Author Topic: DRAFT: HOW-TO for Disaster Recovery from ftp, scp or rsync backup. Feedback wlc.  (Read 8905 times)

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Hi there,

Regarding to your questions about /var/lib/conf/CA, the directory is backed up by the configuration backup as it is a configuration setting as LDAP directory content is so it is not necessary to include it in your data backup.

Best regards,
My secret is my silence...

Josep

  • Zen Samurai
  • ****
  • Posts: 255
  • Karma: +6/-0
    • View Profile
Aha! :-D
There we have the CA question solved.
Like I said, I will try it on a clean installation, and repeat the same process at least twice before reporting a failure ... or success.

Trym

  • Zen Warrior
  • ***
  • Posts: 117
  • Karma: +1/-0
    • View Profile
First of all, thank you for the thank yous, messages like that encourage me to go on.

I've been mildly surprised that no-one has asked why I don't use the built-in configuration-restoration instead of a script to restore the modules. My original goal was to use the restore-process not only to restore a complete server, but for "splitting" a server as well, ie. restore only specific functions. (If you run into performance issues on a server for example, you could split the functions it performs between different servers using only the backup.) Part of that plan was to be able to do that live, without downtime and without unplugging any cables. To do that we'd have to be able to restore to a server with a different IP. If I'd used the built-in restoration-process, it would also restore the network-module, and hence, if static ips were configured, we'd get an ip-conflict. I was hoping that Zentyal, upon restoring certain module-settings, would automatically adjust IP/interface-dependent modules like firewall, DNS, DHCP etc. This is not the case. At this time it seems unavoidable to, at one point or another, set the restored server to the original ip-adress (eventually to change it to something else again, which Zentyal will happily do.) Therefore there's no longer any point in not using the built-in, complete restoration.

(A second goal was to make pretty much anyone able to follow the how-to, by generally being very specific about what to do, not how it works, and trying to avoid technical terms. I think most non-geeks will feel much safer using the webconfig instead of the shell where possible.)

So, this is just a heads-up that there will be some changes to the HOW-TO very soon, I need to run a battery of tests first. Good news is that you won't have to change anything if you've already implemented it, the only thing that will change is the text and the last part of the restore-procedure.

::Trym
« Last Edit: January 23, 2011, 05:14:18 pm by Trym »

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Hello Trym,

If I'd used the built-in restoration-process, it would also restore the network-module, and hence, if static ips were configured, we'd get an ip-conflict. I was hoping that Zentyal, upon restoring certain module-settings, would automatically adjust IP/interface-dependent modules like firewall, DNS, DHCP etc.

If you use a static network configuration, it is currently impossible to restore the network module to adapt itself to choose another IP address. But it could be addressed in the future ;). However, you may set your server with a DHCP interface and use a static fixed address mapping in your DHCP server to serve the same IP address lease.

Thanks very much for your findings here, it is really appreciated ;)

Best regards,
My secret is my silence...

Trym

  • Zen Warrior
  • ***
  • Posts: 117
  • Karma: +1/-0
    • View Profile
Quote
If you use a static network configuration, it is currently impossible to restore the network module to adapt itself to choose another IP address.

Thanks for confirming, and also for confirming the (absence of any) certificate issue. It's always nice to get clean, authoritative information.

Quote
However, you may set your server with a DHCP interface and use a static fixed address mapping in your DHCP server to serve the same IP address lease.

I certainly could, yes, but I'm not comfortable with having that as a requirement for the how-to. So for now I'll have to forget the idea of a live restore, and instead make a script which will examine the configuration backup and show the user the IP they have to set the server to before restoring settings. (...until I have time to study the Zentyal API and be able to do it from the script.)

Quote
Thanks very much for your findings here, it is really appreciated.

I appreciate the appreciation ;-)

Now, back to testing....

::Trym
« Last Edit: January 24, 2011, 05:46:21 pm by Trym »

Trym

  • Zen Warrior
  • ***
  • Posts: 117
  • Karma: +1/-0
    • View Profile
The guide has now been amended to restore roundcube (webmail) settings and mail. Note that there is an addition in the backup-settings ("var/mail" added) and that the "restoreall" script has been changed. (You cannot just insert a line with the webmail-module, the order has been changed as well.)

::Trym
« Last Edit: January 24, 2011, 10:05:13 pm by Trym »

richterd

  • Guest
Hi,

I read your Howto, becaue I want to resize the LVM-Volumes on my server and I dont want surprised of an disaster.
Btw. I am enthused of the howto. Its written simly and understandingly. Great Job!

Now I want test your howto with an virtual session I created for testing something on zentyal. (Its better test in virtual installation before I do it on a working Maschine)

I dont have an additional Backupserver. I want backup to an external USB-Drive.
How can I change your howto to backup and restore from a external USB-Drive?

Thanks and regards
richterd

Trym

  • Zen Warrior
  • ***
  • Posts: 117
  • Karma: +1/-0
    • View Profile
Well, you're asking outside the bounds of the HOW-TO, so I will reply out-of-bounds myself, meaning I have not tested this:

First, you need to learn how to mount a USB-drive. Look up the linux "mount" command on the internet, or look here for an example.

In the backup-configuration, you need to choose "File System", and set your USB mountpoint as the backup-directory. (If you follow the link above that would be "/mnt/usb/".)

Next, replace all "ftp://user:password@backupserver" in the HOW-TO with "file://<usb_mountpoint>". (Again, "/mnt/usb/" if you followed the link. Note that the complete path to the root of the usb-drive will have three "/"'s in it, like "file:///mnt/usb/".)

When you are ready to restore the server, after installing it you need to mount the drive again before running any of the duplicity commands.

Good luck.

::Trym
« Last Edit: February 18, 2011, 07:46:18 pm by Trym »

satyris

  • Zen Monk
  • **
  • Posts: 94
  • Karma: +0/-0
    • View Profile
Hello Trym,
do you know that failure ?

Code: [Select]
duplicity restore ftp://ftpuser:password@backupserver/Verbatim-STORENGO-01/zenbackups / --no-encryption --force
NcFTP version is 3.2.2
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Thu Apr  7 10:29:25 2011
Invalid data - SHA1 hash mismatch:
Calculated hash: 307e439c1f7af22d058ef268e897c4f093067f25
Manifest hash: 72aa9d920dcd89fcf451d355df5b3bc129e9a9d9

Trym

  • Zen Warrior
  • ***
  • Posts: 117
  • Karma: +1/-0
    • View Profile
Yes, I've seen it before. It appears when:

o The backup module has been upgraded

AND

o The upgraded backup module has appended backups to an already existing backup set.

The strange thing is that if you run the command again, it will not display the error. (If it does then your backups are probably corrupt.)

I never did find out if this is indeed an indication of a corrupt backup, or just versioning differences. Personally I archived old backups and started with a fresh backup set, haven't seen the error since then.

To be on the safe side, I advise to create a fresh backup set (if possible.)

I *think* you can restore the backup without incident, but it was pretty hard to recreate the circumstances leading up to the error (the ebackup-versions which cause this are no longer available (somewhere between versions 2.0.5 and 2.0.9), so I never did get a chance to test this thoroughly.)

::Trym
« Last Edit: April 08, 2011, 03:14:54 pm by Trym »

satyris

  • Zen Monk
  • **
  • Posts: 94
  • Karma: +0/-0
    • View Profile
Different versions: I will check that tomorrow, but shouldnt be

Quote
to create a fresh backup set
Do you mean to make a fresh backup again ?


Reopend my ticket:
http://trac.zentyal.org/ticket/2512

Trym

  • Zen Warrior
  • ***
  • Posts: 117
  • Karma: +1/-0
    • View Profile
Yes, by "fresh backup" I mean first remove *all* of the existing files in the backup-destination, then create a new backup (manually or scheduled, doesn't matter.)

If you've been using the same ebackup-version all the time, then this error is serious, it means the checksum of the remote backup is different from what duplicity expects, in other words a corrupt backup.

From your ticket I see you can get it to work by using --file-to-restore, which is another indication the *some* of the files in the complete set are corrupt. It could also, of course, be an indication of a duplicity bug ;-)

Another quick thought: You say you're transferring the files to a USB-stick, then try to restore from that. Which file-system do you use on the stick? Tried changing it? Doubt it will help, but worth a shot.

Sorry to be of little help.

::Trym

satyris

  • Zen Monk
  • **
  • Posts: 94
  • Karma: +0/-0
    • View Profile
Hello Trym,
on both systems are the same ebox-backup versions.

Code: [Select]
#apt-cache policy ebox-ebackup
ebox-ebackup:
  Installiert: 2.0.10
  Kandidat: 2.0.10

removed all the old backups from my backup-directory and started a new one whith:
/scripts/fullbackup

still waiting for finish  ;)

The usbstick has FAT32-Filesystem, my USBHD has ext3/4. Both tried and both failed.

But anyway, thanks for your help !


satyris

  • Zen Monk
  • **
  • Posts: 94
  • Karma: +0/-0
    • View Profile
Iam going crazy. After the fullbackup i have no "confbackup.tar" to restore ?

At the original server there is that file missing, too.

satyris

  • Zen Monk
  • **
  • Posts: 94
  • Karma: +0/-0
    • View Profile
Removed/installed duplicity and ebox-backup. Cleared all .cache-directories and made a new fullbackup.
Copied it on an usbHD (ext4) and from it to my virtualbox-zentyalserver.

This is the error-message:

Code: [Select]
Last full backup date: Sat Apr  9 20:36:22 2011
Error '[Errno 17] File exists' processing home/admint2s/Desktop/zentyal.desktop
Error '[Errno 13] Permission denied: '/home/aquota.group'' processing home/aquota.group
Error '[Errno 13] Permission denied: '/home/aquota.user'' processing home/aquota.user
Invalid data - SHA1 hash mismatch:
Calculated hash: f55eeac10d4c8203e9e90108eb3df79d4402cd9a
Manifest hash: 1bde9b8b7b53d27068300d502df65c92dd25b5e0

or with -v 9:

Code: [Select]
Deleting /tmp/duplicity-cAeg6A-tempdir/mktemp-gvJTJ1-2
Forgetting temporary file /tmp/duplicity-cAeg6A-tempdir/mktemp-gvJTJ1-2
Processed volume 1 of 214
Registering (mktemp) temporary file /tmp/duplicity-cAeg6A-tempdir/mktemp-X7JC6Y-3
Invalid data - SHA1 hash mismatch:
Calculated hash: f55eeac10d4c8203e9e90108eb3df79d4402cd9a
Manifest hash: 1bde9b8b7b53d27068300d502df65c92dd25b5e0

Removing still remembered temporary file /tmp/duplicity-cAeg6A-tempdir/mktemp-X7JC6Y-3
Removing still remembered temporary file /tmp/duplicity-cAeg6A-tempdir/mkstemp-8RJ077-1


The only difference in Version i found is that the originalserver is AMD64 and the virtual is i386

Dont know any further
« Last Edit: April 10, 2011, 09:25:40 am by satyris »