[OpenIndiana-discuss] zfs snapshot script
Dan Swartzendruber
dswartz at druber.com
Sun May 1 14:37:24 UTC 2011
-----Original Message-----
From: Matt Connolly [mailto:matt.connolly.au at gmail.com]
Sent: Sunday, May 01, 2011 10:22 AM
To: Discussion list for OpenIndiana
Subject: Re: [OpenIndiana-discuss] zfs snapshot script
On 01/05/2011, at 11:48 PM, Dan Swartzendruber wrote:
> Hmmm, well, what I've seen a couple of places (and have been using myself)
> is rsyncd.conf on the OS box having a post-exec cmd that takes the
> snapshot...
So that means having some daemon running as root (or with required
privileges) that could listen to a trigger message sent from the client?
In my case the server is operating simply as a file server and it has no
knowledge of the state of a backup. I could change the windows backups to be
using an rsync daemon on the server, but the mac backups using Time Machine
require an afp file server, so something else needs to be added.
Are there any permission tricks that would allow a script executed via ssh
to execute "zfs snapshot"??
*** Sorry for being unclear. It may not be optimal, but what I have been
doing is this: the clients back up by running rsync (with each a customized
rsync config file and exclude file). The OI box has rsync running in daemon
mode, with the config file defining each client with a stanza like this:
read only = yes
list = yes
uid = root
gid = root
[sphinx]
path = /tank/backups/servers/sphinx
read only = no
hosts allow = 10.0.0.1
hosts deny = *
post-xfer exec = /usr/bin/create_zfs_snapshot $RSYNC_MODULE_PATH
[pbx]
path = /tank/backups/servers/pbx
read only = no
hosts allow = 10.0.0.7
hosts deny = *
post-xfer exec = /usr/bin/create_zfs_snapshot $RSYNC_MODULE_PATH
To centralize the backup scheduling, the OI box runs the rsync command on
each client via ssh, using public keys to avoid needing passwords. This
doesn't sound like what you want, particularly if you need to use afp :( I
don't know anything about afp, but trying to make an suid script safe seems
difficult to me (I could be wrong though.) It's a hack, but maybe you could
do something like this on the mac:
do your backup via afp
do an rsync, with the OI box using the post-xfer trick to take a snapshot of
the filesystem in question - the security would be based on having the IP
match your Mac, which isn't perfect, but better than having an suid script.
the rsync would be to some small (maybe even empty) dummy directory on the
same filesystem the afp share is on.
does this sound wacky?
More information about the OpenIndiana-discuss
mailing list