Using zxfer to backup ZFS pools

I was recently looking for an easy way to backup some FreeBSD jails I have running various services. With the jails residing on top of ZFS (using iocage), a quick Google search turned up the usual zfs ‘send’ and ‘receive’ mixed with miscellaneous pipes and redirection. Having wrote several backup scripts in the past, they all felt sort of hack-ish and rushed (which they were). After thinking to myself “surely, someone has dealt with this problem before.” I finally came across zxfer.

I’m unsure of the original author and it was apparently abandoned several years ago around FreeBSD 8.2. Huge thanks to Allan Jude for maintaining the current port.

You can tell a lot of thought went into not just the program itself, but
the supporting documentation as well. I’m typically not one to judge a book by its cover, but with documentation like this, I feel it was a safe bet. It doesn’t just throw command line switches at you and set you on your way. Instead, nearly ever option explains why and when you might use it.

Goal:  Backup iocage jails to remote server (also running zfs).

Solution: Use iocage’s built-in snapshot management and zxfer to send those snapshots off-server and/or off-site.

Note, assume we’ve already got iocage setup and we’re running some jails. Also note, zxfer doesn’t perform any snap-shotting itself. Its up to you to setup a sensible snap-shotting regimen.

On the jail host, take a snapshot of all running jails

for j in $(iocage list | awk '/up/{print $4}'); do iocage snapshot ${j}; done 

Note, zxfer can be used in either a push or pull method, wherein the connection is initiated from the jail host or the backup server respectively. Here, I’ve decided to use the pull method.

On the backup server:

zxfer -dFkPv -g31 -O root@172.16.0.7 -R zroot/iocage/jailszroot/backups 

Assuming you’ve already setup SSH key authentication, from the backup server, we’re recursively sending all dataset snapshots under zroot/iocage/jails on the jail host (172.16.0.7) to our local zfs pool (zroot/backups), keeping the last 30 days of snapshots (on both servers).

After the initial sync, any further runs of the above command will send just the difference between the last two snapshots of the given datasets!

MAAS Custom Partitioning

Currently, MAAS doesn’t support custom partitioning through the MAAS dashboard for CentOS. However, you can utilize curtin to perform this task for you.

Here’s an example /etc/maas/preseeds/curtin_userdata_centos assuming /dev/vda is your disk:

#cloud-config

verbosity: 3
showtrace: true

block-meta:
    format: gpt

partitioning_commands:
    builtin: []
    01_partition_announce: ["echo", "'### Partitioning disk ###'"]
    01_partition_make_label: ["/sbin/parted", "/dev/vda", "-s", "'","mklabel","gpt","'"]
    02_partition_make_part: ["/sbin/parted", "/dev/vda", "-s", "'","mkpart","primary","1M","2M","'"]
    03_partition_set_name: ["/sbin/parted", "/dev/vda", "-s", "'","set","1","bios_grub","on","'"]
    04_partition_make_part: ["/sbin/parted", "/dev/vda", "-s", "'","mkpart","primary","2M","512M","'"]
    05_partition_make_part: ["/sbin/parted", "/dev/vda", "-s", "'","mkpart","primary","512M","5G","'"]
    06_partition_make_part: ["/sbin/parted", "/dev/vda", "-s", "'","mkpart","primary","5G","10G","'"]
    07_partition_make_part: ["/sbin/parted", "/dev/vda", "-s", "'","mkpart","primary","10G","20G","'"]
    08_partition_make_part: ["/sbin/parted", "/dev/vda", "-s", "'","mkpart","primary","20G","3500G","'"]
    09_partition_make_part: ["/sbin/parted", "/dev/vda", "-s", "'","mkpart","primary","3500G","3508G","'"]
    10_partition_announce: ["echo", "'### Creating filesystems ###'"]
    12_partition_make_fs: ["/sbin/mkfs", "-t", "ext4", "/dev/vda2"]
    13_partition_make_fs: ["/sbin/mkfs", "-t", "ext4", "/dev/vda3"]
    14_partition_make_fs: ["/sbin/mkfs", "-t", "ext4", "/dev/vda4"]
    15_partition_make_fs: ["/sbin/mkfs", "-t", "ext4", "/dev/vda5"]
    16_partition_make_fs: ["/sbin/mkfs", "-t", "ext4", "/dev/vda6"]
    17_partition_make_swap: ["sh", "-c", "mkswap /dev/vda7"]
    18_partition_label_fs: ["/sbin/e2label", "/dev/vda2", "maas-boot"]
    19_partition_label_fs: ["/sbin/e2label", "/dev/vda3", "maas-root"]
    20_partition_label_fs: ["/sbin/e2label", "/dev/vda4", "maas-usr"]
    21_partition_label_fs: ["/sbin/e2label", "/dev/vda5", "maas-var"]
    22_partition_label_fs: ["/sbin/e2label", "/dev/vda6", "maas-home"]
    23_partition_mount_fs: ["sh", "-c", "mount /dev/vda3 $TARGET_MOUNT_POINT"]
    24_partition_mkdir: ["sh", "-c", "mkdir $TARGET_MOUNT_POINT/boot"]
    25_partition_mkdir: ["sh", "-c", "mkdir $TARGET_MOUNT_POINT/usr"]
    26_partition_mkdir: ["sh", "-c", "mkdir $TARGET_MOUNT_POINT/var"]
    27_partition_mkdir: ["sh", "-c", "mkdir $TARGET_MOUNT_POINT/home"]
    28_partition_mount_fs: ["sh", "-c", "mount /dev/vda2 $TARGET_MOUNT_POINT/boot"]
    29_partition_mount_fs: ["sh", "-c", "mount /dev/vda4 $TARGET_MOUNT_POINT/usr"]
    30_partition_mount_fs: ["sh", "-c", "mount /dev/vda5 $TARGET_MOUNT_POINT/var"]
    31_partition_mount_fs: ["sh", "-c", "mount /dev/vda6 $TARGET_MOUNT_POINT/home"]
    32_partition_announce: ["echo", "'### Filling /etc/fstab ###'"]
    33_partition_make_fstab: ["sh", "-c", "echo 'LABEL=maas-root / ext4 defaults 0 0' >> $OUTPUT_FSTAB"]
    34_partition_make_fstab: ["sh", "-c", "echo 'LABEL=maas-boot /boot ext4 defaults 0 0' >> $OUTPUT_FSTAB"]
    35_partition_make_fstab: ["sh", "-c", "echo 'LABEL=maas-usr /usr ext4 defaults 0 0' >> $OUTPUT_FSTAB"]
    36_partition_make_fstab: ["sh", "-c", "echo 'LABEL=maas-var /var ext4 defaults 0 0' >> $OUTPUT_FSTAB"]
    37_partition_make_fstab: ["sh", "-c", "echo 'LABEL=maas-home /home ext4 defaults 0 0' >> $OUTPUT_FSTAB"]
    38_partition_make_fstab: ["sh", "-c", "echo '/dev/vda7 none swap sw 0 0' >> $OUTPUT_FSTAB"]


debconf_selections:
 maas: |
  {{for line in str(curtin_preseed).splitlines()}}
  {{line}}
  {{endfor}}

late_commands:
  maas: [wget, '--no-proxy', '{{node_disable_pxe_url}}', '--post-data', '{{node_disable_pxe_data}}', '-O', '/dev/null']

Starting out in IT

I recently received an email from a family friend asking what courses or certifications he should look into for getting started in IT. Without knowing what particularly interests him about IT, I wrote the following email and decided it might be useful for others just starting out.

TL;DR: Learn Linux, a scripting language of some kind (Python, Javascript, Bash, etc.), and basics of networking.

I’d whole-heartedly recommend starting with some sort of Linux certification/course. This will provide a solid foundation for whatever direction you decide to take in the I.T. field, be it developer, networking, operations, sys admin., cyber-security etc. They all take root in Linux/Unix systems and having a solid background in it will definitely get you off the ground running.

After this, I’d recommend picking up some sort of scripting language (Python, Bash, Javascript), it doesn’t really matter which, just get really good with at least one and build some stuff with it (even silly/stupid stuff). As you progress in your career/education, you’ll naturally pick up others along the way.

Things I’ve learned the hard way:

– Be a team player and learn from each other. Nobody makes it on their own and everyone is better than you at *something*, learn from this.

– Don’t get discouraged. Everybody in IT was once where you are right now. You’ll never learn everything there is to know, and any employer or individual that expects you to, isn’t worth your time. IT is a life of learning.

– Leave you ego at the door. This can sometimes be a difficult one and it may just be something you learn over time. I’ve interviewed several individuals that we passed on due to ego. Some of the best technologists I’ve worked with are those that always kept an open mind to different ways of doing things and didn’t succumb to one-up-man ship. It’s okay to be right, but be willing to entertain other points-of-view.

– Use the best tool for the job. There’s no single piece of technology for every task. Don’t pigeon-hole your skill-set. Just because you can make something work, doesn’t mean you should.