I am using zimbra 8.0.4 and trying to configure rsync /opt/zimbra to configure a backup server incase of disaster.
1. What is the result if i use it without stopping the services on primary server.
2. If i set hourly rsync on same location will it cause any issues
3. How do i set it in cron Job as it requires password for ssh every time session
process referral link: https://wiki.zimbra.com/wiki/How_to_mov ... her_server
Rsync /opt/zimbra
- porokh
- Posts: 17
- Joined: Tue May 14, 2019 10:02 am
- Location: Ukraine
- ZCS/ZD Version: 8.8.15 RHEL7 FOSS
Re: Rsync /opt/zimbra
Hi, wmustafa728!
1. Using rsync on /opt/zimbra while ZCS is running will not guarantee you a consistent backup. Rsync should be used only for cold backups of /opt/zimbra (while ZCS is not running). By the way, if you move mailstore out of /opt/zimbra, e.g. to /home/zimbra -- then you can rsync your mail files without stopping ZCS. But it's good idea to do hot backup of mysql DB at the same time.
2. Hourly rsync not cause any problems, except of mentioned above.
3. Use ssh key authorisation, its works well in cron jobs.
1. Using rsync on /opt/zimbra while ZCS is running will not guarantee you a consistent backup. Rsync should be used only for cold backups of /opt/zimbra (while ZCS is not running). By the way, if you move mailstore out of /opt/zimbra, e.g. to /home/zimbra -- then you can rsync your mail files without stopping ZCS. But it's good idea to do hot backup of mysql DB at the same time.
2. Hourly rsync not cause any problems, except of mentioned above.
3. Use ssh key authorisation, its works well in cron jobs.
-
- Ambassador
- Posts: 2747
- Joined: Mon Dec 16, 2013 11:35 am
- Location: France - Drôme
- ZCS/ZD Version: All of them
- Contact:
Re: Rsync /opt/zimbra
rsync has to be done with hardlinks option.
rsync won't work correctly on LDAP sparse file (you should exclude them from the rsync files list).
You should anyway stop the ldap server and dump the databases to have files you can copy/rsync, don't rsync the ldap server live.
rsync won't work correctly on LDAP sparse file (you should exclude them from the rsync files list).
You should anyway stop the ldap server and dump the databases to have files you can copy/rsync, don't rsync the ldap server live.
- L. Mark Stone
- Ambassador
- Posts: 2796
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.6 Network Edition
- Contact:
Re: Rsync /opt/zimbra
And be prepared to have to reindex a few mailboxes too if you failover to the D/R system after doing rsyncs while Zimbra is still running.
Also, 8.0.4 is way past end of life with several known security vulnerabilities.
Mark
Also, 8.0.4 is way past end of life with several known security vulnerabilities.
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
- JDunphy
- Outstanding Member
- Posts: 889
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: Rsync /opt/zimbra
I have been doing a lot of this lately including automating the entire RHEL6/RHEL7/RHEL8 back and forth testing out different recovery strategies. While we have cloud provided network backups that allow us to spin up instances at anytime on new KVM's - we also do Zimbra backups with the commercial version and have used the rsync method for migration to new OS's at EOL. We have a script that does it all including build the OS, build /etc/hosts, named.conf, etc and install zimbra and upgrade zimbra unattended. I would recommend you practice that restore/build often on the new machine to test your backups/disaster recovery strategies and see if rsync is realistic for what you need. Note: the sparse option for tar. There are a few others but ldap can cause you a lot of problems if you don't account for it. Here is basically what you do. I have cut and pasted relevant sections.
We have SAN so we attach and de-attach network volumes but because it's rsync you can add a host name and do it over the network. Most of the Cloud providers offer some sort of volume SAN service these days and they can be cheap (for $10/month per 100GB in addition to full backup service which you can spin those off into new KVM's that is $10/month to test zimbra patches). So we use rsync as a migration method to test new OS's at this point given how fast it is... And if the entire process from OS building to Zimbra is automated you can do this in place provided you have a network volume to put zimbra and retain that same ip or optimal KVM. (better cpus ;-.) We are building 200GB instances in just under 20mins and that includes the 1min to spin up a new OS build which may or may not be the same OS we were previously running. The process is the same but having the same ip address makes it slightly easier for Zimbra.
You prime (rsync) the remote end while your service is running. If this was going to be a cut over, you would want to shut down your production server and do a final rsync so everything is cold. Note: a lot of advice is from admin's that run really busy and large servers requires a different mindset given how volatile there systems are due to the volume of users and email they manage. They have experienced the issues with partial/corrupt files which while rare can happen. Same for many commercial backup products that take snapshots of running servers. Practice often to learn your failure modes and how to repair them prior to having it happen on a production server.
Rebuilding from the other end.
You will have a few problems with the rsync on the other server when the ip's are different and you need to run ./install.sh. As a first thing to do would be to install the zimbra software, create the accounts, etc which more than likely will give you a different uid,gid for your /opt/backup using the example above. Here is one recipe that should work for you. Note: you have to update /etc/hosts to include zmhostname but with the new ip's and you need to run an authoritative but non delegated server in BIND speak. In other words, you want a zone file for the domain name that zmhostname is part of that has the ip address of this hot backup server and modify /etc/resolv.conf to point to 127.0.0.1 to resolve and fool zimbra ... Do not comment out nameserver entries in /etc/resolv.conf as zimbra has a bug (viewtopic.php?f=15&t=69524) and will include those in your nginx resolver file and your server will never come up. Anyway continuing what you would do on the new server. Example only as this wouldn't exactly solve your problem of a hot spare unless you are running the same OS, etc. This is a general solution below for different OS also.
In general, if you have a small server than rsync might work for you. . Everyone is different.
HTH,
Jim
Code: Select all
# create portable ldap file to copy.
cd /opt/zimbra/data/ldap/mdb/db
tar cvzSpf data.mdb.tar.gz data.mdb
# Do not sync if we an an internal corrupted database table
su zimbra -c "/opt/zimbra/libexec/zmdbintegrityreport -m"
if [ $? == 1 ]; then
echo -n "Corrupt DB - stopping - ">> "$backupLog"; date >> "$backupLog"
exit
fi
# copy all files except backups and sparse file
rsync --progress --archive --verbose --hard-links --exclude=zimbra/data/ldap/mdb/db/data\.mdb --exclude=zimbra/backup --exclude=zimbra/redolog /opt/zimbra /opt/backup
You prime (rsync) the remote end while your service is running. If this was going to be a cut over, you would want to shut down your production server and do a final rsync so everything is cold. Note: a lot of advice is from admin's that run really busy and large servers requires a different mindset given how volatile there systems are due to the volume of users and email they manage. They have experienced the issues with partial/corrupt files which while rare can happen. Same for many commercial backup products that take snapshots of running servers. Practice often to learn your failure modes and how to repair them prior to having it happen on a production server.
Rebuilding from the other end.
You will have a few problems with the rsync on the other server when the ip's are different and you need to run ./install.sh. As a first thing to do would be to install the zimbra software, create the accounts, etc which more than likely will give you a different uid,gid for your /opt/backup using the example above. Here is one recipe that should work for you. Note: you have to update /etc/hosts to include zmhostname but with the new ip's and you need to run an authoritative but non delegated server in BIND speak. In other words, you want a zone file for the domain name that zmhostname is part of that has the ip address of this hot backup server and modify /etc/resolv.conf to point to 127.0.0.1 to resolve and fool zimbra ... Do not comment out nameserver entries in /etc/resolv.conf as zimbra has a bug (viewtopic.php?f=15&t=69524) and will include those in your nginx resolver file and your server will never come up. Anyway continuing what you would do on the new server. Example only as this wouldn't exactly solve your problem of a hot spare unless you are running the same OS, etc. This is a general solution below for different OS also.
Code: Select all
./install.sh -s #want /etc/passwd with zimbra (first time on a machine if Zimbra has never been installed)
mv /opt/zimbra /opt/zimbra-
mv /opt/backup/zimbra /opt/zimbra
pushd /opt/zimbra
find . -uid 500 -print0 | xargs -0 chown -h zimbra # if you look in /opt/backup/zimbra/conf and don't see zimbra but numeric uid's... replace 500 for that number, etc.
find . -gid 500 -print0 | xargs -0 chgrp -h zimbra
popd
./install.sh -s (this would put correct OS libraries, etc in place if you were moving from RHEL6 to RHEL8 for example)
pushd /opt/zimbra/data/ldap/mdb/db
rm data.mdb if it exists but it should not if you did the rsync method above which excluded it
tar xvf data.mdb.tar.gz
popd
./install.sh --skip-activation-check
HTH,
Jim
-
- Posts: 25
- Joined: Wed Mar 10, 2021 3:35 pm
- Location: Ubuntu 18.04.5 LTS
- ZCS/ZD Version: 9.0.0.ZEXTRAS.202007114.UBUNTU18.64
Re: Rsync /opt/zimbra
Doesn't this catch the entire ldap file?JDunphy wrote:Here is basically what you do. I have cut and pasted relevant sections.Code: Select all
# create portable ldap file to copy. cd /opt/zimbra/data/ldap/mdb/db tar cvzSpf data.mdb.tar.gz data.mdb ...
Code: Select all
/opt/zimbra/libexec/zmslapcat -c /tmp
/opt/zimbra/libexec/zmslapcat /tmp