and installed the latest Ubuntu secur-
ity updates at boot time. It also offered
a simple command-line administration
console through which I could config-
ure networking and find the addresses
where I could access the appliance' s
S3 buckets. It' s not possible, for
instance, to view and browse through
your TKLBAM backups using the
AWS Web console or other S3 man-
agement tools. Rather, the data is
stored in a bucket associated with the
I intended to replace them through
the restore operation.
Web-based administration tools.
Turnkey Linux Hub services.
I fired up my Mediawiki appliance
on one of our vSphere hosts, made
some customizations, added a few
pages and then headed off to back
up my changes. I logged in to my
server via SSH (Secure Shell) and
used the command line to initialize
the TKLBAM (Turnkey Linux Backup
and Migration) service by
providing the API key I
was assigned when creating my account at hub.
turnkeylinux.org. (I also
could have configured
backups through a Webmin module.)
The backup application taps the
open-source backup application
Duplicity to handle the backupsÐ
and any storage target supported by
that project could be used to store the
backupsÐ but using a back end other
than the default Amazon S3 brings
additional configuration complexity.
Once my Mediawiki server was
up, I connected to it via SSH and
ran the TKLBAM-restore command
to restore the backup I'd created of
my vSphere-hosted instance. Following a reboot of the virtual server,
my Mediawiki instance ran on EC2
with all the same files, data and user
accounts I'd configured locally.
The console for launching and
managing EC2 instances itself is
fairly straightforward. There are
controls for restarting or terminat-
ing running instances,
viewing instance details
and console output, and
checking whether backups
are enabled.
All backups created
by the application are
encrypted before being
uploaded to S3, with an
option for further secur-ing the data with a pass-phrase, which I did. From
there, creating a new
backup is as easy as running the
command TKLBAM-backup. In our
lab, the port for NTP (Network Time
I used OVF-formatted Turnkey Linux images to deploy the appliances on VMware vSphere.
Protocol) is blocked by default, and
the Turnkey backup app looks to
verify the time with a time server, so
I added a hosts file entry that pointed
pool.ntp.org at our internal time
source before the backup would run.
I'd like to see the Turnkey Linux
project provide an appliance that
performs the Hub functionality,
opening the door to using these
services completely within an orga-nization's firewall, if desired.
I was interested to find a
utility in the Turnkey Linux
Hub interface for configuring the security policies that control network
access for EC2 instances. I
could also add an elastic IP
address (one that persists
across reboots) and an EBS
(Elastic Block Store) volume (similarly persisting)
from this console.
Restore functionality
I didn' t want this modification to
carry over to potential restore hosts
running outside our network, so this
time-server workaround gave me a
chance to test out the TKLBAM option
for excluding data from the backup.
This was straightforward enough, and
required adding a line to the config file
ª /etc/tklbam/overrides.º
Turnkey Linux appliances don' t
use EBS volumes for their own sys-
tem files, instead relying on EC2' s
temporary storage for that purpose.
The backup function takes away
some of the need for persistent stor-
age, but the ª no EBS by defaultº
arrangement makes Turnkey Linux
appliances incompatible with
Amazon' s lowest-cost, ª microº
instances, which are great for try-
ing out most Web applications. «
EWEEK LABS EDITOR IN CHIEF JASON
BROOKS CAN BE REACHED AT JBROOKS@
EWEEK.COM.
TKLBAM stores backups on Ama-
zon S3, but not in user-controlled
I tested out the service' s restore
functionality by launching a new
Mediawiki instance on Amazon EC2
through the Web interface of the
Turnkey Hub service. The operation
was simple enough: I selected the
Mediawiki appliance from a drop-
down menu of supported Web appli-
cations and chose a small instance
size. I had to provide passwords for
the Mediawiki instance' s MySQL
and admin accounts, even though
For more articles on this
topic, go to EWEEK.COM.
