Using Ubuntu One for backup on a headless server
by Per Liedman
Update 2011-12-28: I wrote a follow up post on how to fix some of the issues with the instructions below, especially with regard to Ubuntu 11.10 Oneiric Ocelot: Using Ubuntu One from a headless Oneiric Ocelot server
Ok, let me start by stating that I know, and you should also know, that Ubuntu One and the other cloud storage services like DropBox are not for serious backups. So if you’re reading this post to learn something about backing up your enterprisy data, you have come to the wrong place. But if you’re like me, and have a server in your closet as a hobby, and just want some sort of backup that’s also off site, you have come to the right place.
The problem at hand: I have a server in my closet at home, and I store some stuff on it that I would be very sorry if I lost. (I also store a lot more on it that I don’t care the least about.) So, I want to back that stuff up. It’s primarily a couple of MySQL databases and some version control repositories.
Ubuntu comes with a cloud storage service called Ubuntu One. Ubuntu One gives you a free account with two gigabytes of storage, and you can pay a small subscription fee to get significantly more storage if you need it. While there are lots of other similar solutions, Ubuntu One seems like a nice choice if you’re into Ubuntu, since its neatly integrated into the Gnome desktop.
The bad news is that for a headless (no screen) machine, like my server, Ubuntu One is currently a bit harder to set up. I really need the backups to work even if I don’t start a remote session and type my password, and so on. A backup that requires manual intervention is about as bad as no backup at all, in my opinion.
I was sort of frustrated when I found this out, and Twittered angrily about the lack of command line interface. A couple of days later, I got a very friendly reply from Stuart Langridge (@sil), who happens to be technical architect for Ubuntu One. Wow. Not only a response to my rant, but a short conversation ended up with enough clues for me to solve the problem at hand.
So, to save you from having to finding out the details yourself, here is how you could go about making Ubuntu One work as a backup for your headless server:
The program you need is called
u1sync, and is distributed in a package called
ubuntuone-client-tools. Install it:
sudo apt-get install ubuntuone-client-tools
Get an authentication token
The tricky part about getting Ubuntu One working standalone is really authentication. Normally, Ubuntu One authenticates using information stored in your Gnome keyring. On the server, you might not even have the keyring deamon installed, and even if it is, the backup must work even if you haven’t entered your keyring password, and so on. Fortunately,
u1sync can authenticate without the keyring, but you will have to provide an OAuth token manually. Getting that token feels sort of like a hack, but this is how I do it:
- Go to a desktop machine where you have Ubuntu One set up with the account you want to use
- Go to System menu -> Preferences -> Passwords and Encryption Keys
- Under the tab Passwords, you will find an entry called UbuntuOne token for https://ubuntuone.com – double click it.
- In the dialog, open the password label and mark the Show password checkbox. It should now look something like this:
- Copy the text from the password field into a text editor of your choice. It will look like this:
oauth_token_secret=xxxx&oauth_token=yyyy, but with
yyyyreplaced with much more gibberish. It’s those to parts of the strings you’re after.
- In your backup script on your server (you have one of those already, right? Mine is based around AutoMySQLBackup and lots of
tarcommands), insert this line somewhere at the end:
u1sync --oauth=yyyy:xxxx [your backup folder]
Note the order of things: u1sync needs to oauth token (key) first, and the secret as a seconds argument; at least for me, they were stored in the other way around in the keyring string.
And that’s about it! The
u1sync command will automatically synchronize the directory contents against your account every time the script is run. It will also output a lot of information about what it’s doing, so if you’re running the backup script from
cron (you should), you might want to redirect the output to a log or
/dev/null, or you will get lots of long mails.
Also note, that if you for some reason unauthorize the machine you got the OAuth token from, you will also unauthorize the backup server. Unauthorizing a machine really means revoking the OAuth token, and since the machines share the same token, both will now be unauthorized.
Finally, if you find out or already know a simpler way to get the OAuth token, I really interested in hearing about it. And yay for Ubuntu (One) and Stuart Langridge, thanks to them I now have an easy and free backup solution for at least the most critical stuff.