Linux для человеков!
Обзоры
Фотогалереи
Помощь при использовании сайта
Новое из блога
Бэкап NAS Synology с помощью rsync
Прочитав заголовок вы наверно немного удивлены, ведь Synology позиционируется как сетевое хранилище данных, а учитывая 100% избыточность, благодаря RAID 1 из двух дисков, бэкапить данные нужно на Synology, а не с него. Но уверяю вас бывает и так, что бэкап требуется и тех данных которые находятся на NAS. Для примера могу обрисовать такую необходимость. Файлы с NAS удаляет кто то из сотрудников, так как он имеет права доступа на чтение/запись и в данном случае остается лишь путь их восстановления средствами DSM, либо testdisk (загрузившись скажем с SystemRescueCD Также не редки случаи когда нужна более ранняя ревизия какого либо файла. Думаю я вас убедил в том, что бэкап некоторых важных документов расположенных на сетевом хранилище необходима.
Итак, резервирование данных, как вы уже догадались мы будем делать через rsync, так как этот способ имеет важную фичу, а именно: передачу только измененных и новых файлов с источника бэкапа. Для организации всего это счастья нам потребуется собственно NAS (я использую Synology DS 214+) и какая либо машина под управлением GNU/Linux.
Для начала настроим rsync сервер. Я приведу пример на основе Ubuntu, как более распространенный дистрибутива Linux. Устанавливаем rsync если он еще не установлен и открываем конфиг:
. Для его правильной настройки приведем конфиг к такому виду:
Быстренько пробежимся по файлу конфигурации rsync. path — описывает директорию в которую будет производиться резервирование.
- uid и gid — пользователи от которых запускается rsync
- strict modes определяет проверять ли разрешения на файл с паролями. Если true, то /etc/rsyncd.secrets должен быть доступен _только_ для uid и gid. Если false, то владельцем может быть любой пользователь, но права должны быть настроены так, чтобы uid и gid имели возможность его прочитать
- auth user — _системный пользователь_ для авторизации на rsync.В последствии мы будем указывать его в DSM при настройке бэкапа
- secrets file файл с паролями формата user:password
Теперь перейдем к настройке Synology.Открываем веб морду NAS, кликаем по основному меню и переходим в меню «Резервирование и репликация». Далее открываем «место назначения резервирования», жмакаем создать. Выбираем пункт «Местоназначения сетевого резервирования Rsync совместимый сервер» Далее создаем любое имя (можно например взять имя целевого компьютера), указываем его ip адрес, имя пользователя и пароль юзера которой у нас был как auth user в настройках rsync. Модуль резервирования должен появиться автоматом если Synology найдет правильно настроенный rsync сервер по вышеуказанному адресу.
Далее открываем вкладку «Резервирование» —> Создать —> Задача резервирования данных. Выбираем директории которые собираемся резервировать и место резервирования, то, которое создали в предыдущем пункте. После чего настраиваем процесс бэкапа (тут думаю уже на ваш цвет и вкус) и график его выполнения.
На этом думаю все. По традиции, ваши предложения, советы и указание на мои неточности — в комментарии ниже.
Ах да, можно еще добавить сервер rsync в автозапуск. На Ubuntu-like дистрибутивах это делается обычно так:
Rsync synology to windows
Copyright (c) 2012 Nic Jansma http://nicj.net
These scripts allow you to easily and securely backup your Windows computers to a Synology NAS via rsync over SSH.
- Uses rsync over ssh to securely backup your Windows hosts to a Synology NAS.
- Each Windows host gets a unique SSH private/public key that can be revoked at any time on the server.
- The server limits the SSH private/public keys so they can only run rsync, and can’t be used to log into the server.
- The server also limits the SSH private/public keys to a valid path prefix, so rsync can’t destroy other parts of the file system.
- Windows hosts can backup to the Synology NAS if they’re on the local network or on a remote network, as long as the outside IP/port are known.
NOTE: The backups are performed via the Synology root user’s credentials, to simplify permissions. The SSH keys are only valid for rsync, and are limited to the path prefix you specify. You could change the scripts to backup as another user if you want (config.csv).
Synology NAS Setup
Enable SSH on your Synology NAS if you haven’t already. Go to Control Panel — Terminal, and check «Enable SSH service».
Log into your Synology via SSH.
Create a /root/.ssh directory if it doesn’t already exist
Upload server/validate-rsync.sh to your /root/.ssh/validate-rsync.sh. Then chmod it so it can be run:
Create an authorized_keys file for later use:
Ensure private/public key logins are enabled in /etc/ssh/sshd_config.
You want to ensure the following lines are uncommented:
You should reboot your Synology to ensure the settings are applied:
Setup a share on your Synology NAS for backups (eg, ‘backup’).
Client Package Preparation
Before you backup any clients, you will need to make a couple changes to the files in the client/ directory.
First, you’ll need a few binaries (rsync, ssh, chmod, ssh-keygen) on your system to facilitate the ssh/rsync transfer. http://www.cygwin.com/ can be used to accomplish this. You can easily install Cygwin from http://www.cygwin.com/. After installing, pluck a couple files from the bin/ folder and put them into the client/ directory.
The binaries you need are:
You may also need a couple libraries to ensure those binaries run:
NOTE: These libs may change in future versions of Cygwin. If you get a popup saying ‘The program can’t start because of X’, then fetch X from the Cygwin distribution.
Next, you should update config.csv for your needs:
The version control update command (%vcsUpdateCmd%) can be set to run a version control update on your files prior to backing up. This can be useful if you have a VCS repository that clients can connect to. It allows you to make remote changes to the backup scripts, and have the clients get the updated scripts without you having to log into them. The scripts are updated each time start-backup.cmd is run.
For example, you could use this command to update from a svn repository:
If you are using a VCS system, you should ensure you have the proper command-line .exes and .dlls in the client/ directory. I’ve used Collab.net’s svn.exe and lib*.dll files from their distribution (http://www.collab.net/downloads/subversion/).
During client setup, you simply need to log into the machine, checkout the repository, and setup a scheduled task to do the backups (see below). Each time a backup is run, the client will update its backup scripts first.
The client package is now setup! If you’re using %vcsUpdateCmd%, you can check the client/ directory into your remote repository.
For each client you want to backup, you will need to do the following:
Generate a private/public key pair for the computer. You can do this by running ssh-keygen.exe, or have generate-client-keys.cmd do it for you:
If you run ssh-keygen.exe on your own, you should name the files rsync-keys-[computername]:
If you run ssh-keygen.exe on your own, do not specify a password, or clients will need to enter it every time they backup.
Grab the public key out of rsync-keys-[computername].pub, and put it into your Synology backup user’s .ssh/authorized_keys:
You will want to prefix the authorized key with your validation command. It should look something like this
This ensures that the public/private key is only used for rsync (and can’t be used as a shell login), and that the rsync starts at the specified root path and no higher (so it can’t destroy the rest of the filesystem).
Copy backup-TEMPLATE.cmd to backup-[computername].cmd
Edit the backup-[computername].cmd file to ensure %rsyncPath% is correct.
The following DOS environment variable is available to you, which is set in config.csv:
You should set rsyncPath to the root remote rsync path you want to use. For example:
%rsyncRootPath% is set in config.csv to your Synology backup volume (eg, /volume1/backup), so %rsyncPath% would evaluate to this if your current computer’s name is MYCOMPUTER:
You can see this is the same path that you put in the authorized_keys file.
Edit the backup-[computername].cmd file to run the appropriate rsync commands.
The following DOS environment variables are available to you, which are set in start-backup.cmd:
Copy the client/ directories to the target computer, say C:\backup.
If you are using %vcsUpdateCmd%, you can checkout the client directory so you can push remote updates (see above).
Setup a scheduled task (via Windows Task Scheduler) to run start-backup.cmd as often as you wish.
Create the computer’s backup directory on your Synology NAS:
Backing up Windows computers to a Synology NAS via SSH and rsync
I recently purchased a Synology DS1511+ to act as a NAS (network attached storage) for my home network. The 5-drive, Linux powered device is beautiful – small, sleek and quiet. What sold me was the amazing web-based configuration interface they provide, and the ability to access the device remotely via the web or from mobile apps Synology provides in the iTunes App Store and Android Market.
After setting it up with a couple 2TB and 3TB drives, I wanted to use the device to backup documents from several Windows computers I manage (my own, my wife’s netbook and my parents’ computers thousands of miles away). Local network backup is pretty easy – you can use the Synology Data Replicator to backup Windows hosts to your Synology on your local network. However, it seemed pretty slow to me, and doesn’t use the highly-optimized rsync protocol for backing up files. Since I was previously using rsync over SSH to a Linux server I run at home, I figured since the Synology was Linux-based, it should be able to do the same.
All it takes is a few updates to the Synology server, and a few scripts on the Windows computers you want to backup to make this work for both computers on your home network as well as any external computers you want to backup, as long as they know the address of the remote server. You can use a dynamic-IP service such as TZO.com or DynDNS.org so your remote Windows clients know how to contact your home Synology.
Once I got it all working, I figured the process and scripts I created could be used by others with a Synology NAS (or any server or NAS running Linux). I’ve created a GitHub repository with the scripts and instructions so you can setup your own secure backup for local and remote Windows computers:
Features
- Uses rsync over ssh to securely backup your Windows hosts to a Synology NAS.
- Each Windows host gets a unique SSH private/public key that can be revoked at any time on the server.
- The server limits the SSH private/public keys so they can only run rsync, and can’t be used to log into the server.
- The server also limits the SSH private/public keys to a valid path prefix, so rsync can’t destroy other parts of the file system.
- Windows hosts can backup to the Synology NAS if they’re on the local network or on a remote network, as long as the outside IP/port are known.
NOTE: The backups are performed via the Synology root user’s credentials, to simplify permissions. The SSH keys are only valid for rsync, and are limited to the path prefix you specify. You could change the scripts to backup as another user if you want (config.csv).
Synology NAS Setup
- Enable SSH on your Synology NAS if you haven’t already. Go to Control Panel – Terminal, and check “Enable SSH service”.
- Log into your Synology via SSH.
- Create a /root/.ssh directory if it doesn’t already exist
- Upload server/validate-rsync.sh to your /root/.ssh/validate-rsync.sh. Then chmod it so it can be run:
- Create an authorized_keys file for later use:
- Ensure private/public key logins are enabled in /etc/ssh/sshd_config.
You want to ensure the following lines are uncommented:
Client Package Preparation
Before you backup any clients, you will need to make a couple changes to the files in the client/ directory.
- First, you’ll need a few binaries (rsync, ssh, chmod, ssh-keygen) on your system to facilitate the ssh/rsync transfer. Cygwin can be used to accomplish this. You can easily install Cygwin from https://www.cygwin.com/. After installing, pluck a couple files from the bin/ folder and put them into the client/ directory. The binaries you need are:
You may also need a couple libraries to ensure those binaries run:
If you are using a VCS system, you should ensure you have the proper command-line .exes and .dlls in the client/ directory. I’ve used Collab.net’s svn.exe and lib*.dll files from their distribution (https://www.collab.net/downloads/subversion/).
During client setup, you simply need to log into the machine, checkout the repository, and setup a scheduled task to do the backups (see below). Each time a backup is run, the client will update its backup scripts first.
The client package is now setup! If you’re using %vcsUpdateCmd%, you can check the client/ directory into your remote repository.
Client Setup
For each client you want to backup, you will need to do the following:
- Generate a private/public key pair for the computer. You can do this by running ssh-keygen.exe, or have generate-client-keys.cmd do it for you:
If you run ssh-keygen.exe on your own, you should name the files rsync-keys-[computername]:
If you run ssh-keygen.exe on your own, do not specify a password, or clients will need to enter it every time they backup.
Grab the public key out of rsync-keys-[computername].pub, and put it into your Synology backup user’s .ssh/authorized_keys:
You will want to prefix the authorized key with your validation command. It should look something like this
This ensures that the public/private key is only used for rsync (and can’t be used as a shell login), and that the rsync starts at the specified root path and no higher (so it can’t destroy the rest of the filesystem).
You should set rsyncPath to the root remote rsync path you want to use. For example:
%rsyncRootPath% is set in config.csv to your Synology backup volume (eg, /volume1/backup), so %rsyncPath% would evaluate to this if your current computer’s name is MYCOMPUTER:
You can see this is the same path that you put in the authorized_keys file.
Edit the backup-[computername].cmd file to run the appropriate rsync commands. The following DOS environment variables are available to you, which are set in start-backup.cmd:
The client is now setup!
Source
As noted above, the source for these scripts is available on Github:
If you have any suggestions, find a bug or want to make contributions, please head over to GitHub!
