Category: Storage

Extended permissions on backup directory

Using rsnapshot to do backups I want to enable some users the availability to easily restore a single file from the snapshot. Problem is that rsnapshot also is keeping the original permissions for each file. To solve this i will create a usergroup called dalesjo-backup and give this group read access to all files in the backup using an Access Control list.

Enable ACL

First you need to enable ACL on your zfs pool in this case zfs-pool-2

zfs set acltype=posixacl zfs-pool-2

If you dont do this setfacl will return the error below.

setfacl: .: Operation not supported

Set Filepermissions

Below I’m setting a default acl giving dalesjo-backup read/execute permissions on all new files. And after that changing all currently existing files to give read/execute access to the same group.

cd /zfs-pool-2/backup
setfacl -Rdm "g:dalesjo-backup:rx" .
setfacl -Rm "g:dalesjo-backup:rx" .
getfacl .

Source: Serverfault

Backup of CIFS/Samba share

By mounting a smb share on your linux machine you can make an rsnapshot of the entire share without installing cwrsync. example below

  1. Download ds_smbmount
  2. Create a script that mounts all samba shares you want to snapshot.  the script should exit with an exitcode > 0 if mounting fails.  Script is later refered to as /root/smb/radion-mount
    #!/bin/bash
    
    /root/bin/ds_smbmount -d "/mnt/share/radion/k2/foreningar" -s "//192.168.60.202/föreningar" -u backup -p mypassword -U 0 -G 1003
    if [ $? -ne "0" ]; then
     echo "Failed to mount /mnt/share/radion/k2/foreningar"
     exit 1;
    fi;
  3. Create a script that umount all samba shares after your rsnapshot is finished. script is later refered to as /root/smb/radion-umount
    #!/bin/bash
    
    umount /mnt/share/radion/k2/foreningar
  4. Configure rsnapshot to run an script before and after snapshot.
    #################################################
    # rsnapshot.conf - rsnapshot configuration file #
    #################################################
    
    #######################
    # CONFIG FILE VERSION #
    #######################
    
    config_version 1.2
    
    ###########################
    # SNAPSHOT ROOT DIRECTORY #
    ###########################
    
    # All snapshots will be stored under this root directory.
    snapshot_root /zfs-pool-2/backup/radion
    no_create_root 0
    
    #################################
    # EXTERNAL PROGRAM DEPENDENCIES #
    #################################
    
    cmd_cp /bin/cp
    cmd_rm /bin/rm
    cmd_rsync /usr/bin/rsync
    cmd_ssh /usr/bin/ssh
    cmd_logger /usr/bin/logger
    
    cmd_preexec /root/smb/radion-mount
    cmd_postexec /root/smb/radion-umount
    
    #########################################
    # BACKUP INTERVALS #
    #########################################
    
    retain daily 30
    
    ############################################
    # GLOBAL OPTIONS #
    ############################################
    
    verbose 2
    loglevel 3
    logfile /var/log/rsnapshot-radion.log
    lockfile /var/run/rsnapshot-radion.pid
    
    # Bandwith limited to 30000KB/s =~ 240Mb/s
    # default --relative removed to keep simple folder structure.
    rsync_long_args --bwlimit=30000 --delete --numeric-ids --delete-excluded
    
    
    ###############################
    ### BACKUP POINTS / SCRIPTS ###
    ###############################
    
    backup /mnt/share/radion/k2/foreningar     k2/foreningar

 

Howto setup NFSv4

Setup NFSv4 Server

Below is how the openMediaVault is configured, the interesting part is fsid=0, instead of connecting to /export/nextcloud as we do in NFSv3 we are going to connect directly to /nextcloud

GNU nano 2.2.6 File: /etc/exports
# This configuration file is auto-generated.
/export/nextcloud 192.168.64.201/32(fsid=1,rw,subtree_check,secure,crossmnt,anonuid=1002,anongid=1002)
/export/UniFi-Video 192.168.64.147/32(fsid=2,rw,subtree_check,secure,crossmnt)
# NFSv4 - pseudo filesystem root
/export 192.168.64.201/32(ro,fsid=0,root_squash,no_subtree_check,hide)
/export 192.168.64.147/32(ro,fsid=0,root_squash,no_subtree_check,hide)


fsid=0:
NFS server needs to be able to identify each filesystem that it exports. For NFSv4 server, there is a distinguished filesystem which is the root of all exported filesystem. This is specified with fsid=root or fsid=0 both of which mean exactly the same thing.

Debian / Ubuntu Linux: Setup NFSv4 File Server

Client setup

To connect with NFSv4 instead of NFSv3 we need to use nfs4 instead of nfs as a filesystem. As stated above, we omitt the /export/ part we usally use with NFSv3

GNU nano 2.2.6 File: /etc/fstab
...
192.168.64.200:/nextcloud     /host/nfs/nextcloud        nfs4 rsize=8192,wsize=8192,timeo=14,intr 0 0
...

ZFS the beginning

How i created my first pool

Raidz2 has two redundant drives (aka raid6). on spare drive and autoreplace on so the spare drive is used automatic in case of drive failure.

zpool create zfs-pool-1 raidz2 /dev/disk/by-id/ata-TOSHIBA_HDWN180_67PQK0NNFP9E /dev/disk/by-id/ata-TOSHIBA_HDWN180_67PQK0NGFP9E /dev/disk/by-id/ata-TOSHIBA_HDWN180_67PSK0YAFP9E /dev/disk/by-id/ata-TOSHIBA_HDWN180_67PUK0KWFP9E /dev/disk/by-id/ata-TOSHIBA_HDWN180_67PUK0KUFP9E /dev/disk/by-id/ata-ST8000VN0022-2EL112_ZA16NRDD /dev/disk/by-id/ata-ST8000VN0022-2EL112_ZA16NR57 /dev/disk/by-id/ata-ST8000VN0022-2EL112_ZA16KL2F /dev/disk/by-id/ata-ST8000VN0022-2EL112_ZA16PGEQ /dev/disk/by-id/ata-ST8000VN0022-2EL112_ZA16PH49
zpool add zfs-pool-1 spare /dev/disk/by-id/ata-ST8000VN0022-2EL112_ZA15N257
zpool set autoreplace=on zfs-pool-1

Continue reading