Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature
The Ten Commandments of system administration, part I
Share
Print
CommentsYou know the situation. You might be in the middle of rebooting after something as benign as adding RAM to your server, when all of a sudden your root filesystem refuses to mount, and fsck isn't helping. Or perhaps a hard disk fails and six months of work on a project goes with it. The probability of these and other such occurrences taking place is often small, but when they actually occur, you'll be glad you've prepared ahead of time.
Many of these precautions may seem elementary or obvious to you, but too often our job as system administrators doesn't give us the time to properly plan or fully configure servers and network infrastructure for deployment, and as a result, things we meant to go back and take care of later slip through the cracks.
It is not my intention to provide you with step by step instructions on each of these topics, but merely to suggest what has worked for me, and point you in the right direction. As the administrator at your site, I invite you to evaluate your own situation and environment to determine the proper course of action for your organization, and share your tips with readers through your comments below.
I. Thou shalt make regular and complete backups
This is probably the most basic fundamental of system administration, and that's why I've chosen to mention it first. Managing backups is one of the most important roles you'll undertake as a system administrator. As any well-seasoned IT professional can tell you, nothing matches the wrath and fury of a manager who has just lost all his email. Email isn't the only thing that requires backups, of course. Databases are becoming increasingly important in driving applications of all types, ranging from Web apps to customer and billing records. All of these represent data that is essential to the continued functionality of an organization, and that's what makes backups so important.
There are many ways you can implement backups in your organization, and what works best for me will not necessarily work best for you. Having said that, here are two ways I go about backing up data for my organization.
Since I administer a variety of servers running a variety of operating systems, I've implemented two separate backup routines. The first involves an enterprise software package called Backup Exec by Veritas, which I use for Windows machines. The second solution is by using rsync to create mirrored directories on remote RAID 5 hosts. Rsync is fairly flexible as a backup tool, and what I will focus on here.
The power of rsync lies in its ability to do incremental backups of large filesets without the network and disk overhead of more traditional methods such as tar and ufsdump/ufsrestore. An added bonus is that rsync can work on a live filesystem, though you should try to schedule backups for times that see the lowest utilization and traffic.
My setup is as follows. I have a Linux server that is set up in a RAID 5 configuration that serves as both a backup server and a remote syslog server. I have three other production *nix servers that use rsync each night to create an incremental backup of important files and directories across the network to the Linux machine. I run and manage the backups from each server for the sake of ensuring I don't ever accidentally run backups on the wrong part of a server. Here's an example of the rsync command that runs every night to copy data across to the Linux server:
rsync -e ssh -avz --delete /srv/www/htdocs/ sphinx:/backups/webserver
The -e ssh flag tells rsync to use SSH as its transport method. This is a convenient way of encrypting your data transfer to keep everything safe. The -a flag instructs rsync to operate in archival mode, which keeps the file permissions, modification dates, and other attributes identical to the original files. The -z flag tells rsync to compress the data for faster transfers.
The --delete option instructs rsync to remove any files from the destination that are no longer found in the source. It's important that you read and fully understand the consequences of this flag, as adding or forgetting altogether the trailing slash on your source or destination directories can lead to traumatic consequences and data loss. Make sure you have a firm understanding of the various uses of rsync before deploying it in a production environment, as data losses resulting from a mistyped slash and the --delete option are easier to fall into than you might think.
Finally, we're left with /srv/www/htdocs, which is the source directory from which everything will be copied, and sphinx:/backups/webserver, the host name and path to the backup directory.
When you're designing a backup policy around rsync, set up trusted SSH sessions ahead of time, so you don't have to include a password within shell scripts or have to repeatedly re-enter it. Also, schedule regular backups with cron so as to prevent the machine from needing constant input from you to archive your data. If you'd like a look at an extremely well designed rsync backup policy, you can find one here.
Next week: The Second Commandment
Comments
on The Ten Commandments of system administration, part INote: Comments are owned by the poster. We are not responsible for their content.
On the other hand, with GNU/Linux or Free/Net/OpenBSD, I can use tar -cvf or dump, walk over to *any* UNIX-like box, and do a tar -xvf or restore. About four years ago, I had to restore a GNU/Linux-made tape backup (hardware issue; the hard disk went kaput) on a Solaris box. With some help from the Solaris admin, we got it done, the original server was rebuilt with the data copied back over, and we were back in business within a few hours.
*That* convinced me, right there, of the business case for Free Software.
The requested URL (software/05/04/15/www.mikerubel.org/computers/rs<nobr>y<wbr></nobr> nc_snapshots/) was not found.
If you feel like it, mail the url, and where ya came from to webmaster@newsforge.com.
<A HREF="http://www.mikerubel.org/computers/rsync_snapshots/" title="mikerubel.org">Fixed</a mikerubel.org>
It is pretty much accepted that you can't be locked in if you use Open Source software, and open standards. The ability to fork ensures that a supplier who misbehaves can be replaced.
But, running on Linux will not keep you free if you allow yourself to be locked in by other proprietary components, such as applications, drivers, and protocols (APIs, Object Models, Comms, etc.).
I'm not so worried about simple lock-in, such as when someone uses a proprietary application. In such cases, the user knows what he or she is getting into, and that it may be necessary to change applications in the future.
Rather, the thing that worries me is Network-Effect Lock-In.
Network-Effect Lock-In occurs when users and developers are tied to each other by a common piece of proprietary middleware (an application, a driver, a communications protocol, etc.).
With Network-Effect Lock-In, the users find it difficult to get out, because they are dependent on multiple products (and multiple developers) that use the same proprietary middleware.
Likewise, the developers find it difficult to get out, because all their users are tied to the same proprietary middleware, not to mention any requirements for compatibility with other products based on that middleware.
A good example of Network-Effect Lock-In is Windows, where the users and developers are all dependent on the same proprietary middleware, namely, the Windows APIs.
Looking at Linux, are there examples of proprietary middleware that are creating Network-Effect Lock-In?
The answer is yes. The examples are numerous, and their use is growing more widespread.
Here are some that I can think of, off the top of my head:
- NVidia's and ATI's proprietary hardware drivers.
- MySQL, when used under its non-GPL license.
- Qt, when used under its non-GPL license.
- Wine, when used under its non-GPL license.
- Proprietary codecs for audio and video.
- RealMedia and its protocols.
- Flash and its protocols.
-<nobr> <wbr></nobr>.Net and its protocols (e.g. Trolltech built a<nobr> <wbr></nobr>.Net interface into Qt).
- Various other semi-proprietary protocols, such as SMB (Samba), the Qt APIs and Object Model (Qt),<nobr> <wbr></nobr>.Net (Mono), and so on.
- Various proprietary install procedures, such as those used by Linspire, or Xandros.
- And so on.
As Linux gains more casual users, the tendency to compromise on Open Source (or Free Software, in deference to RMS) principles is growing. This results in a growing use of, and acceptance of, proprietary middleware on Linux.
And that creates a threat.
Every piece of proprietary middleware in common use on Linux gives the owner of that middleware leverage.
How can that leverage be used? As we have seen in the past, say, with Windows, it can be used to dictate standards in favor of its owner; to give the owner's products a competitive advantage over others; or to expand the owner's leverage into other areas, such as applications, development standards, and ultimately the platform itself.
For example, what would happen today if Microsoft bought up NVidia, MySQL, Trolltech, and Macromedia? Would that be enough to guarantee the dominance of MS-Linux and<nobr> <wbr></nobr>.Net? Probably not.
What about five years from now, if we allow the continued encroachment on Linux by proprietary middleware?
It concerns me that more people are not speaking out on this. I would especially like to see some concern expressed by Free Software and Open Source leaders, such as RMS, ESR, Bruce Perens, and so on.
The correct place for the parent post is, of course, the story titled "RMS: BitKeeper bon-voyage is a happy ending." I have reposted it there.
Sorry about the mix-up.
I'm using this to backup our linux based fileserver and found the config file a bit confusing to setup but I'm happy with the results.
However I'm looking at the best way to do backups on Windows XP clients to our fileserver. I tried out nasbackup (<a href="http://www.nasbackup.com/" title="nasbackup.com">http://www.nasbackup.com/</a nasbackup.com>) but didn't find it robust or easy to use. I want to get some rsync based mechanism setup to backup people's desktops and laptop machines at my company. What do you use and how happy are you with it?
The best tool I have seen, witch I use, is cwRsync ( www.itefix.no ) witch is yet another packaging of Rsync and Cygwin. I am very happy with this. In the pacage you find the executables: ssh.exe, ssh-keygen, rsync.exe. There is an example<nobr> <wbr></nobr>.bat script wich launches the rsync prosess with parameters and excludes. (remember to refer to your disks as<nobr> <wbr></nobr>/cygdrive/c/, and not c:/)
Hope you find this information useful..
No matter what your security precautions, you can still get hit by a determined attacker or a fast new worm (remember Slammer & Witty?). If you can't restore the lost data, you'll still be looking for a new job, no matter HOW secure you were.
Never change anything after 4pm.
commandment two.
When a user calls with a problem never respond immediately. Give them time to figure it out. If they figure it out for themselves they will remember, if you do it for them they will never learn a thing.
(use your best judment on this one)
commandment three
never tell users about commandment two.
Commandment 0
Posted by: Anonymous Coward on April 25, 2005 11:04 PM#