Zimbra backups are go

Posted by Al Twohill on 9 January 2008 | 1 Comments

Tags: backup, rsync, server, linux, zimbra

My Zimbra server's hard drive burnt out the other week while I was on holiday in Nelson. Crap no backups! Luckily I had only recently downgraded from my Network Edition trial to the Open Source edition, which involved backing up the old install. Hence how my Zimbra on Ubuntu tutorial came about.

Now that my email is back up and running I don't want the same thing to happen to me again. I consider myself extremely lucky I only lost 2 weeks worth of emails (and it was holidays so not much was there during that time). While the NE has automatic live backups, the FOSS edition doesn't. So, time to get my A into G and build myself a backup script.

Stolen from the horses mouth

The inspiration for my script came from the Zimbra wiki, so kudoes to those guys who helped out with that. Mine is a bit different, because I didn't set up my LVM with free space available to do snapshots, and fixing that means resizing my root partition, which I'm not in the mood for at the moment. Besides, I really want a backup before I start mucking with my partitions...

How it works 

The methodolgy is quite simple really:

1. Stop Zimbra
2. Rsync /opt/zimbra to somewhere on the local harddrive (this is faster and means we can restart Zimbra sooner and receive our emails again)
3. Start Zimbra (in the background, so we can keep going with the script)
4. Rsync from the local backup to my other server's backup area
5. Call it a day and go to bed (its after 3.30am when this runs)

Here is the script in full. You can copy and paste it into a file and make it executable. Only allow root access to this file though, as we don't want other users arbitrarily restarting our precious Zimbra server at all hours of the day do we?

#!/bin/bash
#
#    Script to backup Zimbra OSS by stopping the service and
#    rsyncing to a destination, then restarting the service
#    This script is partially based on the scripts at
#     http://wiki.zimbra.com/index.php?title=Open_Source_Edition_Backup_Procedure
#
#    Copyright (C) 2008 Al Twohill
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License version 2 as
#    published by the Free Software Foundation.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#    Or download it from http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
#### Modify these values as required for your installation
# local dir to backup to while zimbra is stopped
localPath=/opt/backup
# remote directory to backup to (as defined by rsync) (leave blank to skip)
remotePath=zmbackup@sarge::zmbackup/
# password file to use with rsync (leave blank if not required)
passwordFile=/opt/backup-password
# use rysnc verbosely (leave blank to keep it quiet)
V=
#### You shouldn't need to modify below here

say() {
        MESSAGE_PREFIX="zimbra backup:"
        MESSAGE="$1"
        TIMESTAMP=$(date +"%F %T")
        echo -e "$TIMESTAMP $MESSAGE_PREFIX $MESSAGE"
        logger -t $log_tag -p $log_facility.$log_level "$MESSAGE"
        logger -t $log_tag -p $log_facility_mail.$log_level "$MESSAGE"
        }
error ()  {
        MESSAGE_PREFIX="zimbra backup:"
        MESSAGE="$1"
        TIMESTAMP=$(date +"%F %T")
        echo -e $TIMESTAMP $MESSAGE >&2
        logger -t $log_tag -p $log_facility.$log_level_err "$MESSAGE"
        logger -t $log_tag -p $log_facility_mail.$log_level_err "$MESSAGE"
        exit
        }
say "backup started"
say "stopping the Zimbra services, this may take some time"
/etc/init.d/zimbra stop || error "error stopping Zimbra"
say "rsyncing the snapshot to the local directory $localPath"
rsync -aHk$V --delete /opt/zimbra/ $localPath || "error during local rsync but continuing script"
say "restarting Zimbra in the background"
(/etc/init.d/zimbra start && say "Zimbra: Services background startup completed") || error "services background startup FAILED" &
if [[ $remotePath != " ]]
        then say "begining rsync to remote directory"
        rsync -aHk$V  --delete --password-file=$passwordFile $localPath $remotePath
fi
say "finished backup script"

The main thing you really need to watch out for is doing the remote rsync. If you don't need that, you can just set remotePath to blank and it will skip it, but otherwise you need to make sure that you have the rsync daemon running on the remote machine. Using the standard rsync over ssh means that you have to enter the password manually, which we don't want to do. We like sleep.

Configure that daemon

Its really easy to have your daemon going in Ubuntu. First off, create the user you're going to use for your backups. It's good to do this so that if the account gets compromised they can't do anything else, as we give the account bugger all privleges.

sudo useradd -d /files/backup/zimbra -s /bin/false zmbackup

The -s /bin/false means this user can't log into a shell in on the server, which is what we want. Now give that user a password.

sudo passwd zmbackup

Next, we can create our rsync config files. Create and edit the rsyncd.config file

sudo nano /etc/rsyncd.conf

Create your rsync module in there. My /etc/rsyncd.conf looks like this:

[zmbackup]
uid = zmbackup
gid = zmbackup
path = /files/backup/zimbra
comment = ZM Backup area
auth users = zmbackup
secrets file = /etc/rsyncd.secrets
readonly = false

Really easy actually. It looks a lot like the Samba config file (hmmm, now why could that b? (; )  Basically we just set theh uid and gid's to our backup user, the path to the backup user's home directory (make sure that this user can actually write to this directory), then there is the rsync daemon authentication information. We need to authenticate with rsync's own mechinism to get access to the module. The auth users is just a space delimited list of allowable usernames, then the secrets file holds the login information. Finally we need readonly to be false if we want to write to the thing.

Next up, create your secrets file.

sudo nano /etc/rsyncd.secrets

In this file, you put in the entries for the usernames and passwords you want to allow. Use the format

username:password

And put each username on a new line. Finally we want to lock down these files to stop pesky users from snooping at our authentication.

sudo chown root:root rsyncd.* && sudo chmod 660 rsyncd.*

Get ready to go!

We've done all our configuring, lets get the ball rolling! You'll need to enable the rsync daemon service in Ubuntu.

sudo nano /etc/default/rsync

Change "RSYNC_ENABLE=false" to "RSYNC_ENABLE=true" then save and close.  Now we can start the service

sudo /etc/init.d/rsync start

Now we can do a test run from our Zimbra machine. If that works fine, then set up a crontab to have it go every night, at a time that you don't receive important email.