Add to collection(s) Add to saved
  1. No category
Uploaded by Rojy George

ndmp17

SUNWndmp backups on EMC NetWorker 9.1
David Stes
email: stes@telenet.be
September 27, 2017
Abstract
We explain here how to use the SUNWndmp package for NDMP backups on Oracle Solaris 11 in combination
with EMC NetWorker 9.1. To this end, we set up an EMC NetWorker 9.1 server on Linux Slackware 14.2, we
also configure NMC, the NetWorker Management Console, and the (legacy) license manager, on Linux CentOS
6.9 and configure the EMC NetWorker 9.1 authc-server on Linux CentOS 7.4. Then we test NDMP backup and
recovery of the ZFS filesystems of the Oracle Solaris 11 client via SUNWndmp and the -T zfs option.
1 EMC NetWorker 9.1 backup server
We have installed the EMC NetWorker 9.1 backup server on Linux Slackware 14.2, on a first server. The GUI
or graphical user interface, together with the (old legacy) license manager, is installed on Linux CentOS, on a
second server. This server is called NMC, or NetWorker Management Console, and it is able to manage multiple
backup servers. Also there is a (new) component for authentication, the authentication server, that we installed on
a different, third, server (also on Linux CentOS but version 7.4).
The NMC configuration will request the name of the authentication server, and it must be able to communicate
with it on TCP port 9090. So we first setup the authentication server. The installation of the backup server requires
installation of the authentication on each backup server itself, but on the other hand it is necessary to run the
nsrauthtrust command to make each of the NMC managed backup servers communicate with the authentication
server.
1.1
Authentication server
We’ll install and configure the lgtoauthc package on CentOS 7.4. On this host, we’ll first disable SElinux and also
first disable the firewalld service so that the authentication server can serve requests from NMC and the various
backup servers.
# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
When installing the EMC NetWorker 9.1 client package, there is a (false) dependency problem :
1
# rpm -i lgtoclnt-9.1.1.3-1.x86_64.rpm
warning: lgtoclnt-9.1.1.3-1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID fdc
b7d09: NOKEY
error: Failed dependencies:
libc.so.6 is needed by lgtoclnt-9.1.1.3-1.x86_64
libc.so.6(GLIBC_2.0) is needed by lgtoclnt-9.1.1.3-1.x86_64
The problem is that the GLIBC 2.0 symbol is not provided by the x86 64 libc on CentOS, but it is provided by the
32 bit i686 package. There is no real dependency of the EMC NetWorker 9.1 package on the the 32 bit library, but
this is (we believe) a false dependency RPM problem. So it is necessary to download the following 32 bit packages
from the CentOS website and install them :
# rpm -iv glibc-2.17-196.el7.i686.rpm nss-softokn-freebl-3.28.3-6.el7.i686.rpm
warning: glibc-2.17-196.el7.i686.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NO
Preparing packages...
nss-softokn-freebl-3.28.3-6.el7.i686
glibc-2.17-196.el7.i686
Note that the 32 bit package provides GLIBC 2.0 :
# rpm -qR glibc-2.17-196.el7.i686 | grep GLIBC_
ld-linux.so.2(GLIBC_2.1)
ld-linux.so.2(GLIBC_2.3)
libc.so.6(GLIBC_2.0)
We also tested to ignore the dependency, and the EMC NetWorker 9.1 software runs fine, so we think there is no
real dependency on the 32 bit libraries, it is just a RPM packaging problem (the dependencies think that they have
to insist on the GLIBC 2.0 symbol).
In order to communicate with the EMC NetWorker 9.1 software, we disable the firewall :
# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
and change /etc/selinux/config from SELINUX=enforcing to SELINUX=disabled :
# sestatus
SELinux status:
enabled
And then verify after reboot that we got rid of SELinux and that the server will be able to receive requests on port
9090 :
# iptables -L
Chain INPUT (policy ACCEPT)
target
prot opt source
destination
Chain FORWARD (policy ACCEPT)
target
prot opt source
destination
Chain OUTPUT (policy ACCEPT)
target
prot opt source
destination
2
The lgtoauthc package requires JAVA just like the NMC. We prefer to use SUN Oracle JAVA and not the RedHat
provided JAVA. The Oracle version of JAVA also provides the web start application javaws which is useful and
required to launch NMC. Also because we will deploy EMC NetWorker 9.1 on Slackware Linux, it seems better to
use the SUN Oracle JAVA on all of the different Linux flavors.
So after downloading the jre package from Oracle :
# rpm -iv jre-8u144-linux-x64.rpm
Preparing packages...
jre1.8.0_144-1.8.0_144-fcs.x86_64
Unpacking JAR files...
plugin.jar...
javaws.jar...
deploy.jar...
rt.jar...
jsse.jar...
charsets.jar...
localedata.jar...
# ls /usr/java/latest
COPYRIGHT THIRDPARTYLICENSEREADME-JAVAFX.txt
LICENSE
THIRDPARTYLICENSEREADME.txt
README
Welcome.html
bin
lib
man
plugin
release
Then we’re ready to install the authentication server :
# rpm -qip lgtoauthc-9.1.1.3-1.x86_64.rpm
warning: lgtoauthc-9.1.1.3-1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID fd
cb7d09: NOKEY
Name
: lgtoauthc
Relocations: /opt/nsr/authc-server
Version
: 9.1.1.3
Vendor: EMC Software
Release
: 1
Build Date: Wed 26 Jul 2017 09:39:03
AM CEST
Install Date: (not installed)
Build Host: blinwv68e
Group
: System
Source RPM: lgtoauthc-9.1.1.3-1.src.
rpm
Size
: 194004665
License: commercial
Signature
: RSA/SHA1, Wed 26 Jul 2017 10:29:21 AM CEST, Key ID a8b8af09fdcb7d0
9
URL
: http://www.emc.com
Summary
: Authentication Server
Description :
The NetWorker Authentication Service provides centralized token-based
authentication to components in a NetWorker environment. The NetWorker
Authentication Service can be configured to use a local user database
or external identity providers (LDAP and AD) for authentication.
EMC protects critical business data for enterprise customers by
simplifying, centralizing, and automating backup and recovery
operations across UNIX, Windows, and Linux platforms in DAS, NAS, and
SAN storage environments.
3
and install the package :
# rpm -ivh lgtoauthc-9.1.1.3-1.x86_64.rpm
warning: lgtoauthc-9.1.1.3-1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID fd
cb7d09: NOKEY
Preparing...
(100%)
NOTE: To complete configuration execute the following script as root:
/opt/nsr/authc-server/scripts/authc_configure.sh
By running the configure script, we specify to use the SUN Oracle JAVA :
4
# /opt/nsr/authc-server/scripts/authc_configure.sh
Specify the directory where the Java Standard Edition Runtime Environment (JRE)
software is installed [/usr/java/latest]: /usr/java/latest
The installation process will install an Apache Tomcat instance.
For optimum security, EMC NetWorker Authentication Service will
use a non-root user (nsrtomcat) to start the Apache Tomcat instance.
If your system has special user security requirements, ensure that proper
operational permissions are granted to this non-root user (nsrtomcat).
Please refer to NetWorker Installation Guide.
The Apache Tomcat will use "nsrhost" as the host name.
The Apache Tomcat will use "9090" as the port number.
The NetWorker Authentication Service requires a keystore file to configure encry
ption and to provide SSL support.
EMC recommends that you specify a password that has a minimum of nine characters
,
with at least one upper case letter, one lower case letter, one number and one s
pecial character.
The installation process will create a new keystore file.
Specify the keystore password:
Confirm the password:
The NetWorker Authentication Service defines automatically an administrator user
account
named administrator in the NetWorker Authentication Service local database.
This account is specific to the administration of the NetWorker Authentication S
ervice and
is no way related to other administrator accounts on this system.
The password of this account must meet the following criteria: A minimum of nine
characters
with at least one upper case letter, one lower case letter, one number and one s
pecial character.
Specify an initial password for administrator:
Confirm the password:
Creating the installation log in /opt/nsr/authc-server/logs/install.log.
Performing initialization. Please wait...
The Installation completed successful.
As indicated above, the Apache Tomcat of the authentication server will use ”9090” as the port number.
5
1.2
NetWorker Management Console
The next step is to configure NMC, the NetWorker Management Console, server and the legacy license server, both
together on the same server. NMC manages backup servers, and the legacy license server used to provide licenses to
the backup servers in the old EMC licensing model, which still can be used with a NETWORKER UPDATE license
for the new FlexNet LMGRD license manager. The NMC will be configured to use the administrator password as
configured on the authentication server.
NMC also requires JAVA, we prefer to use the SUN Oracle JAVA as used on the authentication server as well. The
SUN Oracle JAVA version includes javaws web start to launch NMC.
On CentOS Linux 6.9 there is basically the same issue as on CentOS 7 for the NetWorker client package :
# rpm -i lgtoclnt-9.1.1.3-1.x86_64.rpm
warning: lgtoclnt-9.1.1.3-1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID fdc
b7d09: NOKEY
error: Failed dependencies:
libc.so.6 is needed by lgtoclnt-9.1.1.3-1.x86_64
libc.so.6(GLIBC_2.0) is needed by lgtoclnt-9.1.1.3-1.x86_64
So also in this case, we download the 32 bit glibc package because it provides the GLIBC 2.0 that the RPM thinks
it requires (although that in reality this is not a real dependency on 32 bit software).
So this is solved by installing :
# rpm -i nss-softokn-freebl-3.14.3-23.3.el6_8.i686.rpm glibc-2.12-1.209.el6.i686.rpm
warning: nss-softokn-freebl-3.14.3-23.3.el6_8.i686.rpm: Header V3 RSA/SHA1 Signa
ture, key ID c105b9de: NOKEY
So both 32 bit and 64 bit versions are installed :
# rpm -qa | grep glibc
glibc-headers-2.12-1.209.el6.x86_64
glibc-common-2.12-1.209.el6.x86_64
glibc-2.12-1.209.el6.x86_64
glibc-devel-2.12-1.209.el6.x86_64
glibc-2.12-1.209.el6.i686
It can be seen that also on CentOS 6.9 , just like on CentOS 7.4, the 32 bit package provides the (false) dependency
:
# rpm -qR glibc-2.12-1.209.el6.i686
libc.so.6
libc.so.6(GLIBC_2.0)
In order to allow communication between the authentication server and the NMC server, we also disable the iptables
(via chkconfig) :
# chkconfig iptables off
6
Next, we installed lgtolicm and lgtonmc where the configuration of NMC requires the port number and host name
of the authentication server.
# rpm -ivh lgtonmc-9.1.1.3-1.x86_64.rpm
warning: lgtonmc-9.1.1.3-1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID fdcb7d09: NOK
Preparing...
########################################### [100%]
1:lgtonmc
########################################### [100%]
NOTE: To complete configuration execute the following script as root:
/opt/lgtonmc/bin/nmc_config
So note that the NMC must be able to communicate with port TCP 9090 with the authentication server that was
configured before (and which also defined the administrator password for NMC).
# /opt/lgtonmc/bin/nmc_config
For optimum security, the NMC server must run the embedded PostgreSQL database s
erver
as a non root user. Specify a local user name that will start the database serve
r.
If you specify a user that does not exist, the configuration process will provide you wit
the option to create the user account.
Specify the user for the database server [postgres]:
User postgres is not a local user. Do you want to create this user [n]? y
Specify the directory to use for the LGTOnmc database [/nsr/nmc/nmcdb]:
Do you want to migrate the NMC server data from a previous LGTOnmc 8.x.x release [n]?
Specify the host name of the NetWorker Authentication Service host: nsrhost
Specify the port number that the NetWorker Authentication Service uses for communication
Start the NMC server daemons at end of the configuration [y]?
Creating the installation log in /opt/lgtonmc/logs/install.log.
Performing initialization. Please wait...
Starting GST:
GST Services, Version 9.1.1
done.
The installation completed successfully.
Also by using SUN Oracle JAVA, the javaws web start tool can be used to launch the NMC console.
The administrator password for NMC is provided during the installation and configuration of the authentication
server.
7
1.3
EMC NetWorker 9.1 on Slackware
Next, we set up a backup server on Slackware. Slackware is a Linux distribution that does not use RPM (Red Hat
Package Manager) nor PAM (Pluggable Authentication Module).
The basic EMC NetWorker 9.1 components do not use PAM. So it is possible to use Slackware with the CLI,
command line interface, for performing backups and recoveries. However there is a tool called nsrfsra which is
used to browse the filesystem from the NMC wizards, and it has a dependency on PAM :
# ldd /usr/sbin/nsrfsra | grep pam
libpam.so.0 => not found
This binary, used for the graphical NMC based selection of files and for the NMC wizards, seems to make some
library calls to pam functions :
# strings /usr/sbin/nsrfsra | grep pam
libpam.so.0
pam_strerror
pam_start
pam_end
pam_authenticate
So in order to make the NMC wizard for browsing and for recoveries (graphical user interface to launch restores)
work, there is an optional PAM package for Slackware available that should be installed (if one wishes to use the
NMC wizards) :
# installpkg linux-pam-1.3.0-x86_64-1gds.txz
Verifying package linux-pam-1.3.0-x86_64-1gds.txz.
Installing package linux-pam-1.3.0-x86_64-1gds.txz:
PACKAGE DESCRIPTION:
# Linux-PAM (Pluggable Authentication Modules for Linux)
#
# Linux-PAM is a library that enables the local system administrator
# to choose how individual applications authenticate users.
# The purpose of the Linux-PAM project is to liberate the development
# of privilege granting software from the development of secure and
# appropriate authentication schemes. This is accomplished by
# providing a documented library of functions that an application
# may use for all forms of user authentication management. This
# library dynamically loads locally configured authentication
# modules that actually perform the authentication tasks.
#
# Packaged by Georgi D. Sotirov <gdsotirov@dir.bg>
The above package is not PAMifying Slackware, but it provides at least the library that the EMC NetWorker 9.1
package needs (or the graphical user interface of it, because the command line tools work without PAM).
The Slackware distribution uses the Linux 4.4.14 kernel :
8
# cat /etc/slackware-version
Slackware 14.2
# uname -r
4.4.14
Also note that Slackware has some executables in different locations than Red Hat, so for example for notifications
to work, either modify the EMC NetWorker 9.1 notification resources or make a symbolic or a hard link :
# ln -s /usr/bin/logger /bin/logger
Perhaps for making a more native Slackware version, it is best to review and modify the NSR notification commands
so that they don’t use the Red Hat paths for those commands such as logger or mail.
For the (required) authentication package we install SUN Oracle JAVA on Slackware (we could have downloaded
the tar ball package instead of the RPM for Slackware) :
# rpm -iv --nodeps jre-8u144-linux-x64.rpm
warning: Generating 12 missing index(es), please wait...
warning: Unable to get systemd shutdown inhibition lock
Preparing packages...
jre1.8.0_144-1.8.0_144-fcs.x86_64
Unpacking JAR files...
plugin.jar...
javaws.jar...
deploy.jar...
rt.jar...
jsse.jar...
charsets.jar...
localedata.jar...
/usr/sbin/alternatives not available, skip registering alternatives for java...
# ls /usr/java/latest
COPYRIGHT THIRDPARTYLICENSEREADME-JAVAFX.txt bin plugin
LICENSE
THIRDPARTYLICENSEREADME.txt
lib release
README
Welcome.html
For installing the EMC NetWorker 9.1 software we can either convert the RPM to tgz or txz Slackware packages,
using the Slackware rpm2tgz and rpm2txz tools, and install them like a regular Slackware package :
# installpkg lgtoclnt-9.1.1.3-1.x86_64.txz
Verifying package lgtoclnt-9.1.1.3-1.x86_64.txz.
Installing package lgtoclnt-9.1.1.3-1.x86_64.txz:
PACKAGE DESCRIPTION:
Executing install script for lgtoclnt-9.1.1.3-1.x86_64.txz.
Package lgtoclnt-9.1.1.3-1.x86_64.txz installed.
Converting the RPMs to the Slackware native format using rpm2tgz tool is best to avoid using RPM at all.
Or we can install the rpms, but keeping in mind that Slackware is not an RPM based distribution :
9
# rpm -i --nodeps lgtoclnt-9.1.1.3-1.x86_64.rpm
warning: lgtoclnt-9.1.1.3-1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID fdc
b7d09: NOKEY
warning: Unable to get systemd shutdown inhibition lock
/var/tmp/rpm-tmp.I7ihAD: line 415: /etc/ld.so.conf.d/networker.conf: No such fil
The issue with the non-existent directory for ld.so.conf can be solved by editing the conf file and adding the last
two lines :
# cat /etc/ld.so.conf
/lib64
/usr/lib64
/usr/local/lib64
/usr/x86_64-slackware-linux/lib64
/usr/lib64/seamonkey
/usr/lib/nsr
/usr/lib/nsr/lib64
Once the EMC NetWorker 9.1 server is running, also the following should be done to make it work with the
authentication server that we setup for NMC :
# nsrauthtrust -H nsrhost -P 9090
# nsraddadmin -H nsrhost -P 9090
134751:nsraddadmin: Added role ’cn=Administrators,cn=Groups,dc=nsrhost’ to the ’Security
134751:nsraddadmin: Added role ’cn=Administrators,cn=Groups,dc=nsrhost’ to the ’Applicati
134751:nsraddadmin: Added role ’cn=Users,cn=Groups,dc=nsrhost’ to the ’Users’ user group.
Note that Slackware is not using systemd, so the EMC NetWorker 9.1 service can be stopped and started by using :
# /etc/init.d/networker stop
2 Installing the SUNWndmp client
The following installation assumes we have internet access to a Oracle Solaris 11 repository. The Automatic profile
is enabled :
# cat /etc/release
Oracle Solaris 11.3 X86
Copyright (c) 1983, 2015, Oracle and/or its affiliates.
Assembled 06 October 2015
# uname -a
SunOS mercury 5.11 11.3 i86pc i386 i86pc
and the we can see the netadm profile :
10
All rights reserved.
# ipadm
NAME
CLASS/TYPE STATE
lo0
loopback
ok
lo0/v4
static
ok
lo0/v6
static
ok
net0
ip
ok
net0/v4
dhcp
ok
net0/v6
addrconf
ok
# netadm list
TYPE
PROFILE
STATE
ncp
Automatic
online
ncu:phys
net0
online
ncu:ip
net0
online
ncp
DefaultFixed
disabled
loc
DefaultFixed
offline
loc
Automatic
online
loc
NoNet
offline
UNDER
-------
ADDR
-127.0.0.1/8
::1/128
-10.0.2.15/24
fe80::a00:27ff:fe42:e521/10
The SUNWndmp packages are installed on Oracle Solaris 11 as follows:
# pkg install SUNWndmp
Packages to install: 1
Create boot environment: No
Create backup boot environment: No
Services to change: 1
DOWNLOAD
Completed
PKGS
1/1
PHASE
Installing new actions
Updating package state database
Updating image state
Creating fast lookup database
FILES
28/28
XFER (MB)
0.3/0.3
ITEMS
61/61
Done
Done
Done
There are two packages : the NDMP root components and the NDMP user components.
The version of these components is important as only the newer implementation supports the zfs backup type:
11
SPEED
176k/s
root@mercury:˜# pkginfo -l | grep ndmp
PKGINST: SUNWndmpr
PKGINST: SUNWndmpu
root@mercury:˜# pkginfo -l SUNWndmpr
PKGINST: SUNWndmpr
NAME: Network Data Management Protocol Service (Root)
CATEGORY: system
ARCH: i386
VERSION: 11.11,REV=2009.11.11
BASEDIR: /
VENDOR: Oracle Corporation
DESC: Network Data Management Protocol Service (root components)
INSTDATE: Sep 25 2017 18:56
HOTLINE: Please contact your local service provider
STATUS: completely installed
root@mercury:˜# pkginfo -l SUNWndmpu
PKGINST: SUNWndmpu
NAME: Network Data Management Protocol Service (User)
CATEGORY: system
ARCH: i386
VERSION: 11.11,REV=2009.11.11
BASEDIR: /
VENDOR: Oracle Corporation
DESC: Network Data Management Protocol Service (user components)
INSTDATE: Sep 25 2017 18:56
HOTLINE: Please contact your local service provider
STATUS: completely installed
There exists older versions of these packages. It is said that the software release 2010.Q3 introduced the zfs type
support.
3 Configuring the SUNWndmp client
Once the SUNWndmp packages are installed, we have to enable the NDMP service.
First of all we change to a fixed ip address :
12
# netadm enable -p ncp DefaultFixed
Enabling ncp ’DefaultFixed’
# ipadm
NAME
CLASS/TYPE STATE
UNDER
ADDR
lo0
loopback
ok
--lo0/v4
static
ok
-127.0.0.1/8
lo0/v6
static
ok
-::1/128
# ipadm create-ip net0
# ipadm
NAME
CLASS/TYPE STATE
UNDER
ADDR
lo0
loopback
ok
--lo0/v4
static
ok
-127.0.0.1/8
lo0/v6
static
ok
-::1/128
net0
ip
down
--# ipadm create-addr -T static -a local=192.168.0.12/24 net0/v4
# ipadm create-addr -T addrconf net0/v6
# ipadm
NAME
CLASS/TYPE STATE
UNDER
ADDR
lo0
loopback
ok
--lo0/v4
static
ok
-127.0.0.1/8
lo0/v6
static
ok
-::1/128
net0
ip
ok
--net0/v4
static
ok
-192.168.0.12/24
net0/v6
addrconf
ok
-fe80::a00:27ff:fe42:e521/10
Then we configure the NDMP service :
# svcadm enable ndmpd
# netstat -an | grep 10000
*.10000
*.*
0
0
128000
0 LISTEN
After enabling the service, we can check that the daemon runs :
# ps -ef | grep ndmpd
root 2776
1
root 2778 2697
0 12:15:32 ?
0 12:15:41 pts/1
0:00 /usr/lib/ndmp/ndmpd
0:00 grep ndmpd
There are some utilities included, such as ndmpadm and ndmpstat. For example, with ndmpadm we can see that the
logfile is in /var/ndmp :
13
# ndmpadm get
debug-path=/var/ndmp
dump-pathnode=no
tar-pathnode=no
ignore-ctime=no
zfs-token-support=no
token-maxseq=1073741823
version=4
dar-support=no
tcp-port=10000
backup-quarantine=no
restore-quarantine=no
overwrite-quarantine=no
zfs-force-override=off
drive-type=sysv
type-override=off
cpu-binding=no
fs-export=
The man page of ndmp(4) explains some of these properties (such as NDMP version 4 support).
In order to use EMC NetWorker 9.1 with SUNWndmp, we have to set a password. The username (ndmp) and
password (ndmp) is set as follows :
# ndmpadm enable -a cram-md5 -u ndmp
Enter new password: ndmp
Re-enter password: ndmp
In this paper we will do DSA NDMP backups, so we do not configure a NDMP device.
4 Configuring the EMC NetWorker 9.1 server
On the Slackware EMC NetWorker 9.1 server, we create and label a simple file type device :
# nsradmin
NetWorker administration program.
Use the "help" command for help, "visual" for full-screen mode.
nsradmin> create type: NSR device; name: /ndmpdata; media type: file
type: NSR device;
name: /ndmpdata;
media type: file;
Create? y
created resource id 44.0.137.4.0.0.0.0.70.60.202.89.192.168.0.7(1)
We can see how the device is created on EMC NetWorker 9.1 :
14
# nsradmin
NetWorker administration program.
Use the "help" command for help, "visual" for full-screen mode.
nsradmin> . type: NSR device; name: /ndmpdata
Current query set
nsradmin> print
type: NSR device;
name: /ndmpdata;
comment: ;
description: ;
device access information: ;
enable fibre channel: No;
fibre channel hostname: ;
message_I18N: " ";
message: " ";
volume name: ;
media family: disk;
media type: file;
enabled: Yes;
read only: No;
target sessions: 4;
max sessions: 32;
max nsrmmd count: 1;
verify label on eject: No;
parent jukebox: ;
cleaning required: No;
cleaning interval: ;
date last cleaned: ;
auto media management: No;
ndmp: No;
dedicated storage node: ;
hosts: ;
remote user: ;
password: ;
hardware id: ;
path id: ;
export path: ;
CDI: Not used;
Warn on suspect volumes (%): 80;
TapeAlert Critical: ;
TapeAlert Warning: ;
TapeAlert Information: ;
WORM capable: No;
DLTWORM capable: No;
WORM cartridge present: No;
device serial number: ;
Network Write Size: 8192;
Server: ;
Cloud CA Certificate: ;
Send/Receive Timeout: 90;
Number of Retries: 3;
Network Failure Retry Interval: 5;
Compression: Compression Speed Fast;
Encryption: AES 256 Encryption;
Throttling: No; 15
bandwidth: ;
restricted data zone: ;
Next, the idea here is to create a destination pool and simply label and mount a volume, so that we can do backups
in EMC NetWorker 9.1. The DSA backup technology allows us to multiplex NDMP and non-NDMP backups to
the same device, since version 7.2.
nsradmin
NetWorker administration program.
Use the "help" command for help, "visual" for full-screen mode.
nsradmin> create type: NSR pool; name: NDMP
type: NSR pool;
name: NDMP;
Create? y
created resource id 45.0.137.4.0.0.0.0.70.60.202.89.192.168.0.7(1)
This NDMP pool is a simple backup pool, no special option for NDMP is set on it :
# nsradmin
. type: NSR pool; NetWorker administration program.
Use the "help" command for help, "visual" for full-screen mode.
nsradmin> name: NDMP
Current query set
nsradmin> print
type: NSR pool;
name: NDMP;
comment: ;
enabled: Yes;
pool type: Backup;
label template: Default;
devices: ;
store index entries: Yes;
auto media verify: No;
Recycle to other pools: No;
Recycle from other pools: No;
media type required: ;
volume type preference: ;
max parallelism: 0;
WORM pool: No;
create DLTWORM: No;
barcode prefix: ;
recycle start: ;
recycle interval: "24:00";
max volumes to recycle: 200;
restricted data zone:
Then label and mount :
# nsrmm -l -b NDMP -f /ndmpdata
Using volume name ‘nsr14.002’ for pool ‘NDMP’
# nsrmm -m -f /ndmpdata
file disk nsr14.002 mounted on /ndmpdata, write enabled
16
5 NDMP client resource
In order to perform a backup now, we have to setup an NDMP client resource.
nsradmin> create type: NSR client; name: mercury; save set: /bpool/volume; remote user: n
type: NSR client;
name: mercury;
save set: /bpool/volume;
remote user: ndmp;
password: *******;
backup command: nsrndmp_save -M -T zfs -c mercury;
ndmp: Yes;
NDMP array name: mercury;
Create? y
created resource id 46.0.137.4.0.0.0.0.70.60.202.89.192.168.0.7(1)
This is a special client with ndmp set to YES and the backup command in EMC NetWorker 9.1 for our client is:
backup command: nsrndmp_save -M -T zfs -c mercury;
In the case of a regular NDMP (non DSA) backup, leave out the -M option.
Next, for EMC NetWorker 9.1 we have to create a protection group, policy, workflow and backup action :
# nsrpolicy policy list
Bronze
Gold
Platinum
Server Protection
Silver
The protection group is created as follows :
# nsrpolicy group create client -g NDMP -C mercury
133582:nsrpolicy: Group ’NDMP’ was successfully created
This will set the protection group list in the client resource to NDMP.
Then we make a policy Backup (if it does not already exist, because this policy is created when migrating regular
NetWorker groups to the new EMC NetWorker 9.1 format).
# nsrpolicy policy create -p Backup
121388:nsrpolicy: Policy ’Backup’ was successfully created
Next we need a workflow which is related to the protection group (a protection group cannot linked to multiple
workflows) :
17
# nsrpolicy workflow create -p Backup -w NDMP -g NDMP
133573:nsrpolicy: workflow ’NDMP’ was successfully created
The actual backup action is the object that sets the retention and the destination pool (with the -o option) :
# nsrpolicy action create backup traditional -o NDMP -r ’1 Months’ -p Backup -w NDMP -A b
So in the above the o option sets the pool NDMP and the r option sets the retention to 1 month. The argument
should be specified as Months and Month is not a valid argument.
6 Performing a SUNWndmp backup
With the above settings, we can backup with the SUNWndmp daemon and discover what we can backup.
# nsrpolicy start -p Backup -w NDMP
In the logfile under /nsr/logs/policy/Backup we will find the following:
root@nsr14:/nsr/logs/policy/Backup/NDMP# more backup_096007_logs/96009.log
144324:nsrndmp_save: Adding attribute *policy action jobid = 96007
.144324:nsrndmp_save: Adding attribute *policy name = Backup
.144324:nsrndmp_save: Adding attribute *policy workflow name = NDMP
.144324:nsrndmp_save: Adding attribute *policy action name = backup
.42903:nsrndmp_save: The Data Server does not support the File History generatio
n
42904:nsrndmp_save: Disabling the File History
83564:nsrndmp_save: Performing full backup
42794:nsrndmp_save: Performing backup to Non-NDMP type of device
42658:nsrdsa_save: DSA savetime = 1506435348
85183:nsrndmp_save: DSA is listening for an NDMP data connection on: 192.168.0.7
, port = 9562
42952:nsrndmp_save: mercury:/bpool/volume NDMP save running on ’nsr14’
accept connection: accepted a connection
42958:nsrdsa_save: Performing Immediate save
42923:nsrndmp_save: NDMP Service Warning: HIST is not set. No file history will
be generated.
42951:nsrdsa_save: Successfully Done.
mercury: /bpool/volume level=full, 262 KB 00:00:20
0 file
The NDMP backup is flagged as a crNs backup in the media database. The s flag is for DSA.
# mminfo -av -qpool=NDMP
volume
type
client
nsr14.002
file
mercury
date
time
09/26/2017 04:15:48 PM
size ssid
fl
lvl name
262 KB 4257898777 crNs full /b
Also note that the r flag means that this is a recoverable, but not a browsable backup. It is a backup of the entire
ZFS volume, but no individual file recovery is possible.
18
7 Performing a saveset restore
Either perform a directed restore to a different ZFS volume or destroy the volume and recover it.
The following command is ran on the Solaris host (the NDMP server) :
root@wapper:˜# zfs destroy -r bpool/volume
Next, we launch the saveset restore. We will see that it creates the ZFS dataset again.
The following command is launched on the EMC NetWorker 9.1 server (the NDMP client) on Linux Slackware :
# nsrndmp_recover -c mercury -S 4257898777 -v off /bpool/volume
42795:nsrndmp_recover:ssid’4257898777’: Performing recover from Non-NDMP type of
device
85183:nsrndmp_recover:ssid’4257898777’: DSA is listening for an NDMP data connec
tion on: 192.168.0.7, port = 9163
42690:nsrndmp_recover:ssid’4257898777’: Performing non-DAR Recovery..
86724:nsrdsa_recover: DSA listening at: host ’nsr14’, IP address ’192.168.0.7’,
port ’9163’.
42937:nsrdsa_recover: Performing Immediate recover
42940:nsrdsa_recover: Reading Data...
42942:nsrdsa_recover: Reading data...DONE.
42927:nsrndmp_recover:ssid’4257898777’: Successfully done
The logfile of the ndmpd daemon shows the following can be inspected on the Solaris machine. In fact access to
both client and server is required.
In our test, we still had to mount the ZFS dataset after the restore:
# zfs mount bpool/volume
8 Redirected saveset restore
Another possibility is to restore the dataset to a different ZFS dataset.
19
# nsrndmp_recover -c mercury -m /bpool/volcopy -S 4257898777 -v off
/bpool/volume
42795:nsrndmp_recover:ssid’4257898777’: Performing recover from Non-NDMP type of
device
85183:nsrndmp_recover:ssid’4257898777’: DSA is listening for an NDMP data connec
tion on: 192.168.0.7, port = 8886
42690:nsrndmp_recover:ssid’4257898777’: Performing non-DAR Recovery..
86724:nsrdsa_recover: DSA listening at: host ’nsr14’, IP address ’192.168.0.7’,
port ’8886’.
42690:nsrndmp_recover:ssid’4257898777’: Performing non-DAR Recovery..
86724:nsrdsa_recover: DSA listening at: host ’nsr14’, IP address ’192.168.0.7’,
port ’8886’.
42937:nsrdsa_recover: Performing Immediate recover
42940:nsrdsa_recover: Reading Data...
42942:nsrdsa_recover: Reading data...DONE.
42927:nsrndmp_recover:ssid’4257898777’: Successfully done
So in this case, after the restore, we have a new ZFS dataset, that we can explicitly mount again (but on a different
mountpoint).
9 File History and Browsable Restores
In the case of the dump and tar backups (with NDMP), we can configure EMC NetWorker 9.1 to generate index
entries and perform browsable restores.
It is likely that this is still not possible with the new zfs type of NDMP backups, because this is not a EMC NetWorker
9.1 issue, but a SUNWndmp issue.
10
Conclusion
A straightforward way to backup ZFS filesystems is to do a NetWorker backup, via the EMC NetWorker 9.1 client.
The backup server must run on Linux or Windows with EMC NetWorker 9.1 but the client or storage node can still
be installed on Solaris 11.3.
But significant speed improvements can be achieved for some filesystems with many small files, by using a SUNWndmp backup of the ZFS filesystem, by doing a dataset backup.
Also because NDMP uses port 10000, the NDMP backup is easy to firewall, unlike the straightforward NetWorker
backup (which uses RPC, which is harder to configure at the firewall compared to firewalls that block and open
TCP ports).
The dataset backup uses a saveset name the ZFS dataset name, and not the mountpoint (or backup path). We tested
both backup and restore using this new ZFS type of NDMP backup, and this provides an alternative to the traditional
-T dump and -T tar NDMP backups.
The zfs backup provides complete zfs dataset backup and recovery, but no individual file recovery (no browsable
restores); for this, the dump and tar NDMP backups remain valuable.
20
Related documents
Hints for NewsTeam Members before
Hints for NewsTeam Members before
SAMPLE LETTER (PURCHASES)
SAMPLE LETTER (PURCHASES)
Download