The edit links are in the left navigation bar.

When changes are made to any parameter a "Save" button appears at the top of the page. If you are editing a text box you will need to click outside of the text box to make the Save button appear. If you don't select Save then the changes won't be saved.

The host-specific configuration can be edited from the host summary page using the link in the left navigation bar. The administrator can edit any of the host-specific configuration settings.

When editing the host-specific configuration, each parameter has an "override" setting that denotes the value is host-specific, meaning that it overrides the setting in the main configuration. If you deselect "override" then the setting is removed from the host-specific configuration, and the main configuration file is displayed.

User's can edit their host-specific configuration if enabled via $Conf{CgiUserConfigEditEnable}. The specific subset of configuration settings that a user can edit is specified with $Conf{CgiUserConfigEdit}. It is recommended to make this list short as possible (you probably don't want your users saving dozens of backups) and it is essential that they can't edit any of the Cmd configuration settings, otherwise they can specify an arbitrary command that will be executed as the BackupPC user.

Metrics

BackupPC supports a metrics endpoint that expose common information in a digest format. Allowed metrics formats are json (default), prometheus and rss . Format should be specified using format query parameter, a URL similar to this will provide metrics information:

http://localhost/cgi-bin/BackupPC/BackupPC_Admin?action=metrics http://localhost/cgi-bin/BackupPC/BackupPC_Admin?action=metrics?format=json http://localhost/cgi-bin/BackupPC/BackupPC_Admin?action=metrics?format=prometheus http://localhost/cgi-bin/BackupPC/BackupPC_Admin?action=metrics?format=rss

JSON format requires the JSON::XS module to be installed. RSS format requires the XML::RSS module to be installed.

This feature is experimental. The information included will probably change.

RSS

The RSS feed has been merged in the metrics endpoint (see section above). Please use the metrics endpoint to access the RSS feed, as the old endpoint will be deprecated.

BackupPC supports a very basic RSS feed. Provided you have the XML::RSS perl module installed, a URL similar to this will provide RSS information:

http://localhost/cgi-bin/BackupPC/BackupPC_Admin?action=rss

This feature is experimental. The information included will probably change.

BackupPC Design

Some design issues

Pooling common files To see if a file is already in the pool, an MD5 digest of the file contents is used. This can't guarantee a file is identical: it just reduces the search to often a single file or handful of files. Depending on the Xfer method and settings, a complete file comparison is done to verify if two files are really the same. Prior to V4, identical files on multiples backups are represented by hard links. Hardlinks are used so that identical files all refer to the same physical file on the server's disk. Also, hard links maintain reference counts so that BackupPC knows when to delete unused files from the pool. In V4+, hardlinks are not used and reference counting is done at the application level. It is done in a batch manner, which simplifies the implementation. For the computer-science majors among you, you can think of the pooling system used by BackupPC as just a chained hash table stored on a (big) file system. The hashing function In V4+, the file digest is the MD5 digest of the complete file. While MD5 collisions are now well known, and can be easily constructed, in real use collisions will be extremely unlikely. Prior to V4, just a portion of all but the smallest files was used for the digest. That decision was made long ago when CPUs were a lot slower. For files less than 256K, the digest is the MD5 digest of the file size and the full file. For files up to 1MB, the first and last 128K of the file, and for over 1MB, the first and eighth 128K chunks are used, together with the file size. Compression BackupPC supports compression. It uses the deflate and inflate methods in the Compress::Zlib module, which is based on the zlib compression library (see http://www.gzip.org/zlib/). The $Conf{CompressLevel} setting specifies the compression level to use. Zero (0) means no compression. Compression levels can be from 1 (least cpu time, slightly worse compression) to 9 (most cpu time, slightly better compression). The recommended value is 3. Changing it to 5, for example, will take maybe 20% more cpu time and will get another 2-3% additional compression. Diminishing returns set in above 5. See the zlib documentation for more information about compression levels. BackupPC implements compression with minimal CPU load. Rather than compressing every incoming backup file and then trying to match it against the pool, BackupPC computes the MD5 digest based on the uncompressed file, and matches against the candidate pool files by comparing each uncompressed pool file against the incoming backup file. Since inflating a file takes roughly a factor of 10 less CPU time than deflating there is a big saving in CPU time. The combination of pooling common files and compression can yield a factor of 8 or more overall saving in backup storage. Note that you should not turn compression on and off are you have started running BackupPC. It will result in double the storage needs, since all the files will be stored in both the compressed and uncompressed pools.

BackupPC operation

BackupPC reads the configuration information from __CONFDIR__/config.pl. It then runs and manages all the backup activity. It maintains queues of pending backup requests, user backup requests and administrative commands. Based on the configuration various requests will be executed simultaneously.

As specified by $Conf{WakeupSchedule}, BackupPC wakes up periodically to queue backups on all the PCs. This is a four step process:

For each host and DHCP address backup requests are queued on the background command queue. For each PC, BackupPC_dump is forked. Several of these may be run in parallel, based on the configuration. First a ping is done to see if the machine is alive. If this is a DHCP address, nmblookup is run to get the netbios name, which is used as the hostname. If DNS lookup fails, $Conf{NmbLookupFindHostCmd} is run to find the IP address from the hostname. The file __TOPDIR__/pc/$host/backups is read to decide whether a full or incremental backup needs to be run.