Backups done by the system

There are no real backups of Ourshack systems

We are not completely unprotected though: this page describes the process that makes copies of certain config data on Cat. Other machines do not currently have this sort of protection.

Configuration data

Certain critical data such as the contents of /etc is collected into a tar file each night and stored in /fs1/cat-backup - several generations are kept.

This is done by the script /usr/local/libexec/do-cat-config-backup which reads a list of files and directories from /usr/local/etc/config-backup-files

The script is run from /etc/periodic/daily/601.config-backup

LDAP data

The data that drives the mail system is held in an OpenLDAP system. The raw database files are copied as part of the configuration data mentioned above, but as an added protection the data is exported to a text file each night. This is done by the script /usr/local/libexec/do-ldap-backup and the results are kept in /fs1/ldap-backup - again, several generations are kept.

This process is run from /etc/periodic/daily/600.ldap-backup

Zope data

The Zope webserver/content management system holds all its data in a database rather than in flat files. To guard against corruption, this is backud up nightly to /fs1/zope-backup by the script /home/zope/bin/do-zope-backup which is run from the zope user's crontab.

How to make offsite backups

Doing network backups of the complete machines is likely to cause unreasonable amounts of traffic, but copying a few critical areas is certainly possible. The configuration-data tar-file mentioned above makes a good start, along with any critical areas that you are responsible for.

Please do not take copies of the config and LDAP data unless you can protect them from being seen by anyone other than Ourshack admins. Also, there is not much point in taking copies unless you know how to use the data to rebuild the box after a disaster...

The simplest way to copy a load of files is to use tar to make a datastream and to use ssh to move the data. Here is an example script to generate the backup stream - put it in your own bin directory on Cat:

To automate the process, you need to get your home machine to make an ssh connection periodically and run the script to generate the datastream. It is a good idea to use a new SSH key just for this job, which can be placed in the ~/.ssh/authorized_keys2 file with limits on what it can be used for, e.g. (all on one line - split here for easier reading):

Finally, you need a script on your home machine to fetch the backup and store it locally. Something like this perhaps:

I run a backup of this sort from cron, once per week.


Andrew Findlay
28 Jan 2004