home *** CD-ROM | disk | FTP | other *** search
- From: Christopher Neufeld <neufeld@physics.utoronto.ca>
-
- Earlier I posed the question on the Net, how does one back up a Linux
- machine to a Colorado Jumbo 250 tape drive on an MS-DOS machine. From the
- email I received, it seems that this is a frequently pondered problem.
- Now that I've figured it out, I'm posting the method. If anybody wants to
- massage this into a HOWTO document, let me know. I should thank Jim Nance
- (jlnance@isscad.com) for pointing out that an MS-DOS machine need not
- always be an MS-DOS machine. This technique should also work for any
- other tape drive supported by the ftape module.
- The criteria I set were that the resulting setup should be as secure
- as possible and should be fairly simple, and take up little or no space
- on the MS-DOS machine's hard drive. It should also be capable of
- recovering from the worst system corruptions, up to and including the
- theft of the hard disk, requiring a restore to a bare Linux file system.
- The technique described here uses no hard drive space on the MS-DOS
- machine, though it requires that that machine be assigned an IP#. You
- will need three formatted, blank 1.44MB diskettes.
- Throughout this description I will refer to two machines as "msdos"
- and "linux". "msdos" is the name of the machine which has the tape drive
- and is usually running MS-DOS. "linux" is the Linux machine whose disk
- you are trying to back up or restore to the tape drive. For simplicity I
- will refer to the first machine as "msdos" even when it is booted into
- and running Linux. Further, all path names in this document should be
- considered to be relative to the Linux machine with the Search-And-Rescue
- (SAR) disks mounted somewhere on the system. That means that the file
- /etc/passwd is the password file for your Linux machine's hard drive,
- while, for instance, /tape144/etc/passwd is the corresponding file on the
- floppy disk.
- I am using Karel Kubat's backup scripts, version 1.03, available at
- ftp://sunsite.enc.edu:/pub/Linux/system/Backup/backup-1.03.tar.gz.
- Throughout this document I will refer to these simply as "the backup
- scripts". You do not have to use these scripts for your own backups to
- tape. I like these scripts as they form an uncompressed archive of
- compressed files, rather than a compressed archive of uncompressed files.
- The former is much safer if there is a media read error during the
- restore.
-
- First of all, obtain the ftape module. It is available at:
- ftp://sunsite.unc.edu/pub/Linux/kernel/tapes/ftape-1.14d.tar.gz
- Next, get a Slackware boot disk (I got the net disk, but it doesn't make
- much difference) and the tape144 root disk, and put the images onto 3"1/2
- floppies.
- The ftape module will only work if it is installed in the kernel which
- was running when you compiled it. I could not get it to work with the
- ftape.o module on the tape144 root disk, I think because that module has
- been stripped of symbols and won't install. So, you now have to make a
- new kernel with network and ftape support, and then a new ftape.o. Read
- the directions which ship with the ftape archive for directions at this
- stage. Remember that the kernel you compile must support the Ethernet
- cards on both the Linux machine and the MS-DOS machine.
- Copy the newly created kernel image over top of the one on the Net
- boot disk. Write protect the boot disk, and label it: SAR#1.
-
- Now, mount the tape144 root disk. I'll assume that the mount point is
- /tape144, to avoid confusion in file names. We need to free some space
- on it, so delete the following files:
- /tape144/bin/dialog
- /tape144/bin/elvis
- /tape144/bin/vi
- /tape144/boot/ftape.o
-
- Now, create a new file:
- /tape144/etc/exports
- which contains the following line:
- /mnt msdos(ro)
- Where "msdos" should be replaced with the name or IP# of the MS-DOS
- machine which has the tape drive installed.
-
- Next, so that you don't have to rely on a name server, add lines to
- the file /tape144/etc/hosts with the names and IP numbers of the Linux
- and MS-DOS machines. For instance, mine contains the following two lines:
- 128.100.75.114 caliban.physics.utoronto.ca caliban caliban.physics
- 128.100.75.111 ariel.physics.utoronto.ca ariel ariel.physics
-
- Now, there's some sort of problem with the inetd configuration. We
- have to put the full path name of the rsh daemon in it. Change line 19
- of /tape144/etc/inetd.conf to read:
- shell stream tcp nowait root /usr/etc/tcpd /usr/etc/in.rshd
-
- Add local net routing information to /tape144/etc/rc.d/rc.inet1 to
- enable the MS-DOS machine to use the network. The format of this depends
- on your network configuration, you can just copy the appropriate format
- out of your Linux /etc/rc.d/rc.inet1. For my network, the lines that
- have to be added are:
- /etc/ifconfig eth0 128.100.75.111 broadcast 128.100.75.0 netmask 255.255.255.0
- /etc/route add -net 128.100.75.0 netmask 255.255.255.0
- The IP# in the ifconfig entry is that of the MS-DOS machine.
- Now, copy this file into /tape144/etc/rc.d/rc.inet1-l, and change the
- IP# in the new file to reflect that of the Linux machine rather than the
- MS-DOS machine.
- Next, clip out lines 3 to 11 of /tape144/etc/rc.local. That's an if
- statement which executes the rc.inet* files. We don't want this to
- happen during the bootup.
- Create a new file: /tape144/root/.rhosts containing the line:
- linux root
- where, again, "linux" is replaced with the full machine name (including
- domain) or the IP# of the Linux machine.
- Fill in the password field in /tape144/etc/passwd for the root login
- to keep people from logging onto the MS-DOS machine while you're doing
- the backup. You can do this by copying the corresponding field from your
- Linux machine's /etc/passwd file.
- Copy /usr/bin/rsh into /tape144/usr/bin.
- Copy the following files from /usr/etc into /tape144/usr/etc:
- in.rshd
- rpc.mountd
- rpc.nfsd
- rpc.portmap
- services
- tcpd
- Create a new script, /tape144/bin/tapesetup, which consists of the
- following: (change "linux" to reflect your Linux machine name).
-
- === BEGIN /tape144/bin/tapesetup ===
- #! /bin/sh
-
- /bin/sh /etc/rc.d/rc.inet1
- /bin/sh /etc/rc.d/rc.inet2
-
- /bin/mount linux:/nfs /mnt
- /bin/insmod /mnt/ftape.o
- === END /tape144/bin/tapesetup ===
-
- Next, create another new script, /tape144/bin/msdosset, as follows:
- (change "linux" to reflect your Linux machine name).
-
- === BEGIN /tape144/bin/msdosset ===
- #! /bin/sh
-
- /bin/sh /etc/rc.d/rc.inet1
- /bin/sh /etc/rc.d/rc.inet2
-
- mount linux:/mnt /mnt
- /bin/insmod /mnt/ftape.o
- === END /tape144/bin/msdosset ===
-
- Create a readable file, /tape144/root/notes which contains this
- helpful information for use in full recovery:
-
- === BEGIN /tape144/root/notes ===
- For a full recovery to a trashed hard disk, boot the Linux machine with
- the SAR disks #1 and #2 then type the following:
-
- /bin/sh /etc/rc.d/rc.inet1-l
- /bin/sh /etc/rc.d/rc.inet2
-
- /usr/etc/rpc.portmap
- /usr/etc/rpc.mountd
- /usr/etc/rpc.nfsd
-
- Next, insert SAR disk #3 and type:
-
- mount /dev/fd0 /mnt
-
- Create a new mount point, with:
- mkdir /mnt2
- and mount your Linux hard disk partition on this point. You may have to
- reformat the partition first, if so, follow the directions in the Linux
- Installation HOWTO. The SAR disks contain all the files necessary to do
- the reformat.
-
- Finally, use disks SAR#1 and SAR#2 to boot up the MS-DOS machine and run
- the /bin/msdosset script on that machine. It will take about a minute to
- run that script because it is getting an NSF file from a floppy drive, so
- be patient. Now, recover the tape to /mnt2 on the Linux machine.
- === END /tape144/root/notes ===
-
- If you are using the backup scripts you will need to copy /bin/su
- into the /tape144/bin subdirectory. Copy the backup scripts from your
- Linux machine into the corresponding position on /tape144. You do not
- need to copy the subdirectories 'lists', 'misc', 'stamps', or 'volumes'
- from the /usr/local/etc/backup directory. You will need the other
- contents of /usr/local/etc/backup, and also the following files from
- /usr/local/bin: 'afio', 'backup', 'backup.bim', 'icm-comp', 'icm-exec',
- 'icm-pp', 'icmake', 'netbackup', 'netbackup.bim'. Put these into
- /tape144/usr/local/bin.
- I was unable to use the backup scripts as they come shipped. The
- tape archive appears to build cleanly, but it is unrecoverable. I found
- that removing the block size and conversion statements fixed it. Here is
- the patch to the "netbackup" script. Apply this patch to the Linux
- machine's hard disk copy of 'netbackup' as well as to the copy on the SAR
- disks.
-
- === BEGIN /tape144/netbackup.patch ===
-
- *** netbackup.orig Mon Jan 9 17:22:32 1995
- --- netbackup Mon Jan 9 17:23:25 1995
- ***************
- *** 35,41 ****
- "'mknod", devname, "p'");
- exec ("su -", USERNAME, "-c",
- "'rsh ", REMOTE_HOST,
- ! "\"dd", "of=" REMOTE_DEVICE, "obs=20k", "conv=sync\"",
- "<", devname,
- "'&"
- );
- --- 35,41 ----
- "'mknod", devname, "p'");
- exec ("su -", USERNAME, "-c",
- "'rsh ", REMOTE_HOST,
- ! "\"dd", "of=" REMOTE_DEVICE, "\"",
- "<", devname,
- "'&"
- );
- ***************
- *** 50,56 ****
- "'mknod", devname, "p'");
- exec ("su", USERNAME, "-c",
- "'rsh ", REMOTE_HOST,
- ! "\"dd", "if=" REMOTE_DEVICE, "ibs=20k", "conv=sync\"",
- ">", devname,
- "'&"
- );
- --- 50,56 ----
- "'mknod", devname, "p'");
- exec ("su", USERNAME, "-c",
- "'rsh ", REMOTE_HOST,
- ! "\"dd", "if=" REMOTE_DEVICE, "\"",
- ">", devname,
- "'&"
- );
-
- === END /tape144/netbackup.patch ===
-
- You have now finished your SAR disk #2. Write protect it.
-
- Next, mount a clean, formatted disk (create it with fdformat and
- mkfs). Copy the ftape.o file onto it, and label it SAR#3. For some
- reason things go badly if you write protect this disk, so leave it
- write-enabled. If you are using the backup scripts, copy /bin/tcsh onto
- this disk as well. The backup scripts don't like to run from the version
- of bash on the tape144 disk.
-
- On the Linux machine, create a new directory for NFS file serving. I
- made a directory:
- /nfs
- Put the ftape.o (unstripped, about 500+ kB) into this subdirectory.
- Create an entry in your Linux's exports file /etc/exports:
- /nfs msdos(ro)
- Note that all files in your NFS directory and it's subdirectories are not
- secure. Somebody else could boot the MS-DOS machine into Linux with his
- own boot disks and mount this directory, so be certain that you don't put
- anything sensitive in your NFS subdirectory.
- Restart your NFS daemons, rpc.mountd and rpc.nfsd. They don't seem to
- take kindly to a SIGHUP restart, so kill them and reinvoke them. If
- you're not activating these daemons in your /etc/rc.d/rc.inet2 you might
- want to do so now.
-
-
- OK, now we're all set to back up and recover. To make a full backup
- from the Linux machine, boot the MS-DOS machine with SAR#1. When
- prompted for the second disk, load SAR#2. Log in as root, and execute
- the script: /bin/tapesetup. Log out of the MS-DOS machine. If you're
- using the backup scripts, the netbackup command will now work. You can
- also use the "-f msdos:/dev/ftape" switch on GNU tar, cpio, or mt, and
- make your backup this way. If you have a backup program which is only
- capable of writing to a local file, do the following. Assume that the
- backup program is called "localbackup" and writes to the file
- represented by its command line argument:
-
- mknod /tmp/tapepipe p
- rsh msdos dd of=/dev/ftape < /tmp/tapepipe &
- localbackup /tmp/tapepipe
-
- when it's done, delete /tmp/tapepipe.
-
- Recovering to a live Linux machine: the netbackup script, tar, cpio,
- and so on will all work without special actions on the part of the
- operator. If you have a local recovery program which recovers from a
- file, do this:
-
- mknod /tmp/tapepipe p
- rsh -n msdos dd if=/dev/ftape >> /tmp/tapepipe &
- localrecovery /tmp/tapepipe
-
- and delete /tmp/tapepipe when you're done.
- Notice that I'm using 'rsh' to the root user on the MS-DOS machine.
- This works with a correct .rhosts entry. The configuration on the
- 'tape144' disk allows rsh to root, but does not allow telnet or rlogin to
- root, logins are restricted to the console. This is good for security.
-
- Finally, the directions for a complete recovery to a trashed hard
- disk. This assumes that the Linux partition is completely unrecoverable.
- If necessary, reformat that partition as described in the Linux
- Installation HOWTO. Boot the Linux machine from SAR disk #1. When
- prompted, insert disk #2. Now, follow the directions in the file
- /root/notes (this was /tape144/root/notes when it was mounted on your
- Linux machine). Once both machines have been booted up, run the recovery
- routine you need. If you are running the backup scripts you have to do it
- from tcsh, so type "/mnt/tcsh" before you use the "netbackup -restore \*"
- function. Remember to change the working directory to the mount point of
- the hard disk before running netbackup.
-
-
- Notes:
-
- The commands listed in the /tape144/root/notes file could be run from
- a script. When I tried, I got rpc setup errors. I suspect it was just
- that the commands were run too quickly, and the portmapper hadn't
- properly installed itself. I found that typing the sequence in manually
- worked fine, so I've recommended that.
- I think this setup is secure. Note that somebody can still get access
- to all your files if they go to the tape drive and pull the tape out
- before you get there, then then read the tape themselves. People with very
- sensitive data might consider encrypting the stream from the archiver.
- Archive to standard output and pipe the output to the encrypter, and
- redirect the output of the encrypter to append to the named pipe
- /tmp/tapepipe as described above.
- The rc.inet1 directions I've included will allow only communication
- with the local network, not the rest of the world through a gateway.
- During a full recovery to a blank hard disk the SAR disk #3 provides
- ftape.o to the MS-DOS machine through NFS. This is because some old
- versions of the ftape module can't control some tape drives when there is
- a disk mounted in the floppy drive.
-
- This is very important. ***TEST*** the SAR recovery procedure. I did,
- but don't leave anything to chance. Make sure that you can recover at
- least one file from your tape to the Linux machine using only the SAR
- disks (ie. without mounting the hard disk). If you can't reboot the Linux
- machine without inconveniencing a lot of users, change the setup
- information on the SAR disks to assign the "linux" identity to another
- MS-DOS machine and then boot the two MS-DOS machines into Linux to make
- sure everything works. Then, change the "linux" identity back again so
- that you have usable SAR disks.
-
-
- Copyright Jan 10, 1995 by Christopher Neufeld (neufeld@physics.utoronto.ca)
-
-
- --
- Christopher Neufeld....Just a graduate student neufeld@physics.utoronto.ca
- Home page: http://caliban.physics.utoronto.ca/neufeld/Intro.html
- "Don't edit reality for the sake of simplicity"
-
-