Документ взят из кэша поисковой машины. Адрес
оригинального документа
: http://itpm.msu.su/LDP/LinuxAdministration/linux-admin-made-easy-8.html
Дата изменения: Sun Apr 18 13:35:40 1999 Дата индексирования: Mon Oct 1 21:59:08 2012 Кодировка: Поисковые слова: lightning |
Performing regular backups should be considered one of a responsible system administrator's top priorities. Although Linux is an extremely reliable operating system, failures can, do, and probably will occur. They may be caused by hardware failure, power outages, or other unforeseen problems.
More likely will be those problems caused by human error, resulting in undesired changes to, or even deletions of, crucial files. If you are hosting users on your system, you will most certainly be requested to restore an inadvertently deleted file or two.
If you perform regular backups, preferably on a daily basis (at least for user files which are updated often), you will hopefully reduce the possibility of, and increase your recovery from, such file lossage.
The safest method of doing backups is to record them on separate media, such as tape, removable drive, writeable CD, etc., and then store your backup sets in a location separate from your Linux system. Sometimes this may not be practical -- perhaps you do not have a fire-proof vault in which you can store your backup tapes! Or perhaps you do not have access to such an external backup system in the first place. Nonetheless, backups can still be performed, albeit on a slightly limited basis.
At my place of employment, I perform backups on several Linux servers.
Depending on the situation, some of these backup sets are written to
tapes, others are written to a separate server over the network, while
still others are simply written to a separate disk partition (for example,
in the ``/archive/
'' file system) by an automatic
cron job (perhaps because the server is in a remote location, for which a
daily visit to perform a tape backup is impractical or impossible).
At home, I do not have an external backup system, nor do I have massive
amounts of available disk space to write a backup image. Therefore, I
instead back up only my user files on ``/home/
'' as
well as some customized configuration files in
``/etc/
'', writing the backup set to a separate
disk partition.
There are a variety of methods of performing backups with Linux. These include command-line tools included with every Linux distribution, such as ``dd'', ``dump'', ``cpio'', as well as ``tar''. Also available are text-based utilities, such as ``Amanda'' and ``Taper'', which is designed to add a more user-friendly interface to the backup and restore procedures. There are GUI-based utilities as well, such as ``KDat''. Finally, commercial backup utilities are also available, such as ``BRU'' and ``PerfectBackup+''. Any one of these backup solutions can provide protection for your valuable data.
A brief listing of some of the tools available, including where they can be obtained, can be found on the "Linux Applications and Utilities Page", at http://www.xnet.com/~blatura/linapp2.html#back. When deciding on a backup solution, you will need to consider the following factors:
Note: When backing up your file systems, do not include
the ``/proc
'' pseudo-filesystem! The files in /proc
are not actually files but are simply file-like links which describe and
point to kernel data structures. Backing up a file like
``/proc/kcore
'', which is actually a pseudo-file
containing the contents of your entire memory, seems like a pretty big
waste of tape to me! :-) You will also likely want to avoid backing
up the ``/mnt
'' file system, unless you have the
peculiar desire to back up the files from your CD-ROM device, floppy drive,
network file shares, or other mounted devices.
Obviously, the procedures for performing a backup and restore will differ depending on your choice of a backup solution. However, in this section, I will discuss methods for performing backups with the two tools I use most: ``tar'' (whose name stands for "Tape ARchiver"), which is a command-line backup tool largely portable across *nix systems; as well as ``KDat'', a GUI-based tape backup utility which comes included with the KDE packages (see the KDE Installation and Configuration section for more information on KDE).
Finally, I should add that, depending on your choice of backup solution, even if the tool doesn't have the ability built-in to schedule automated or unattended backups, you may be able to automate such backups by using the cron facilities. See the "Automating Tasks with Cron and Crontab files" section for details on using cron and on creating crontab schedule files.
Backing up with ``tar'':
If you decide to use ``tar'' as your backup solution, you should probably
take the time to get to know the various command-line options that are
available; type "man tar
" for a comprehensive list.
You will also need to know how to access the appropriate backup media;
although all devices are treated like files in the Unix world, if you are
writing to a character device such as a tape, the name of the
"file" is the device name itself
(eg. ``/dev/nst0
'' for a SCSI-based tape drive).
The following command will perform a backup of your entire Linux system
onto the ``/archive/
'' file system, with the exception
of the ``/proc/
'' pseudo-filesystem, any mounted file
systems in ``/mnt/
'', the
``/archive/
'' file system (no sense backing up our
backup sets!), as well as Squid's rather large cache files (which are, in my
opinion, a waste of backup media and unnecessary to back up):
tar -zcvpf /archive/full-backup-`date '+%d-%B-%Y'`.tar.gz \
--directory / --exclude=mnt --exclude=proc --exclude=var/spool/squid .
Don't be intimidated by the length of the command above! As we break it down into its components, you will see the beauty of this powerful utility.
The above command specifies the options ``z'' (compress; the backup
data will be compressed with ``gzip''), ``c'' (create; an archive
file is begin created), ``v'' (verbose; display a list of files as
they get backed up), ``p'' (preserve permissions; file protection
information will be "remembered" so they can be restored). The
``f'' (file) option states that the very next argument will be the
name of the archive file (or device) being written. Notice how a filename
which contains the current date is derived, simply by enclosing the ``date''
command between two back-quote characters. A common naming convention is
to add a ``tar
'' suffix for non-compressed archives,
and a ``tar.gz
'' suffix for compressed ones.
The ``--directory'' option tells tar to first switch to the
following directory path (the ``/
'' directory in
this example) prior to starting the backup. The ``--extract''
options tell tar not to bother backing up the specified directories or
files. Finally, the ``.'' character tells tar that it should
back up everything in the current directory.
Note: It is important to realize that the options to tar are cAsE-sEnSiTiVe! In addition, most of the options can be specified as either single mneumonic characters (eg. ``f''), or by their easier-to-memorize full option names (eg. ``file''). The mneumonic representations are identified by prefixing them with a ``-'' character, while the full names are prefixed with two such characters. Again, see the "man" pages for information on using tar.
Another example, this time writing only the specified file systems (as opposed to writing them all with exceptions as demonstrated in the example above) onto a SCSI tape drive follows:
tar -cvpf /dev/nst0 --label="Backup set created on `date '+%d-%B-%Y'`." \
--directory / --exclude=var/spool/ etc home usr/local var/spool
In the above command, notice that the ``z'' (compress) option is not used. I strongly recommend against writing compressed data to tape, because if data on a portion of the tape becomes corrupted, you will lose your entire backup set! However, archive files stored without compression have a very high recoverability for non-affected files, even if portions of the tape archive are corrupted.
Because the tape drive is a character device, it is not possible to
specify an actual file name. Therefore, the file name used as an argument
to tar is simply the name of the device, ``/dev/nst0
'',
the first tape device on the SCSI bus. Note: The
``/dev/nst0
'' device does not rewind after the backup
set is written; therefore it is possible to write multiple sets on one tape.
(You may also refer to the device as ``/dev/st0
'', in
which case the tape is automatically rewound after the backup set is
written.)
Since we aren't able to specify a filename for the backup set, the ``--label'' option can be used to write some information about the backup set into the archive file itself.
Finally, only the files contained in the ``/etc/
'',
``/home/
'', ``/usr/local
'',
and ``/var/spool/
'' (with the exception of Squid's
cache data files) are written to the tape.
When working with tapes, you can use the following commands to rewind, and then eject your tape:
mt -f /dev/nst0 rewind
mt -f /dev/nst0 offline
Note: You will notice that leading ``/
'' (slash)
characters are stripped by tar when an archive file is created. This is
tar's default mode of operation, and it is intended to protect you from
overwriting critical files with older versions of those files, should you
mistakenly recover the wrong file(s) in a restore operation. If you
really dislike this behavior (remember, its a feature!) you can
specify the ``--absolute-paths
'' option to tar, which will
preserve the leading slashes. However, I don't recommend doing so!
Backing up with ``KDat'':
If you are using the KDE desktop environment, I believe you will find the ``KDat'' utility both powerful as well as user-friendly. In addition, an added bonus is that KDat uses ``tar'' as its backup engine. Therefore, backup sets written with KDat can be read not only with KDat but with tar as well! This makes KDat a very nice choice for both user-friendliness as well as backup portability. Note: Even if you choose not to use nor install the KDE package, you can still use KDat as long as you have the Qt libraries installed.
The first time you run the KDat program, you will need to create a backup profile. Such a profile tells KDat which files on your system you would like to back up. If you wish, you can create more than one backup profile, depending on your needs (for example, you could create a profile called "Full Backup" for a full system backup, and "Quick Backup" for a backup of user files only).
To create a backup profile, either choose "Create Backup Profile
"
from the "File
" option on menu bar (or right-click on
the "Backup Profiles
" folder, then choose
"Create Backup Profile
"). On the right hand side of the
KDat window, you can change various settings, such as the profile name,
archive name, tar options, as well as others. Click the "Help
"
menu for more information on what these settings are for.
To specify which files should be included in your backup profile, left-click the
checkbox beside the ``/
'' directory folder. This will
enable all files in and below this directory for backups. Then, left-click on
the small ``+'' sign beside the folder. This will expand the folder, showing
a list of files in and below it. This will allow you to exclude any files
you do not wish to backup; simply left-click the checkbox beside each file
or directory you wish to exclude. For example, a full backup should probably
have every file and directory checkmarked, with the exception of the
``/proc
'' (a pseudo-filesystem containing information
about your running system), ``/mnt
'' (a directory
below which CD-ROM drives, floppies, and network shares are usually
mounted), and, if you are a Squid user, ``/var/spool/squid
''
(Squid's cache data files). Once you have selected the appropriate files,
left-click on the backup profile you are creating, then left-click the
"Files >>
" button to move the selected files list to
your backup profile.
Note: Should your server data be larger in size than can be physically stored on a tape, you will need to create separate backup profiles, one for each portion of your backup set.
To actually perform a backup, insert a tape into the drive, and then choose
"Mount Tape
" from the "File
" menu
(or left-click the icon that looks like a tape). This will
"mount" the tape (actually, because a tape device is a
character device, it isn't actually possible to mount it -- what KDat actually
does is to first rewind the tape, attempts to read in header information, and
if successful, find the corresponding tape index on your hard drive.
Otherwise, KDat will prompt you to format the tape. (Note: If
KDat keeps complaining that a tape isn't in the drive and it actually
is in the drive, you should ensure the correct tape device name
is specified in the preferences; left-click the "Edit
" option
on the menu bar and choose "User Preferences
".)
Once KDat has mounted the tape, before you start the backup you must first
choose the backup profile you wish to use for the backup. To start the
backup, simply right-click on the desired backup profile, and then left-click
on the "Backup
" option. KDat will first display a dialog
box showing you the details of the backup profile you have selected;
left-click the "Ok
" button to start the backup.
While the backup is in progress, KDat will display a dialog box showing various statistical information (elapsed time, backup size, backup rate, estimated time remaining, as well as the number of files and total bytes written), and display a list of files as they are backed up. A full backup containing several gigabytes of data might take several hours to complete. If you find it necessary, you can left-click the "Abort" button at any time to interrupt the backup process.
Once the backup is complete, you can unmount the tape by choosing "Edit" from the menu bar, and then "Unmount Tape", or left-click on the tape icon, which will rewind and eject the tape.
Unarguably, the one thing that is more important than performing regular backups is having them available when it comes time to recover an important file!
Obviously, as discussed in the "Server Backup Procedures" section, the procedures for performing a restore will differ depending on your choice of a backup solution. In this section, I will discuss methods for restoring files which have been backed up with ``tar'' and ''KDat''.
Restoring with ``tar'':
( Under construction )
Note: Extracting files from a tar archive can be a dangerous
thing to do, and should therefore be done with caution. Perhaps the files
were not archived without a file path prepended, meaning they will all be
extracted to the current directory. Perhaps the files were archived
with leading ``/
'' slashes (by specify the
``--absolute-paths
'' option when the archive was created),
meaning the files will be restored to their absolute locations (even if
you didn't want them to be). Or, perhaps, the files were archived
without leading ``/
'' slashes, meaning the files will
be restored under the current directory (even if you didn't want them to
be). For this reason, I strongly recommend testing your ``tar'' command
with a ``t
'' (type) option first, and then
replace the ``t
'' with an ``x
'' (extract) when
you are sure the command will do what you expect it to.
As mentioned in the
"Server Backup Procedures" section, when creating an
archive file, tar will strip leading ``/
'' (slash) characters
from file path names. This means that restore files may not end up in the
same locations they were backed up from. Therefore, either change to the
``/
'' root directory, or use the ``--directory
/
'' option. Note: A far safer solution is to restore the
desired files under a different directory (for example, your home
directory), and then compare, move, or update the files to their original
locations afterward.
Restoring with ``KDat'':
To restore one or more files from a KDat-created backup set, insert the
backup tape into the drive, choose "Mount Tape
" from
the "File
" menu option (or left-click on the
icon that looks like a tape).
KDat will try to read header information from the tape, and if successful, will then try to find the tape index which matches the identification found in the tape header. This tape index is stored on your hard drive, and is a unique file created for each backup tape formatted by KDat, and is updated each time you perform a backup.
If this corresponding tape index is missing (perhaps you are restoring from a backup set created on another machine, or the index file was deleted or somehow corrupted on your hard drive), KDat will inform you of this fact, and ask you if it is okay to recreate the index by reading the tape. Because you will need to recreate it before you will be able to restore your desired files, it makes perfect sense to left-click "Yes". (Note: Once a tape is reindexed, its name is changed to "Reindexed Tape". You should rename the tape to its original name.)
Once the tape index has been successfully read, it can then used to select the directories or files you wish to restore from the backup set, in much the same manner you used when creating your backup profiles (see the "Server Backup Procedures" section for detailed instructions on the file selection process).
Once you have selected the appropriate files, you can start the
restoration process by choosing "Restore...
" from the
"File" option on the menu bar (or left-click the tape restore
icon). KDat will display a dialog box, allowing you to confirm which files
will be restored. In addition, you have the option of specifying a directory
into which files will be restored. This will allow you to restore critical
system files into your home directory, and then compare, move, or update
those files to their intended location later on. This is actually the
safest way of restoring files.
To begin the recovery process, click the "Okay
"
button. KDat will then scan the tape and restore the selected files.
On occasion, you may find it necessary or useful to restore one or more files from a backup set created with KDat without using KDat to do so. Perhaps you would like to restore such files on a system that does not offer a GUI-based environment, or would like to do so over a slow network connection through which remote execution of KDat would be impractical. Fortunately, KDat writes its backup data sets using the ``tar'' tool, a command-line based tool that is available on any *nix system.
Should you wish to restore your KDat-created backup set using tar, simply do so using whatever options you would with any normal backup set created with tar itself. Bear in mind, however, that data sets are not stored in compressed format. Note: You will almost certainly get an error message when trying to access the KDat backup set with tar. This is because of the header and other information that KDat added to the tape when it was first formatted. Simply repeat the tar command two or three times to skip to the beginning of the actual tar archive file..
At my place of employment, we have a WAN connecting several remote locations. These remote locations have Cisco routers connected via ISDN, or in some instances, Centrex data circuits, to provide Internet and WAN connectivity. Cisco router products allow using TFTP ("Trivial File Transfer Protocol") on a network server to read and write configuration files. Whenever a router configuration is changed, it is important to save the configuration file on the Linux server so that a backup is maintained.
Please note that Red Hat disables the TFTP service by default, because it
can be a real security hole if not configured properly. The TFTP daemon
allows anyone to read and write files without performing authentication.
The way I personally set things up is to create a
``/tftpboot/
'' directory, owned by root, and then
modify the existing configuration line in the
``/etc/inetd.conf
'' file to specify the file
location:
tftpd dgram udp wait root /usr/sbin/tcpd in.tftpd /tftpboot
Note: Adding the ``/tftpboot
'' path at the end of the
above line specifically indicates where the TFTP daemon is allowed to
access files. Although you can actually leave this part out and allow
TFTP to access files anywhere on your system, as TFTP is considered
somewhat of a security risk, this would probably be a very bad idea.
Once you have enabled the TFTP service, don't forget to type:
killall -HUP inetd
The above command restarts the INETD daemon to recognize whatever changes you have made to the inetd.conf file.
Creating a backup of a router configuration file involves a 3-step process: setting permissions on an existing file (or creating a new one) to allow writes, writing the backup file, and then resetting permissions to restrict access to the file. An example router backup session follows:
mail: # cd /tftpboot
mail:/tftpboot# chmod a+w xyzrouter-confg
chmod: xyzrouter-confg: No such file or directory
mail:/tftpboot# touch xyzrouter-confg
mail:/tftpboot# chmod a+w loyola-confg
mail:/tftpboot# telnet xyzrouter
Escape character is '^]'.
User Access Verification
Password: ****
xyzrouter> enable
Password: ****
xyzrouter# write network
Remote host []? 123.12.41.41
Name of configuration file to write [xyzrouter-confg]?
Write file xyzrouter-confg on host 123.12.41.41? [confirm]
Building configuration...
Writing xyzrouter-confg !! [OK]
xyzrouter# exit
Connection closed by foreign host.
mail:/tftpboot# chmod a-wr,u+r xyzrouter-confg
mail:/tftpboot# exit
In case of router failure (caused, for example, by a power surge during a lightning storm), these backup files can be helpful to reload the router configuration. Again, restoring from a configuration file involves a 3-step process: setting permissions on the existing file, loading the file, and then resetting permissions to restrict access to the file. An example router restoration session follows.
mail: # cd /tftpboot
mail:/tftpboot# chmod a+r xyzrouter-confg
mail:/tftpboot# telnet xyzrouter
Escape character is '^]'.
User Access Verification
Password: ****
xyzrouter> enable
Password: ****
xyzrouter# config network
Host or network configuration file [host]?
Address of remote host [255.255.255.255]? 123.12.41.41
Name of configuration file [xyzrouter-confg]?
Configure using loyola-confg from 123.12.41.41? [confirm]
Loading xyzrouter-confg from 123.12.41.41 (via BRI0): !
[OK - 1265/32723 bytes]
xyzrouter# write
xyzrouter# exit
Connection closed by foreign host.
mail:/tftpboot# chmod a-wr,u+r xyzrouter-confg
mail:/tftpboot# exit