Re: [Xen-users] snapshots (without lvm)

["Adam Gold " <adamgold@xxxxxxxxxxx>]

Thanks Mark. That's very clear and seems like a sensible approach (I like the 
use of openvpn). I'd be interested to hear how you go about making restores 
when needed, and specifically a full system restore/rollback. If one is making 
file based/tar backups as you are, it's never been clear to me how to achieve a 
'perfect' full disk/full partition restore in the way one can do with dd or a 
third party solution like clonezilla. That's why I like the simplicity of the 
true snapshot or cloning approach to implement system rollbacks.

However, it may well be I'm missing something when it comes to how rsnapshot 
works so:
(i) Yes, I'd love to hear more about the config and particular commands
(ii) please do tell me more about how the restoring side of the equation works 
e.g. let's say you wanted to revert one of your domUs from incremental version 
4 on a particular day to version 1 (and to be clear, not specific files but the 
whole system), how would that work? How do you deal with excluded directories 
(proc,sys etc) during the restore process. Thanks.

P.S. I agree, lzop is the best compression algorithm for this type of work.

Date: Sat, 31 Dec 2011 13:15:11 +0100
From: Mark van Dijk <mark@xxxxxxxxxxxxxx>
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] snapshots (without lvm)
Message-ID: <20111231121553.306572988E4@xxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII

> Thanks for the response.  Yes, dd is one way of achieving what I want
> - which is to allow rollbacks to earlier states - but I guess, if
> one's going to be slightly pedantic, it's more a cloning solution
> than a snapshot (and at this point I could just go with lvm
> snapshots).  It's certainly a possibility but I am curious to know if
> there's anything out there which mirrors the simplicity and speed of
> the snapshot functionality in XCP.  I'm guessing not yet...

Maybe I'm not answering your question in the way you'd like it to be
answered, but at least I can show you my two snapshot/backup methods.

For images that I want to store on dom0 I prefer the following method:

# kpartx -a /dev/vg/lv-domu
# mount -o ro /dev/mapper/vg-lv-domu3 /mnt  (mount filesystem root)
# mount -o ro /dev/mapper/vg-lv-domu1 /mnt/boot
# cd /var/snapshots/domu
# rsync -aPh --delete --delete-excluded /mnt .
# umount, kpartx -d ... etc.

Usually I make a tar file out of this with some compression... lzop is
nice here because it's very fast and still provides a reasonable amount
of compression. This is how I prefer to make a snapshot of a newly
installed system.

Besides this I also want to make incremental backups of systems that
are already configured and running. For this I use rsnapshot on a
dedicated backup system which is separate from the Xen box which is
what I'll explain next.

All the domU's initiate an openvpn connection to the rsnapshot system.
The rsnapshot / openvpn server assigns these hosts an IPv6 ULA (Unique
Local Address) because these address forms are unroutable on the
Internet and thus are considered safe enough for this purpose. The
domU's also all have an rsync daemon that listens to only this address.
Rsyncd provides read-only access to the whole filesystem (/) for only
the rsnapshot system's IPv6 ULA address.

The rsnapshot system connects to the domU's four times a day and makes
incremental backups each time. This means that files that already
exist on the rsnapshot system are linked rather than duplicated and
retransferred - this saves a lot of space and bandwidth and increases
speed. The exclusion of files and directories is configured in
rsnapshot's config file. Rsnapshot also makes daily, weekly and monthly
snapshots but this happens locally i.e. without making connections to
the backuped boxes.

I chose rsyncd rather than ssh because there is no mandatory
authentication, it simply allows only the rsnapshot system's IP.
Furthermore OpenVPN already establishes the encrypted connection
and I see no reason to make the encryption redundant (i.e.
encrypted ssh over encrypted OpenVPN). And rsyncd also is a lot faster
than ssh.

Those who would rather use rsnapshot over ssh than over an OpenVPN
connection could choose to use ssh with the arcfour cipher because
arcfour is a faster streaming cipher than the other ones.

I hope I explained it in an understandable way but if you prefer a
less theoretical and more practical explanation then just say so. I'll
then write something that shows you the used commands and config files.

-Mark




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users