Using dsbk on Linux and Unix

Posted: 5 Oct 2005


In this article, we examine the use of the dsbk utility on Linux. An administrator familiar with the usage of this utility on NetWare may find the implementation on Linux confusing.

While the focus of this article is on the use of dsbk on the Linux platform, the utility operates identically on both the UNIX and Linux platforms: for simplicity's sake, we will discuss the utility in the context of Linux; anything that applies to the Linux implementation also applies to the UNIX implementations.

About dsbk

When eDirectory 8.7 originally shipped, Novell included a collection of utilities under the umbrella of the eDirectory Management Toolbox (commonly referred to as eMBox). This set of tools requires configuration of Role-Based Services (RBS) in order to use the various tools. In the Linux world, this means that a non-privileged user could access the utilities to perform dsrepair operations, backup/restore operations, and so on.

The eMBox client utility - called edirutil - could be run in a number of different modes: a batch mode, in a text-based shell, using individual commands entirely from the command-line, or from a graphical interface. In the batch and command-line modes, an administrator could invoke the utility to perform backup and restore operations from a shell script, possibly for inclusion in a crontab.

Because eMBox is configured to require Role Based Services (RBS), it is necessary to invoke the command-line including a username and password. Many administrators were frustrated by this, not wanting to leave privileged eDirectory accounts exposed by having the password stored in the clear in a shell script or batch file. This can also be a bit of a challenge when restoring; RBS must be configured on the target server or tree prior to restoring the backup: restoring a DIB required a throwaway eDirectory installation with RBS configured.

Third-party backup software vendors asked if there might be a way to launch an eDirectory backup using eMBox (which backs up the eDirectory DIB to a file in the filesystem) as part of a pre-execution script on NetWare; because of security concerns with the cleartext password, Novell provided a utility NLM called DSBK.NLM.

Administrators of eDirectory on platforms other than NetWare have since asked that the utility be ported to the other platforms. With the release of eDirectory, Novell has included the dsbk utility for the Linux and Unix platforms; the Windows platform version will be released at a later time (currently scheduled for the next eDirectory service pack).

Using the dsbk Utility on Linux

Unlike the NetWare version, the Linux version of dsbk requires a configuration file. The configuration file contains a single line that points to another file to be created and used to pass commands to the dsbk module through the ndstrace utility.

NOTE: In eDirectory, you must execute this script as root

Let's look at an example. In /etc/dsbk.conf, we set a value of:


This file is then used as an intermediary for the dsbk module.

The output for the command is written into the eDirectory log file (/var/nds/ndsd.log):

To get help on a specific function type "help <function name>"
Current functions:

Using the command dsbk help <commandname>, the command options are identical to the NetWare platform. By setting up dsbk, commands can be entered into a crontab to execute dsbk getconfig and dsbk backup commands on a regular basis, allowing for full backups once weekly and incrementals on the other days, or whatever combinations are desired.

Tip/strong> When using the dsbk utility interactively, have a second terminal window open with tail -f /var/nds/ndsd.log running so that the output to entered commands is immediately readable.

Once the backup is completed, back it up using standard filesystem backup utilities.

A Strategy for Using dsbk

The most obvious use for dsbk is to perform nightly backups of the database. This can be done using a crontab entry, such as:

0 2 * * * dsbk backup -f/root/dsbk/`date --iso-8601=seconds`.dibback -l/root/dsbk/`date --iso-8601=seconds`.log -t -b

This crontab entry performs a full backup every morning at 2:00 AM and stores the backup and log file in /root/dsbk. The filename used is an ISO 8601 date format with resolution to the second. The format used has no embedded spaces in it, making it easier to deal with in a scripted sense. After running this script, files are created with names such as:


The log file in this example contains:

|==================DSBackup Log: Backup================|
Backup type: Full
Log file name: /root/dsbk/2005-09-22T21:48:37-0600.log
Backup started: 2005-9-22'T21:48:38
Backup file name: /root/dsbk/2005-09-22T21:48:37-0600.dibback
Server name: T=JHENDERSON-873SP7O=novellOU=servicesCN=jshlaptop
Current Roll Forward Log: 00000001.log
DS Version: 1055279
Backup ID: 43337B15
Starting database backup...
Database backup finished
Completion time 00:00:01
Backup completed successfully

Another option for automating backups might be:

0 2 * * 0 dsbk backup -f/root/dsbk/`date --iso-8601=seconds`.dibback -l/root/dsbk/`date --iso-8601=seconds`-full.log -t -b
0 2 * * 1-6 dsbk backup -f/root/dsbk/`date --iso-8601=seconds`.dibback -l/root/dsbk/`date --iso-8601=seconds`-incr.log -t -i

These crontab entries perform a full backup every Sunday morning at 2:00 AM and incrementals on Monday-Saturday at 2:00 AM.

One consideration is that the backups could end up occupying too much space on disk; cleanup of old backup files should be performed once they have been backed up to offline storage.

Informacja z serwisu