Management Of Backups With DAT Devices
I had the chance to use a DAT device (an old HP SuperStore DAT24) to make copy on tapes. I didn't want to install any new software to manage that task. A friend of mine gave me this guide. It was in spanish and without any note about the author. I only translated it. So, if someone knows who is the real author, please, tell me to give him the right credits.
This guide can be considered a first step to know how the thing can work. Then, everybody can customize it according to the personal needs.
In this guide, I would show a simple way to make copy on tapes of your servers. The system is designed for organizations that simply need to have data accessible on a DAT tape.
It involves the combination of utility mt (cpio) with rsync and some scripts.
Everything described here works under GNU/Linux and, I presume, is portable to most BSD distributions. Surely, it works on my Ubuntu box.
A SCSI DAT is connected to a server and the server to a network (eg Internet). Through the network and with the utility rsync, server gets the file from the servers that need to be copied to tape.
Once we'll have the data in the server connected to DAT device, we'll dump those to one or more tapes. These processes are performed automatically using cron.
3 Synchronize the servers.
To synchronize the servers, we will use a bash script for each server we want to synchronize. This script contains the data of the remote machine (basically the IP address) and a reference to a file which containing the files we do NOT want to synchronize.
Here is an example for the serverA. In this example, we assume that serverA is accessible by name (ie, that we can resolve serverA by its IP).
#!/bin/bash # rsync synchronization # Variables HOST=serverA # Use $HOST:/dir if directly from the remote host SOURCE=$HOST:/ LOCAL_DIR=/backups/serverA EXCLUDE_FILE=/usr/local/sbin/exclude-serverA # End Variables /usr/bin/rsync --delete -azq --numeric-ids --exclude-from="$EXCLUDE_FILE" "$SOURCE" "$LOCAL_DIR"
Looking at the script, we can see exactly what it does:
Server name or IP to synchronize.
Directory on the remote host (serverA) to synchronize. In this example, the root.
File that contains the files you do want to synchronize. It has to be in the following format:
proc/* tmp/* dev/* mnt/*
4 Synchronization without secure access key.
rsync, as used in the scripts, works through an ssh connection. The connection is encrypted and has the same characteristics as an ssh connection. One characteristic of this type of connection is the possibility of using a public key infrastructure (PKI). This system allows us to validate by private key instead of password (although the two validation systems can be combined).
As the scripts are executed automatically by cron, we need a mechanism to avoid having to manually set the password and also providing security. PKI provides us that possibility.
Basically, we need to create a public key on the backup server (the one connected to the DAT device) and copy it into serverB and serverA. The procedure is shown below:
ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): <- Enter
Enter passphrase (empty for no passphrase): <- Enter
Enter same passphrase again: <- Enter
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@backupsrv <- I changed this line putting the "xx"
Then we will copy the public key to each servers in the directory and with the name as indicated in the manual for ssh (1). So, we will run
man 1 ssh
to be sure about the directory and name. After that, we will proceed to copy the public key to all the servers:
scp /root/.ssh/id_dsa.pub serverA:/root/.ssh/authorized_keys2
scp /root/.ssh/id_dsa.pub serverB:/root/.ssh/authorized_keys2
To check we did all in the correct way, we will connect through ssh to the servers.
If they do NOT ask for a password, it means that we have gone well.