AFS Backups¶

Software and instructions¶

• BackupAFS at UNC
  • http://www.physics.unc.edu/~stephen/BackupAFS/

Installation at DevNet¶

Based upon directions at http://www.physics.unc.edu/~stephen/BackupAFS/

1. Open up firewall on SSL and normal web ports on eir.dev.ru.is
2. Become root
   

    sudo su -

3. Install the openafs client
   

   apt-get -y install krb5-auth-dialog krb5-user krb5-clients libpam-ccreds libpam-krb5 build-essential dkms linux-headers-`uname -r` openafs-modules-dkms openafs-{client,krb5}

4. Diable AFS backups (bos)
   1. TODO
5. Install prerequisites
   

   sudo apt-get install apache2 libapache2-mod-auth-kerb postfix pigz libxml-rss-perl

6. Stop apache
   

   service apache2 stop

7. Create a backup user and give (foley) remote access to it
   

   adduser --home /home/backupafs --shell /bin/bash backupafs
   echo foley@DEV.RU.IS > /home/backupafs/.k5login

8. Create a location for the backups (or mount a drive here if you already have one)
   

   mkdir -p /srv/backupafs
   chown backupafs:backupafs /srv/backupafs
   chmod 700 /srv/backupafs

9. Grab the backupafs package http://www.sourceforge.net/projects/backupafs. Alternatively, copy it from/afs/dev.ru.is/service/backupafs/SVN/src/BackupAFS-1.0.0
   

   cp -rp /afs/dev.ru.is/service/backupafs/SVN/src/BackupAFS-1.0.0 /home/backupafs/
   cd /home/backupafs/BackupAFS-1.0.0

10. Run the install script
    

    perl configure.pl

    • Install directory: /usr/local
    • Data directory: /srv/backupafs
    • CGI-bin /var/www/vhosts/backupafs/cgi-bin
    • Apache image directory /var/www/vhosts/backupafs/htdocs/images
    • URL for image directory /images
    • Ignore the gentoo warning, unless you are running gentoo.
11. copy the site script (and adjust) into the apache configs and enable it
    

    cp /afs/dev.ru.is/service/backupafs/SVN/conf/001-backupafs  /etc/apache2/sites-available/.
    a2ensite 001-backupafs

12. Create a HTTP keytab for kerberized access. This example assumes your hostname is bor.dev.ru.is
    

    admin
    Authenticating as principal foley/admin@DEV.RU.IS with password.
    Password for foley/admin@DEV.RU.IS: 
    kadmin:  ank -randkey HTTP/bor.dev.ru.is
    WARNING: no policy specified for HTTP/bor.dev.ru.is@DEV.RU.IS; defaulting to no policy
    Principal "HTTP/bor.dev.ru.is@DEV.RU.IS" created.
    kadmin:  ktadd -k /etc/BackupAFS/krb5.keytab HTTP/bor.dev.ru.is
    Entry for principal HTTP/bor.dev.ru.is with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/BackupAFS/krb5.keytab.
    Entry for principal HTTP/bor.dev.ru.is with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/BackupAFS/krb5.keytab.
    Entry for principal HTTP/bor.dev.ru.is with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/BackupAFS/krb5.keytab.
    Entry for principal HTTP/bor.dev.ru.is with kvno 2, encryption type des-cbc-crc added to keytab WRFILE:/etc/BackupAFS/krb5.keytab.
    kadmin:  quit
    

13. Fix owner and permissions on keytab
    

    cd /etc/BackupAFS/
    /etc/BackupAFS# chown backupafs:backupafs krb5.keytab
    /etc/BackupAFS# chmod 600 krb5.keytab 

14. Set administrator users yb adding them to the $Conf{CgiAdminUsers} variable in /etc/BackupAFS/config.pl. Separate multiple users with spaces.
    

    $Conf{CgiAdminUsers} = 'foley@DEV.RU.IS';

15. Turn on SSL
    

    a2enmod ssl

16. Set the apache server to run as backupafs instead of www-data. Look for APACHE_RUN_USER and APACHE_RUN_GROUP in
    /etc/apache2/envvars
    emacs /etc/apache2/envvars
    
    • export APACHE_RUN_USER=backupafs
      **export APACHE_RUN_GROUP=backupafs
17. start up the webserver
    

    service apache2 start

18. setup the init scripts and start the daemon. Set the script to be executable for convenince
    

    cp /home/backupafs/BackupAFS-1.0.0/init.d/debian-backupafs /etc/init.d/backupafs
    update-rc.d backupafs defaults
    /bin/sh /etc/init.d/backupafs start
    chmod 755 /etc/init.d/backupafs

19. setup the AFS keys. Keep these keys secure!
    

    mkdir -p /etc/openafs/server
    chmod 700 /etc/openafs/server
    cd /etc/openafs
    cp -r root@afsfs1.dev.ru.is:/etc/openafs/server /etc/openafs
    cd server
    chown -R backupafs:backupafs .
    chmod 700 KeyFile
    

Emails and notifications¶

1. Become backupafs
   

    su backupafs

2. Test all the command line options
   

   /usr/local/bin/BackupAFS_serverMesg status info
   /usr/local/bin/BackupAFS_serverMesg jobs
   /usr/local/bin/BackupAFS_serverMesg volsets
   

3. Check email delivery
   

   BackupAFS_sendEmail -u MYNAME@MYDOMAIN.COM

   1. Check the list delivery
      

      BackupAFS_sendEmail -u devnet-backup@list.ru.is

1. Setup a nightly check to see if the script is still running
   **

   crontab -e

   • Add these lines
     

     # This checks if the backupafs script is running and sends email if not
     59 23 * * * /usr/local/bin//BackupAFS_sendEmail -c

Tweaks¶

Fixing the logo¶

1. Grab the DevNet logo from /afs/dev.ru.is/project/devnet/Public/logo There is a convenience link in the backupafs area.
   

   cp /afs/dev.ru.is/service/backupafs/logo/devnet
   

Migrating from old backup server¶

• Rsync the old backups
  

  sudo su -
  rsync -avux root@backupafs.dev.ru.is:/srv/backupafs /srv
  

• Grab the config and the Vollist from /etc/BackupAFS. Alternatively grab the ones from AFS in /afs/dev.ru.is/service/software/backupafs/svn/config

Reference¶

• http://linuxbox.com/drupal/files/downloads/afs_backup_afsbp2005.pdf