Linux VM Backup in OpenStack with Veeam Backup Agent

There’s a way to have user friendly backups in an OpenStack environment – interested? Then this post for you!

For quite some time now I’ve been thinking about backups in OpenStack – how  can I have a simple and clear solution to make a backup of Linux virtual machines. At the moment I can think of 1 or 2 backup solutions based on snapshots. These solutions are not exactly what I’d like or I could have confidence in the data safety. I don’t really like snapshot based backups so I’ve tried an alternative path of making backups in the old fashioned “Physical server” backup way.

I have selected a product from Veeam – Veeam Agent for Linux FREE version. It’s a free edition of their backup software – and I like free 🙂

Here’s the idea:

In this diagram you can see that one server in the infrastructure is going to serve as a backup storage to store Veeam created backup files. In this particular case the backup storage server will use Samba and CIFS. I think it will overall help me to improve the security side from Wannacry, Petya A or some other variants of crypto viruses. One could challenge a common CIFS shared folder? I say yes because it will be restricted to Veeam as a target repository to store backup archives. Another idea is to store backups in some external location if you’re really cautions 🙂

So, let’s start with the implementation.

In the Telia Cloud Platform we have inexpensive Tier 3 storage, so it is what what I need. I’ve launched the backup server and mounted the Tier-3 storage volume to /home/Archives.

root@backup-server:/# df -h
 Filesystem Size Used Avail Use% Mounted on
 udev 487M 0 487M 0% /dev
 tmpfs 100M 9.7M 90M 10% /run
 /dev/sda1 9.7G 2.3G 7.4G 24% /
 tmpfs 497M 0 497M 0% /dev/shm
 tmpfs 5.0M 0 5.0M 0% /run/lock
 tmpfs 497M 0 497M 0% /sys/fs/cgroup
 /dev/sdb 296G 119G 163G 43% /home/Archives
 tmpfs 100M 0 100M 0% /run/user/1001

Install Samba and create a backup repository for first server. In this tutorial I will use my Zimbra server as the backup source, and back it up to /home/Archives/BackupServers/zimbra.

Next, we need to create a local user that will be allowed access to the CIFS share.

root@backup-server:/# ls -al /home/Archives/BackupServers/
 total 12
 drwxr-xr-x 3 root root 4096 May 17 15:50 .
 drwxr-xr-x 5 root root 4096 May 17 15:36 ..
 drwxrwx--- 3 zimbra_srv root 4096 May 28 09:51 zimbra

As you can see, only the zimbra_srv user and the root group have access. All others – do not.

In Samba configuration we have defined a share that allows to connect to the shared directory /Archives/BackupServers/zimbra/ for the user zimbra_srv only.

[ZIMBRA_BACKUP]
 path = /home/Archives/BackupServers/zimbra/
 valid users = zimbra_srv
 write list = zimbra_srv
 public = no
 writable = yes
 read only = no
 printable = no
 create mask = 0700
 directory mask = 0700

Now the setup of the backup Sever is complete and we can move on to the example Zimbra server and install Veeam software there.

The setup files for Veeam Linux backup is available from the Veeam site. To download it, though, you’ll to create a user account.

Download URL: https://www.veeam.com/linux-backup-free.html

The user guide: https://www.veeam.com/veeam_agent_linux_2_0_user_guide_pg.pdf

Bear in mind that the free version can only have one backup job. If that’s good enough for you – great, however, if not – you’ll need to buy a paid version of Veeam Agent that’ll remove a single job limitation and also add some other features.

In this case I’ll use the free version. Once the Veeam agent is installed, we need to create a backup job. In this example I will backup the whole OS and mounted volumes.

Run the Veeam agent configuration executable and create the backup job and set up the backup repository.

As you can see, there are three options for the backup to choose from:

Select “Shared folder” to connect to the backup server using CIFS:

Specify the network and share connection information, and define the number of  restore points:

There are some nice features around the backup encryption but that’s available in a paid version only.

Set the backup schedule and you’re mostly done with the backup job definition:

In the end of the wizard you’ll have a summary, to confirm – select “Finish” and you’re done.

Here’s what I’ve got after some time in the form of daily backups:

All backups were successful, and let’s see how these backups are stored in the backup server with CIFS:

Right, so the backups for 7 days take up only 1.7G, which is nice.

root@backup-server:/# du -sh /home/Archives/BackupServers/zimbra/zimbra-server\ BackupJob1/
 1.7G /home/Archives/BackupServers/zimbra/zimbra-server BackupJob1/

If you to restore something for some reason, the process is not complicated. Launch the Veeam agent executable and select the backup job you need, push the “R” button on keyboard, then you’ll be prompted to select the day and time of the backup you’re interested in and press Enter. Veeam will then connect to the backup server CIFS share and mount the restore point to /mnt/backup:

Here’s an example of how the mount point with backup data looks like:

And as you see, Veeam agent has mounted the sdd volume as disk and we can do whatever we need to do with the data in that restore point.

Restoring data from individual volumes can be simple, so can you restore the whole operating system in the root disk? In this case Veeam helps us with their Recovery Media solution. It’s an ISO image which you can download from the Veeam site.

I’m going put it to /VeeamBoodISO/veeam-recovery-media-2.0.0.400_x86_64.iso and add new record to grub -> /etc/grub.d/40_custom

menuentry "Veeam Recovery Media" {
 insmod ext2
 set isofile="/VeeamBoodISO/veeam-recovery-media-2.0.0.400_x86_64.iso"
 loopback loop (hd0,1)/$isofile
 linux (loop)/isolinux/velinux iso-scan/filename=$isofile quiet noeject nopromt splash --
 initrd (loop)/isolinux/initrd.img
 }

…and modify…

root@zimbra-server:/# more /etc/default/grub

…to have ability to have choice select boot image:

GRUB_DEFAULT=0
GRUB_HIDDEN_TIMEOUT=10
GRUB_HIDDEN_TIMEOUT_QUIET=false
GRUB_TIMEOUT=10

And then update grub records by running update-grub2.

Once you reboot your instance, check the VM instance KVM console in OpenStack Horizon – you’ll have the updated boot menu and from now on can have the ability to restore the OS, specific volumes, or all objects at the same time.

Select Veeam Recovery to boot.

After booting to “Veeam Recovery Media” you will have the following menu:

Next, you’ll be notified about network state and root credentials.

Go to Restore volumes, let’s assume I want restore the OS to the yesterday’s copy, and then select “Add shared folder…” to connect to the backup server CIFS share.

The connection setup is pretty straightforward:

…and here we are in the backup server CIFS share. Go to the Backup Job:

 

Select the backup points that you want to restore from:

Select the boot partition to restore and press “Enter”:

Select the destination to restore to:

In this example, I’ve selected the OS disk sde with a size of 20 GB.

Press “Enter” to confirm and start the recovery process:

Recovery in progress…

Once done:

Now, select “Reboot” and proceed with the bootloader to load the OS.

There are questions!

There may be situations when, for instance, the OS partition is corrupted and then the boot loader will fail over to the Veeam Recovery Media ISO. What to do then? It this case there are 2 options:

  1. Once your Linux deployment and setup are complete, along with the Veeam backup agent configuration, you’ll need to create the VM instance snapshot from the OpenStack Horizon dashboard or CLI/API. This will allow to rebuild the VM instance with the boot volume (created from snapshot) and perform a full restore from the Veeam Recovery media.
  2. You can install a new instance, mount the Veeam Recovery Media ISO, boot from it and then do the same recovery. In this case your VM instance IP address will be different from the original one. To overcome this limitation, you can leverage a OpenStack Neutron port to retain a specific IP address. This can’t be done from the OpenStack Horizon dashboard but can be using CLI/API.

I think the same solution can be used with a Windows VM instance. In that case the backup could be even more flexible as the Windows Veeam Agent version is much more user friendly with a nice GUI. You could then backup OS + disks + selected files to the same backup server with CIFS (as configured above) and use the Veeam Recovery Media for any restore operations.

2 thoughts on “Linux VM Backup in OpenStack with Veeam Backup Agent”

  1. Creating a port in OpenStack using CLI is quite simple once you know how to do it 🙂

    First, you need to know the name for the network you want to create that virtual port in. Second, decide whether or not you want a specific IP address. If the former, then it’s really simple as:

    openstack port create --network Internal-network my_port_name

    In this example a port named “my_port_name” with an IP address from the allocation pool will be created in the network called “Internal-network”.

    If the latter, i.e. you want a specific IP address from a network subnet, you’ll need to know the subnet name. If you want all accessible subnet names, execute this:

    openstack subnet list

    This will give you a list of all subnets you can see. However, if you want to see the subnets for a specific network only, you’ll need this:

    openstack subnet list --network Internal-network

    The “Internal-network” here is just a name, valid for my case, this needs to be tailored to each individual scenario.

    Provided you have access to the subnet you want, you can then execute the following to allocate a specific IP address:

    openstack port create --network Internal-network --fixed-ip subnet=opnsense-lan_subnet-5sz2kuf43q3p,ip-address=172.27.200.100 port_172.27.200.100

    In this example my environment specific values are “Internal-network”, “opnsense-lan_subnet-5sz2kuf43q3p”, IP address value (172.27.200.100) and the port name “port_172.27.200.100”. Again, change these values to your specific environment.

Leave a Reply

Your email address will not be published. Required fields are marked *

− 3 = 2