Dump
Dump is a very useful tool for backing up entire partitions on OpenBSD. It can be done remotely.
WARNING: If your filesystem is being actively written to, data corruption may occur.
Dump Primer
dump is a classic BSD tool for backing up entire filesystems.
Before you dump, make sure you have enough disk space for the entire dump. To see how much space it will take, and how much you have available, run:
$ df -h Filesystem Size Used Avail Capacity Mounted on /dev/sd0a 1005M 111M 844M 12% / /dev/sd0k 192G 28.7G 153G 16% /home /dev/sd0d 3.9G 22.1M 3.7G 1% /tmp /dev/sd0f 12.3G 7.3G 4.4G 63% /usr /dev/sd0e 14.7G 41.2M 14.0G 0% /var
Dumping /home will require at least 28.7G of space.
Here's a simple way to dump your /home folder:
$ doas dump -a -f home.dmp /home
This will create home.dmp in your current directory. -f tells you where the dump file will be created, /home is the partition, and -a tells dump to "auto-size".
NOTE: see restore for backup restoration details.
nodump flags
Some files do not need to be backed up because they can easily be downloaded elsewhere. These files can be set to nodump using chflags. You can then use ls -lo to view the special flag:
$ chflags nodump /path/to/file $ ls -lo /path/to/file -rw------- 1 username group nodump 4452 Dec 29 18:53 file
For example, if you never edit or store any irreplaceable files in /usr, you can run:
$ doas chflags -R nodump /usr $ ls -lo /usr drwxr-xr-x 7 root wheel nodump 512 Oct 4 18:47 X11R6 drwxr-xr-x 2 root wheel nodump 5632 Nov 21 22:17 bin drwxr-xr-x 2 root wheel nodump 1024 Nov 21 22:14 games drwxr-xr-x 33 root bin nodump 3072 Nov 21 22:14 include drwxr-xr-x 7 root wheel nodump 4608 Dec 8 19:22 lib ...
To remove the nodump flag, run:
$ chflags -R dump /path/to/file $ ls -lo /path/to/file -rw------- 1 username group - 4452 Dec 29 18:53 file
WARNING: Setting the nodump flag means that this file will not get get backed up unless a full backup is made! Incremental backups may not backup this file!
Options
Let's add some helpful options:
$ doas dump -0 -a -h 0 -f home.dmp /home
-0 requests a full backup (a complete copy of the file system). You can use -1, -2 and so forth to perform an incremental backup: only files that are new or modified since the last dump of a lower level are copied.
-h 0 makes dump obey nodump flags for dumps at or above level 0 (in other words, always obey nodump flags).
-u adds time of last backup to /etc/dumpdates, and security(8) will notify you once it has been passed since last backup.
WARNING: the -h 0 flag prevents backing up files with the nodump flag. If nodump was set by mistake, those files will not get backed up, and data may be lost!
Dump over SSH
You can dump to standard output instead of to a file by specifying -f -:
WARNING: Do not actually run the next line of code, or else your screen will be garbled and your system may crash. Type ctrl+c to cancel if you already have, and type reset if your screen has been garbled.
$ doas dump -0 -a -u -h 0 -f - /home
We can redirect standard output to a file:
$ doas dump -0 -a -u -h 0 -f - /home > home.dmp
We can use a remote host to run the dump command using ssh, then redirect the standard output to a file:
$ ssh example.ircnow.org "doas dump -0 -a -u -h 0 -f - /home" > home.dmp
NOTE: The above command pulls the backup from a remote host to the backup location. This requires ssh without password (ssh keys) and doas without password which is a security concern. A better model is to use a push model for the backups where only the process doing the backup needs to be root (usually run from cron) and pushes the backup to a user account without wheel access on the destination machine. This makes pushing the backups more secure. Here's a version of the above command for pushing the backup instead of pulling it:
dump -0 -a -u -f - /etc | ssh backups@example.ircnow.org 'cat >/mnt/backups/example.ircnow.org/etc.dmp'
NOTE: To skip files with the nodump flag, add the -h 0 flag to dump.
I'll swing by later to update this document to use this model instead as a more secure use of dump. ...Izzy
We take this idea and create a script with it in the next section.
Complete Functions
Put the following functions at the end of ~/.profile:
dump-ssh () {
echo "Dumping in $PWD: type ctrl+c to abort, enter to continue"
read $cancel
if [ $1 ] ; then
remote=$1
else
remote=user@example.ircnow.org
fi
ssh $remote "doas dump -0 -a -u -f - /" > root.dmp
ssh $remote "doas dump -0 -a -u -f - /home" > home.dmp
ssh $remote "doas dump -0 -a -u -f - /home/vmm" > vmm.dmp
ssh $remote "doas dump -0 -a -u -f - /mnt" > mnt.dmp
ssh $remote "doas dump -0 -a -u -f - /var" > var.dmp
ssh $remote "doas dump -0 -a -u -f - /var/www/htdocs" > htdocs.dmp
ssh $remote "doas dump -0 -a -u -f - /usr" > usr.dmp
date > date
md5 root.dmp home.dmp vmm.dmp mnt.dmp var.dmp htdocs.dmp usr.dmp date > md5sum
}
dump-local () {
echo "Dumping in $PWD: type ctrl+c to abort, enter to continue"
read $cancel
doas dump -0 -a -u -f - / > root.dmp
doas dump -0 -a -u -f - /home > home.dmp
doas dump -0 -a -u -f - /home/vmm > vmm.dmp
doas dump -0 -a -u -f - /mnt > mnt.dmp
doas dump -0 -a -u -f - /var > var.dmp
doas dump -0 -a -u -f - /var/www/htdocs > htdocs.dmp
doas dump -0 -a -u -f - /usr > usr.dmp
date > date
md5 root.dmp home.dmp vmm.dmp mnt.dmp var.dmp htdocs.dmp usr.dmp date > md5sum
}
dump-local will make a complete local backup of the current system, and dump-ssh will make a complete remote backup of the server you specify.
WARNING: If you have any other partitions besides the ones in the function, you must add them, or the partition will not get backed up.
NOTE: To skip files with the nodump flag, add the -h 0 flag to dump.
Source it, then call it on the server:
$ . ~/.profile $ dump-ssh example.ircnow.org $ dump-local