Posted: 5 Oct 2005
In this article, we examine the use of the dsbk utility on Linux. An
administrator familiar with the usage of this utility on NetWare may find the
implementation on Linux confusing.
While the focus of this article is on the use of dsbk on the Linux
platform, the utility operates identically on both the UNIX and Linux platforms:
for simplicity's sake, we will discuss the utility in the context of Linux;
anything that applies to the Linux implementation also applies to the UNIX
When eDirectory 8.7 originally shipped, Novell included a collection of
utilities under the umbrella of the eDirectory Management Toolbox (commonly
referred to as eMBox). This set of tools requires configuration of Role-Based
Services (RBS) in order to use the various tools. In the Linux world, this means
that a non-privileged user could access the utilities to perform dsrepair
operations, backup/restore operations, and so on.
The eMBox client utility - called edirutil - could be run in a
number of different modes: a batch mode, in a text-based shell, using individual
commands entirely from the command-line, or from a graphical interface. In the
batch and command-line modes, an administrator could invoke the utility to
perform backup and restore operations from a shell script, possibly for
inclusion in a crontab.
Because eMBox is configured to require Role Based Services (RBS), it is
necessary to invoke the command-line including a username and password. Many
administrators were frustrated by this, not wanting to leave privileged
eDirectory accounts exposed by having the password stored in the clear in a
shell script or batch file. This can also be a bit of a challenge when
restoring; RBS must be configured on the target server or tree prior to
restoring the backup: restoring a DIB required a throwaway eDirectory
installation with RBS configured.
Third-party backup software vendors asked if there might be a way to launch
an eDirectory backup using eMBox (which backs up the eDirectory DIB to a file in
the filesystem) as part of a pre-execution script on NetWare; because of
security concerns with the cleartext password, Novell provided a utility NLM
Administrators of eDirectory on platforms other than NetWare have since asked
that the utility be ported to the other platforms. With the release of
eDirectory 126.96.36.199, Novell has included the dsbk utility for the Linux
and Unix platforms; the Windows platform version will be released at a later
time (currently scheduled for the next eDirectory service pack).
Using the dsbk Utility on Linux
Unlike the NetWare version, the Linux version of dsbk requires a
configuration file. The configuration file contains a single line that points to
another file to be created and used to pass commands to the dsbk module
through the ndstrace utility.
|NOTE: In eDirectory 188.8.131.52, you must execute this
script as root |
Let's look at an example. In /etc/dsbk.conf, we set a value of:
This file is then used as an intermediary for the dsbk module.
The output for the command is written into the eDirectory log file
To get help on a specific function type "help <function name>"
Using the command dsbk help <commandname>, the command
options are identical to the NetWare platform. By setting up dsbk,
commands can be entered into a crontab to execute dsbk
getconfig and dsbk backup commands on a regular basis,
allowing for full backups once weekly and incrementals on the other days, or
whatever combinations are desired.
|Tip/strong> When using the dsbk utility
interactively, have a second terminal window open with tail -f
/var/nds/ndsd.log running so that the output to entered commands
is immediately readable. |
Once the backup is completed, back it up using standard filesystem backup
A Strategy for Using dsbk
The most obvious use for dsbk is to perform nightly backups of the
database. This can be done using a crontab entry, such as:
0 2 * * * dsbk backup -f/root/dsbk/`date --iso-8601=seconds`.dibback -l/root/dsbk/`date --iso-8601=seconds`.log -t -b
This crontab entry performs a full backup every morning at 2:00 AM and stores
the backup and log file in /root/dsbk. The filename used is an ISO 8601 date
format with resolution to the second. The format used has no embedded spaces in
it, making it easier to deal with in a scripted sense. After running this
script, files are created with names such as:
The log file in this example contains:
|==================DSBackup Log: Backup================|
Backup type: Full
Log file name: /root/dsbk/2005-09-22T21:48:37-0600.log
Backup started: 2005-9-22'T21:48:38
Backup file name: /root/dsbk/2005-09-22T21:48:37-0600.dibback
Server name: T=JHENDERSON-873SP7O=novellOU=servicesCN=jshlaptop
Current Roll Forward Log: 00000001.log
DS Version: 1055279
Backup ID: 43337B15
Starting database backup...
Database backup finished
Completion time 00:00:01
Backup completed successfully
Another option for automating backups might be:
0 2 * * 0 dsbk backup -f/root/dsbk/`date --iso-8601=seconds`.dibback -l/root/dsbk/`date --iso-8601=seconds`-full.log -t -b
0 2 * * 1-6 dsbk backup -f/root/dsbk/`date --iso-8601=seconds`.dibback -l/root/dsbk/`date --iso-8601=seconds`-incr.log -t -i
These crontab entries perform a full backup every Sunday morning at 2:00 AM
and incrementals on Monday-Saturday at 2:00 AM.
One consideration is that the backups could end up occupying too much space
on disk; cleanup of old backup files should be performed once they have been
backed up to offline storage.