Zentyal configuration Backup
Zentyal offers a configuration backup service, to ensure the recovery of a server when a disaster occurs, for example a hard disk failure or a human error while managing configurations.
Backups can be made locally, saving them on the local hard drive of the Zentyal host. After this, it is recommended to save them to an external physical system, so if the machine suffers a failure, you still have access to this data.
It is also possible to automatically perform the backups using a commertial version of Zentyal. Both the Small Business and the Enterprise version include seven configuration backups in the cloud and the cloud Disaster Recovery service. Even if you register the Zentyal server for free, you will have one cloud configuration backup. Using any of this options you will be able to quickly recover your Zentyal configuration from the remote servers in the event of a total system failure.
To access the backup options, go to System ‣ Import/Export configuration. You can not backup if there are unsaved changes in the configuration.
Once you have entered the Name for the backup, chosen the type of backup (incremental or full) and clicked on Backup, you will see a window which will show the progress of the different modules until the message Backup successfully completed is displayed
Afterwards, if you return to the former window, you can see in the bottom of the page a Backups list. Using this list you can restore, download to a client disk or delete any of the saved copies. Additionally, you will have data about the creation date and size.
In the Restore backup from a file section you can send a security copy file that you have previously created, for example, associated with a former Zentyal server installation in another host and restore it using Restore. You will be asked for confirmation; simply remember to be careful, as the current configuration will be completely overwritten. The restoration process is similar to the copy; after showing the progress, the user will be notified with a success message if there is no error.
Data backup configuration in a Zentyal server
You can access the data backup menu going to System ‣ Backup
First of all, you have to decide whether you are going to store your backups locally or remotely. In the latter case, you need to specify which protocol is going to be used to connect the remote server.
Method: The different supported methods are FTP, Rsync, SCP and File system. Take into account that depending on the method you choose, you will have to provide more or less information. All the methods except File system use remote servers. If you select FTP, Rsync or SCP, you will have to enter the associated authorisation to connect with the server and the remote server's address.
Host or destination:
For remote methods you have to enter the remote server name or its IP address with the following format: other.host:port/existing_directory In case you are using File system, you only need the local directory path.
User: User name to authenticate in the remote host.
Password: Password to authenticate in the remote host.
Encryption: You can cypher the data in the backup using a symmetric key that will be entered in the form.
Full Backup Frequency: This parameter is used to determine the frequency for complete backups to be performed. The values are: Only the first time, Daily, Weekly, Twice a month and Monthly. If Weekly, Twice a month or Monthly is selected, you will see a selection option to choose the exact day of the week or month to perform the backup.
If Only the first time is selected, then it is mandatory to set a frequency for incremental backups.
Incremental Backup Frequency: This value sets the frequency of the incremental copy or disables it.
If the incremental copy is enabled, you can choose a Daily or Weekly frequency. In the latter case, you have to decide the day of the week; either way you have to take into account the chosen frequency which has to be greater than the full backup.
The days that you have scheduled a full backup, Zentyal will not perform any scheduled incremental copy.
Backup process starts at: This field is used to set the time a backup copy is started, for both the full and the incremental backup. It is a good idea to set it to a time frame where no other activities are being performed in the network, because it can consume a lot of upstream bandwidth.
Keep previous full copies: This value is used to limit the total number of copies that can be stored. You can limit by number or by age.
If you limit by number, only the set number of copies, plus the last complete copy will be stored. If you limit by age, you will only save full copies that are newer than the indicated period.
When a full copy is deleted, all the incremental copies associated with it are also deleted.
Backup configuration using the RSYNC method
Before configuring backups using RSYNC you have to make sure that the user has permissions to connect using SSH, for this reason, you will generate a SSH key and then, copy the id to the remote machine.
first you change to superuser in the CLI:
$ sudo su -
then you generate the keys for the *root* user:
finally you copy the SSH id to the remote machine:
# ssh-copy-id usuario@maquina_destino
In the field, Host or destination you must follow the format HOST[:PORT]/FOLDER
Use the IP or FQDN for the HOST where the copy will be stored. You can specify a port for the RSYNC connection, if not, port 22/SSH will be used by default. The copy will be stored in the destination FOLDER, which is relative to the user you have configured in the previous copy.
For example, if you configure the field Host or destination as: 192.168.100.200/backup and you configure laura as the user, the copy will be stored in the machine 192.168.100.200, directory /home/laura/backup.
Configuration of the directories and files that are saved
From the Includes and Excludes tab you can configure the specific data you want to backup.
The behavior of this section is similar to the firewall. By default, everything is excluded, you need to include the directories explicitly, rules are executed from the top to the bottom, so the more specific ones tend to be on top.
For example, Exclude /home/peter, and below it, Include /home will backup all home directories except /home/peter, if the Include /home rule is above Exclude /home/peter, the latter rule will not have any effect because all home was included in the rule that was executed before.
You can set path exclusions and exclusions that match a regular expression. Exclusions by regular expression will exclude any path which matches the expression. Any excluded directory will also exclude all its contents.
The order of application of inclusions and exclusions can be changed using the arrow icons.
Generally, including everything (Include / rule) is a bad idea, since there are some directories that contain run-time data, and you will possibly include a lot of useless information.
For most cases, it is not recommended to include the directories /mnt, /dev, /media, /sys, /tmp, /var/cache and /proc.
Checking the status of the backups
You can check the backups status in the Remote Backup Status section. Within this table, you can see the type of backup; full or incremental and the execution date.
There are two ways of restoring a file. Depending on the file size or the directory you want to restore.
It is possible to restore files directly from Zentyal server's control panel. In the System ‣ Backup ‣ Restore files section you have access to the list of all the files and directories contained in the remote backup, and the dates of the different versions you can restore.
If the path to restore is a directory, all its contents will be restored, including sub-directories.
The file will be restored with its contents on the selected date, if the file is not present in the backup that day. The version found in the former backups will be restored. If there is no copy of the file in any of the versions, you will be notified with an error message.
You can use this method with small files. For big files, the process is time consuming and you can not use the Zentyal web interface while the operation is being made. You have to be especially careful with the type of file you are restoring. Normally, it will be safe to restore data files that are not being used by applications at the current time. These data files are located in the directory /home/samba. On the other hand, restoring system file of directories like /lib, /var or /usr while the system is running can be very dangerous. Don't do this unless you are really sure of what you are doing.
Manually restoring files and directories
Zentyal's backup solution is based on duplicity. Duplicity is a powerful tool, and relatively simple to use through the CLI.
Some of the restore use cases that can not be achieved using Zentyal's webadmin, can be performed using the duplicity command.
For example, let's assume that you want to restore the file/home/jsmith/somefile, and the backup is stored in /home/administrator/backups. You don't want to overwrite the current file, so you choose a different restore destination:
# duplicity --no-encryption --file-to-restore home/jsmith/somefile file:///home/administrator/backups /home/administrator/backup_restore/restored_file
You can also specify the date and remote source of the required file, as described in duplicity documentation example::
# duplicity -t 3D --file-to-restore apt/sources.list ftp://FtpUserID@ftp.domain.com/etc /home/user/sources.list
There is a how-to covering the basic functionality and common operations of duplicity in the Ubuntu documentation:
Apart from the files, additional data is stored to allow the direct restoration of some services. This data includes:
- Zentyal configuration backup
- backup of the registers database of Zentyal
In the tab Services Restore both can be restored for a given date.
The security copy of Zentyal configuration contains the configuration of all the modules that have been enabled at least once, all the LDAP data and any other additional files needed by the modules to function properly.
You have to be careful when restoring Zentyal configuration because all the current configuration and LDAP data will be replaced. Nevertheless, for the case of configuration not stored in LDAP, you have to click "Save changes" to make this effective.