Page tree
Skip to end of metadata
Go to start of metadata

Product Version: 7.0
Last Modified: 1 Mar 2017

Background

In the Application-aware mode, NAKIVO Backup & Replication triggers Volume Shadow Copy Service (VSS) inside guest OS of source VMs prior to making a VM snapshot. The VSS service will instruct VSS-aware applications and databases to flush data from memory to disk and save data in a consistent state. Thus, the VM snapshot taken after triggering the VSS service will contain consistent data.

If you run a VM with Linux or FreeBSD guest OS under Hyper-V, refer Hyper-V support article about supported Linux and FreeBSD versions.

Solution

To make VSS work on Linux guest OS, you need to put custom scripts called pre-freeze-script and post-thaw-script into /usr/sbin directory and give them executive permissions. When the backup job starts running, NAKIVO Backup & Replication triggers these scripts.

Freeze and thaw scripts require root permissions to be executed.

When a non-root user is used, scripts invocation will be done via sudo, therefore the following requirements must be met.

1. Provided credentials must have full access without a password in /etc/sudoers 

#User privilege specification
root ALL=(ALL:ALL) ALL
#Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
#Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
#See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
nakivo ALL=(ALL) NOPASSWD:ALL

2. Provided credentials must be allowed to execute freeze/thaw scripts without a password in /etc/sudoers

#User privilege specification
root ALL=(ALL:ALL) ALL
#Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
#Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
#See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
nakivo ALL=(ALL) NOPASSWD: /usr/sbin/pre-freeze-script, /usr/sbin/post-thaw-script

3. If NAKIVO Backup & Replication logs into Amazon EC2 instance and there's no password for Linux user, provided credentials must have a password to execute sudo:

    1. Log into the instance via SSH client using pem key
    2. Execute sudo passwd ubuntu
    3. Open /etc/sudoers in a text editor
    4. Add ubuntu ALL=(ALL) NOPASSWD:ALL to the bottom of the file
    5. Open /etc/ssh/sshd_config in a text editor
    6. Add set up PasswordAuthentication yes
    7. Reboot the instance
    8. Log into the instance via SSH client without pem key, enter password

 

  • No labels