Tuesday, 24 June 2014

Installing A Virtual Samba/LDAP Server on Ubuntu 12.04. Part 4



Part 4: Back Up and Restore.

You can find part 1 here
Part 2 here
And part 3 here

I am using ldapsearch to backup the entire database.

ldapsearch -x -w ‘password’ -D 'cn=admin,dc=euro,dc=pec' -b 'dc=euro,dc=pec' -LLL > /home/backup/LDAPBackup/LDAPbackup.ldif

This will store a backup of the DIT in a file called backup.ldif
Now you can copy that backup over to your backup server using rsync:

rsync --delete -azvv -e ssh /home/backup/LDAPBackup/ backup@eu5c.euro.pec:/home/backup/LDAPBackup/

To restore on the back up server you need to delete the DIT from the previous back up

ldapdelete -x -w ‘password’ -D 'cn=ldapadmin,dc=example,dc=com' 'dc=example,dc=com' -r



Then you can load the new data with ldapadd

ldapadd -x -w ‘password’ -D 'cn=ldapadmin,dc=example,dc=com' -f LDAPbackup.ldif

And that's it, your database has now been backed up to a secondary server. Usually its best to do this with a cron script.

To do this you will need to configure the backup user. The easiest way to do this is on Webmin.
In a web browser you can access webmin by typing https://'serveripaddress':1000
You need to use the root user to log in to webmin.
You then need to select the System option, and the select users and groups. The layout of your webmin will depend on the theme you are using. By default you will have a list of options as a sidebar, where you can click system and then users and groups, however my sidebar is along the top, so don't panic if my webmin looks different to yours. If you're interested, the webmin theme I'm using is called stress-free. You can find this and other webmin themes here

Once you've clicked onto Users and Groups a list will appear:

(the list should be longer than this, this is just a shot)



You need to click on the backup user.
You will need to change the home directory of the backup user and change to Normal Password instead of No Login Allowed:










































You will need to do this on both the primary and secondary servers.

In order for the rsync to work automatically you will need to generate public/private SSL keys.
Now, to set up a cron job to make your server backup remotely, first you will have to create two files, one on the primary server and one on the secondary server.

On your primary server:


cd /home/backup



vi LDAPBackup.sh

mkdir LDAPBackup

This is the shell script that I am using:

#!/bin/bash

touch /home/backup/LDAPBackup/T_Index.txt # this file needs to exist in order to run the reload. 

ldapsearch -x -w 'password' -D 'cn=admin,dc=euro,dc=pec' -b 'dc=euro,dc=pec' -LLL > /home/backup/LDAPbackup.ldif # this runs the backup

rsync --delete -azvv -e ssh /home/backup/LDAPBackup/ backup@eu5c.euro.pec:/home/backup/LDAPBackup/ # this copies the backup over

exit 0

In order to be able to run this file you will need to change the owner and permissions:

chmod 700 LDAPBackup.sh
chown backup:users LDAPBackup.sh

You will also need to do this on for the backup folder:

chown backup:users /home/backup
chmod 700 /home/backup/

You will need to change the server and file permissions on both servers.

On the secondary server:

cd /home/backup
vi LDAPRestore.sh
The shell script I am using is:

#!/bin/bash
file="/home/backup/LDAPBackup/T_Index.txt"

if  [[ -a $file ]] ; then

        echo "File Exists"

        rm $file;

        echo "deleting DIT"

        ldapdelete -x -w 'meN3lau$' -D 'cn=admin,dc=euro,dc=pec' 'dc=euro,dc=pec' -r;

        echo "Reloading DIT"

        ldapadd -x -w 'meN3lau$' -D 'cn=admin,dc=euro,dc=pec' -f /home/backup/LDAPBackup/LDAPbackup.ldif;

fi

exit 0

You will need to modify these scripts with your own information, and then to run them, on your primary server type:

./LDAPBackup.sh

If you have set up the public/private ssh keys you will not be prompted for a password, if you haven't you will be prompted for the backup users password on the secondary server, you will also need to do set up the keys in order to automate rsync, you can find instructions on how to do that here.
You should see something similar to:

opening connection using: ssh -l backup eu5c.euro.pec rsync --server -vvlogDtprze.iLsf --delete . /home/backup/LDAPBackup/

backup@eu5c.euro.pec's password:

sending incremental file list

delta-transmission enabled
./
LDAPbackup.ldif
T_Index.txt
total: matches=21  hash_hits=21  false_alarms=0 data=0

sent 166 bytes  received 179 bytes  62.73 bytes/sec
total size is 14664  speedup is 42.50

Now on your secondary server you will need to type:

./LDAPRestore.sh

You should see something like:

File Exists
deleting DIT
Reloading DIT

Then entries starting with "adding new entry"

Now that both of these scripts are running you can set up your cron job.
Cron jobs are handy because they allow you to automate things like backups, and you can choose when you want them to run, and how often, for example you may want your backup to run every Saturday at 9am, or every evening at 11pm, or every hour, etc.
I will be setting the cron job to run every 5 minutes, so that the data is kept as up to date as possible.
You will need to create a crontab for the backup user, which will provide instruction to the cron about when to run the script and which user to run it as.

To create the crontab for the backup user you will need to type:

crontab -e -u backup

You will then need to select the editor you wish to use, we are selecting number 3.
At the very bottom of the file you will need to add how often you want the cron to run and what command you would like to run.
My crontab for the backup user on both my primary and secondary servers looks like:

*/5  *        *        *        *   ./LDAPbackup.sh
*/5  *        *        *        *  ./LDAPRestore.sh

The format for this is:
Minute   Hour    Day of Month     Month        Day of Week      Command

So what my script is set up to do is run every five minutes in any hour of any date of any month on any day.
There are a lot of other ways to set this up, for example, 11:30pm on the 1st of July would look like:

30  23  1   7   *   ./LDAPbackup.sh



You can also choose to run the cron only Monday to Friday, so you would put 1-5 in the day of week column, or if you wanted it to run in March, April and May you would put 3,4,5 in the Month column or 1,15,30 to run on the 1st, 15th and 30th days of a month.

How often you choose to run the script is entirely up to you

Once you've set this up your server will now be ready to update automatically, and you have two perfectly working virtual LDAP servers!




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)