Backup

Zentyal configuration Backup

Zentyal offers a configuration backup service, to ensure the recovery of a server when a disaster happens, for example a hard disk failure or a human error while managing configurations.

_images/zentyal-backup-menu.png

Backup Screen

Backups can be made locally, saving them on the local hard drive of the Zentyal host. After this, it is recommended to save them to an external physical system, so if the machine suffers a failure, you still have access to this data.

It’s also possible to make these backups to a remote host, since they are included in the subscription services provided by Zentyal. If your Zentyal server has Professional or Enterprise Subscription, part of the commercial offering of Zentyal, you have the option to remotely backup both your server configuration and the data kept on your server. Likewise, the free Basic Subscription [1] , designed for testing environments, also offers one remote configuration backup. With any of these three options, in case a server failure or human error causes a problem with the server configuration, you can always recover it quickly from the Zentyal repositories in Zentyal Cloud.

[1]http://store.zentyal.com/serversubscriptions/subscription-basic.html

To access the backup options, go to System ‣ Backup. You cannot backup if there are unsaved changes in the configuration, as you can see in the warning message of the image:

Configuring the backup

Configuring the backup

Once you have entered the Name for the backup, chosen the type of backup (incremental or full) and clicked on Backup, you will see a window which will show the progress of the different modules until the message Backup successfully completed is displayed

Afterwards, if you return to the former window, you can see in the bottom of the page a Backups list. Using this list you can restore, download to a client disk or delete any of the saved copies. Additionally, you will have data about the copy type, the creation date and size.

In the section Restore backup from a file you can send a security copy file that you have previously downloaded, for example, associated with a former Zentyal server installation in another host and restore it using Restore. You will be asked for confirmation; simply remember to be careful, as the current configuration will be completely overwritten. The restoration process is similar to the copy; after showing the progress, the user will be notified with a success message if there is no error.

CLI tools for the configuration backup

There are two CLI tools available that will also allow you to save and restore the configuration. You can find them in /usr/share/ebox; they are called ebox-make-backup and ebox-restore-backup.

ebox-make-backup allows you to make configuration backups, among the options you can select the backup you want to execute, and also the configuration report that can help the developers to diagnose a failure with the extra information. Note that in this mode, the user’s passwords are replaced for increased security. The configuration report can also be generated from General ‣ Configuration report in the web interface.

You can see all the options of the program with the parameter –help.

ebox-restore-backup allows you to restore configuration backup files. It also has an option to extract information from the file. Another interesting option is the possibility of making partial restorations, only of the selected modules. This is the typical case when you want to restore part of the configuration from an old copy. It is also useful when the restoration process has failed for any reason. You have to take special care with the dependencies between modules. For example, if you restore a copy of the firewall module which depends on a configuration of the objects and services module, you have to restore these first. Even then, you have the option of ignoring dependencies, which can be useful if used with care.

If you want to see all the options of this program use the parameter –help.

Backup configuration in a Zentyal server

First of all, you have to decide whether you are going to store your backups locally or remotely. In the latter case, you need to specify which protocol is going to be used to connect the remote server.

Configuration

Configuration

Method:

The different supported methods are FTP, Rsync, SCP, Zentyal Cloud, File system. Take into account that depending on the method you choose, you will have to provide more or less information. All the methods except File system use remote servers. If you select FTP, Rsync or SCP, you will have to enter the associated authorisation to connect with the server and the remote server’s address.

Zentyal Cloud is the Zentyal Disaster Recovery Service [2] that guarantees that your most critical data is backed up, secured, monitored and recovered quickly and easily in case of a disaster. In order to use this service, you must have a Professional or Enterprise Subscription.

[2]https://store.zentyal.com/other/disaster-recovery.html

Warning

When using SCP, you have to run sudo ssh user@server and accept the server fingerprint in order to add to the list of servers known by SSH. If you do not perform this operation, the backup will not work, because the connection with the server will fail.

Host or destination:

For remote methods you have to enter the remote server name or its IP address with the following format: other.host:port/existing_directory In case you are using File system, you only need the local directory path.
User:
User name to authenticate in the remote host.
Password:
Password to authenticate in the remote host.
Encryption:
You can cypher the data in the backup using a symmetric key that will be entered in the form, or you can use a GPG key already created to perform asymmetric cyphering in your data. The GPG keyring is extracted from ebox user.
Full Backup Frequency

This parameter is used to determine the frequency for complete backups to be performed. The values are: Only the first time, Daily, Weekly, Twice a month and Monthly. If Weekly, Twice a month or Monthly is selected, you will see a selection option to choose the exact day of the week or month to perform the backup.

If Only the first time is selected, then it is mandatory to set a frequency for incremental backups.

Incremental Backup Frequency

This value sets the frequency of the incremental copy or disables it.

If the incremental copy is enabled, you can choose a Daily or Weekly frequency. In the latter case, you have to decide the day of the week; either way you have to take into account the chosen frequency which has to be greater than the full backup.

The days that you have scheduled a full backup, Zentyal will not perform any scheduled incremental copy.

Backup process starts at
This field is used to set the time a backup copy is started, for both the full and the incremental backup. It is a good idea to set it to a time frame where no other activities are being performed in the network, because it can consume a lot of upstream bandwidth.
Keep previous full copies

This value is used to limit the total number of copies that can be stored. You can limit by number or by age.

If you limit by number, only the set number of copies, plus the last complete copy will be stored. If you limit by age, you will only save full copies that are newer than the indicated period.

When a full copy is deleted, all the incremental copies associated with it are also deleted.

Configuration of the directories and files that are saved

The default configuration will perform a copy of all the file system except the files and directories explicitly excluded. In case you are using the method File system, the destination directory and all its contents will be excluded as well.

You can set path exclusions and exclusions that match a regular expression. Exclusions by regular expression will exclude any path which matches the expression. Any excluded directory will also exclude all its contents.

In order to further refine the backup contents, you can also define inclusions, when the path matches an inclusion before it matches with an exclusion, it will be included in the backup.

The order of application of inclusions and exclusions can be changed using the arrow icons.

The default list of excluded directories is: /mnt, /dev, /media, /sys, /tmp, /var/cache and /proc. It’s a bad idea to include any of these directories, because they may cause the backup process to fail.

A full copy of a Zentyal server with all its modules, but without user data will be around 300MB.

Inclusion and exclusion list

Inclusion and Exclusion list

Checking the status of the backups

You can check the backups status in the section Remote Backup Status. Within this table, you can see the type of backup; full or incremental and the execution date.

Backup status

Backup status

Restore files

There are two ways of restoring a file. Depending on the file size or the directory you want to restore.

It is possible to restore files directly from Zentyal Server’s control panel. In the section Backup ‣ Restore files you have access to the list of all the files and directories contained in the remote backup, and the dates of the different versions you can restore.

If the path to restore is a directory, all its contents will be restored, including sub-directories.

The file will be restored with its contents on the selected date, if the file is not present in the backup that day. The version found in the former backups will be restored. If there is no copy of the file in any of the versions, you will be notified with an error message.

Warning

The files shown in the interface are the ones that are present in the last backup. The files that are stored in former copies, but not in the last one, are not shown, but they can be restored using the command line.

You can use this method with small files. For big files, the process is time consuming and you cannot use the Zentyal web interface while the operation is being made. You have to be especially careful with the type of file you are restoring. Normally, it will be safe to restore data files that are not being used by applications at the current time. These data files are located in the directory /home/samba. On the other hand, restoring system file of directories like /lib, /var or /usr while the system is running can be very dangerous. Don’t do this unless you are really sure of what you are doing.

Restore a file

Restore a file

The big files and the directories and system files should be restored manually. Depending on the file, you can do it while the system is running. On the other hand, to rescue system directories, use a rescue CD, as explained later.

In any case, you must be familiar with the tool used by this module duplicity [3]. The restoration process of a file or directory is very simple. You just execute the following command:

duplicity restore --file-to-restore -t 3D <file or directory to restore> <remote URL and arguments> <destination>
[3]duplicity: Encrypted bandwidth-efficient backup using the rsync algorithm <http://duplicity.nongnu.org/>.

The -t option is used to select the date you want to restore. In this case 3D means three days ago. Using now you can restore the latest copy.

You can obtain <Remote URL and arguments> reading the note that is included above the section Restore files in Zentyal.

Remote URL and arguments

Remote URL and arguments

For example, if you want to restore the file /home/samba/users/john/balance.odc you will execute the following command:

# duplicity restore –file-to-restore
home/samba/users/john/balance.odc scp://backupuser@192.168.122.1 –ssh-askpass –no-encryption /tmp/balance.odc

The command shown above will restore the file in /tmp/balance.odc. If you need to overwrite a file or a directory during a restore operation, you need to add the option –force, otherwise duplicity will refuse to overwrite files.

How to recover from a disaster

As important as knowing how to make backups is to know the procedure to perform a recovery during a critical event. You need to be able to restore the service as soon as possible after the system is rendered non operative by a disaster.

To recover from a total disaster, you will boot the system using a rescue CD-ROM that includes the backup software duplicity, for example grml [4]

[4]grml <http://www.grml.org/>.

You will download the grml image and boot the host with it. You can use the parameter nofb in case you experience problems with screen size.

Grml boot

Grml boot

Once the boot process is finished, go to a command line interpreter pressing enter.

Starting a command line interpreter

Starting a command line interpreter

If your network is not correctly configured, you can execute netcardconfig to configure it.

The next step is to mount the hard drive of your system. In this case, let’s suppose that your root partition is /dev/sda1. So execute:

# mount /dev/sda1 /mnt

The former command will mount the partition in the directory /mnt. In this example you perform a complete restore. First, you will delete all the existing directories in the partition. Obviously, if you do not do a complete restoration, this step is not necessary.

To delete all the existing files before the restore, execute:

# rm -rf /mnt/*

duplicity must be installed if it is not available:

# apt-get update
# apt-get install duplicity

Before doing a complete restore, you need to restore the /etc/passwd and /etc/group. Otherwise you may have problems restoring files with an incorrect owner. The problem appears because duplicity stores the usernames and groups and not the numerical values. Therefore there will be problems if you restore the files to a system where the users and groups have different UID or GID. To avoid this problem, you will overwrite /etc/passwd and /etc/group in the rescue system. Execute:

# duplicity restore --file-to-restore etc/passwd \
  scp://backupuser@192.168.122.1 /etc/passwd --ssh-askpass \
  --no-encryption --force

# duplicity restore --file-to-restore etc/group \
  scp://backupuser@192.168.122.1 /etc/group --ssh-askpass \
  --no-encryption --force

Warning

When using SCP, you have to execute sudo ssh user@server and accept the server fingerprint in order to add to the list of servers known by SSH. If you do not perform this operation, the backup will not be possible, because the connection with the server will fail.

Now you can proceed with the complete restore running duplicity manually:

# duplicity restore  scp://backupuser@192.168.122.1 /mnt/ --ssh-askpass --no-encryption --force

Finally, you have to create the excluded directories, and clean the temporary directories:

# mkdir -p /mnt/dev
# mkdir -p /mnt/sys
# mkdir -p /mnt/proc
# rm -fr /mnt/var/run/*
# rm -fr /mnt/var/lock/*

The restoration process is finished and you can boot in the original system.

Restoring services

Apart from the files, additional data is stored to allow the direct restoration of some services. This data is:

  • security copy of Zentyal configuration
  • security copy of the registers database of Zentyal

In the tab Service restoration both can be restored for a given date.

The security copy of Zentyal configuration contains the configuration of all the modules that have been enabled at least once, all the LDAP data and any other additional files needed by the modules to function properly.

You have to be careful when restoring Zentyal configuration because all the current configuration and LDAP data will be replaced. Nevertheless, for the case of configuration not stored in LDAP, you have to click “Save changes” to make this effective.

Restoring services

Restoring services