Long time FreeNAS user and after upgrading to TrueNAS Core, I began looking through the plugins for a backup solution for my linux environment. I have 2 bare metal machines running a combination of apps on bare metal as well as docker and lxd containers. BackupPC looked like an ideal solution; installing the plugin, however, is an incomplete solution - i'm not sure if the plugin is simply in an active development state still or if the intention is to require additional work to make it work. In any case, this is what i needed to do in addition to installing the plugin to make it operational. A lot of this is based off this thread in the TrueNAS forum.
- First thing i did was to install the plugin. I'm running TrueNAS 12.0-U1 and simply went to the plugins menu and installed the plugin - the only entry I made was to name the plugin (I used backup-pc) and I made one modification - I selected DHCP (which automatically selected BPF too).
- Next, I created a dataset (I named mine backups) to use for the backups in a storage pool outside of the jail. Stopped the plugin, and created a source mountpoint /storage-pool/storage-dataset which mounts to a destination of /storage-pool/iocage/jails/plugin-name/root/var/db/BackupPC. (likely have to 1st delete any subdirectories thtat the plugin configured in /var/db/BackupPC - and either manually recreate them after the mountpoint is set up or the update.sh script will recreate them).
- restart the plugin.
- if you inspect /etc/passwd in the plugin (from the plugin's shell, which you can get to from either the jail's shell console link or from a TrueNAS ssh session by typing
iocage console plugin-name
) you can find the uid/gid of the backuppc psuedo user - mine was 300. Go back to the TrueNAS ssh session and see if the dataset you created (/storage-pool/storage-dataset) is owned by the same uid:gid (300:300) - mine was. So from the TrueNAS GUI, I created a group named backuppc with gid of 300 and then created a user named backuppc with uid of 300. I then edited the permissions of the storage-dataset and sure enough it was now owned by user:group backuppc:backuppc.
- Not sure if the plugin development is incomplete or if it's intended this way, but from reading the aforementioned thread and doing some
pkg search
from the jail shell, a number of the required components need to be installed. - from a shell prompt in the jail do
pkg install samba413 rsync rsync-bpc rrdtool par2cmdline p5-XML-RSS backuppc4 apache24
. I prefer the nano editor so i added that to the list. - I then followed steps 8-11 from the aforementioned TrueNAS post: In step 10, the update.sh script notices this is not a new installation - just accept the default answers.
- The BackupPC GUI should be available at the ip address assigned to the jail from DHCP /bpc, so http://your-jail-ip/bpc.
- I had issues with email using the default setup and the instructions in the aforementioned post, which configures a sendmail SMART HOST. It seemed easier to me to just install SSMTP
pkg install ssmtp
. - Edit /etc/mail/mailer.conf and comment out the original contents and add the following entries (which you'll be instructed to do following the ssmtp install command):
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
#sendmail /usr/libexec/sendmail/sendmail
#mailq /usr/libexec/sendmail/sendmail
#newaliases /usr/libexec/sendmail/sendmail
#hoststat /usr/libexec/sendmail/sendmail
#purgestat /usr/libexec/sendmail/sendmail
#changed above with installation of ssmtp
sendmail /usr/local/sbin/ssmtp
send-mail /usr/local/sbin/ssmtp
mailq /usr/local/sbin/ssmtp
newaliases /usr/local/sbin/ssmtp
hoststat /usr/bin/true
purgestat /usr/bin/true
- Edit /usr/local/etc/ssmtp/ssmtp.conf and add or modify following the guideance in the comments:
#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
#root=postmaster
root=your-sending-email-username@yourmail-domain
# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and your mailhub is so named.
#mailhub=mail
# Example for SMTP port number 2525
# mailhub=mail.your.domain:2525
# Example for SMTP port number 25 (Standard/RFC)
# mailhub=mail.your.domain
# Example for SSL encrypted connection
# mailhub=mail.your.domain:465
mailhub=yourmailhost.yourmail-domain:587
# Where will the mail seem to come from?
rewriteDomain=yourmail-domain
# The full hostname
#hostname=_HOSTNAME_
hostname=yourmailhost.yourmail-domain
# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.
FromLineOverride=YES
# Use SSL/TLS to send secure messages to server.
UseTLS=YES
# Use SSL/TLS certificate to authenticate against smtp host.
#UseTLSCert=YES
# Use this RSA certificate.
#TLSCert=/usr/local/etc/ssmtp/ssmtp.pem
# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment
#Debug=YES
# Use these parameters for securely authenticating against your
# mailhub; check ssmtp.conf(5) for further details.
UseSTARTTLS=YES
AuthUser=your-sending-email-username@yourmail-domain
AuthPass=yourPassw0rd
- If you wisth to make the From address look like mail is coming from elsewhere, edit /usr/local/etc/ssmtp/revaliases:
# sSMTP aliases
#
# Format: local_account:outgoing_address:mailhub
#
# Example: root:[email protected]:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
root:your-email-username@yourmail-domain:yourmailhost.yourmail-domain:587
this will make emails from root look like they came from your-email-username@yourmail-domain.
- test it by sending mail using ssmtp (or sendmail since it now links to ssmtp): put a test email in a file, e.g., testmail, consisting of:
To: dest-email
From: source-email
Subject: test email
some test email contents
and send with sendmail dest-email < testmail
- I use rsync and needed further setup to make this work since the backuppc user needs to run rsync over ssh to backup your hosts. To do this, the backuppc user needs to be able to login into your hosts using passwordless ssh. But the plugin installs backuppc user as a system account - i.e., no home directory and no password. Without these steps, I would get errors when the backup ran that it could not create/write to /nonexistent. There may be other ways to address this.
- From the jail shell as root type
passwd backuppc
and enter a password - From the jail shell as root type
chpass backuppc
and change thenonexistent
home directory to/home/backuppc
- From the jail shell as root create and set ownership of .ssh directory:
mkdir /home/backuppc/.ssh
chown backuppc:backuppc /home/backuppc/.ssh
chmod 700 /home/backuppc/.ssh
- create ssh keypair
su backuppc
cd ~/.ssh
ssh-keygen
(Don't enter a passphrase when prompted, simply hit enter)
- Securely append the contents of your id_rsa.pub to the authorized_keys file of the host(s) you wish to back up with rsync.
- you should now be able to ssh from the backuppc user account to the remote host:
ssh some-user@some-remote-host-to-be-backed-up
- You can do this from the GUI (http://ip.address.from.plugin-jail/bpc) or by editing /usr/local/etc/backuppc/config.pl from the jail shell.
- The GUI is easier and the username and password are backuppc and the password is as you set it in step 11 from here. Click Edit Config under the Server heading in the left pane.
- The minimal things to edit are the Email, Hosts, and Xfer tabs.
- In Email, set the
EMailFromUserName
andEMailAdminUserName
to email addresses you wish to use (EMailAdminUserName is defined to be simply a name, but if you read the documentation closely it apparently can be a plain username or complete email address). - I struggled with Hosts for awhile as the documentation led me to believe I needed to enter a local hostname (e.g., /etc/hostname from the remote system) which it would find the IP address for using various methods. For me it was just simpler to type the IP address as the host name and since these addresses are done with DHCP reservations I didn't check the DHCP box. Optionally, enter the user name of a user on the remote system.
- In Xfer, select the drop down from the
XferMethod
option and select Rsync. - Edit the
RsyncClientPath
entry - enter the name of the rsync command on the remote system - the TrueNAS plugin seems to default this to a BSD path for rsync, and since my hosts are linux, i set to/usr/bin/rsync
, which you can prepend with sudo if you need to run as sudo, e.g.,sudo /usr/bin/rsync
- Edit the 2nd line of
RsyncSshArgs
- to me it seemed safer to use a non-root user to run the backup (and since i was only backing up a home directory of a single user, i simply used that user) -$sshPath -l non-root-user
- Edit
RsyncShareName
to be the path of the content you wish to backup, in my case/home/non-root-user
This was all i needed to do to get things up and running - there are many more options you can set - read through the documentation. I have two hosts i backed up the home directory for - and they are setup identically so all of above worked for both hosts. But if they had been different, you can customize the config by host from this point... on the left pane, select the host and then click the edit config under the selected host and override whatever settings need to be changed on a per host basis.
At this point you can wait for the automated backup to be triggered or simply select the host and choose to run a full backup.
From here, you may wish to see how the default settings for scheduing full and incremental backups work and adjust as needed. You may also wish to test the restore function - minimally, select a host in the left pane of the GUI and browse backups - you should be able to download indidvidual files to your local system and inspect.