Difference between revisions of "Affa"
(Added proper installation of perl-Filesys-DiskFree from the dag repository) |
(Removed all unneccesarry html mumble jumble to make the source more readable) |
||
Line 1: | Line 1: | ||
− | |||
=== Maintainer === | === Maintainer === | ||
Michael Weinberger | Michael Weinberger | ||
Affa was contributed on [http://forums.contribs.org/index.php?topic=36499.0 Thu Apr 05, 2007] | Affa was contributed on [http://forums.contribs.org/index.php?topic=36499.0 Thu Apr 05, 2007] | ||
− | |||
− | |||
=== Description === | === Description === | ||
Line 17: | Line 14: | ||
Affa is a command line tool for system administrators and is intentionally designd without a GUI. Therefore it can be efficiently managed on the console and over slow internet connections. | Affa is a command line tool for system administrators and is intentionally designd without a GUI. Therefore it can be efficiently managed on the console and over slow internet connections. | ||
− | |||
− | |||
==== Affa features at a glance ==== | ==== Affa features at a glance ==== | ||
Line 51: | Line 46: | ||
* Logs in /var/log/affa with optional debug switch for more verbosity | * Logs in /var/log/affa with optional debug switch for more verbosity | ||
* Log files are rotated weekly, with 5 logs kept | * Log files are rotated weekly, with 5 logs kept | ||
− | |||
− | |||
=== Download and Installation === | === Download and Installation === | ||
Line 66: | Line 59: | ||
Set up a second SME 7 box as your backupserver with hostname 'affabox‘ and IP 10.200.48.2. | Set up a second SME 7 box as your backupserver with hostname 'affabox‘ and IP 10.200.48.2. | ||
− | + | <ol></li><li>log into the 'affabox' and install the packages as described above. | |
− | + | </li><li>copy the config helper script sample | |
− | + | cp /usr/lib/affa/jobconfig-sample.pl /root/prodbox-job.pl | |
− | + | </li><li>edit /root/prodbox-job.pl and set | |
− | + | my $jobname='prodbox'; | |
− | + | and | |
+ | 'remoteHostName‘=>'10.200.48.1', | ||
+ | </li><li>write the configuration (this makes the database entries and sets up the cronjobs) | ||
+ | /root/prodbox-job.pl | ||
+ | </li><li>generate the DSA keys and send the public key to the 'prodbox' | ||
+ | affa --send-key prodbox | ||
+ | </li><li>run the job manually | ||
+ | affa --run prodbox</li></ol> | ||
=== Configuration === | === Configuration === | ||
The configuration is stored in an e-smith style database. Use the db command to configure Affa. | The configuration is stored in an e-smith style database. Use the db command to configure Affa. | ||
The jobname is the record key with the type 'job'.<br>To setup a new job with the name 'prodbox' enter: | The jobname is the record key with the type 'job'.<br>To setup a new job with the name 'prodbox' enter: | ||
− | + | ||
− | then set the properties | + | db affa set prodbox job |
− | + | ||
− | + | then set the properties | |
− | + | ||
− | + | db affa setprop prodbox remoteHostName 192.168.1.1 | |
+ | db affa setprop prodbox TimeSchedule '0030,0730,1130,1330,1730,2030' | ||
+ | db affa setprop prodbox Description 'My Production Server' | ||
+ | db affa setprop prodbox status enable | ||
and so on... | and so on... | ||
Alternatively you can you use a script as described above in the 'Quick start' chapter. | Alternatively you can you use a script as described above in the 'Quick start' chapter. | ||
− | To verify your work, type: | + | To verify your work, type: |
− | |||
− | |||
− | |||
− | |||
+ | db affa show prodbox | ||
+ | Finally set up the cronjobs: | ||
+ | affa --make-cronjobs | ||
==== Job configuration properties ==== | ==== Job configuration properties ==== | ||
Line 185: | Line 187: | ||
==== Default configuration properties ==== | ==== Default configuration properties ==== | ||
− | All properties can be set as defaults in the DefaultAffaConfig record. This is useful, when you set up many similar jobs. | + | All properties can be set as defaults in the DefaultAffaConfig record. This is useful, when you set up many similar jobs. |
− | Example: You want to set the property 'localNice' to 19 for all jobs. Then run | + | Example: You want to set the property 'localNice' to 19 for all jobs. Then run |
− | + | db affa setprop DefaultAffaConfig localNice 19 | |
− | and don't set this property for the jobs. | + | and don't set this property for the jobs. |
− | Properties set in the job record overrides the defaults. | + | Properties set in the job record overrides the defaults. |
− | The special property 'sendStatus' is only applicable to the DefaultAffaConfig record. It controls the status report sent by email and can be set to the values 'none', 'daily', 'weekly' or 'monthly'. To setup a weekly status report run: | + | The special property 'sendStatus' is only applicable to the DefaultAffaConfig record. It controls the status report sent by email and can be set to the values 'none', 'daily', 'weekly' or 'monthly'. To setup a weekly status report run: |
− | + | db affa setprop DefaultAffaConfig sendStatus weekly | |
− | then setup the cronjob: | + | then setup the cronjob: |
− | + | affa --make-cronjobs | |
==== Global disable ==== | ==== Global disable ==== | ||
− | All jobs can be disabled with setting the AffaGlobalDisable record type to 'yes'. | + | All jobs can be disabled with setting the AffaGlobalDisable record type to 'yes'. |
− | + | db affa set AffaGlobalDisable yes | |
− | + | affa --make-cronjobs | |
− | |||
− | |||
− | |||
− | |||
− | |||
+ | to re-enable run: | ||
+ | db affa set AffaGlobalDisable no | ||
+ | affa --make-cronjobs | ||
=== Usage and command line options === | === Usage and command line options === | ||
− | + | affa --run JOB | |
Starts a job run. Usually done by the cronjob. | Starts a job run. Usually done by the cronjob. | ||
− | + | affa --make-cronjobs | |
Configures the cronjobs as scheduled in the jobs records. | Configures the cronjobs as scheduled in the jobs records. | ||
− | + | affa --send-key JOB | |
Sends the public key to the host 'remoteHostName' as configured in the record of job JOB. Generates the DSA key, if not already done. | Sends the public key to the host 'remoteHostName' as configured in the record of job JOB. Generates the DSA key, if not already done. | ||
− | + | affa --send-key --host=TARGETHOST [--port=PORT] | |
Sends the public key to the TARGETHOST. TARGETHOST is a FQHN or an IP address. Give PORT, if sshd on the TARGETHOST listens to another than the standard port 22. Generates the DSA key, if not already done. | Sends the public key to the TARGETHOST. TARGETHOST is a FQHN or an IP address. Give PORT, if sshd on the TARGETHOST listens to another than the standard port 22. Generates the DSA key, if not already done. | ||
Note: The --send-key option only works, if the public keys are stored in /root/.ssh/authorized_keys2 on the remote host. This is true for SME server. | Note: The --send-key option only works, if the public keys are stored in /root/.ssh/authorized_keys2 on the remote host. This is true for SME server. | ||
− | + | affa --full-restore JOB [ARCHIVE] | |
− | |||
Does a full restore from the backup ARCHIVE on the remote source server as defined in the JOB record. If ARCHIVE is not given, the archive 'scheduled.0' is used as the default. The full restore reconstructs the server as it was at the time of the backup. After the restore the source host reboots. | Does a full restore from the backup ARCHIVE on the remote source server as defined in the JOB record. If ARCHIVE is not given, the archive 'scheduled.0' is used as the default. The full restore reconstructs the server as it was at the time of the backup. After the restore the source host reboots. | ||
− | + | affa --rise JOB [ARCHIVE] | |
Runs a full restore from the backup ARCHIVE on the Affa server <b>(!)</b> from the backup ARCHIVE of job JOB. In other words: After completion, the Affa box reboots as a clone of the source server. Ensure, that the source server has been powered off before you reboot the Affa box, otherwise the network interface will not come up. This is important, when you run --rise remotely. The --rise feature only works with SME 7 servers. | Runs a full restore from the backup ARCHIVE on the Affa server <b>(!)</b> from the backup ARCHIVE of job JOB. In other words: After completion, the Affa box reboots as a clone of the source server. Ensure, that the source server has been powered off before you reboot the Affa box, otherwise the network interface will not come up. This is important, when you run --rise remotely. The --rise feature only works with SME 7 servers. | ||
− | + | affa --undo-rise | |
This feature reverts a risen Affa box to a backup server. After a reboot, all configured jobs will work again. | This feature reverts a risen Affa box to a backup server. After a reboot, all configured jobs will work again. | ||
− | + | affa --list-archives [--csv] JOB | |
Displays a table of all present archives of job JOB with date, number of files, size and disk usage. See chapter 'Restore' for an output example. | Displays a table of all present archives of job JOB with date, number of files, size and disk usage. See chapter 'Restore' for an output example. | ||
With --csv, the output is in machine readable colon separared format. | With --csv, the output is in machine readable colon separared format. | ||
− | + | affa --status [--csv] | |
Displays a table of all configured jobs with enable status, time of last and next run, size, disk usage and the number of scheduled (s), daily (d), weekly (w), monthly (m) and yearly (y) archives. Last time shows 'failed', if a job did not run in the last 24h. For disabled jobs 'Last' always shows 'failed' after 24 h. To see the date and time of the last run of those jobs use the --list-archives option. Column 'Next' shows the time when the next run will be started, if 'Enabled' is 'yes'. Column 'Disk usage' shows the usage of the partion, where the RootDir of the job is located on. If all jobs are located in the same RootDir, identical disk usage is shown for all jobs. If RootDir is /var/affa, the usage of the SME server system partition is shown. | Displays a table of all configured jobs with enable status, time of last and next run, size, disk usage and the number of scheduled (s), daily (d), weekly (w), monthly (m) and yearly (y) archives. Last time shows 'failed', if a job did not run in the last 24h. For disabled jobs 'Last' always shows 'failed' after 24 h. To see the date and time of the last run of those jobs use the --list-archives option. Column 'Next' shows the time when the next run will be started, if 'Enabled' is 'yes'. Column 'Disk usage' shows the usage of the partion, where the RootDir of the job is located on. If all jobs are located in the same RootDir, identical disk usage is shown for all jobs. If RootDir is /var/affa, the usage of the SME server system partition is shown. | ||
<small><pre> | <small><pre> | ||
Line 264: | Line 263: | ||
− | + | affa --send-status | |
Sends the status table to the email adresses configured in the 'DefaultAffaConfig' record. Used by the cronjob 'affa-status'. | Sends the status table to the email adresses configured in the 'DefaultAffaConfig' record. Used by the cronjob 'affa-status'. | ||
− | + | affa --mailtest JOB | |
Sends a test email to the email adresses configured in the JOB record. With property Watchdog=yes, a test email is sent from the remote host, too. Use this to verify, that your mail processing is functional.<br> | Sends a test email to the email adresses configured in the JOB record. With property Watchdog=yes, a test email is sent from the remote host, too. Use this to verify, that your mail processing is functional.<br> | ||
'''Note:''' By default Affa only sends messages on errors, never on success (see property chattyOnSuccess). | '''Note:''' By default Affa only sends messages on errors, never on success (see property chattyOnSuccess). | ||
− | + | affa --cleanup JOB | |
After you have lowered a keep value, e.g. scheduledKeep, then archives with a higher indices will no longer be shifted and will exist for ever. This option finds these archives and deletes them. | After you have lowered a keep value, e.g. scheduledKeep, then archives with a higher indices will no longer be shifted and will exist for ever. This option finds these archives and deletes them. | ||
− | + | affa --rename-job JOB NEWNAME | |
Renames the job JOB to NEWNAME including all database records and archive directories. | Renames the job JOB to NEWNAME including all database records and archive directories. | ||
− | + | affa --move-archive JOB NEWROOTDIR | |
Moves the archive directory of job JOB to the rootdir NEWROOTDIR and adjusts the property RootDir. NEWROOTDIR must be a full path starting with a slash. As moving across filesystems (e.g. from an external USB drive to the local disk) is not possible, Affa uses a copy command in this case and deletes the source directory after that. Depending on the archive size, copying across filesystems can take a long time. | Moves the archive directory of job JOB to the rootdir NEWROOTDIR and adjusts the property RootDir. NEWROOTDIR must be a full path starting with a slash. As moving across filesystems (e.g. from an external USB drive to the local disk) is not possible, Affa uses a copy command in this case and deletes the source directory after that. Depending on the archive size, copying across filesystems can take a long time. | ||
− | + | affa --delete-job [--revoke-key] JOB | |
Irreversibly deletes a job including all archives, configuration and report databases. With given --revoke-key option, the public key on the remote server will be deleted. | Irreversibly deletes a job including all archives, configuration and report databases. With given --revoke-key option, the public key on the remote server will be deleted. | ||
− | + | affa --revoke-key JOB | |
− | + | ||
+ | affa --revoke-key --host=TARGETHOST [--port=PORT] | ||
Deletes the public dsa key on the remote server. | Deletes the public dsa key on the remote server. | ||
Line 302: | Line 302: | ||
==== Backup single ibays ==== | ==== Backup single ibays ==== | ||
Suppose you want to backup the ibays 'staff1' and 'staff2' on your production server with WAN IP 82.123.1.1 to an Affa server in a different location over the internet every night at 2:30am. | Suppose you want to backup the ibays 'staff1' and 'staff2' on your production server with WAN IP 82.123.1.1 to an Affa server in a different location over the internet every night at 2:30am. | ||
− | + | <ol></li><li>log into the Affa server and install the packages as described above. | |
− | + | </li><li>copy the config helper script sample | |
− | + | cp /usr/lib/affa/jobconfig-sample.pl /root/ibay-staff-job.pl | |
− | + | </li><li>edit /root/ibay-staff-job.pl and set | |
− | + | my $jobname='ibay-staff'; | |
− | + | and | |
+ | 'remoteHostName‘=>'82.123.1.1', | ||
+ | 'TimeSchedule'=>'0230', | ||
+ | 'SMEServer'=>'no', | ||
+ | 'Include[0]'=>'/home/e-smith/files/ibays/staff1', | ||
+ | 'Include[1]'=>'/home/e-smith/files/ibays/staff2', | ||
+ | </li><li>write the configuration | ||
+ | /root/ibay-staff-job.pl | ||
+ | </li><li>send the public key to the production server | ||
+ | affa --send-key ibay-staff</li><li>check next morning | ||
+ | affa --list-archives ibay-staff | ||
+ | affa --status | ||
+ | ls /var/affa/ibay-staff</li></ol> | ||
==== [Todo] Two production servers backup each other ==== | ==== [Todo] Two production servers backup each other ==== | ||
Line 318: | Line 330: | ||
===== Setup NAS ===== | ===== Setup NAS ===== | ||
You have a [http://www.freenas.org FreeNAS] box with IP 10.200.48.2 up and running with NFS service enabled for your network 10.200.48.0/22. The RAID array is mounted to /mnt/affashare. | You have a [http://www.freenas.org FreeNAS] box with IP 10.200.48.2 up and running with NFS service enabled for your network 10.200.48.0/22. The RAID array is mounted to /mnt/affashare. | ||
− | + | <ol></li><li>log into the 'prodbox' and install the NFS packages | |
− | + | yum --enablerepo=base install nfs-utils | |
− | + | You don't need to signal post-upgrade or reboot event. | |
+ | </li><li>mount the NFS share | ||
+ | mkdir -p /mnt/affadevice | ||
+ | mount 10.200.48.2:/mnt/affashare | ||
+ | /mnt/affadevice</li></ol> | ||
===== Alternatively setup a USB drive ===== | ===== Alternatively setup a USB drive ===== | ||
− | + | <ol></li><li>log into the 'prodbox' | |
− | + | </li><li>Connect a USB hard disk to the USB Bus. Now you must determine what device the kernel has assigned to the drive. View the /var/log/message and search for ''Initializing USB Mass Storage driver''. A few lines below you'll find the name of the device. In this example it is ''sdc''. Replace ''/dev/sdc'' by ''your device'' in following instructions. | |
− | + | </li><li>Use the fdisk program to create a linux partition | |
− | + | fdisk /dev/sdc | |
− | + | You'll most likely find an existing vfat dos partition, which you have to delete first. In the following we assume, that you have created a single partition ''/dev/sdc1''. | |
− | + | </li><li>Now format the drive with an ext3 filesystem | |
− | + | mkfs.ext3 /dev/sdc1 | |
− | + | </li><li>Make the mount point | |
− | + | mkdir -p /mnt/affadevice | |
+ | </li><li>Add the following line to the /etc/fstab | ||
+ | /dev/sdc1 /mnt/affadevice ext3 defaults | ||
+ | </li><li>Mount the drive | ||
+ | mount /mnt/affadevice | ||
+ | </li><li>Crosscheck your work using the df command | ||
+ | df | ||
+ | </li></ol> | ||
===== Setup Affa ===== | ===== Setup Affa ===== | ||
You want to run backups on 11:30 h, 15:30 h and 19:30 h and you want to keep the last 3 scheduled backups, 7 daily, 5 weekly, 12 monthly and 1 yearly backups. | You want to run backups on 11:30 h, 15:30 h and 19:30 h and you want to keep the last 3 scheduled backups, 7 daily, 5 weekly, 12 monthly and 1 yearly backups. | ||
− | + | <ol></li><li>log into the 'prodbox' and install the Affa packages as described above. | |
− | + | </li><li>copy the config helper script sample | |
− | + | cp /usr/lib/affa/jobconfig-sample.pl /root/prodbox-job.pl | |
− | + | </li><li>edit /root/prodbox-job.pl and set | |
− | + | my $jobname='prodbox'; | |
+ | and | ||
+ | 'remoteHostName‘=>'localhost', | ||
+ | 'TimeSchedule'=>'1130,1530,1930', | ||
+ | 'scheduledKeep'=>3, | ||
+ | 'dailyKeep'=>7, | ||
+ | 'weeklyKeep'=>5, | ||
+ | 'monthlyKeep'=>12, | ||
+ | 'yearlyKeep'=>1, | ||
+ | 'RootDir=>'/mnt/affadevice', | ||
+ | Review the other properties and change them to your needs. | ||
+ | </li><li>write the configuration | ||
+ | /root/prodbox-job.pl | ||
+ | </li><li>run the job manually | ||
+ | |||
+ | affa --run prodbox</li></ol> | ||
===== Limitations ===== | ===== Limitations ===== | ||
Line 343: | Line 381: | ||
===== Automount ===== | ===== Automount ===== | ||
− | Having the backup archives in the same filesystem is always a risk, which can be minimized by using the automount feature. Then the external filesystem is only mounted during a job run. | + | Having the backup archives in the same filesystem is always a risk, which can be minimized by using the automount feature. Then the external filesystem is only mounted during a job run. |
− | In the NAS example set | + | In the NAS example set |
− | + | 'AutomountDevice=>'10.200.48.2:/mnt/affashare', | |
+ | 'AutomountPoint =>'mnt/affadevice', | ||
+ | and skip the step 2. | ||
− | In the USB drive example set | + | In the USB drive example set |
− | + | 'AutomountDevice=>'/dev/sdc1', | |
+ | 'AutomountPoint =>'mnt/affadevice', | ||
+ | and skip the steps 5 to 8. | ||
The mount point will be automatically created, if it does not exist. <br> | The mount point will be automatically created, if it does not exist. <br> | ||
Line 358: | Line 400: | ||
<b>Example 1:</b> It's June, 12th 11:30, when user 'briedlin' asks you to restore the messages of his mailbox 'orders' he has inadvertently deleted today at 9:00 am. | <b>Example 1:</b> It's June, 12th 11:30, when user 'briedlin' asks you to restore the messages of his mailbox 'orders' he has inadvertently deleted today at 9:00 am. | ||
− | + | <ol></li><li>You first must check what backup archives are available. The jobname of this server backup is 'prodserv'. | |
+ | affa --list-archives prodserv | ||
<small><pre> | <small><pre> | ||
Affa version 0.5.0 on affa1.mydomain.de (10.204.48.2) | Affa version 0.5.0 on affa1.mydomain.de (10.204.48.2) | ||
Line 395: | Line 438: | ||
</pre></small> | </pre></small> | ||
− | + | </li><li>Choose the scheduled.1 archive, which was created less than two hours before the accident. Now restore the mailbox 'orders' using the rsync command. | |
− | + | </li><li>Now run the rsync command: | |
− | + | export RDIR=/home/e-smith/users/briedlin/Maildir/.orders/ | |
− | + | Note the trailing slash! | |
− | + | rsync -av /var/affa/prodserv/scheduled.1/$RDIR 10.204.48.1:$RDIR | |
− | + | </li></ol> | |
− | |||
− | |||
− | |||
− | |||
− | |||
<b>Example 2:</b> A user has deleted the file orderform.pdf from ibay 'docs' and asks you to restore it. | <b>Example 2:</b> A user has deleted the file orderform.pdf from ibay 'docs' and asks you to restore it. | ||
− | + | <ol></li><li>You have searched and found the latest version of this file in archive weekly. | |
− | + | </li><li>Copy it back to the server: | |
− | + | export RFILE=/home/e-smith/files/ibays/docs/files/orderform.pdf | |
− | + | rsync -av /var/affa/prodserv/weekly.1/$RFILE 10.204.48.1:$RFILE | |
− | + | </li></ol> | |
− | |||
− | |||
− | |||
==== Full restore ==== | ==== Full restore ==== | ||
− | To run a full restore of user and configuration data run on the Affa server | + | To run a full restore of user and configuration data run on the Affa server |
+ | affa --full-restore <JOB> [<ARCHIVE>] | ||
+ | This rsyncs the data from the backup ARCHIVE back to the 'remoteHostname' defined in the configuration of the job JOB. | ||
− | Example: | + | Example: |
− | You have backuped your production server 'prodsrv' as job 'prodbox'. To restore from the latest backup run | + | You have backuped your production server 'prodsrv' as job 'prodbox'. To restore from the latest backup run |
+ | affa --full-restore prodbox | ||
− | To restore from the older archive daily. | + | To restore from the older archive daily. run |
+ | affa --full-restore prodbox daily. | ||
'''Important note:''' A full restore reconstruct the server as it was at the time of the backup. That means, files created or server configuration changes after the backup run will be lost. After the restore is done, the restored server reboots automatically. | '''Important note:''' A full restore reconstruct the server as it was at the time of the backup. That means, files created or server configuration changes after the backup run will be lost. After the restore is done, the restored server reboots automatically. | ||
− | |||
− | |||
==== Moving a SME 7 server installation to new hardware using the Affa rise feature ==== | ==== Moving a SME 7 server installation to new hardware using the Affa rise feature ==== | ||
Line 442: | Line 479: | ||
Alternatively you can smbmount the Windows disk to a directory on a SME server and setup a job to backup this directory. | Alternatively you can smbmount the Windows disk to a directory on a SME server and setup a job to backup this directory. | ||
− | + | /bin/mount -t cifs //192.168.1.65/C$ /mnt/mywinpc/ -o username=Adminstrator,password=xxxxxx | |
+ | |||
+ | If the Affa server is local to the Windows domain, you alternatively can use the Affa automount properties | ||
− | + | AutomountDevice=>'//192.168.1.65/C$' | |
− | + | AutomountPoint=>'/mnt/mywinpc/' | |
− | AutomountPoint=>'/mnt/mywinpc/' | + | AutomountOptions=>'-t cifs -o username=Adminstrator,password=xxxxxx' |
− | AutomountOptions=>'-t cifs -o username=Adminstrator,password=xxxxxx' | ||
Note: You may want to define a file that contains the username and password instead of having them in the AutomountOptions string. See 'man mount.cifs' for further information | Note: You may want to define a file that contains the username and password instead of having them in the AutomountOptions string. See 'man mount.cifs' for further information | ||
Line 453: | Line 491: | ||
Note: Affa cannot preserve the Windows ACLs. After a restore you must set owner and groups manually. | Note: Affa cannot preserve the Windows ACLs. After a restore you must set owner and groups manually. | ||
− | + | '''How can I move a backup archive from my production server in a remote branch office to the Affa server using an USB disk? I want to avoid to download the first full backup over the internet.''' | |
− | '''How can I move a backup archive from my production server in a remote branch office to the Affa server using an USB disk? I want to avoid to download the first full backup over the internet.''' | ||
Install Affa on your production server, connect and mount the USB disk. Setup a job to write the archive to the USB disk. After the job run, connect the USB disk to your Affa server and setup the job in the same way. Use the setup script from the archive directory. You only need to change the remoteHostName property. Now use the --move-archive option to move the archive to the local disk. If not already done, send the public key to your production server. You're done. | Install Affa on your production server, connect and mount the USB disk. Setup a job to write the archive to the USB disk. After the job run, connect the USB disk to your Affa server and setup the job in the same way. Use the setup script from the archive directory. You only need to change the remoteHostName property. Now use the --move-archive option to move the archive to the local disk. If not already done, send the public key to your production server. You're done. | ||
− | '''How do I backup two SME servers behind a firewall?''' | + | '''How do I backup two SME servers behind a firewall?''' |
First you need to configure port forwardings for the ssh service on your firewall. Use a non-standard port ,e.g 2200->22, for your second server. Setup a job on your Affa server for each of your production servers. Set up the job property sshPort=2200 for second server. | First you need to configure port forwardings for the ssh service on your firewall. Use a non-standard port ,e.g 2200->22, for your second server. Setup a job on your Affa server for each of your production servers. Set up the job property sshPort=2200 for second server. | ||
Revision as of 10:01, 13 November 2007
Maintainer
Michael Weinberger
Affa was contributed on Thu Apr 05, 2007
Description
The main purpose of this affa package is to make a SME 7 Server a dedicated backup box in a few minutes. Affa backups as many as you like SME servers or any other servers which have sshd running and rsync installed. Once it was configured, Affa runs reliable and unattended and send warning messages in case of any errors.
All backup archive are full backups. As Affa make use of the hardlink technique. Therefore a new full backup only needs disk space for the differences plus the filesystem overhead for the hardlinks and directories (which is typically 2-3%).
Affa is based on the rsync program and supports the rsync --compress option. This allows you to run backups over the internet or VPN. A typical setup is one or more Affa backup servers placed in different locations, which backup the production server(s) over the VPN.
A special feature is the rise option, which allows you to rise the backup server to your production server from a backup archive in case of a dead loss of your production server. The rise is executed within a extremly short time, even with huge amount of data. The rise feature uses hardlinks and therefore does not use up additional disk space.
Affa is a command line tool for system administrators and is intentionally designd without a GUI. Therefore it can be efficiently managed on the console and over slow internet connections.
Affa features at a glance
- Makes full backups on every scheduled run
- Keeps a configurable number of scheduled, daily, weekly, monthly and yearly full backup archives
- Using rsync with optional compression for low traffic allows backups over the internet/VPN
- Uses hardlink technique, i.e. physical disk space only needed for the differences between two full backups
- Backup jobs are started by the cron daemon
- Backups the default e-smith directories/files, when property SMEServer is set to yes
- Additional directories/files can be included
- Directories/files can be excluded from the backup
- Non-SME server linuxes can be backuped by setting the SMEServer property to no and using a include list
- Configurable nice level for rsync processes on the backup and source server
- Optional run of custom programs before and after a job run (e.g. running tape backup)
- Checks the disk space left after a job run with warning levels strict, normal or risky
- Extensive checking of failure conditions
- Sends failure messages to a configurable list of email addresses
- Sends a warning message, if the backup server runs out of disk space
- Installs an optional watchdog on the source server in case the backupserver fails
- Watchdog sends warning, if an expected backup did not run
- Watchdog sends a daily reminder message, if the error continues unchecked
- Option to display current status of all jobs showing times of last and next run, size and disk usage
- Status can be mailed on a daily, weekly or monthly schedule
- Option to display all existing archives of a job shown date, size, nbr of files and disk usage
- Option to send the public key to the source server
- Option to rise the backup server to a production server from a backup. For SME 7 only.
- The rise feature does not physically move data and therefore is extremly fast and needs (almost) no disk space
- Rise option can be run remotely as the ethernet drivers of the backup server are preserved
- Compares installed RPMs on source with backup server. Sends warning message, if not in sync
- Undo rise option to restore the backup server
- Configurable via a e-smith style db, with one record for each job and a default record for all jobs
- Logs in /var/log/affa with optional debug switch for more verbosity
- Log files are rotated weekly, with 5 logs kept
Download and Installation
Download the smeserver-affa package from one of the SME Server contrib mirrors.
Configure the dag repositoy. The following command will configure the dag repository on SME Server. EDIT NOT COMPLETE!
To create an entry in the database for the epel repository we open put the following commands in a terminal
window or in a shell window:
/sbin/e-smith/db yum_repositories set epel repository \
Name 'SME Server - epel' \ BaseURL 'http://<http://download.fedoraproject.org/pub/epel/7/$basearch' \ EnableGroups yes \ GPGCheck yes \ Visible no \ status disabled
To enable the changes:
signal-event yum-modify
Just to be sure, give yum a fresh start:
yum clean all
After adding it to the database we have to update the changes to the configuration file:
signal-event yum-modify
And install all neccesarry packages with the following command:
yum localinstall /path/to/smeserver-affa.rpm --enablerepo=dag
This will install SME Server Affa and a necesarry dependency (perl-Filesys-DiskFree).
Quick start example
You have a SME 7 production server with hostname 'prodbox‘ and IP 10.200.48.1.
Set up a second SME 7 box as your backupserver with hostname 'affabox‘ and IP 10.200.48.2.
- log into the 'affabox' and install the packages as described above.
- copy the config helper script sample cp /usr/lib/affa/jobconfig-sample.pl /root/prodbox-job.pl
- edit /root/prodbox-job.pl and set my $jobname='prodbox'; and 'remoteHostName‘=>'10.200.48.1',
- write the configuration (this makes the database entries and sets up the cronjobs) /root/prodbox-job.pl
- generate the DSA keys and send the public key to the 'prodbox' affa --send-key prodbox
- run the job manually affa --run prodbox
Configuration
The configuration is stored in an e-smith style database. Use the db command to configure Affa.
The jobname is the record key with the type 'job'.
To setup a new job with the name 'prodbox' enter:
db affa set prodbox job
then set the properties
db affa setprop prodbox remoteHostName 192.168.1.1 db affa setprop prodbox TimeSchedule '0030,0730,1130,1330,1730,2030' db affa setprop prodbox Description 'My Production Server' db affa setprop prodbox status enable
and so on...
Alternatively you can you use a script as described above in the 'Quick start' chapter.
To verify your work, type:
db affa show prodbox
Finally set up the cronjobs:
affa --make-cronjobs
Job configuration properties
Property | Value | Description |
remoteHostName | FQHN or IP | of the source host |
TimeSchedule | HHMM,HHMM,... | doesn't need to be ordered. At least one time is mandatory |
Description | text string | |
scheduledKeep dailyKeep weeklyKeep monthlyKeep yearlyKeep |
integer >= 1 | how many of the scheduled, daily, weekly, monthly or yearly backups should be kept |
SMEServer | yes or no | when set to yes the default e-smith directories are automatically included and the property RPMCheck=yes can be used |
Include[0] Include[1] ... |
full path | additional files or directories to include |
Exclude[0] Exclude[1] ... |
full path | additional files or directories exclude from backup |
RPMCheck | yes or no | Only applicable to jobs that backups a SME 7 server. Compares the packages installation of the source host with this affa backup host. Sends a message with diff list if not in sync. This check is usefull, if you want have the option to rise the backup server to a production server from a backup. |
DiskSpaceWarn | strict or normal or risky or none | run a disk space check after a job has been completed. With level 'strict' a warning message will be sent, if the available space is less then the size of the just completed backup. With level 'normal'/'risky' the message is sent, if less than 50%/10% of the backup size is still available. |
localNice | -19...+19 | run rsync local process niced. |
remoteNice | -19...+19 | run rsync process on source niced. |
Watchdog | yes or no | Only applicable to jobs that backups a SME 7 server. When a job is started, affa installs a watchdog script on the source in /etc/cron.d/, which sends a warning message, if the next scheduled job (taken from the TimeSchedule property + 10 minutes) did not run. This guarantees, that you will be notfied even in case of a affa server outage. The watchdog script send a daily reminder message, if the error continues. The next run job replaces the watchdog script with a new trigger time. |
sshPort | service port | Default is 22. When sshd on the source host or your firewall listen on a non-standard port set the port here. |
ConnectionCheckTimeout | seconds | before the rsync process is started on the remote source host, affa checks the ssh connection and exits with an error after the configured time, if the host does not respond. |
rsyncTimeout | seconds | Rsync exits, if no data is transferred for the configured time. This avoids infinitely hanging in case of a network error. |
rsyncCompress | yes or no | compress the transferred data. May be useful with slow internet connections. Increases CPU load on source and backup host. |
EmailAddresses | name@domain.com,name@domain.com,... | comma separated list of mail addresses, where the messages should be sent to Note: By default Affa only sends messages on errors, never on success (see property chattyOnSuccess). |
chattyOnSuccess | integer >= 0 | when set to a value>0, Affa sends a message on a successfully completed job run and decrements the chattyOnSuccess value. When the value has reached zero, Affa falls back to the default and only sends messages on errors. |
AutomountDevice AutomountPoint |
full path | Device and mountpoint of backup device (e.g. USB disk). Device is automounted before a job starts and unmounted after job completion. With both properties empty no automount is done. |
AutomountOptions | string | An option string passed to the mount command |
preJobCommand postJobCommand |
full path | programs (local on the affa server) to be executed before/after a job run. The job name and type (scheduled, daily etc.) are passed as arguments to the program. The exit code is additionally passed to the post job command program. See /usr/lib/affa/ for sample perl scripts. |
RootDir | full path | where to store the backup archives, Do not use /home/e-smith or /root as these are included in the backup and therefore the rise option will not work! Recommended: /var/affa |
Debug | yes or no | set to yes to increase log verbosity |
status | enabled or disabled | with set to disabled, no cron entries will made. You can still run a job manually. |
rsync--inplace | yes or no | set to no, if the rsync version on the source does not support this option (like rsync on SME6) |
rsync--modify-window | integer >= 0 | When comparing two timestamps, rsync treats the timestamps as being equal if they differ by no more than the modify-window value. This is normally 0 for an exact match. A value >= 0 is useful if you can't get the clocks of the source and the Affa server in sync. |
StrictHostKeyChecking | yes or no | set to no to disable ssh host key check. Useful, when several servers behind a firewall should be reached over different forwarded ssh ports. Avoids the 'Offending key in...' prompt. Default setting is 'yes'. |
Default configuration properties
All properties can be set as defaults in the DefaultAffaConfig record. This is useful, when you set up many similar jobs. Example: You want to set the property 'localNice' to 19 for all jobs. Then run
db affa setprop DefaultAffaConfig localNice 19
and don't set this property for the jobs. Properties set in the job record overrides the defaults.
The special property 'sendStatus' is only applicable to the DefaultAffaConfig record. It controls the status report sent by email and can be set to the values 'none', 'daily', 'weekly' or 'monthly'. To setup a weekly status report run:
db affa setprop DefaultAffaConfig sendStatus weekly
then setup the cronjob:
affa --make-cronjobs
Global disable
All jobs can be disabled with setting the AffaGlobalDisable record type to 'yes'.
db affa set AffaGlobalDisable yes affa --make-cronjobs
to re-enable run:
db affa set AffaGlobalDisable no affa --make-cronjobs
Usage and command line options
affa --run JOB
Starts a job run. Usually done by the cronjob.
affa --make-cronjobs
Configures the cronjobs as scheduled in the jobs records.
affa --send-key JOB
Sends the public key to the host 'remoteHostName' as configured in the record of job JOB. Generates the DSA key, if not already done.
affa --send-key --host=TARGETHOST [--port=PORT]
Sends the public key to the TARGETHOST. TARGETHOST is a FQHN or an IP address. Give PORT, if sshd on the TARGETHOST listens to another than the standard port 22. Generates the DSA key, if not already done.
Note: The --send-key option only works, if the public keys are stored in /root/.ssh/authorized_keys2 on the remote host. This is true for SME server.
affa --full-restore JOB [ARCHIVE]
Does a full restore from the backup ARCHIVE on the remote source server as defined in the JOB record. If ARCHIVE is not given, the archive 'scheduled.0' is used as the default. The full restore reconstructs the server as it was at the time of the backup. After the restore the source host reboots.
affa --rise JOB [ARCHIVE]
Runs a full restore from the backup ARCHIVE on the Affa server (!) from the backup ARCHIVE of job JOB. In other words: After completion, the Affa box reboots as a clone of the source server. Ensure, that the source server has been powered off before you reboot the Affa box, otherwise the network interface will not come up. This is important, when you run --rise remotely. The --rise feature only works with SME 7 servers.
affa --undo-rise
This feature reverts a risen Affa box to a backup server. After a reboot, all configured jobs will work again.
affa --list-archives [--csv] JOB
Displays a table of all present archives of job JOB with date, number of files, size and disk usage. See chapter 'Restore' for an output example. With --csv, the output is in machine readable colon separared format.
affa --status [--csv]
Displays a table of all configured jobs with enable status, time of last and next run, size, disk usage and the number of scheduled (s), daily (d), weekly (w), monthly (m) and yearly (y) archives. Last time shows 'failed', if a job did not run in the last 24h. For disabled jobs 'Last' always shows 'failed' after 24 h. To see the date and time of the last run of those jobs use the --list-archives option. Column 'Next' shows the time when the next run will be started, if 'Enabled' is 'yes'. Column 'Disk usage' shows the usage of the partion, where the RootDir of the job is located on. If all jobs are located in the same RootDir, identical disk usage is shown for all jobs. If RootDir is /var/affa, the usage of the SME server system partition is shown.
Affa version 0.5.0 on backup.mydomain.de (10.204.48.2) +------------+---------+--------+-------+--------+------------+----------------+ | Job | Enabled | Last | Next | Size | Disk usage | N of s,d,w,m,y | +------------+---------+--------+-------+--------+------------+----------------+ | bookkeep | yes | 23:48 | 23:30 | 4.5GB | 616GB/47% | 2,7,4,2,0 | | crm | yes | 11:20 | 13:20 | 47MB | 616GB/47% | 7,7,4,2,0 | | fespdc | yes | 09:55 | 12:45 | 40GB | 616GB/47% | 6,7,4,2,0 | | helpdesk | yes | failed | 13:40 | 70MB | 616GB/47% | 7,7,4,2,0 | | imageserv | yes | 23:01 | 23:00 | 19GB | 616GB/47% | 2,7,4,1,0 | | intraweb | yes | 10:32 | 13:30 | 1.4GB | 616GB/47% | 7,7,4,2,0 | | pdcaus2 | yes | 23:01 | 12:15 | 5.4GB | 616GB/47% | 2,7,4,2,0 | | persoff | yes | running (pid 17521) | 616GB/47% | 2,7,4,2,0 | | primmail | yes | 10:09 | 13:00 | 45GB | 616GB/47% | 7,7,4,2,0 | | rayofhope | yes | 22:32 | 22:30 | 20GB | 616GB/47% | 2,7,4,1,0 | | sozserv | yes | 22:30 | 22:30 | 8.0GB | 616GB/47% | 2,7,4,2,0 | +------------+---------+--------+-------+--------+------------+----------------+ | az32share | no | - | 02:20 | 234MB | 616GB/47% | 7,7,2,0,0 | | azpdc | no | - | 21:00 | 42GB | 616GB/47% | 2,7,1,0,0 | +------------+---------+--------+-------+--------+------------+----------------+
With --csv, the output is printed in a machine readable colon separated format.
affa --send-status
Sends the status table to the email adresses configured in the 'DefaultAffaConfig' record. Used by the cronjob 'affa-status'.
affa --mailtest JOB
Sends a test email to the email adresses configured in the JOB record. With property Watchdog=yes, a test email is sent from the remote host, too. Use this to verify, that your mail processing is functional.
Note: By default Affa only sends messages on errors, never on success (see property chattyOnSuccess).
affa --cleanup JOB
After you have lowered a keep value, e.g. scheduledKeep, then archives with a higher indices will no longer be shifted and will exist for ever. This option finds these archives and deletes them.
affa --rename-job JOB NEWNAME
Renames the job JOB to NEWNAME including all database records and archive directories.
affa --move-archive JOB NEWROOTDIR
Moves the archive directory of job JOB to the rootdir NEWROOTDIR and adjusts the property RootDir. NEWROOTDIR must be a full path starting with a slash. As moving across filesystems (e.g. from an external USB drive to the local disk) is not possible, Affa uses a copy command in this case and deletes the source directory after that. Depending on the archive size, copying across filesystems can take a long time.
affa --delete-job [--revoke-key] JOB
Irreversibly deletes a job including all archives, configuration and report databases. With given --revoke-key option, the public key on the remote server will be deleted.
affa --revoke-key JOB
affa --revoke-key --host=TARGETHOST [--port=PORT]
Deletes the public dsa key on the remote server.
Note: The --revoke-key option only works, if the public keys are stored in /root/.ssh/authorized_keys2 on the remote host. This is true for SME server.
Note: Options can be abbreviated to uniqueness, e.g. --mak is equal to --make-cronjobs
Example setups
[Todo] Standard
Dedicated Affa server to backup all production servers
...
[Todo] Local Affa server plus a Affa server in remote location
meanwhile see forum post
Backup single ibays
Suppose you want to backup the ibays 'staff1' and 'staff2' on your production server with WAN IP 82.123.1.1 to an Affa server in a different location over the internet every night at 2:30am.
- log into the Affa server and install the packages as described above.
- copy the config helper script sample cp /usr/lib/affa/jobconfig-sample.pl /root/ibay-staff-job.pl
- edit /root/ibay-staff-job.pl and set my $jobname='ibay-staff'; and 'remoteHostName‘=>'82.123.1.1', 'TimeSchedule'=>'0230', 'SMEServer'=>'no', 'Include[0]'=>'/home/e-smith/files/ibays/staff1', 'Include[1]'=>'/home/e-smith/files/ibays/staff2',
- write the configuration /root/ibay-staff-job.pl
- send the public key to the production server affa --send-key ibay-staff
- check next morning affa --list-archives ibay-staff affa --status ls /var/affa/ibay-staff
[Todo] Two production servers backup each other
...
Use Affa to backup to a NFS-mounted NAS or a local attached USB drive
You want to backup your SME 7 production server with hostname 'prodbox‘ and IP 10.200.48.1 on a mounted filesystem instead of setting up a dedicated Affa box.
Setup NAS
You have a FreeNAS box with IP 10.200.48.2 up and running with NFS service enabled for your network 10.200.48.0/22. The RAID array is mounted to /mnt/affashare.
- log into the 'prodbox' and install the NFS packages yum --enablerepo=base install nfs-utils You don't need to signal post-upgrade or reboot event.
- mount the NFS share mkdir -p /mnt/affadevice mount 10.200.48.2:/mnt/affashare /mnt/affadevice
Alternatively setup a USB drive
- log into the 'prodbox'
- Connect a USB hard disk to the USB Bus. Now you must determine what device the kernel has assigned to the drive. View the /var/log/message and search for Initializing USB Mass Storage driver. A few lines below you'll find the name of the device. In this example it is sdc. Replace /dev/sdc by your device in following instructions.
- Use the fdisk program to create a linux partition fdisk /dev/sdc You'll most likely find an existing vfat dos partition, which you have to delete first. In the following we assume, that you have created a single partition /dev/sdc1.
- Now format the drive with an ext3 filesystem mkfs.ext3 /dev/sdc1
- Make the mount point mkdir -p /mnt/affadevice
- Add the following line to the /etc/fstab /dev/sdc1 /mnt/affadevice ext3 defaults
- Mount the drive mount /mnt/affadevice
- Crosscheck your work using the df command df
Setup Affa
You want to run backups on 11:30 h, 15:30 h and 19:30 h and you want to keep the last 3 scheduled backups, 7 daily, 5 weekly, 12 monthly and 1 yearly backups.
- log into the 'prodbox' and install the Affa packages as described above.
- copy the config helper script sample cp /usr/lib/affa/jobconfig-sample.pl /root/prodbox-job.pl
- edit /root/prodbox-job.pl and set my $jobname='prodbox'; and 'remoteHostName‘=>'localhost', 'TimeSchedule'=>'1130,1530,1930', 'scheduledKeep'=>3, 'dailyKeep'=>7, 'weeklyKeep'=>5, 'monthlyKeep'=>12, 'yearlyKeep'=>1, 'RootDir=>'/mnt/affadevice', Review the other properties and change them to your needs.
- write the configuration /root/prodbox-job.pl
- run the job manually affa --run prodbox
Limitations
With this kind of setup you cannot use the affa rise feature, as it requires the backup archive to be located on the same fileystem as the server installation. The rise option uses hardlinks, which are not working across filesystems.
Automount
Having the backup archives in the same filesystem is always a risk, which can be minimized by using the automount feature. Then the external filesystem is only mounted during a job run.
In the NAS example set
'AutomountDevice=>'10.200.48.2:/mnt/affashare', 'AutomountPoint =>'mnt/affadevice',
and skip the step 2.
In the USB drive example set
'AutomountDevice=>'/dev/sdc1', 'AutomountPoint =>'mnt/affadevice',
and skip the steps 5 to 8.
The mount point will be automatically created, if it does not exist.
For access to the archive directory, you need to mount it manually.
Restore
Restore single files or directories
Example 1: It's June, 12th 11:30, when user 'briedlin' asks you to restore the messages of his mailbox 'orders' he has inadvertently deleted today at 9:00 am.
- You first must check what backup archives are available. The jobname of this server backup is 'prodserv'.
affa --list-archives prodserv
Affa version 0.5.0 on affa1.mydomain.de (10.204.48.2) +-----------------------------------------------------------------------------+ | Job: prodserv | | Description: File- and Mailserver Frankfurt 2 | | Directory: /var/affa/prodserv/ | | Hostname: 10.204.48.1 | +-----------------------+----------------+--------------+--------+------------+ | Date | Archive | Files | Size | Disk usage | +-----------------------+----------------+--------------+--------+------------+ | Sun 2007 Apr 29 04:07 | monthly.0 | 428916 | 41GB | 554GB/42% | +-----------------------+----------------+--------------+--------+------------+ | Sun 2007 May 13 04:08 | weekly.3 | 441911 | 43GB | 493GB/37% | | Sun 2007 May 20 04:09 | weekly.2 | 453436 | 44GB | 522GB/40% | | Sun 2007 May 27 04:10 | weekly.1 | 460610 | 45GB | 547GB/41% | | Sun 2007 Jun 03 04:11 | weekly.0 | 464119 | 45GB | 603GB/46% | +-----------------------+----------------+--------------+--------+------------+ | Mon 2007 Jun 04 07:05 | daily.6 | 464733 | 45GB | 599GB/45% | | Wed 2007 Jun 06 04:15 | daily.5 | 463527 | 45GB | 617GB/47% | | Thu 2007 Jun 07 04:15 | daily.4 | 464299 | 46GB | 629GB/48% | | Fri 2007 Jun 08 04:11 | daily.3 | 464200 | 46GB | 617GB/47% | | Sat 2007 Jun 09 04:12 | daily.2 | 463342 | 46GB | 617GB/47% | | Sun 2007 Jun 10 04:12 | daily.1 | 462894 | 46GB | 614GB/47% | | Mon 2007 Jun 11 04:11 | daily.0 | 460669 | 45GB | 619GB/47% | +-----------------------+----------------+--------------+--------+------------+ | Mon 2007 Jun 11 13:11 | scheduled.6 | 454748 | 45GB | 621GB/47% | | Mon 2007 Jun 11 16:16 | scheduled.5 | 454664 | 45GB | 621GB/47% | | Mon 2007 Jun 11 19:10 | scheduled.4 | 454813 | 45GB | 622GB/47% | | Mon 2007 Jun 11 23:08 | scheduled.3 | 455289 | 45GB | 618GB/47% | | Tue 2007 Jun 12 04:12 | scheduled.2 | 455407 | 45GB | 616GB/47% | | Tue 2007 Jun 12 07:05 | scheduled.1 | 455400 | 45GB | 616GB/47% | | Tue 2007 Jun 12 10:09 | scheduled.0 | 453931 | 45GB | 616GB/47% | +-----------------------+----------------+--------------+--------+------------+
- Choose the scheduled.1 archive, which was created less than two hours before the accident. Now restore the mailbox 'orders' using the rsync command.
- Now run the rsync command: export RDIR=/home/e-smith/users/briedlin/Maildir/.orders/ Note the trailing slash! rsync -av /var/affa/prodserv/scheduled.1/$RDIR 10.204.48.1:$RDIR
Example 2: A user has deleted the file orderform.pdf from ibay 'docs' and asks you to restore it.
- You have searched and found the latest version of this file in archive weekly.
- Copy it back to the server: export RFILE=/home/e-smith/files/ibays/docs/files/orderform.pdf rsync -av /var/affa/prodserv/weekly.1/$RFILE 10.204.48.1:$RFILE
Full restore
To run a full restore of user and configuration data run on the Affa server
affa --full-restore <JOB> [<ARCHIVE>]
This rsyncs the data from the backup ARCHIVE back to the 'remoteHostname' defined in the configuration of the job JOB.
Example: You have backuped your production server 'prodsrv' as job 'prodbox'. To restore from the latest backup run
affa --full-restore prodbox
To restore from the older archive daily. run
affa --full-restore prodbox daily.
Important note: A full restore reconstruct the server as it was at the time of the backup. That means, files created or server configuration changes after the backup run will be lost. After the restore is done, the restored server reboots automatically.
Moving a SME 7 server installation to new hardware using the Affa rise feature
Please see this HowTo: Moving SME to new Hardware
FAQ
Can I use Affa to backup a SME 6 server?
To backup a SME 6 server set the property 'rsync--inplace' to 'no' and install the perl-TimeDate package on the SME 6 box. The perl-TimeDate package is needed by the watchdog script running on the SME 6. Use the RPM from DAG: perl-TimeDate-1.16-0.rh73.dag.noarch.rpm
You cannot use the RPMCheck property.
Can I use Affa to backup Windows machines?
Yes. You need a ssh daemon and rsync installed on the Windows box. Cygwin has been reported not to work. The rsync processes often tend to hang up. Other products may work, but there are no experiences yet.
Alternatively you can smbmount the Windows disk to a directory on a SME server and setup a job to backup this directory.
/bin/mount -t cifs //192.168.1.65/C$ /mnt/mywinpc/ -o username=Adminstrator,password=xxxxxx
If the Affa server is local to the Windows domain, you alternatively can use the Affa automount properties
AutomountDevice=>'//192.168.1.65/C$' AutomountPoint=>'/mnt/mywinpc/' AutomountOptions=>'-t cifs -o username=Adminstrator,password=xxxxxx'
Note: You may want to define a file that contains the username and password instead of having them in the AutomountOptions string. See 'man mount.cifs' for further information
Note: Affa cannot preserve the Windows ACLs. After a restore you must set owner and groups manually.
How can I move a backup archive from my production server in a remote branch office to the Affa server using an USB disk? I want to avoid to download the first full backup over the internet. Install Affa on your production server, connect and mount the USB disk. Setup a job to write the archive to the USB disk. After the job run, connect the USB disk to your Affa server and setup the job in the same way. Use the setup script from the archive directory. You only need to change the remoteHostName property. Now use the --move-archive option to move the archive to the local disk. If not already done, send the public key to your production server. You're done.
How do I backup two SME servers behind a firewall?
First you need to configure port forwardings for the ssh service on your firewall. Use a non-standard port ,e.g 2200->22, for your second server. Setup a job on your Affa server for each of your production servers. Set up the job property sshPort=2200 for second server.
Additional information
Performance
It is hard to predict how much time a backup job needs to complete. It depends on the number of files, the total file size, the file changes since last run, the network speed and not least on the CPU power, disk speed and RAM of the source and backup server. The following table of measured values will give you an idea of what you can expect.
Backup server | Source server | Data on source server | Transferred Data | Connection | Compression | Affa run time |
2x3.2GHz Xeon 2 GB RAM, 1.5 TB RAID6 |
2x3.2GHz Dual Core Xeon 4 GB RAM, RAID5, SME 7.1 Intranet Web Server + MySQL |
1.4 GB, 12,000 files | 300 MB, 16 files | Internet 2 Mbit | yes | 2 minutes |
2x3.2GHz Xeon 2 GB RAM, 1.5 TB RAID6 |
2x3.2GHz Dual Core Xeon 4 GB RAM, RAID5 SME 7.1 Mailserver |
43 GB, 410,000 files | 140 MB, 2,700 files | Internet 2 Mbit | yes | 10 minutes |
2x2GHz Dual Core Xeon 5130 6 GB RAM, 1 TB RAID 5 |
2x2GHz Dual Core Xeon 5130 6 GB RAM, 1 TB RAID 5 SME 7.1 File- and Mailserver |
125 GB, 98,000 files | 3,2 GB, 3,000 files | Gbit LAN | no | 25 minutes |
2x2GHz Dual Core Xeon 5130 6 GB RAM, 874 GB RAID 5 |
2x2GHz Dual Core Xeon 5130 6 GB RAM, 1 TB RAID 5 SME 7.1 File- and Mailserver |
125 GB, 98,000 files | 3.5 GB, 2000 files | Internet 2 Mbit | yes | 17 minutes |
2x800MHz Pentium 3 1 GB RAM, 300 GB RAID1 |
2x2.8GHz Xeon, 1GB RAM, 140 GB RAID5 SME 7.1 File- and Mailserver |
39 GB, 370,000 files | 12 GB, 4,000 files | 100Mbit LAN | no | 52 minutes |
1xP4 2.4GHz 256 MB RAM SME 7.1 |
2xP4 1GHz 1 GB RAM SME 6 |
7.4 GB, 134,790 files | 7.4 GB, 134,790 files | 100Mbit LAN | no | 35 minutes |
Note: The last action of a job run is to remove the oldest backup, e.g. if archive scheduled.11 exists and you have set the scheduledKeep property to 12, then it must be deleted. This can take a significantly long time, which increases the total job execution time.
Bug report
Affa is listed in the bugtracker contribs section. Please report all bugs, new feature requests and documentation issues there.
Changelog
* Sun Nov 11 2007 Michael Weinberger Version 0.6.6 Property rsync--modify-window added Modified recursivly deleting directories * Wed Nov 07 2007 Michael Weinberger Version 0.6.5 ssh options added to scp commands added post-backup event * Wed Aug 08 2007 Michael Weinberger Version 0.6.4 delete dovcot index files after a --rise * Thu Jul 05 2007 Michael Weinberger Version 0.6.3 Bugfix: with RPMCheck=yes the affa-rpmlist was not found in the archive. Wrong path to schedule.0 instead of scheduled.running. Side effect of changes in version 0.5.0. [Bug 3128] * Tue Jul 03 2007 Michael Weinberger Version 0.6.2 Bugfix: Filesys::DiskFree requires $ENV{LANG}="en_US" [Bug 3119] Bug reported to bug-Filesys-DiskFree [at] rt.cpan.org * Mon Jun 25 2007 Michael Weinberger Version 0.6.1 Fix 3080 was not applied. * Mon Jun 18 2007 Michael Weinberger Version 0.6.0 - Replaced Filesys::DiskSpace by Filesys::DiskFree as the latter supports CIFS file system - using Filesys::DiskFree->mount and ->device instead of scanning /proc/mounts - mkdir RootDir only on job run to avoid making it in an unmounted mountpoint * Mon Jun 18 2007 Michael Weinberger Version 0.5.2 - Sending ssh key failed. When grep returned an error the mv command was not executed. Using ';' instead of '&&' for chaining commands. [Bug 3080] - /root/.ssh/authorized_keys2: No such file or directory warning. Run a touch to guarantee, that the file exists. [Bug 3080] - same issue with --revoke-key * Thu Jun 14 2007 Michael Weinberger Version 0.5.1 - Bugfix automount: getStatus() unmounts the device while a job is running - Status table: Last=never, if there are no archives at all * Tue Jun 12 2007 Michael Weinberger Version 0.5.0 - New property AutomountOptions - status table: grouped disabled jobs. Show Last='-' for disabled jobs instead of 'failed' - unlink lockfile in getLock() - Changes to improve robustness in case of network outage: - writing to a temporary archive scheduled.running and linkdest against the latest existing archive (usually scheduled.0). Then shift archives and rename scheduled.running to scheduled.0 - scheduledKeep=1 is now allowed - also check connection in daily,weekly etc., not only in scheduled run - don't run daily, weekly, monthly or yearly, when scheduled.0 doesn't exist. - new option --revoke-key - added optional option --revoke-key to --delete-job - avoid multiple adding public key to authorized_keys2 on source server * Wed Jun 06 2007 Michael Weinberger Version 0.4.7 - use StrictHostKeyChecking=no in sendKeys() * Tue Jun 05 2007 Michael Weinberger Version 0.4.6 - mailtest: Send also a testmail from the remotehost, when property Watchdog=yes - removed useless code in mailTestWatchdogRemote() * Mon Jun 04 2007 Michael Weinberger Version 0.4.5 write job config file to the archive dir * Thu May 31 2007 Michael Weinberger Version 0.4.4 - added property StrictHostKeyChecking (ssh option) - string comparison instead of numric for $job{'doneYearly'} ne $thisYear etc. * Wed May 30 2007 Michael Weinberger Version 0.4.3 - Minor bugfixes: calculation of RootDirFilesystemUsage in .AFFA-REPORT improved error handling with rsync status and df in DiskspaceWarn() * Tue May 29 2007 Michael Weinberger - Version 0.4.2 Infinite loop in execPostJobCommand() if command could not be executed: Don't call execPostJobCommand() in affaErrorExit() if err==115 - RPMCheck property was ignored - added Property chattyOnSuccess - modified jobconfig-sample.pl to preserve 'doneDaily','doneWeekly','doneMonthly','doneYearly' and 'chattyOnSuccess' - write error codes of affaErrorExit() to log * Thu May 24 2007 Michael Weinberger - Version 0.4.1 - fixed bug in disk usage calculation * Mon May 21 2007 Michael Weinberger - Version 0.4.0 - added option --rename-job - changed syntax of --send-keys (!) - added option --move-archive * Sun May 20 2007 Michael Weinberger - Version 0.3.3 - rebuild cronjobs after rise/undorise - ignore job of own backup, when creating cronjobs (job appears after a rise run) * Sun May 20 2007 Michael Weinberger - Version 0.3.2 - man: added sshPort propperty - chdir /tmp to avoid cwd warnings when the cwd disappears while running rise or undo rise - bugfix: undorise() did not found own backup archive. Was searching for a wrong name * Wed May 16 2007 Michael Weinberger - Version 0.3.1 minor bugfixes - checkCrossFS() did not work (used in --rise) - jobconfig-sample.pl: deleting record before setting props - Perl errors with --status before a job run * Thu May 10 2007 Michael Weinberger - Version 0.3.0 - man page completed - mark archives with indices > keep setting with '*' in --list-acrchive output - Option --delete-job - Option --cleanup - added --job=JOB alternative to --send-keys * Wed May 09 2007 Michael Weinberger - Version 0.2.0 - added --mailtest option * Tue May 08 2007 Michael Weinberger - Version 0.1.5 - improved --status output - removed options --report and --send-report - added option --show-archives - added --csv for status and show-archives output in CSV format - added property 'sshPort' * Mon May 07 2007 Michael Weinberger - Version 0.1.4 - don't install the remote watchdog, when remotehost is eq localhost - improved check for remoteHostName eq localhost using DNS - ssh -o PasswordAuthentication=no in checkConnection() - added --full-restore - missing check for HOSTNAME argument in --send-keys added improved error check - prevent run of --rise of localhost from own backup * Mon Apr 30 2007 Michael Weinberger - Version 0.1.3 modified 'use constant* syntax in watchdog script for compatibility with perl 5.6 on SME6 * Fri Apr 27 2007 Michael Weinberger - Version 0.1.2 Bugfix: Preserve of ethernet driver setting with --rise did not work. Also preserve NIC bonding. * Mon Apr 23 2007 Michael Weinberger - Version 0.1.1 scheduledKeep must be>=2 for --link-dest set scheduledKeep to 2 if <2 - get lastrun date from affa-report rather than from report file - added auto mount function - added AutomountDevice and AutomountPoint to jobconfig-sample.pl * Wed Apr 18 2007 Michael Weinberger - Version 0.0.8 dont die if report db does not exist * Wed Apr 18 2007 Michael Weinberger - Version 0.0.7 run checkConnection() only for scheduled backups added Size and Disk usage information to --status * Thu Apr 12 2007 Michael Weinberger - Version 0.0.5 fixed calculation of lastrun-now * Thu Apr 12 2007 Michael Weinberger - Version 0.0.4 - added --send-status plus templates - fixed format error of times in affa --status - show 'failed', if lastrun is older 1 day in affa --status - fixed typo. default status=disabled (was disable) * Fri Apr 06 2007 Michael Weinberger - Version 0.0.3 - watchdog reminder was not deleted on soure - wrong version mismatch list in rpm compare * Thu Apr 05 2007 Michael Weinberger - added 'rsync--inplace' property * Mon Apr 02 2007 Michael Weinberger - initial release
Files
/etc/e-smith/events/actions/affa-make-cronjobs /etc/e-smith/events/post-upgrade/S90affa-make-cronjobs /etc/e-smith/templates/etc/cron.d/affa-status/00run /etc/e-smith/templates/etc/cron.d/affa/00jobs /etc/logrotate.d/affa /sbin/e-smith/affa /sbin/e-smith/affa-rpmlist.sh /usr/lib/affa/jobconfig-sample.pl /usr/lib/affa/postJobCommand-sample.pl /usr/lib/affa/preJobCommand-sample.pl /usr/lib/affa/watchdog.template /usr/man/man1/affa.1.gz
Source RPM
Acronym
Affa stands for Automatische Festplatten Fernarchivierung