[Box Backup] Installation issues RH ES3 and FC3

Fri, 10 Dec 2004 10:19:16 -0500

Hello-

I have been testing out box backup 0.8RC3 on a RedHat ES 3 Server with 
Fedora Core 3 clients.

a couple of things I have noticed... 
ES3 requires you to ./configure compile:-I/usr/kerberos/include for 
0.08RC3 and 0.09

ES3 is able to back itself up, but unable to receive updates from the FC3 
clients...

I get an error:

Dec 10 10:11:32 magrathea bbackupd[3589]: File statistics: total file size 
uploaded 0, bytes already on server 0, encoded size 0
Dec 10 10:11:32 magrathea bbackupd[3589]: Beginning scan of local files
Dec 10 10:11:32 magrathea bbackupd[3589]: Opening connection to server 
geonosis...
Dec 10 10:11:32 magrathea bbackupd[3589]: Exception caught (7/15), reset 
state and waiting to retry...

and I used this method to install the server, a client on the server, and 
a client to connect to the server... please let em know if i ommitted 
anything.

tar -zxvf boxbackup-VERSION.tgz
cd boxbackup- VERSION
./configure
make
make test

Edit /etc/syslog.conf, and add
local6.info                                             /var/log/box
local5.info                                             /var/log/raidfile
Note separators must be tabs, otherwise it ignores you.
touch /var/log/box
touch /var/log/raidfile
Add them to the log rotate config file:
vi /etc/logrotate.conf

Add:
#
# BOXBACKUP
#
/var/log/box            644     7       2000    *       Z 
/var/log/raidfile       644     7       2000    *       Z
#

Save and close this file.

Restart Syslog
service syslog restart
Create a directory to store backups:
mkdir /home/box
Create a user to run the server under:
useradd _bbstored -s /sbin/nologin 
chown -R _bbstored /home/box/

You need to edit this file to add your own Certificate Authority (CA) 
information and provide a prompt to specify backup account number when 
generating client certificates:
vi /usr/share/ssl/openssl.cnf

And change these lines accordingly (starting at line 120):
countryName_default             = GB
stateOrProvinceName_default     = Berkshire
localityName_default            = Newbury
0.organizationName_default      = My Company Ltd

Find (line 140) and change to the following.  This is to remind you to 
enter the backup number when generating certificates.
commonName                      = BACKUP-account#

The server does RAID in userland for that extra bit of reliability. You 
need to set this up separately from the server. To create 
/etc/box/raidfile.conf,
/usr/local/bin/raidfile-config /etc/box 4096 /home/box
Create /etc/box/bbstored.conf with:
/usr/local/bin/bbstored-config /etc/box geonosis _bbstored

chown -R _bbstored /etc/box/bbstored
chmod -R go-rwx /etc/box/bbstored

To setup the basic key structure, do
cd /etc/box
/usr/local/bin/bbstored-certs ca init
cd /etc/box
/usr/local/bin/bbstored-certs ca sign-server bbstored/geonosis-csr.pem

Now copy these files to the location defined in bbstored.conf:
cp /etc/box/ca/servers/geonosis-cert.pem /etc/box/bbstored/
cp /etc/box/ca/roots/clientCA.pem /etc/box/bbstored/

We have to add the ports that boxbackup uses to /etc/services
vi /etc/services

Add the following at about line 369: 
boxbackup       2201/tcp                        # boxbackup
boxbackup       2201/udp                        # boxbackup

Save and close this file.
Restart xinetd
/etc/rc.d/init.d/xinetd restart

and open them on the firewall:
vi /etc/sysconfig/iptables
add the following before the COMMIT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2201 -j 
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2201 -j 
ACCEPT

Save and close this file.
Restart iptables
service iptables restart

Copy bbstored and bbackupd into /etc/rc.d/init.d/
cd /home/downloads/boxbackup-0.08PLUS3/contrib/redhat/
cp bb* /etc/rc.d/init.d/

check the PATH variable in /etc/rc.d/init.d/functions make sure it 
includes /usr/local/bin and /usr/local/sbin

And finally start the boxbackup server:
service bbstored start

And see if it is running:
service bbstored status

Should produce:
bbstored (pid 31977 31976) is running...

So the boxbackup server is running.  The next step is to install a client 
on this Linux box and eventually on the other systems that you want to 
backup, like Windows clients.

So now you can start the client to schedule your backups since you now 
have a signed certificate and config file and are authorized by the server 
to do backups.
service bbackupd start

And check that it is running:
service bbackupd status
Should result in:
bbackupd (pid 18576) is running...

See if the client got connected and is running okay:
vi /var/log/box

Add as services to start on boot
/sbin/chkconfig --add bbstored
/sbin/chkconfig --add bbackupd

Check that all are running as services:
setup

And make sure these are * like below:
[*] bbackupd 
[*] bbstored

LINUX CLIENTS
You need to edit this file to add your own Certificate Authority (CA) 
information and provide a prompt to specify backup account number when 
generating client certificates:
vi /usr/share/ssl/openssl.cnf

And change these lines accordingly (starting at line 120):
countryName_default             = GB
stateOrProvinceName_default     = Berkshire
localityName_default            = Newbury
0.organizationName_default      = My Company Ltd

Find (line 140) and change to the following.  This is to remind you to 
enter the backup number when generating certificates.
commonName                      = BACKUP-account#

The following creates a certificate that is sent to the server 
administrator to create your account and return a signed certificate and a 
config file indicating what is to be backed up and how.  The files are 
stored in=/etc/box  account number=101, server=mybizguard.com, 
DataDirectory=/var/bbackupd, directories to backup=/home.
/usr/local/bin/bbackupd-config /etc/box lazy 101 geonosis /var/bbackupd 
/home

Now as an Administrator you need to create an account for the user and 
sign their certificate.  The account is 101, exactly what the user send 
you:

Create an account (account=101, no raid=0, softlimit=4096MB, 
hardlimit=4096MB):
/usr/local/bin/bbstoreaccounts create 101 0 4096M 4505M

Should result in:
Account 101 created

Sign this CSR with:
cd /etc/box
/usr/local/bin/bbstored-certs ca sign bbackupd/101-csr.pem

You would send the files to the user but this is on the same system so we 
will copy them into to right locations as defined in your config file:
cp /etc/box/ca/clients/101-cert.pem /etc/box/bbackupd/101-cert.pem
cp /etc/box/ca/roots/serverCA.pem /etc/box/bbackupd/serverCA.pem

Now we will edit our backup config to exclude the /home/box directory 
otherwise we will create a vicious backup loop:
vi /etc/box/bbackupd.conf

Find line 120 and change like below (added ExcludeDir = /home/box):
BackupLocations
{
        home
        {
                Path = /home
                ExcludeDir = /home/box
        }
}
Installing a client:
on the client install boxbackup-Version-backup-clinet.tgz
cd boxbackup-0.08PLUS2-backup-client-Linux 
./install-backup-client 
/usr/local/bin/bbackupd-config /etc/box lazy 126 geonosis /var/bbackupd 
/home 
Make a backup of /etc/box/bbackupd/126-FileEncKeys.raw 
Send /etc/box/bbackupd/126-csr.pem to the administrator of the backup 
server, and ask for it to be signed. 
sftp server
put /etc/box/bbackupd/126-csr.pem /etc/box/bbackupd/126-csr.pem

On the server:

/usr/local/bin/bbstoreaccounts create 126 0 4096M 4505M

Should result in:
Account 126 created

Sign certss
Sign this CSR with:
cd /etc/box
/usr/local/bin/bbstored-certs ca sign bbackupd/126-csr.pem

on the client:
You would get the files for the user into to the right locations as 
defined in your config file.

sftp server
get /etc/box/ca/clients/126-cert.pem /etc/box/bbackupd/126-cert.pem
get /etc/box/ca/roots/serverCA.pem /etc/box/bbackupd/serverCA.pem

read the configuration file #/etc/box/bbackupd.conf and adjust as 
appropriate. 

vi /etc/services

Add the following at about line 369: 
boxbackup       2201/tcp                        # boxbackup
boxbackup       2201/udp                        # boxbackup