SRCD-DISI NOC

h1. Configuration Backup and Versioning service

*Disclaimer* This service is for the moment dedicated for NOC managed servers and equipments. It could be extended to servers inside research platforms (but use it with care). This service is far from being production-ready.

h2. Storage solutions

All backups are saved in the additional disk storage of the [[Hermes]] server. A partition is dedicated for backup'd content ("Current usage":http://rsm.enstb.fr/graphs/graph_8.html).

Some configurations can also be stored inside the SVN versioning system provided by TB

 https://svn.telecom-bretagne.eu/repository/noc-rsm/

This repository is also accessible from the "redmine tools":/projects/srcd-disi-noc/repository/noc-rsm/entry/

h2. Backup of network equipments configuration (rancid)

Rancid is a tool to backup configuration of network equipments through the remote administration console (ie. does not work with web-only admin consoles). Based on a database of the network equipments, the rancid script connects to each console to backup the configuration.

h3. Current installation details

* Server: [[Hermes]]

* Process: rancid

* Launch from: rancid user crontab

** TODO: Backup this file ?

* Config file: (hermes)/usr/local/rancid/etc/rancid.conf

** TODO: Backup this file

* Equipments databases:

** "RSM-B25":/projects/srcd-disi-noc/repository/noc-rsm/entry/rancid/rsm-b25/router.db

** "Labo4g":/projects/srcd-disi-noc/repository/noc-rsm/entry/rancid/labo4g/router.db

Passwords are stored in the .cloginrc file in the rancid user homedir.

* TODO: Backup this file ?

h3. Versionning in the noc-rsm svn project

Rancid write the configurations in a "subdirectory":/projects/srcd-disi-noc/repository/noc-rsm/entry/rancid. The rancid process performs a commit after completion of the backup (parameters for the svn commit are in rancid.conf).

*Note* the automatic commit to the versioning system requires to hardcode credentials to authenticate with the HTTP SVN server of TB :(

* TODO: Fix this by switching to ssh ? 

** *Note* git can also be an alternative solution for this, but step one is to open a local service before going to production.

h2. Backup of servers configuration and content (saved)

Backup for Linux servers is done by a simple home-made script, named saved. This tool allow mirroring of servers configuration and content in a central storage.

First, this tool daily performs a local backup on the host by copying specified directories into one backup directory. A database backup can also be performed. Data are locally accessible through the directory /backup/{files,databases}.

Each local backup tree+db is then rsync'd from [[Hermes]] to a directory in its additional storage (/sauv/hosts/<host>/{files,databases}). Rsync is done through ssh, authenticated by public key.

h3. Current installation details

Local backup on hosts:

* Server: <host to backup>

* Process: sauv.daily

** "Source of the script":/projects/srcd-disi-noc/repository/noc-rsm/entry/tools/saved/local/sauv.daily

* Launch by: /etc/crontab

* Config file (example): source:tools/saved/local/a_sauvegarder

** One line per directory to be backup'd

Remote backup of hosts local backup:

* Server: [[Hermes]]

* Process: save

** "Source of the script":/projects/srcd-disi-noc/repository/noc-rsm/entry/tools/saved/remote/save

* Launch by: saved user crontab

* "Config file (example)":/projects/srcd-disi-noc/repository/noc-rsm/entry/tools/saved/remote/save.d/fqdn.host.sauv

** One line per directory to be backup'd

** Filename needs to be the host FQDN

*Note*: To rsync to the targeted host, the public key of the saved user needs to be authorized by a local saved user on the host. Be sure to verify that the Hermes saved user can log directly without password to the host.

h3. Versionning in the noc-rsm svn project

Some part of the backup trees available on hermes in /sauv/hosts/ can be part of the noc-rsm subversion directory. This allow each modification of backup'd content to be journalized.

How to enable versioning of a part of the backup tree:

* Create and commit an empty directory into the noc-rsm repository.

* Checkout this directory in the backup tree at the targeted directory. 

* Add all files and sub-directory then commit.

* The remote backup script will commit automatically after rsync (provided the svn authentication works) (test of the presence of a .ssh directory)

Example: source:/projects/srcd-disi-noc/repository/noc-rsm/entry/config/rhada.ipv6.enstb.fr