NDPF rsync backup

From PDP/Grid Wiki
Revision as of 13:18, 27 May 2011 by Davidg@nikhef.nl (talk | contribs) (→‎RSync Indirect Backup Service)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

RSync Indirect Backup Service

Only a few systems in the NDPF are actually linked to the ADSM backup service from SARA: vlaai and beerput. If other systems have data that should be backed-up, they should rsync that data to beerput so it gets forwarded to tape later. Additionally, the rsync-based backup can serve as a quick-restore for larger data volumes.

The amount of backup storage available on beerput is approximately 1.5TByte, extensible to 6.5TByte.

Configuration on beerput

The rsync-backup is initiated from beerput, who connects to rsync-servers on each of the clients. The clients are contacted sequentially, with the backup programme on beerput triggered by cron

10 2 * * * nice -n 10 /project/backupservice/bin/rsync-backup > /var/log/backup.log 2>&1


The server has a configuration directory (/project/backupservice/etc/) with a set of client description files (one file per client), that are named by the hostname and each look like this:

HOSTNAME        hek.nikhef.nl
USERNAME        backup
PASSWORD        27^j8JSds76%lkj
MODULE          fsroot
DEST            hek.nikhef.nl
EXCLUDES        +/project**     +/etc   \
                +/etc/sysconfig**       -*

The password is in plaintext (but typically generated randomly) so the directory itself is readable by root only. A rsync port number can optionally be added to the HOSTNAME directive ("sikkel.nikhef.nl:873").

Client configuration

Each of the clients should have an rsync server started or startable from xinetd, that specifies the rsyncd.conf configuration file to use. An "rsyncd.secrets" file (name specified in the conf file) should hold the password and be mode "0600". Make sure the firewall on the client allows for rsync connections on port 873, and allows connections to this port ONLY from the backup server beerput.nikhef.nl (194.171.96.69/32). Since it allows reading as root, make sure iptables blocks access from other sources...

An example client rsync.conf file looks like

uid = root
gid = root
use chroot = yes
max connections = 10
syslog facility = daemon
pid file = /var/run/rsyncd.pid

[fsroot]
       path = /
       comment = hek.nikhef.nl:/
       read only = yes
       list = false
       auth users = backup
       secrets file = /etc/rsyncd.secrets
       hosts allow = 194.171.96.69/32
       hosts deny = 0.0.0.0/0

with an rsyncd.secrets file like:

 backup:27^j8JSds76%lkj

Please remember that firewall rules (on the client and on the router) can influence the connectivity from beerput to the rsyncd daemon.


Archiving

If you want to actual make a persistent archive instead of a backup, you can add

PERSISTENT      yes

to the configuation file. Be sure to set the DEST directive to a special directory for this, since such an archive is painful to use as a backup restore source (it will contain obsolete files by definition). Also, it can only grow, as files will never be deleted from the archive directory (but changed files will be updated).

Suggested name of the dstination directory is "archive-<hostname>", like

DEST            archive-stro.nikhef.nl

Backed-up hosts

Please review the /project/backupservice/etc/ directory on beerput for a list of backed-up hosts.

Notes

Only selected data is copied from the clients, see the configuration files in …/etc/ for details. The syntax is rsync ‘–exclude’ mode (which is different from the ADSM inclexcl.opt file!).