FreeNAS-11.2-BETA3 BackupPC Plugin

ezra

Contributor
Joined
Jan 15, 2015
Messages
124
Yeah indeed, i've seen the comment. I've posted my steps to get it up and running. Took me nearly 3 hours to figure out ^^ Please have a look and advise.
 

Joel Linn

Dabbler
Joined
Dec 3, 2014
Messages
16
Took me nearly 3 hours to figure out ^^ Please have a look and advise.
Heck, that's a lot of time.
You have more or less done the same things as I did in my install script. In a way that's a good thing.
Of course there need to be configuration options available in the FreeNAS Gui and security needs to be addressed....

Test Version
In the meantime, if any of you are interested in testing the stability of the basic backuppc system you can install my development version using the freenas shell.
Please consider all backups created dispensable as this is an early "it just works" state and I haven't thought through an upgrade process yet.
Run the following commands in a freenas shell. You probably will need to adjust the IP and Interface in your case.
After these commands you will be able to change basic jail settings using the freenas gui.
Code:
curl -o-  https://raw.githubusercontent.com/JoelLinn/iocage-ix-plugins/JoelLinn-backuppc/backuppc.json | sed -e  's/github.com\/freenas/github.com\/JoelLinn/g' > backuppc_joellinn.json
iocage fetch -P --name backuppc_joellinn.json ip4_addr="em0|192.168.0.123/24"

standard user/pw: admin password
You can change the password with iocage set -P adminpass="newpassword" backuppc

If you encounter things in backuppc that do not work like expected by the backuppc documentation please create an issue:
https://github.com/JoelLinn/iocage-plugin-backuppc/issues
 
Last edited:

ezra

Contributor
Joined
Jan 15, 2015
Messages
124
Darn i didnt look in the branches. Though there was nothing but the default plugin. Lets keep in touch about the hardening and share it. Will use your repo
 

ezra

Contributor
Joined
Jan 15, 2015
Messages
124
This is awesome, secured it with https, and its working great, got 9 hosts backed up already. Later this week i'll test restoring after i "break" something.

I do have to say, using rsync/ssh i first had to:

pkg install sudo sudo -u backuppc ssh user@hostname

and then add it to known hosts, in order for it to work, we might need to come up with an automated solution for this.

Some pointers that helped me along the way:
* use hostnames that are in your routers dhcp list and a domain eg: raspberrypi.local
* Keep dhcp option off in host config
* Route traffic from backuppc to WAN host over default WAN and not VPN tunnel (everything outgoing is encrypted), this breaks the backup tunnel quite often
* change port of hosts after adding them, going to host specific config in web ui then after: -e ssh -l root add it so it looks like this: -e ssh -l root -p 7722
 

Joel Linn

Dabbler
Joined
Dec 3, 2014
Messages
16
Thoughts on configurability of the plugin:
  • The documentation on the iocage plugin settings mechanism is very sparse and a mechanism to change these settings from the freenas gui has not been implemented yet (just checked freenas nightlies build).
  • For https, I want the plugin to use a self signed cert as standard and be configurable to either use a user supplied cert or a lets encrypt one using acme.sh
  • SMTP server and credentials need to configurable through freenas (no gui inside backuppc)
  • Be able to manage users
I do have to say, using rsync/ssh i first had to:

pkg install sudo sudo -u backuppc ssh user@hostname

and then add it to known hosts, in order for it to work, we might need to come up with an automated solution for this.
Thanks, I disabled strict host key checking for ssh so this is no longer an issue.
It exposes a small risk to MITM attacks during the first backup but would require the attacker to have access to the target pc as root to not break the backup process.
 
Last edited:

ezra

Contributor
Joined
Jan 15, 2015
Messages
124
Sounds great, got a link to the commit of the strict host key? I'll implement it on my server as well.

* I dont think we should use letsencrypt, more things can go wrong and who wants to access this tool via WAN? Just use VPN.
* Users you mean in the FreeNAS ui right? that will also reflect to SMTP settings, would be the same implementation i guess.

Great work so far, thanks.
 

Joel Linn

Dabbler
Joined
Dec 3, 2014
Messages
16
* I don't think we should use letsencrypt, more things can go wrong and who wants to access this tool via WAN? Just use VPN.
Great work so far, thanks.
Nothing exposed to the WWW. I use lets encrypt certificates on the intranet with split dns and many other organizations started to do so as well. Otherwise they would either often distribute the same paid wildcard cert among all their services or deploy their own root certificate - ewh.
However, I would set it up so that the acme.sh script is only downloaded once the user has choosen to use it.

* Users you mean in the FreeNAS ui right? that will also reflect to SMTP settings, would be the same implementation i guess.
Backuppc takes the username from apache, so users are effectively managed by a htpasswd file. Nothing to do with freenas users.
Mails are send using a sendmail compatible tool that has it's own configuration file which has to be generated by the iocage settings backend as well.
These are two different things.
 

ezra

Contributor
Joined
Jan 15, 2015
Messages
124
Nothing exposed to the WWW. I use lets encrypt certificates on the intranet with split dns and many other organizations started to do so as well. Otherwise they would either often distribute the same paid wildcard cert among all their services or deploy their own root certificate - ewh.
However, I would set it up so that the acme.sh script is only downloaded once the user has choosen to use it.

Oh wow, i did not know its usable on INTRANET, so your saying i can provide a valid SSL cert (green lock) locally, with ease? That would be just great.

Backuppc takes the username from apache, so users are effectively managed by a htpasswd file. Nothing to do with freenas users.
Mails are send using a sendmail compatible tool that has it's own configuration file which has to be generated by the iocage settings backend as well.
These are two different things.

I know, getting it from the freenas frontend to the backuppc backend is what i meant. So there would be a settings option for backuppc with user config + smtp details, thats what you mean aint it?
 

ezra

Contributor
Joined
Jan 15, 2015
Messages
124
After a restart all of a sudden:

root@backuppc:~ # service backuppc status backuppc does not exist in /etc/rc.d or the local startup directories (/usr/local/etc/rc.d), or is not executable

Admin console not accesable, rc.d dir seems non existent. Any idea?
 

Joel Linn

Dabbler
Joined
Dec 3, 2014
Messages
16
After a restart all of a sudden:

root@backuppc:~ # service backuppc status backuppc does not exist in /etc/rc.d or the local startup directories (/usr/local/etc/rc.d), or is not executable

Admin console not accesable, rc.d dir seems non existent. Any idea?

mh, couldn't reproduce that. what does
Code:
pkg info
give you?
Can you reproduce this with a fresh plugin?

Please use my github repo https://github.com/JoelLinn/iocage-plugin-backuppc/issues to report issues, keeping things clean.
 

peacepipe

Dabbler
Joined
Dec 17, 2017
Messages
36
Hey guys,

how is the current status? Is it finished/stable? Is an official patch for the current plugin planned?
 

Berthag63

Cadet
Joined
Feb 13, 2019
Messages
4
Hi guys,

Same here, trying to install backuppc to a fresh jail, but got error :
Error: Unable to connect to BackupPC server
This CGI script (/BackupPC_Admin) is unable to connect to the BackupPC server on BackupPC port -1.
The error was: unix connect: No such file or directory.
Perhaps the BackupPC server is not running or there is a configuration error. Please report this to your Sys Admin.

Since I am not an expert I guess I messed it up with httpd.conf or config.pl TT.
Is your pluggin ready ? or I should figure out my issue?

THX m8s
 
Last edited:

Joel Linn

Dabbler
Joined
Dec 3, 2014
Messages
16
Hey guys,

how is the current status? Is it finished/stable? Is an official patch for the current plugin planned?
I was on vacation, it is not finished nor is it stable.

Hi guys,

Same here, trying to install backuppc to a fresh jail, but got error :
Error: Unable to connect to BackupPC server
This CGI script (/BackupPC_Admin) is unable to connect to the BackupPC server on BackupPC port -1.
The error was: unix connect: No such file or directory.
Perhaps the BackupPC server is not running or there is a configuration error. Please report this to your Sys Admin.

Since I am not an expert I guess I messed it up with httpd.conf or config.pl TT.
Is your pluggin ready ? or I should figure out my issue?

THX m8s
If you use my instructions there is no need to fidle with config files.
Treat it like it is alpha software though.
 

Berthag63

Cadet
Joined
Feb 13, 2019
Messages
4
If you use my instructions there is no need to fidle with config files.
Treat it like it is alpha software though.

I tried and now I remember why I started a new jail from scratch.
Following your instruction with
root@freenas[~]# iocage fetch -P --name backuppc_joellinn.json ip4_addr="em0|192.168.8.111/24"
give me :

Plugin: BackupPC
Official Plugin: True
Using RELEASE: 11.2-RELEASE
Using Branch: 11.2-RELEASE
Post-install Artifact: https://github.com/JoelLinn/iocage-plugin-backuppc.git
These pkgs will be installed:
- sysutils/p5-BackupPC-XS
- sysutils/p5-File-Listing
- archivers/p5-Archive-Zip
- textproc/p5-XML-RSS
- www/p5-CGI
- net/rsync
- net/rsync-bpc
- sysutils/backuppc4
- archivers/par2cmdline-tbb
- net/samba48
- www/apache24
- www/mod_perl2
- databases/rrdtool

Testing SRV response to iocage-plugins
pkg.cdn.trueos.org's SRV record could not be verified.

Testing DNSSEC response to iocage-plugins
pkg.cdn.trueos.org could not be reached via DNSSEC.

Then I pinged google to check internet acess, and works fine.

What I am doing wrong, any setting on freenas I should change?
 

Joel Linn

Dabbler
Joined
Dec 3, 2014
Messages
16
Testing SRV response to iocage-plugins
pkg.cdn.trueos.org's SRV record could not be verified.

Testing DNSSEC response to iocage-plugins
pkg.cdn.trueos.org could not be reached via DNSSEC.

Then I pinged google to check internet acess, and works fine.

What I am doing wrong, any setting on freenas I should change?

Can you install other official plugins?
 

Joel Linn

Dabbler
Joined
Dec 3, 2014
Messages
16
I want to implement outgoing email support using authenticated smtp for which I again need a software package.
So I am waiting for an answer from the dev team as to which specific MTA they prefer to include before I can integrate it...
 

Berthag63

Cadet
Joined
Feb 13, 2019
Messages
4
Can you install other official plugins?
Sorry for my late answer, Was a newbee mistake from me, the ip4 was set to 255. ;) Now works fine.
Did you try rsync with windows10 ? Do you use deltacopy or cygwin ? So far nothing seems bad on this pluggin Great work ;)
 

Joel Linn

Dabbler
Joined
Dec 3, 2014
Messages
16
I used samba/windows share.
Change the method/protocol in the host settings and enter administrative credentials for that host.
As standard it should update the whole C drive.

Btw, I’m still waiting for ixsystem feedback/support about MTA integration...
 

Berthag63

Cadet
Joined
Feb 13, 2019
Messages
4
I read from backuppc that rsync was better, samba will miss some modifications. (can t find in which section from backuppc doc I read that) Since all my files are important, I will try to make it works. I follow those steps : https://www.drivemeca.com/backuppc-client/
But still, can't manage to make it works. I ll keep digging. But if one of you can try rsycd win win10 and tell me if it works that would be very helpfull.
 

arbru_busa

Cadet
Joined
Apr 15, 2019
Messages
2
Hi guys,

Is the script already working on version FreeNAS-11.2-U3?

When I try to install it using the advanced configurations, it gives me an error:
========
Install
[EFAULT] Exception: RuntimeError:*** no is not a valid value for hostid_strict_check. Value must be off or on *** occured, destroyed backuppc.
========

Thanks in advance,
 
Top