Closed
Bug 743815
Opened 12 years ago
Closed 8 years ago
NetVault: Backup releng windows server infrastructure
Categories
(Infrastructure & Operations :: Infrastructure: Backups, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mlarrain, Unassigned)
References
()
Details
We need to look into what is needed for backing up Windows Domain Controllers as they are very picky about being backed up.
Updated•12 years ago
|
Assignee: server-ops-releng → mlarrain
Reporter | ||
Comment 1•12 years ago
|
||
So I was doing some research last night and came across this; http://www.trainsignal.com/blog/backup-and-restore-active-directory-on-windows-server-2008
Updated•12 years ago
|
Component: Server Operations: RelEng → Server Operations: Infrastructure
QA Contact: arich → jdow
Comment 2•12 years ago
|
||
We use NetVault for our Linux servers, but it can also backup Windows machines. They currently have plugins for SQL server (Supported Editions: Developer, 2000 MSDE, 2005/2008 Express, Workgroup, Standard, Enterprise and Web Edition.) and Exchange (Supported Editions: Standard and Enterprise). What details do you need before trying those out? I can shoot them an email and ask more about those plugins.
Reporter | ||
Updated•12 years ago
|
Assignee: mlarrain → dgherman
Reporter | ||
Comment 3•12 years ago
|
||
Ask them if it is possible to backup and active directory database/server and how easy it is to deploy from backup.
Reporter | ||
Comment 4•12 years ago
|
||
bumping on this as this is a priority for the releng windows rollover that is happening on Friday. If nothing else we need a system backup of these systems.
Severity: normal → major
Comment 5•12 years ago
|
||
Per our IRC conversation, I need to know the following: - AD version that we use - Windows flavor Thanks!
Reporter | ||
Comment 6•12 years ago
|
||
dumitru we are using Windows Server 2008 R2 and AD Version: 6.1.7601.17514
Comment 7•12 years ago
|
||
Case ID : 1056331 with Quest created.
Comment 8•12 years ago
|
||
Quest's reply was long, so I forwarded it to digipengi. Waiting for his input after reading the options we have.
Reporter | ||
Comment 9•12 years ago
|
||
Agreed with Dumitru the email was really long but we are going to go with using System State backups. I will perform the initial run through and post a wiki page on how to do this in the future.
Reporter | ||
Comment 10•12 years ago
|
||
dumitru do you have a server path for backups I can use?
Comment 11•12 years ago
|
||
per our discussion, this is handled differently.
Assignee: dgherman → mlarrain
Reporter | ||
Comment 12•12 years ago
|
||
The goal now is to switch from windows dhcp to ISCDHCP and thus we will not have to backup these systems as they are setup for redundancy. Closing this bug as wont fix.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Updated•11 years ago
|
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations
Comment 13•11 years ago
|
||
Reopening this since it has some prior discussion about how we might go about this. Q and I discussed revisiting this issue to back up at least one domain controller, wds server, and probably the kms server so we have a way to recover the information in the case of corruption or site-wide loss. I'll let Q provide the technical details of what we should back up and how.
Status: RESOLVED → REOPENED
Flags: needinfo?(q)
Resolution: WONTFIX → ---
Summary: Figure out how to backup Windows Domain Controllers → Backup releng windows server infrastructure
Comment 14•11 years ago
|
||
Most data in the relops windows infrastructure has DFS redundancy so if we back up the whole file system we get all the shared data. WDS1.releng.ad.mozilla.com * E:\ nightly or weekly if space is a concern * Whole system monthly for IDR DC1.ad.mozilla.com * C:\ nightly * Active directory ( global catalog or possibly ldap client ) nightly DC6.releng.ad.mozilla.com * C:\ nightly * Active directory ( global catalog or possibly ldap client ) nightly KMS1.ad.mozilla.com * Whole system weekly
Comment 15•11 years ago
|
||
all machines are 2008 R2 unless otherwise specified.
Comment 16•11 years ago
|
||
How's the backup process going to look like? I'm asking because I need to filter out the traffic it's going to generate from my NSM system, so it does not overload it.
Comment 17•11 years ago
|
||
We'll use Netvault, so same port range (20031-21031 (TCP and UDP)).
Comment 18•11 years ago
|
||
Its been over a month now, so I'm checking back in to see when we'll have this implemented. This is fairly important since the windows infrastructure has no backups at all at this point, and if we were to suffer a catastrophic failure, we would need to rebuild things from scratch by hand.
Assignee: q → dgherman
Flags: needinfo?(dgherman)
Comment 19•11 years ago
|
||
Usul can take care of this. As you see, the bug was not assigned to me nor a needinfo was requested, so I had no idea I need to take action on it.
Assignee: dgherman → ludovic
Flags: needinfo?(dgherman)
Comment 20•11 years ago
|
||
Are the machines accessible via RDP ?
Status: REOPENED → ASSIGNED
Flags: needinfo?(q)
Comment 21•11 years ago
|
||
(In reply to Ludovic Hirlimann [:Usul] from comment #20) > Are the machines accessible via RDP ? ?
Flags: needinfo?(arich)
Comment 22•11 years ago
|
||
Yes, they're all accessible via RDP. Credentials are in the relops GPG password file.
Flags: needinfo?(q)
Flags: needinfo?(arich)
Comment 23•11 years ago
|
||
Client is installed on : WDS1.releng.ad.mozilla.com DC6.releng.ad.mozilla.com KMS1.ad.mozilla.com Couldn't connect on DC1.ad.mozilla.com
Comment 24•11 years ago
|
||
usul: were you able to get into dc1.ad.mozilla.com once you tried using the correct credentials?
Comment 25•11 years ago
|
||
(In reply to Amy Rich [:arich] [:arr] from comment #24) > usul: were you able to get into dc1.ad.mozilla.com once you tried using the > correct credentials? Nope but I'll give it one more try today - was busy with other backup stuff.
Comment 26•11 years ago
|
||
> WDS1.releng.ad.mozilla.com
> * E:\ nightly or weekly if space is a concern
First full for that is currently running. - running nightlies on it.
Comment 27•11 years ago
|
||
Rah and today I can't manage to connect to any using the password in the file. Did it change and the file didn't get updated ?
Comment 28•11 years ago
|
||
(In reply to qfortier from comment #14) > KMS1.ad.mozilla.com > * Whole system weekly Weekly that we keep for a month - done evry saturday at 5PM
Comment 29•11 years ago
|
||
(In reply to Amy Rich [:arich] [:arr] from comment #24) > usul: were you able to get into dc1.ad.mozilla.com once you tried using the > correct credentials? done with my account - software is installed.
Comment 30•11 years ago
|
||
Are all of these machines being backed up now, or is there more work to do?
Flags: needinfo?(ludovic)
Comment 31•11 years ago
|
||
Still need to do the AD I'll close the bug when things work properly.
Flags: needinfo?(ludovic)
Comment 32•11 years ago
|
||
Any update here, it's been almost another 3 weeks and we're still without backups on some of these systems.
Comment 33•11 years ago
|
||
nope. Work week this week so don't expcet anything until monday. sorry arr.
Comment 34•11 years ago
|
||
Update : Status update (sorry it took so long) Reading the docs for AD and making sure I understand them to have proper backup of AD. Looking at backups I have WDS1, DC1 and KMS1 seen as client. KMS1 has weekly jobs running. WDS1 as E:\ as Full and INcs running. Added C:\ Nighthlies on DC1. I currently can't see DC6 from backup1.
Comment 35•11 years ago
|
||
> I currently can't see DC6 from backup1. so I get : [root@backup1.private.scl3 ~]# nc -z 10.22.69.18 20031 [root@backup1.private.scl3 ~]# and I can ping backup1 from DC6. [root@backup1.private.scl3 ~]# nc -z 10.22.69.16 20031 Connection to 10.22.69.16 20031 port [tcp/*] succeeded! is what I get for DC1. So either something is wrong on the network or with the install
Comment 36•11 years ago
|
||
Q did you set any specific local firewall rules on DC6 ? eg I need ports 20031 - 21031/tcp to be open to talk to backup1.private.scl3.mozilla.com ?
Flags: needinfo?(q)
Comment 37•11 years ago
|
||
The outbound ports should be ooen. I am testing some gpo based exception rules to white list the needed ports. I shoukd have it rolling out tomorrow.
Flags: needinfo?(q)
Comment 38•11 years ago
|
||
(In reply to Q from comment #37) > The outbound ports should be ooen. I am testing some gpo based exception > rules to white list the needed ports. I shoukd have it rolling out tomorrow. so how did the rolling out go ?
Comment 39•11 years ago
|
||
TCP ports 20031 - 21031 are now listed as open inbound and outbound explicitly to any internal address.
Comment 42•10 years ago
|
||
(In reply to Ludovic Hirlimann [:Usul] from comment #41) > DC6 is now visible. Added the nighly job.
Updated•10 years ago
|
Comment 43•10 years ago
|
||
Hey Usul, As discussed, please note the timeframe and requirements in the bug. Thank you.
Flags: needinfo?(ludovic)
Comment 44•10 years ago
|
||
Need to kick my ass over this. Will try to finish this by the end of this month. Will probably need to Windowns sysadmin help to test if restores are fine as my AD knowledge is close to null.
Flags: needinfo?(ludovic)
Comment 45•10 years ago
|
||
Hey, it's after the end of the month. Checking in to see if there's been any progress.
Comment 46•10 years ago
|
||
(In reply to Amy Rich [:arich] [:arr] from comment #45) > Hey, it's after the end of the month. Checking in to see if there's been > any progress. I'll take the stick and punch me with it - sorry - What I really need to do is read a kb article and make sure I understand it fully. Have not been able to do so - It's still very high on my list (promise).
Comment 47•10 years ago
|
||
Ok need to look at the options I've ticket for the backup and VSS/OFM means in the netvault vocabulary.
Comment 49•10 years ago
|
||
So we do full backups of the host. Using a client's version greater than 6.17 as per the docs. I don't see any of the options from the kb article in the UI I get - ain't sure where to go with this (as I can't currently open support tickets).
Flags: needinfo?(ludovic)
Comment 51•10 years ago
|
||
:Usul, any update on this, in terms of support contract renewal, and getting this stuff backed up?
Comment 52•10 years ago
|
||
(In reply to Dan Parsons [:lerxst] from comment #51) > :Usul, any update on this, in terms of support contract renewal, and getting > this stuff backed up? Status is : Machine drives are backed up. Ain't sure about the Active directory bits.
Comment 53•10 years ago
|
||
For the licence renewals I'll defer to dmoore.
Flags: needinfo?(ludovic) → needinfo?(dmoore)
Summary: Backup releng windows server infrastructure → NetVault: Backup releng windows server infrastructure
Updated•10 years ago
|
Assignee: ludovic → infra
Updated•10 years ago
|
Severity: major → normal
Updated•10 years ago
|
Status: ASSIGNED → NEW
Comment 55•8 years ago
|
||
These systems are being backed up via bacula.
Status: NEW → RESOLVED
Closed: 12 years ago → 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•