Saturday, October 17, 2009

Create a Hot Backup Server

The goal is to create a backup that will provide a server which has been replicated to act as a replacement if the original server goes down. This example is assuming exact same hardware and two servers on the same network.


Step #1: Create a Duplicate Drive
For each drive in the original server you will need to clone a drive so that you can start with the correct users, permissions, etc. Now, one thing to note, if you clone a drive you will have the exact same hostname and IP Address which will need to be modified. Using the dd command you can create a bit-by-bit clone of the drive.

dd if=/dev/sda of=/dev/sdb

You could create an image and then push that image onto another drive if needed.

dd if=/dev/sda of=/bk/disk.img

If you wanted to move the image to a drive you can do this:

dd if=/bk/disk.img of=/dev/sda

This creates an exact clone, beware that large drives may take 6-8 hours. Place the cloned drive into the target machine and change the hostname and IP Address of the target so that it can talk with the original machine.

Step #2: Rsync the Necessary Directories
The rsync command can be run through ssh to provide a secure connection and secure transfer of data. This is the preferred method even on an internal network as it is not much harder to set up and gives you peace of mind.

Synchronize the /var Directory
Since much of what a sever does is placed in the /var directory this is an important directory to synchronize. This is necessary for a database, web server, logs, etc. Note the slash at the end of the /var/ as this will transfer the contents and not create a separate /var/directory.

rsync -avhe ssh /var/ root@192.168.5.49:/var/

Synchronize the /home Directory
You may also need to synchronize the /home directory.

rsync -avhe ssh /home/ root@192.168.5.49:/home/

Create Exceptions
There are some directories that you do not want to synchronize as it will break the connection. The most important in the /etc/ directory is the sysconfig directory which contains your IP Address setups. You can use multiple –exclude options, note the directory to exclude is in single quotes.

rsync -avhe ssh –exclude ’sysconfig’ /etc/ root@192.168.5.49:/etc/

3. Create Passwordless Transfers
It is important that you create an account on the target machine so that you do not need to have a password typed in for each update.

Generate Key Pairs
Key pairs are created by default in the ~/.ssh directory of each user. Note that the ~ symbol is used to represent each user’s home directory. The ssh directory is hidden as indicated by the “.” in front of the directory.
Open a terminal and type: ssh-keygen -t dsa
Accept the default location and type in a passphrase.
You have a public key, which you will share with computers you want to connect to and a private key which you will not share with anyone, ever.
~/.ssh/id_dsa.pub —> public key
~/.ssh/id_dsa —> private key

Share Public Key
Note you do not have to share keys in order to use SSH, you can use passwords just as well.
Move into your ~/.ssh directory
cd ~/.ssh
View Contents of Directory
ls
This should show that you have a public key named id_dsa.pub or id_rsa.pub if you created a rsa key pair.

Copy Public Key
scp id_dsa.pub ip_address_of_remote_machine:my_key
Be sure that you follow the remote machine’s IP address with a colon, or else the command won’t work.
Log into the remote, or virtual, machine via ssh:

ssh ip_address_of_remotel_machine

Copy the contents of the “mykey” file to the “authorized_keys” file as follows:

cat mykey >> ~/.ssh/authorized_keys

The double >> is important as it appends the file, if you used just one > it would create a new file, eliminating your current authorized_keys.
This will add your key to a file of keys that are authorized to access this machine.
Be sure to chmod 644 authorized_keys.


Contact Without Passwords
Now you have both a public key and a private key on your local machine. You can access the remote computer on which you placed your public key with the following command:
ssh 192.168.4.5
This assumes that the IP address of the computer you are making contact with is the IP above, you can also use the domain name, example.com (just for example).
The purpose of the ssh-agent is to save your passphrase so you do not have to enter it each time you start a ssh or scp connection.
At the prompt type:
exec /usr/bin/ssh-agent $SHELL
Then also type
ssh-add
You will need to enter your passphrase and then you are done.
As soon as you log out your passphrase will be dumped by the system. Each time you log in you will need to execute these two commands in the XTerminal to avoid having to enter your password each command.

Now, if you stay logged in, you should be able to run the rsync with ssh command without a password.

No comments:

Post a Comment