4.2.4 Backups
A backup strategy is essential to protect your data from loss
Preface
Any production use of OSCAR should be accompanied by a backup strategy that protects the data. The following instructions makes a cycling encrypted compressed backup that can be accessed through OSCAR Admin. Dynamically changing files will be backed up including the database and all downloaded files. This ensures a complete backup of the "chart" in case of system failure. The archive file of the uploaded files will become quite large over time, so we’ll only keep a month of copies on hand at any given time. As the files generated are sitting on the server you will still need to arrange to have the backups periodically downloaded and taken off site for storage.Document Version History
- v1.0 – initial public release on oscarmanual.org – May 7, 2010
- v1.1 – added logging to backup script, restoring backup, and tomcat 5.x instructions. May 9, 2010
- v1.2 – ported to new.oscarmanual.org. June 26, 2010
|
Contents
|
Prerequisites
It is assumed that- A default Ubuntu/Tomcat6 based installation of OSCAR.
- You have a basic level of Linux knowledge
- You can open a Linux terminal
- You can use a Linux text editor
- You can cut and paste EXACTLY the following instructions
The Backup Script
First form the backup directories and ensure that OSCAR can access it
sudo mkdir /home/mysql/ sudo mkdir /home/mysql/archive sudo chown -R tomcat6:nogroup /home/mysql sudo chmod -R 755 /home/mysql
Using a text editor open a blank file to contain the provided script.
A note about the following command – ‘vi’ (for visual editor) is a classic unix editor. First time users usually find other Linux editors easier to use particularly ‘nano’, if you are running in a terminal environment, and ‘gedit’, if you are running with a GUI. If you elect to use an alternative editor, replace ‘vi’ in the commands that follow with your editor of choice.sudo vi $CATALINA_BASE/backup.shCopy and paste the text below into backup.sh remembering to replace ****** with your actual MySQL database password :
#!/bin/sh
# backup.sh
# a script file for OSCAR that copies compressed archives
# that have been date stamped for easy sorting
# to the destination folder usually where a browser can access
# (it should match backup_path in your oscar.properties)
# and once a month to an archive folder
# from a given MySQL database and documents folder
SRC=/var/lib/tomcat6/webapps
DEST=/home/mysql
ARCH=/home/mysql/archive
DBSE=oscar_mcmaster
DBPWD=***********
DOCS=OscarDocument
LOG_FILE=/home/mysql/daily.log
LOG_ERR=/home/mysql/daily.err
# --- log the running of the script
echo "#########" `date` "#########" 1>> $LOG_FILE
echo "#########" `date` "#########" 1>> $LOG_ERR
# --- set local variables to today's date and time
YR=$(date +%Y)
MN=$(date +%m)
DY=$(date +%d)
NOW=$(date +%H%M%S)
cd $SRC
# --- check if we are in the correct directory
if [ "$(pwd)" != "${SRC}" ] ; then
echo "$0: couldn't change directory to ${SRC}" 1>> $LOG_ERR
echo "No backup made !" 1>> $LOG_ERR
exit 100
fi
# --- create a sql file of the database
mysqldump ${DBSE} -uroot -p${DBPWD} > OscarBackup.sql
# --- compress up the output and the document directory
tar -czf OscarBackup.tar.gz OscarBackup.sql 2>>$LOG_ERR
tar -czf OscarDocumentBackup.tar.gz ${DOCS}/ 2>>$LOG_ERR
# --- encrypt the files
openssl enc -aes-256-cbc -salt -in OscarBackup.tar.gz -out OscarBackup.enc.tar.gz -pass pass:${DBPWD} 2>>$LOG_ERR
openssl enc -aes-256-cbc -salt -in OscarDocumentBackup.tar.gz -out OscarDocumentBackup.enc.tar.gz -pass pass:${DBPWD} 2>>$LOG_ERR
rm -f OscarDocumentBackup.tar.gz 2>>$LOG_ERR
rm -f OscarBackup.tar.gz 2>>$LOG_ERR
# --- every month archive one day worth of the backups
# (this is set for the first day of the month, but you can change this)
if [ "01" = "${DY}" ] ; then
if [ -d "${ARCH}" ] ; then
echo "preparing last month's backup for the archival directory" 1>> $LOG_FILE
else
echo "the archival directory doesn't exist so we create ${ARCH}" 1>> $LOG_ERR
mkdir "${ARCH}" 2>>$LOG_ERR
fi
mv -f ${DEST}/????-??-${DY}* ${ARCH}/ 2>>$LOG_ERR
fi
# --- remove last months backup from this date
# (you can comment out the following if you need more than a months backups)
for FILE in ${DEST}/????-??-${DY}* ; do
rm -f ${FILE} 2>>$LOG_ERR
done
# --- copy today's tar gziped files to the backup directory
# --- options for "cp"
# -p preserves ownership, permissions, time etc
OPTIONS="-p"
for FILE in *gz ; do
cp ${OPTIONS} ${FILE} ${DEST}/${YR}-${MN}-${DY}-${NOW}-${FILE} 1>> $LOG_FILE 2>>$LOG_ERR
done
echo "....done" 1>> $LOG_FILE
Save and exit the editor and make the file executable
sudo chmod 700$CATALINA_BASE/backup.sh
We’ll configure Linux to run the command every day. This is done by creating a cron job for the script we just made. Run the following command to open an editor for the crontab file:
sudo crontab -eAnd add to the existing file an entry so that the command looks like below
# m h dom mon dow command 01 23 * * */var/lib/tomcat6/backup.sh
You’ve now configured a daily backup of the mySQL OSCAR database and the documents folders. This backup will run at 1 minute after 11 pm (2301h), each evening. Each backup file will be created in the /home/mysql/ directory and will be time stamped based on the date and time it was created.
You will be able to see the contents of the backup directory with the command:
sudo ls /home/mysql/These backup files can also be viewed and downloaded via the Admin->oscarDatabase/Document Download tab from within OSCAR.
Restoring the backup
In order to restore the backup you need to know all the encoding details that were selected during the encryption process otherwise you get an unreadable binary file. The relevant details are
- the cipher used
- the password used (plus the initial vector if applicable)
- if the file was salted (and the salt string if no key was provided)
- the format (eg encoded with -base64) and the padding
Assuming you have not deviated from the above script, de-encrypt the backup with the following command. Eg for the backup files created on May 5th, 2010 the parameters will be
openssl enc -d -aes-256-cbc -salt -in 2010-05-05-230101-OscarBackup.enc.tar.gz -out OscarBackup.tar.gz
openssl enc -d -aes-256-cbc -salt -in 2010-05-05-230101-OscarDocumentBackup.enc.tar.gz -out OscarDocumentBackup.tar.gz The program will ask for your password which will be the same as the one you supplied for ********** in the backup script. You will then want to decompress the files
tar -xzf OscarBackup.tar.gz
tar -xzf OscarDocumentBackup.tar.gz Then restore the database (this step will overwrite the data and CANNOT be undone)
mysql -uroot -p******* oscar_mcmaster < OscarBackup.sqlTest that you can open the backup and read the contents before you depend on this script. Windows™ and OS X™ equivalents to openssl and tar are available to test the integrity of the backup on those systems with details available elsewhere.
http://gnuwin32.sourceforge.net/packages/gtar.htm
http://www.slproweb.com/products/Win32OpenSSL.html
Tomcat 5.x
The above instructions assume you are running Tomcat 6 on Ubuntu installed with apt-get. If you are not, you can still use the script but you may need to change a few things.First determine who (which user) is running Tomcat on your system
ps aux | grep tomcatsudo chown -R tomcat55:nogroup /home/mysqlecho $CATALINA_HOMESRC=/usr/local/tomcat/webapps