----------------------------------------------------------------------- System Backup&Restore for Solaris Servers 10/2000 by Volker Tanger ----------------------------------------------------------------------- This backup and restore suite was designed for small Sun servers with only low data change rate (e.g. firewalls) and is including a fast "bare iron" recovery. ----------------------------------------------------------------------- Assumed Filesystem and Partition Table Structure ----------------------------------------------------------------------- The current configuration assumes a simple workstation with the following filesystem/partition structure: /dev/rdsk/c0t0d0s0 / (root) /dev/rdsk/c0t0d0s1 /var /dev/rdsk/c0t0d0s3 /export/home Adding and/or changing this should be fairly easy. ----------------------------------------------------------------------- Running a Backup ----------------------------------------------------------------------- A specially adapted backup script (backup.sh) was developed. If applying this to servers that are not configured to the sample installation, the scripts have to be adapted prior to usage. To backup the server, attach the tape drive to the server (if not already connected), insert a cartridge into the tape and simply call the script which then runs without user input. After backup store the tape in a safe place. ----------------------------------------------------------------------- Doing a Disaster-Recovery ----------------------------------------------------------------------- A specially adapted restore script (restore.sh) was developed to enable a full system restore from even a "completely nuked" machine. This will only work on systems that are (nearly) identical to the one the backup was performed from. !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! !!! DANGER !!! !!! DANGER !!! !!! DANGER !!! This RESTORE.SH does not ask any !!! DANGER !!! !!! DANGER !!! questions - it immediately starts. !!! DANGER !!! !!! DANGER !!! You can ruin your system if you !!! DANGER !!! !!! DANGER !!! are not careful enough! !!! DANGER !!! !!! DANGER !!! !!! DANGER !!! !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! DANGER !!! To restore the server, attach the tape drive to the server (if not already connected) and insert the cartridge into the tape drive. Boot the system off a solaris installation CD (boot cdrom, entered at bootprompt). In case of messed-up aliases: on Sun Ultra-60 this equals boot /dev/pci@1f,4000/scsi@3,1/disk@6,0:f whereas an Ultra-5 needs boot /dev/pci@1f,0/pci@1,1/ide@3/cdrom@2,0:f. After X-Window is up and running, start a commandline window by clicking onto the desktop background with the right mouse key ("Utilities >" / "Command Tool..."). After this enter the following commands line by line: Read the restore script from tape # cat /dev/rmt/0n > /tmp/restore.sh Change permissions of the restore script # chmod 700 /tmp/restore.sh and execute the restore script: # /tmp/restore.sh After successful restore, reboot. Depending on the software sometimes hardware-dependant software license keys have to be renewed (e.g. Raptor Firewall, Checkpoint Firewall). ----------------------------------------------------------------------- Requirements & Known Bugs ----------------------------------------------------------------------- Requirements * Sun workstation or server with Solaris (2.6 tested) * Properly configured backup tape supported by Solaris. The scripts were only tested on Sun DAT tapes, though. * CD-ROM to boot the installation system off for restore. Known bugs: * No failure control. The scripts run - even if something is going seriously wrong (disk to small etc.)... * No safety checks. Calling the scripts may cause immediate and irrevocable data loss - especially if accidentally calling the restore script. * Scripts must be configured in source code (which should be easy enough). The scripts were designed for simplicity - both in programming and application. From my point of view in case of emergency three aspects are important: * Simple handling of basic tasks. It can save the day if even the untrained security-guard can be talked through the restore procedure via telephone. * Being able to take over manually for each one of the restore steps - this is the other end of the line: for experts. * No need to install complicated additional software. The broken system shall be repairable with builtin tools. With this in mind the scripts were designed - and have proven to run quite reliably. Both, full backup or restore of an average firewall (without logs) should be done within 15 minutes (Sun U5 with DSS3/DAT tape). Updates will be available at http://www.wyae.de/software/ ----------------------------------------------------------------------- Shortcut: Distributable under "Modified BSD" license ----------------------------------------------------------------------- Copyright (c) 2000 Volker Tanger All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE -----------------------------------------------------------------------