Saturday, February 11, 2017

Time Machine backups on DreamCompute

I really like the simplicity of Time Machine for backing up my Macs. It makes restoring lost files and changing computers extremely easy. However, my laptop is rarely on my home network so it would go months without completing a full backup. My solution was to set up an openvpn server and bridge it with my home network. This allowed my laptop to appear as if it was on my home network regardless of where I was connected. This also allowed me to print to my network printer and VNC to machines on my home network when I was away. I also set it up where I could, when needed, tunnel all traffic through my home network so traffic would be encrypted even if I was on a public unencrypted wifi network.

I had been using BackBlaze for offsite backups but I wanted to see if I could get offsite TimeMachine working. A few notes before I get rolling:

  1. This uses a lot of bandwidth for initial backup. I was saturating my 100Mbps FIOS connection before I started packet shaping. However, incremental backups are usually small so it isn’t much of an issue after initial backup.
  2. If you follow the directions below, you can’t do a full system restore from it as a local VPN connection is required. So, if something happened to both your computer and your local backup, restoring would be still be possible but more complicated as you would need to copy the sparse image somewhere local.
  3. If you have a large (>100GB) amount of data to back up, this can get expensive as only 100GB is included with a DHC account.
  4. This should not be your primary backup. Because of the latency, browsing and restoring files lags a bit.

Setting up a server

I will be setting up an Ubuntu instance on DreamCompute. On that instance, I will be running an OpenVPN server, an AFP daemon, and an avahi daemon.

The first thing you need to do is create an Ubuntu 16.04 instance using the directions here. Even while backups were running, I never exceeded a load of .5 on a single proc instance or more than 100MB of RAM so a semisonic instance is more than powerful enough.

You need to create a volume for the backups to be stored on and attach it to the instance you just created. Make sure the volume you create is at least as big as the drive in the computer you are backing up. You should only use this volume for backups as Time Machine will grow to use all the space you give it to store incremental snapshots. Follow the directions here to set up a volume.

You also need to open up UDP port 1194 for your OpenVPN connection. Instructions for setting up a security group on DreamCompute are here.

Install dependencies

Now that we’ve got the server up and running, first thing we need to do is install needed dependencies!

sudo su
apt-get install openvpn easy-rsa netatalk avahi-daemon

Create and attach volume

Partition and format your volume. I used xfs but it doesn’t really matter.

parted -s /dev/vdb mklabel gpt mkpart P1 xfs 0% 100%
mkfs.xfs /dev/vdb1

Create the direction where you want the backups stored.

mkdir /mnt/backups

Edit /etc/fstab and add a line for your backup mount

/dev/vdb1 /mnt/backups xfs defaults 0 0

And get it mounted.

mount -a

Set up users

While it is possible to store all backups under the same user, I find it easier to manage backups if each computer’s backup is stored under its own user. For each computer you want to back up set up a user.

adduser luke
mkdir /mnt/backups/luke
chown -R luke /mnt/backups/luke

Set up certificate authority and generate keys

For computers to be able to connect to your OpenVPN server, you need to set up a certificate authority.

mkdir /etc/openvpn/easy-rsa/
cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/

Edit /etc/openvpn/easy-rsa/vars and update the values to match your information.

Build the certificate authority

cd /etc/openvpn/easy-rsa/
source vars
./build-key-server timemachine
cp timemachine.crt timemachine.key ca.crt dh2048.pem /etc/openvpn/

Now, generate a key for each of the computers you wish to back up.

cd /etc/openvpn/easy-rsa/
source vars
./build-key luke

Copy ca.crt and the generated files to each machine you are going to be backing up using scp or rsync.


Next we have to set up the OpenVPN server itself. Copy the sample server config file and decompress it into /etc/openvn

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gzip -d /etc/openvpn/server.conf.gz

Edit /etc/openvpn/server.conf For timemachine you want it to be a tap device, not tun so remove the semicolon from behind “dev tap” and add one behind “dev tun”.

dev tap
;dev tun

You also need to update ca, cert, and key to point to the correct files.

ca ca.crt
cert timemachine.crt
key timemachine.key

OpenVPN configuration is done. Time to start it up!

service openvpn start

Set up AFP

TimeMachine requires either a local disk or a disk mounted via AFP or SMB. AFP will be deprecated once apple moves to APFS. Unfortunately, as of the writing of this blog, the SMB implementation in Ubuntu doesn’t support an extension that TimeMachine requires. You can check to see if that has changed. So, we will be using AFP here. Luckily, the default install includes a config file for Apple volumes we just have to tweak it for our setup. Edit /etc/netatalk/AppleVolumes.default and add this line:

/mnt/backups/$u "Time Machine" options:tm

Now you just have to restart the service!

service netatalk restart

Set up avahi

The last thing we have to set up is avahi. This is Apple’s zeroconf networking protocol that will allow our Mac to find the server to back up to it. There’s no configuration changes we need to make sure. Just start the service.

service avahi-daemon start

Set up OpenVPN on mac

While you can use the OpenVPN command line client or TunnelBlick, I have found Viscosity much more powerful and easy to use.

For address, use the ip of your DreamCompute instance.

We will be moving a lot of data over this connection. Make sure LZO compression is on.

Use the ca, cert, and key that you copied over earlier.

Start backups!!!

From System Preferences, go to Time Machine. From there click “Add Backup Disk.” Select the TimeMachine mount you created and the backup will start!

If you ssh back into the server, you should be able to see the sparse image.

ubuntu@timemachine:/mnt/backups/luke$ ls
Luke.sparsebundle Network Trash Folder Temporary Items

posted by admin at 9:37 pm  

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress Copyright © 2011 Luke Odom