Syncing data from TrueNAS to QNAP using rsync

I was looking for a solution to backup my data from my main NAS, a TrueNAS core instance, to a QNAP. Although I found a really good tutorial by Raid Owl explaining how to back up from TrueNAS to Synology, I did not find, at the time, one for QNAP. The following tutorial should give you an idea what you need to do to achieve syncing data from TrueNAS to QNAP using rsync. Bear in mind, that although rsync does copy your data from A to B but it is technically not a backup solution.

Preparing the QNAP

Create a share

On the QNAP, create a location where the backups should go. In the Control Panel, Privilege: Shared Folders, create a shared folder (e.g. TNbackup) and set the permissions. I personally do prefer that no user (besides the rsync user) has access to the backup data share, to avoid that it becomes corrupted. So deny or read only for all other users should do the trick.

Create a user

Create a user that TrueNAS will use to connect to the QNAP. Let’s say we call it rsync. Make sure that the rsync user is part of the administrator group. This is mandatory for it to access the QNAP via ssh. Give it read/write permissions on the TNbackup share.

In the Users tab of the control panel, enable the home folder for all users in the advanced settings.

In the Network & File Services tab of the Control Panel, activate SSH on port 22 and SFTP. You can also set the Access Permissions here.

Verify that you can log in to your QNAP using ssh and your newly created user.

ssh rsync@[QNAP-IP]

Prepare the SSH configuration on QNAP

In the terminal session, open the sshd configuration file in the VI editor. Unfortunately NANO is not installed on QNAP.

sudo vi /etc/ssh/sshd_config

Find and uncomment the next two lines deleting the #-sign. Position your cursor at the beginning of the corresponding line and hit the “i”-key for insert-mode.

#PubkeyAuthentication yes
#AuthorizedKeysFile  .ssh/authorized_keys

After deleting the two #-signs, hit the Escape-key. Save using “:w” followed by the return key and quit using “:q”, followed by the return-key.

Now navigate to your users home folder:

cd /share/homes/rsync/

Create the .ssh folder and the authorized-keys (empty) file:

mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys

You can check if the file has been created by using this command:

ls .ssh/

Set the user permissions on the .ssd folder:

sudo chmod -R 700 .ssh
sudo chown -R rsync .ssh

You might need to restart the rsync and ssh services on QNAP using the GUI.

Preparing TrueNAS

Create a home folder for your user, using the Shell provided in the GUI:

cd /mnt/[DATASET POOL]/
mkdir home
cd home
mkdir rsync

Create the user using the Accounts/User tab and add a new one, filling out the following fields:

Full name: [RSYNC to QNAP]
Username: rsync
Password: [password]
Confirm password: [password]
User ID (auto filled by TrueNAS)
Primary Group: rsync
Auxiliary Groups: [choose one that has access to the fileshares you want to backup]
Home Directory: /mnt/[DATASET POOL]/home/rsync

That’s it for now. later on, we will fill in the SSH Public Key. Save for now.

Let’s go on and create the SSH key on TrueNAS using ssh with the rsync user. Make sure that the SSH service is running on TrueNAS (GUI: services tab). When creating the key, you can skip all the prompts with the Return-key.

Log in via SSH to your TrueNAS:

ssh rsync@[TrueNAS-IP]
ssh-keygen

To see the generated key, use:

cat .ssh/id_rsa.pub

Copy everything from that file, from ssh-rsa to something like truenas-local.

Go back to the TrueNAS GUI, edit the rsync user and paste the string into the SSH Public-Key field.

Now log in to your QNAP via SSH:

ssh rsync@[QNAP-IP]
vi .ssh/authorized_keys

Hit “i” for insert mode. Paste the key in the file. Hit Escape. Write to disk with “:w” and quit with “:q”.

To test if the connection is working, go back to your TrueNAS SSH session and connect to your QNAP:

ssh rsync@[QNAP-IP]

The QNAP will NOT ask for the password as it uses the key that we just generated and shared between the machines (for the user rsync). You have to accept the host key fingerprint (it will be saved in your known hosts file). If you do not accept it, the rsync task will most probably fail.

Create the Rsync task on TrueNAS

In the TrueNAS GUI, go to the Tasks tab, Rsync Tasks. Create a new Rsync Task.

Source:
Path: /mnt/[DATASET POOL]/fileshare_on_TrueNAS
User: rsync
Direction: PUSH
Description: Backup TrueNAS to QNAP
Schedule: what ever you like

Remote:
Remote Host: [IP OF QNAP]
Rsync Mode: SSH
Remote SSH Port: 22
Remote Path: /share/[destination fileshare_on_QNAP] 

I had to untick the compress tickbox for rsync to run. I also decided to untick the delete option. This means that if I inadvertently delete a file on my TrueNAS, it will still exist on the QNAP. Don’t forget to save.

Alternatively to setting the auxiliary group in the TrueNAS user (see above), you can also make sure that the rsync user has the correct ACL permissions (read) on the TrueNAS fileshare that you want to sync.

Run the task manually. If it fails, click on the error button and download the error log.

Be reminded that this procedure will syn the TrueNAS folder’s content to the QNAP, but it is technically not a backup!

Leave a Reply