This post explains how to create a scheduled task on your Synology server to back up one or more Raspberry Pis over an SSH key-based connection on a periodic schedule.

It is assumed that:
  • Your Pi is running Raspbian or some similar Linux variant (I've only tested this with Raspbian -- let me know if you confirm that it works on other OSes and I'll update the post)
  • Your Pi has a static IP address (or at least one that's consistently assigned via DHCP)
  • SSH is enabled on port 22 of your Raspberry Pi (via sudo raspi-config -> Advanced Options)
  • You know your Synology's root (or admin) password
  • You know how to administer your Synology server via its web UI
  • You have an SSH terminal app such as PuTTY.  Some of the following steps will be performed via SSH login using such a tool.
This guide derives inspiration from two sources:

Eben Upton's Passwordless SSH Access

Robert Hekkers' Backing up Raspberry Pi to Synology NAS

I added a few tweaks to Robert's script to wake up the Ethernet connection and to make it easier to back up multiple Pis on your network.

Steps:


First we need to ensure that the Raspberry Pi allows SSH logins from the Synology's root account via public key authentication.

Doing this from scratch means that we first have to allow root to login via password on the Pi (temporarily).  By default (in Raspbian at least) it does not.  Password authentication is only needed long enough to push a public SSH key from the Synology server to the Raspberry Pi so that SSH key authentication will be allowed for root logins in the future.  You can remove the root password thereafter (see Step 4).

1.  Open up two SSH (PuTTY or equivalent) sessions, one to the Pi (login as your standard account, e.g. "pi") and one to the Synology server (login as "root" -- unless you've changed it, the root password is the same as the one you configured for the "admin" account)

2.  From the Pi session, run

sudo passwd root

Then enter your desired password for the root account.  This is only temporary and will be deleted as soon as we're finished transferring the SSH key (unless you want to make it permanent).

3.  From the Synology session:

- Confirm that SSH keys are already present by running

ls ~/.ssh

 If you see a file called id_rsa.pub there (assuming you've already been through this once and are setting up a new Pi to be backed up) you can skip the next step

- If no keys are found, run

ssh-keygen -t rsa -C root@<Your Synology server's name>

- When prompted for the file in which to save the key, accept the default (hit <Enter>)

- When prompted for a passphrase hit <Enter> (no passphrase)

- Push the public key to the Raspberry Pi (this is why we need the Pi to briefly allow password logins on the root account, because until the public key exists on the destination server, you will be prompted for a password when you run this command):

cat ~/.ssh/id_rsa.pub | ssh root@<your Pi's IP address> 'cat >> .ssh/authorized_keys'

- Enter the password you created in Step 2 when prompted

        - Confirm that SSH key logins are now accepted by the Raspberry Pi by running this command (still from the Synology session, don't toggle back to the Pi session yet:)

ssh root@<Your Pi's IP Address>

- If the connection succeeds, you can close the Synology session's terminal window

4.  Return to the Pi session:

- If there was any problem connecting via SSH key above, first logout of the "pi" session, log back in as "root" (using the password you created in Step 2), then confirm that the SSH key was accepted by running:

cat ~/.ssh/authorized_keys

- You should see an entry in that file having "root@<Your Synology server's name>" at the end.  If not, repeat Step 3 above.

-  If the key was accepted, you're good to go with Step 5.  Optionally, at this point, if you don't want to allow password logins to the Pi's root account any longer, you can disable root password logins to the Pi via password by running:

passwd -d root

MAKE ABSOLUTELY CERTAIN THAT YOU ONLY RUN THE ABOVE COMMAND FROM THE RASPBERRY PI SESSION, NOT FROM THE SYNOLOGY SESSION!  Removing the root password from your Synology server can cause major problems.

5.  We're done with the PuTTY/terminal stuff now.  Close both of those sessions if you haven't already.  Everything else can be done from the Synology Web (DSM) UI.  Open that and login as "admin".

Assuming this is the first Pi that you're backing up on the Synology server, you'll need to create a backup script, covered in Steps 6-8.  If you've already created the backup_target.sh file, and you're just setting up another Pi to be backed up, you can skip to Step 9.

6.  Open File Station on the Synology and ensure that there's a folder named /volume1/backups/_scripts  (create the subfolders if necessary)

If you're confused that you don't see /volume1 in the left nav, that's because it's the default volume.  Just start at the top and navigate to (or create) a backups/_scripts folder and proceed from there.



7.  Create a new file in that folder named backup_target.sh.  Synology doesn't make it easy to create a new empty file, but you can do this by creating an empty file first on your local machine and uploading it (right-click in the _scripts folder and choose Upload to _scripts)


or just copy a random text file from elsewhere on the server, then rename it to backup_target.sh once it's in the _scripts folder.

Note:  You don't have to use the "_scripts" folder naming convention.  If you'd rather put it somewhere else, feel free to do so, but keep the location in mind and make the appropriate changes wherever you see "_scripts" in the steps that follow.

8.  Edit the backup_target.sh file by right-clicking on it and choosing Open with Text Editor.  Paste this text into the file (overwriting anything else that might have been there, if you copied another file to create it), then save it:

 SERVER=$1
 ADDRESS=$2
 NOW=$(date +"%Y-%m-%d")
 LOGFILE="$SERVER-$NOW.log"
 ping $ADDRESS -c 30 >> /volume1/backups/logs/$LOGFILE
 /usr/syno/bin/rsync -av --delete --exclude-from=/volume1/backups/_scripts/rsync-exclude.txt -e "ssh -p 22" root@$ADDRESS:/ /volume1/backups/$SERVER/ >> /volume1/backups/logs/$LOGFILE 2>&1

This is a parameterized backup script.  You'll only need to create it once to back up multiple Pis.  Each Pi to be backed up will be handled by a separate script (in Step 9) which provides the name and IP address to this one.  This script will back up the given Pi (passed via $1, the first parameter) at a given IP Address (via $2, the second parameter) and store its contents in the /volume1/backups/<Your Pi's Name> folder.  It will also log details about the process in /volume1/backups/log/<Your Pi's Name>-<Date stamp>.log.

Upon starting, this script will ping your Pi 30 times (to make sure the network connection is up -- sometimes they need to be nudged awake) before initiating an incremental (rsync) backup.

8a.  You can optionally create a file named _scripts/rsync-exclude.txt to declare any files that should be excluded from the backup.  This file is just a text file containing filenames or wildcard patterns that should be ignored by rsync.  You might want to exclude *.tmp or /tmp/*, etc. (See comments in Robert Hekkers' post for examples.)


9.  Go to Control Panel -> Task Scheduler


10.  Click on Create -> User-Defined Script


11.  Name the new Task something like Backup - <Your Pi's Name>

12.  Leave the user as root (or change to root if it's not already)

13.  Set User-defined script: to

/volume1/backups/_scripts/backup_target.sh <Your Pi's Name> <Your Pi's IP Address>

(Note that there's a space between ".._target.sh", the Pi's name and the IP address, if that wasn't clear.)

14 Click the Schedule tab and set the schedule however you like (e.g. Daily at 6:00 am)


15. Click "OK" to save the job.

16. Your new scheduled task will appear as a User-defined Script in the scheduler's task list.  Click on the newly-created task to highlight it in the list, then click the Run button to execute it and see if it works.

After clicking Yes, wait a minute or so, then return to the File Station app.  You should see the Pi's contents cloned to /volume1/backups/<Your Pi's Name>


as well as a log file in /volume1/backups/logs/<Your Pi's Name>-<Date Stamp>.log


Note that this only does a file-by-file copy of your Pi to the server.  It will not create an .img file that you can dump back to an SD card when yours crashes.  If you need to do a restore you'll still need to install the OS from scratch, reinstall apps and configuration, etc. but at least this will allow you to selectively retrieve whatever data you might have lost.


7

View comments

    Loading