Uberleet

Linux Systems Articles for better insights

How to setup NFS encrypted Xen backups for all of your hosts


This guide will walk you through the steps required to setup NFS utilizing autossh and SSH tunnels for an encrypted & authenticated channel over public networks. Volume 2 will show you how to set up the NFS server. Volume 3 will provide automated setup using bash scripts.

You will need to enable epel repositories on your Xen server and configure the rc.local service at least in Xen Server 7.2 and above. Then you will configure a backup script that will look at the VM names of your guests, and depending on tags will determine the backup schedule automatically.

Sound useful? Let's get started.

Part 1: Build encrypted tunnel from Xen hosts to Backup server

1.1 Temporarily enable Redhat repositories & perform autossh installation

sudo yum --enablerepo=base --enablerepo=updates --enablerepo=extras --enablerepo=base --enablerepo=centosplus install epel-release
sudo yum --enablerepo=base --enablerepo=updates --enablerepo=extras --enablerepo=base --enablerepo=centosplus install autossh

1.2 Generate an SSH key for public-key authentication

ssh-keygen

(just keep hitting enter, accept the default values)

1.3 Copy the SSH key over to the backup host

ssh-copy-id xbackup@storagetarget.fqdn.net

1.4 Configure rc.local

# Add the line below to /etc/rc.local
autossh -M 10984 -N -f -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /home/user/.ssh/id_rsa.pub -L 3049:localhost:2049 xbackup@storagetarget.fqdn.net

1.5 Setup rc.local service entry on Xen Server 7.2

# sudo vi /etc/systemd/system/rc-local.service

Add these lines

[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99

[Install]
WantedBy=multi-user.target

1.6 Make rc.local work on startup (Centos 7 thing)

chmod +x /etc/rc.d/rc.local
sudo systemctl status rc-local
sudo systemctl enable rc-local
sudo systemctl start rc-local

1.7 Make sure autoSSH is running

ps auxf | grep autossh

1.8 Build NFS mount point

mkdir -p /mnt/nfs/data

1.9 Test NFS mount

This should mount the data share under /mnt/nfs/data in 30 seconds or less

mount -t nfs -o port=3049 localhost:/mnt/data /mnt/nfs/data

Part 2: Configure backups on the xen host

Download the backup script off Github

cd /opt
wget https://github.com/NAUbackup/VmBackup/archive/master.zip

Extract the backup script

unzip master.zip
rm master.zip

Part 3: Execution

Create backup script to run on schedule

vim /opt/backup.sh

Append this contents:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/bin/bash
# Jon_K :: Feb, 2, 2018
# Check if NFS is currently mounted
mount | grep 'localhost:/mnt/data on /mnt/nfs/data'  > /dev/null 2>&1
if [ $? -eq 0 ]
then
    echo "NFS is already mounted, OK."
else
    echo "NFS not mounted, mounting filesystem."
    mount -t nfs -o port=3049 localhost:/mnt/data /mnt/nfs/data 
fi

# Parse the configurations
case "$1" in
  "daily")
     /opt/VmBackup-master/VmBackup.py /root/VmBackup.pass /opt/VmBackup-master/daily.cfg
    ;;
  "biweekly")
     /opt/VmBackup-master/VmBackup.py /root/VmBackup.pass /opt/VmBackup-master/biweekly.cfg
    ;;
  "weekly")
     /opt/VmBackup-master/VmBackup.py /root/VmBackup.pass /opt/VmBackup-master/weekly.cfg
    ;;
  "monthly")
     /opt/VmBackup-master/VmBackup.py /root/VmBackup.pass /opt/VmBackup-master/monthly.cfg
    ;;
  *)
    echo "Error : You must specify daily, biweekly, weekly, or monthly as your first arguement"
    exit 1
    ;;
esac
umount /mnt/nfs/data
# END OF FILE

Change permission to executable

chmod 755 /opt/backup.sh
chmod 755 /opt/VmBackup-master/VmBackup.py

Setup crontab (scheduled tasks) to perform the backups

Edit /etc/crontab on the Xen host and add these lines:

# Add the lines below to /etc/crontab to maintain the backup scheduled tasks
0 0 * * * root /opt/backup.sh daily
0 0 * * 1,5 root /opt/backup.sh biweekly
0 0 * * 3 root /opt/backup.sh weekly
0 0 1 * * root /opt/backup.sh monthly

Part 4: Agent Configuration

Now we will setup the configurations

Configure the password for XenAPI

Replace password in the single quotes with your Xen console password. This is used to export the images over Xen API. This step needs to be re-run every time the root passwords change.

/opt/VmBackup-master/VmBackup.py 'PASSWORD' create-password-file=/root/VmBackup.pass

Place the backup configurations

Take biweekly.cfg, daily.cfg, monthly.cfg, weekly.cfg and place them

Part 5: Configure customers / servers for backups

Every guest VM needs a name to get backups. Place a keyword before the server name in Xen Manaher or Xen IPMI. These backup keywords are supported:

BUDAILY-servername
BUWEEKLY-servername
BUBIWEEK-servername
BUMONTHLY-servername