#3075 Issue open: Add new BACKUP=VEEAM method

Labels: enhancement, sponsored

schlomo opened issue at 2023-11-12 19:16:

Discussed in https://github.com/rear/rear/discussions/3071

Originally posted by **idna38** November 7, 2023 Hello, We like to request a Veeam Linux Client disaster recovery integration option with relax and recover. Our approach is to create a small PXE configuration for each single client, upload it to an NFS/PXE server and restore those systems with PXE and the Veeam Backup agent for Linux. Here is our procedure to run a successful backup and recovery with relax and recover: Client-side configuration ========================= File /etc/rear/local.conf: OUTPUT=PXE OUTPUT\_PREFIX\_PXE=$HOSTNAME BACKUP=NETFS BACKUP\_URL=nfs:// PXE\_TFTP\_URL=nfs:// PXE\_CONFIG\_URL=nfs:// PXE\_RECOVER\_MODE="unattended" PXE\_CONFIG\_GRUB\_STYLE=y PXE\_TFTP\_IP= SSH\_ROOT\_PASSWORD=changeme USING\_UEFI\_BOOTLOADER=1 COPY\_AS\_IS+=( /usr/share/rear/\* /etc/veeam/\* /usr/bin/veeam\* /usr/lib/veeam/\* /usr/sbin/veeam\* /usr/share/veeam/\* /usr/share/doc/veeam/\* ) Backup procedure ================ rear -v mkbackup After the backup task is completed, it should have created a PXE configuration file with initrd, vmlinuz kernel files on the NFS/PXE server. **Example:** \[root@rhel8-veeam-rear tftp\]\# cat 01-02-a7-18-00-00-13 default hd prompt 1 timeout 300 label hd localboot -1 say ENTER - boot local hard disk say -------------------------------------------------------------------------------- display /rhel8-veeam-rear.message say ---------------------------------------------------------- say rear = disaster recover this system with Relax-and-Recover label rear kernel /rhel8-veeam-rear.kernel append initrd=/rhel8-veeam-rear.initrd.cgz root=/dev/ram0 vga=normal rw selinux=0 console=ttyS0,9600 console=tty0 \[root@rhel8-veeam-rear tftp\]\# Restore Procedure ================= - Boot the system with network boot/PXE - Login with root user and the password which was provided in the local.conf file from the client to restore. - Start the initial restore for disk, filesystem partitions, hostname and original network configuration like DHCP/STATIC - Start Veeam Service - Recover Data with Veeam Agent for Linux - Rewrite Grub Bootloader - SELinux (Optionally) - Reboot the system - Verify functionality Commands to use =============== - rear recover - systemctl start veeamservice - 'veeamconfig vbrServer add --name --address --domain --login Administrator (IP und Hostname von Veeam Server) --password ' - veeamconfig backup list --all (Always use the last backup ID Example: - veeamconfig backup mount --id {Use same the mount-id which was provided from the previous command)} : Info: This could raise an error, because the software want´s to mount the device in read/write mode, which is not allowed. :The device was only mounted as veeamloop device and needs to be remounted agains as read-only device for recovery - veeammount -d /tmp/veeamflr//FileLevelBackup\_0 -p /mnt/backup -o ro -m (-d und -p können per mount command gesucht werden) Final recovery procedure ======================== Recover the files from /mnt/backup to /mnt/local ================================================ shopt -s dotglob cp -rpva /mnt/backup/\* /mnt/local/ \# Copyjob time can depend of the amount of data :) Chroot and rewrite the GRUB Bootloader ====================================== chroot /mnt/local sudo dnf reinstall shim-\* grub2-\* exit (von rear console) Did you restore the backup to /mnt/local ? Are you ready to continue recovery ? yes After this "umount -a" and "reboot" SELinux will be relabeled if necessarry Last Post Task: Add the client/server back to an Veeam Protection Group with an XML file: -- veeamconfig mode setVbrSettings --cfg Please let us know, how we can proceed on this or if we can get some help from the community. Any answer is kindly appreciated. Thanks and best regards, Andreas

schlomo commented at 2023-11-12 19:34:

@idna38 just to clarify how Veeam works: it mounts a virtual file system that we can use to copy all files and folders back onto the freshly formatted disks? How does it handle multiple file systems on the original server, extended file attributes and stuff like that? What about sparse files and hard links?

Is it important to stop this mount (see https://helpcenter.veeam.com/docs/agentforlinux/userguide/files_restore_cmd_backup_umount.html?ver=60) or OK to leave it open?

I'm also wondering why just mounting the backup as described in https://helpcenter.veeam.com/docs/agentforlinux/userguide/files_restore_cmd_backup_mount.html?ver=60 is not enough.

Is there maybe another command that would simply extract (like tar -x) this Veeam backup to a directory, without mounting it first? That might give us more control over the process and it might be faster, too.

schlomo commented at 2023-11-12 21:25:

@idna38 would it be worth exploring these "recovery tokens" as a way to facilitate authentication for the agent without granting full access to credentials stored on the rescue media?

[Export of Github issue for rear/rear.]