Using dsbk on Linux and Unix
Posted: 5 Oct 2005
Introduction
In this article, we examine the use of the dsbk utility on Linux. An
administrator familiar with the usage of this utility on NetWare may find the
implementation on Linux confusing.
While the focus of this article is on the use of dsbk on the Linux
platform, the utility operates identically on both the UNIX and Linux platforms:
for simplicity's sake, we will discuss the utility in the context of Linux;
anything that applies to the Linux implementation also applies to the UNIX
implementations.
About dsbk
When eDirectory 8.7 originally shipped, Novell included a collection of
utilities under the umbrella of the eDirectory Management Toolbox (commonly
referred to as eMBox). This set of tools requires configuration of Role-Based
Services (RBS) in order to use the various tools. In the Linux world, this means
that a non-privileged user could access the utilities to perform dsrepair
operations, backup/restore operations, and so on.
The eMBox client utility - called edirutil - could be run in a
number of different modes: a batch mode, in a text-based shell, using individual
commands entirely from the command-line, or from a graphical interface. In the
batch and command-line modes, an administrator could invoke the utility to
perform backup and restore operations from a shell script, possibly for
inclusion in a crontab.
Because eMBox is configured to require Role Based Services (RBS), it is
necessary to invoke the command-line including a username and password. Many
administrators were frustrated by this, not wanting to leave privileged
eDirectory accounts exposed by having the password stored in the clear in a
shell script or batch file. This can also be a bit of a challenge when
restoring; RBS must be configured on the target server or tree prior to
restoring the backup: restoring a DIB required a throwaway eDirectory
installation with RBS configured.
Third-party backup software vendors asked if there might be a way to launch
an eDirectory backup using eMBox (which backs up the eDirectory DIB to a file in
the filesystem) as part of a pre-execution script on NetWare; because of
security concerns with the cleartext password, Novell provided a utility NLM
called DSBK.NLM.
Administrators of eDirectory on platforms other than NetWare have since asked
that the utility be ported to the other platforms. With the release of
eDirectory 8.7.3.7, Novell has included the dsbk utility for the Linux
and Unix platforms; the Windows platform version will be released at a later
time (currently scheduled for the next eDirectory service pack).
Using the dsbk Utility on Linux
Unlike the NetWare version, the Linux version of dsbk requires a
configuration file. The configuration file contains a single line that points to
another file to be created and used to pass commands to the dsbk module
through the ndstrace utility.
NOTE: In eDirectory 8.7.3.7, you must execute this
script as root |
Let's look at an example. In /etc/dsbk.conf, we set a value of: /root/dsbk.command
This file is then used as an intermediary for the dsbk module.
The output for the command is written into the eDirectory log file
(/var/nds/ndsd.log): DSBK HELP To get help on a specific function type "help <function name>" Current functions: backup restore restadv getconfig setconfig cancel
Using the command dsbk help <commandname>, the command
options are identical to the NetWare platform. By setting up dsbk,
commands can be entered into a crontab to execute dsbk
getconfig and dsbk backup commands on a regular basis,
allowing for full backups once weekly and incrementals on the other days, or
whatever combinations are desired.
Tip/strong> When using the dsbk utility
interactively, have a second terminal window open with tail -f
/var/nds/ndsd.log running so that the output to entered commands
is immediately readable. |
Once the backup is completed, back it up using standard filesystem backup
utilities.
A Strategy for Using dsbk
The most obvious use for dsbk is to perform nightly backups of the
database. This can be done using a crontab entry, such as: 0 2 * * * dsbk backup -f/root/dsbk/`date --iso-8601=seconds`.dibback -l/root/dsbk/`date --iso-8601=seconds`.log -t -b
This crontab entry performs a full backup every morning at 2:00 AM and stores
the backup and log file in /root/dsbk. The filename used is an ISO 8601 date
format with resolution to the second. The format used has no embedded spaces in
it, making it easier to deal with in a scripted sense. After running this
script, files are created with names such as: 2005-09-22T21:48:37-0600.dibback 2005-09-22T21:48:37-0600.log
The log file in this example contains: |==================DSBackup Log: Backup================| Backup type: Full Log file name: /root/dsbk/2005-09-22T21:48:37-0600.log Backup started: 2005-9-22'T21:48:38 Backup file name: /root/dsbk/2005-09-22T21:48:37-0600.dibback Server name: T=JHENDERSON-873SP7O=novellOU=servicesCN=jshlaptop Current Roll Forward Log: 00000001.log DS Version: 1055279 Backup ID: 43337B15 Starting database backup... Database backup finished Completion time 00:00:01 Backup completed successfully
Another option for automating backups might be: 0 2 * * 0 dsbk backup -f/root/dsbk/`date --iso-8601=seconds`.dibback -l/root/dsbk/`date --iso-8601=seconds`-full.log -t -b 0 2 * * 1-6 dsbk backup -f/root/dsbk/`date --iso-8601=seconds`.dibback -l/root/dsbk/`date --iso-8601=seconds`-incr.log -t -i
These crontab entries perform a full backup every Sunday morning at 2:00 AM
and incrementals on Monday-Saturday at 2:00 AM.
One consideration is that the backups could end up occupying too much space
on disk; cleanup of old backup files should be performed once they have been
backed up to offline storage.
|