Backups
Commands
find
dump, rdump
restore, rrestor
tar
mt
Review of the find Command
-
Find searches recursively downward through the file structure
-
File and directory permissions apply to the find command
-
You many not have permission to search the entire tree...
syntax
find [where
to start looking] [what
to look for] [what
to do when it is found]
find directory conditions
-exec command options {}
\;
Examples:
$ find /etc -name
'm*' -exec ls -l {} \;
-
Look for files in /home that are greater than 4 M and list
them
-
Sort output in order of file size
$ find /home-size
+4096k-exec ls -l {} \;
\
| sort
-nr +4
-
Look for the files in current directory modified in the last
day
-
with a size less than 500 bytes, execute a long listing
$ find . -mtime
-1 -type f -size -500c \
-exec
ls -l {} \;
-
Look for the suid files in /usr
$ find /usr -perm
+4000
-
Look for directories in /etc and examine their permissions
-
Redirect stderr to bit bucket
$ find /etc -type
d -exec ls -ld {} \; \
2> /dev/null | head
-
Look for files in /etc that have names beginning with log
or cron
$ find /etc -name
'log*' -o -name 'cron*'
-
Look for file in /home for files that are greater than 1
M and less than 4 M in size
-
Execute and ls -l on the files found
$ find /home -size
+1024 -a -size -4096 -exec ls -l {}\;
-
Look for file in /etc which have been modified in the last
14 days
-
Execute and ls -l on the files found
-
Redirect both stdout and stderr to mail to pattyo@localhost
# find /etc -mtime -14 -exec ls -l {} \; \
2>&1 | mail -s "modifications to etc" pattyo@localhost
-
Look for file in /tmp which have not been modified in more
30 days
-
Execute and ls -l on the files found
-
Redirect both stdout and stderr to the file /tmp/errs<PID>
-
If any errors occur, send output to pattyo
# (find /tmp -mtime +30 -exec ls -l {} \; \
|| mail -s "Older Files Output" pattyo < /tmp/errs$$) \
>> /tmp/errs$$ 2>&1
Review of tar Command
The options to tar:
|
c
|
Create |
|
x
|
eXtract |
|
t
|
Table of contents |
|
p
|
Preserve permissions |
|
z
|
Filter the output through gZip |
|
v
|
Verbose |
|
f
|
Use File or device |
Exercise:
Create and extract a tar file
-
Create a gzipped tar file
# cd /
# tar cvf /tmp/etc.tar etc
# tar cvfz /tmp/etc.tgz
# ls -l /tmp/etc.*
-rw-r--r-- 1 root root
9564160 Apr 19 09:39 /tmp/etc.tar
-rw-r--r-- 1 root root
1803038 Apr 19 09:39 /tmp/etc.tgz
-
Note the difference in size between the zipped an unzipped
file!
-
Extract the zipped tar file
# mkdir -p /tmp/restore
# mv /tmp/etc.tgz /tmp/restore
# cd !$
# tar xvfpz etc.tgz
# ls
Using tar to Backup and Restore in one command
-
If space is limited you will not have room for both the tarball
and the extracted files in your filesystem.
-
Here is a way to tar the files and then untar them onto another
filesystem.
# tar cvf - . | (cd /newdirectory;
tar xvf -)
-
The '-' on the left side of the pipe
-
means send the output to standard out instead of a file.
-
The commands on the other side of the pipe must be enclosed
in parenthsis.
-
The '-' on the right hand side of the pipe
-
tells tar to extract from standard input.
Why use tar instead of cp -r?
-
tar is used to copy a directory recursively
-
cp -a or cp -r is also used for recursive copies
-
With copy, the permissions, modification times etc. are reset
to new values
-
though cp -p should prevent this, but not necessarily ...
-
tar will make an exact copy of a directory in every aspect
Scenario
You are the administrator for a medium sized company.
You find that the users on your system require more space in /var/spool/mail
to hold all their email. You solve the problem by adding another disk and
creating a partition on that disk specifically to hold email.
In order to perform this task without corrupting any user
email, first you must stop the sendmail and imap services, preventing users
from accessing their email and the system from sending or receiving mail.
Your boss insists you perform this task during hours of
minimal system use. You schedule downtime for the system Sunday at 11PM.
Being a conscientious sysadmin, you make a checklist so as not to forget
any of the necessary steps you must perform.
-
turn off imap and sendmail
# cd /etc/xinetd.d
# vi imap
-
change line that says disable
= no to disable = yes
# service xinetd restart
# chkconfig --list | grep imap
# service sendmail off
# ps -aux | grep sendmail
-
mount new partition onto temporary mount point
-
(first remove files in /data and umount /data)
# mkdir /mnt/mail
# mount /dev/hda7 /mnt/mail
-
copy contents of /var/spool/mail to new location
# cd /var/spool/mail
# tar cvf - . | (cd /mnt/mail; tar xvfp -)
-
edit fstab file so at boot time your system will mount /var/spool/mail
from its own device
-
(change the /data partition to /var/spool/mail)
/dev/hda7 /var/spool/mail
ext3 defaults 1 2
-
unmount temporary mail location
# umount /mnt/mail
-
rename old mail directory to mail.svd just in case
# mv /var/spool/mail /var/spool/mail.old
-
make new mail directory (mount point), mount new device to
onto it
# mkdir /var/spool/mail
# mount /var/spool/mail
Using tar to backup the entire file
system tree starting at / and restore elsewhere
-
Notice that we are excluding /proc
-
It would make no sense to backup /proc. Why?
1. Starting from a login session on the machine being
backed up named srcserver
-
restoring to the machine named destserver which hosts a new
disk mounted at /root2
# cd /
# tar cf - --exclude proc . | \
(ssh root@destserver "cd /root2; tar xfp -")
2. Starting from a login session on destserver,
which hosts the empty hard drive
# ssh -l root srcserver 'cd /; \
tar cf - --exclude proc .' | tar xfp -
Using find and tar together
-
Sometimes you may only want to backup particular files meeting
specific criteria
-
find can be used to locate the files
-
tar can be used to create a tar ball of the
specified files
# find /etc -type f -mtime -30 | xargs
\
tar cvf /usr/local/backups/recent-etc.tar
Backing up to tape (or device) using the dump
command
Good practices:
-
Perform you dumps from one machine
-
Hopefully, your backup utility allows you to perform backups
over the network
-
This can be scripted using the rdump (remote dump) utility
by way of rsh or ssh
-
Label your tapes!
-
format used to create them, contents, date, etc
-
Decide on a backup schedule
-
How often do you need to make backups?
-
backups take operator time and network resources
-
But losing critical data can be devasting
-
Some filesystems need to be backed up more often than others
-
User home directories and user data should be backed up more
frequently than operating system files that have most likely remained static
-
Consider the size of the data and the size of the tape!
-
Daily backups should fit on one tape (or one jukebox of tapes)
-
such as DLT (40GB) and AIT (50 GB) high-density tape
-
If the dump spans a tape (and you are not using a jukebox),
an operator must be present to insert a new tape
-
Can automate the process with cron
-
mount tapes before leaving for day
-
run backups late at night when systems are inactive
-
keep good records of systems backed up
-
Protect media, check backups!
-
keep a copy offsite
-
make sure tapes are healthy, they go bad over time
-
Figure out the life-cycle of your tapes and replace old ones
-
make sure backups are working
Incremental and Full backups with dump
syntax of the dump command
dump dump-leveldevice-file-dumping-to
object-being-dumped
Full Backups
dump -0u-f
/dev/nst0/filesystem
-
-0u: perform a level 0 (full dump), update
backup info in /etc/dumpdates file
-
you must be backing up a partition to use the update option
-
-f /dev/nst0: specifies non-rewinding tape
device
-
used for backing up multiple filesystems on linux
machines
-
If you don't use the non-rewinding device, you will only
backup the last filesystem!
-
rather a bummer when you go to restore what you thought was
on the tape
-
/filesystem: the filesystem being backed
up
# rdump -0u-f
tapehost:/dev/nst0/filesystem
-
rdump : used to backup data to a remote tapehost
Exercise
-
Create a level 0 backup of /var/spool/mail on your system
-
Since we don't have a tape device, save backup data toa file
inside /usr/local/backups
# mkdir -p /usr/local/backups
# dump -0u -f /usr/local/backups/mail-L0.030422
/var/spool/mail
-
Check the file you just created in the backups directory
# ls -l /usr/local/backups
-rw-r--r-- 1 root root 8099840
Apr 19 11:14 mail-L0.030422
-
Check the contents of /etc/dumpdates
# cat /etc/dumpdates
/dev/hda7 0 Tue Apr 22 19:14:48 2003
Incremental backups
dump -5u-f
/dev/nst0/filesystem
-
Available incremental levels are 1-9
-
Organizations may choose to schedeule
-
a level 9 nightly
-
a level 5 every Saturday night
-
a level 0 monthly
Back to our exercise...
-
Perform a level 5 backup of the mail directory
# dump -5u -f /usr/local/backups/mail-L5.030422
/var/spool/mail
-
Examine the two dump files created and the contents of the
dumpdates file
Restoring dumps with the restore command
-
Restore allows the restoration of individual files and directories
-
also entire filesystem that have been backed up with full
and incremental dumps
Interactive restores
restore -i-f
tape-device-or-file
# mkdir /usr/local/restore
# cd /usr/local/restore
# restore -i -f /usr/local/backups/mail-L0.030422
restore > ls
restore > add root
restore > extract
You have not read any volumes yet.
Unless you know which volume your file(s) are on
you should start
with the last volume and work towards the first.
Specify next volume # (none if no more volumes):
1
set owner/mode for '.'? [yn] y
restore > quit
-
Volumes: if the dump fit on a single tape choose 1
-
volumes are counted starting at 1
-
Permissions: set the current directory to match the root
of the tape
Restoring entire filesystems
Order that files are restored when incremental
backups are involved:
-
restore most recent level 0 (full) dump
-
restore the most recent lowest-level incremental dump, ie,
1
-
restore next most recent level dump, ie, 2
-
continue in this manner till all increments are layer on
top of full dump
-
when all increments are restored, you're done
Assuming you lost the entire home filesystem, here are the
steps taken to restore it
mount /dev/sdb1 /home
cd /home
-
perform recursive restore by mounting first tape in the drive
-
Start with the level 0 dump, position the tape drive to the
correct dump image before beginning
restore -rf /dev/nst0
Positioning Tape Media
-
Relative when a single tape holds more than one dump image
-
The tape must be positioned to the correct dump image before
beginning the restore
mt [-f tape-device] command [count]
| rew |
rewinds the tape to the beginning |
| offl |
Offline the tape, typically, rewinds and ejects |
| status |
prints the status of the tape drive, ie, is
it loaded or not |
| fsf |
fast-forward the tape one dump image, supplying
a count moves the tape ahead that many dump images |
| bsf |
backspace dump images |
Examples:
mt -f /dev/nst0 fsf 2
mt -f /dev/nst0 offl