Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Product Version: 7.0
Last Modified: 1 Mar 2017

Background

In the Application-aware mode, NAKIVO Backup & Replication triggers Volume Shadow Copy Service (VSS) inside guest OS of source VMs prior to making a VM snapshot. The VSS service will instruct VSS-aware applications and databases to flush data from memory to disk and save data in a consistent state. Thus, the VM snapshot taken after triggering the VSS service will contain consistent data.

Solution

To make VSS work on Linux guest OS, you need to put custom scripts called pre-freeze-script and post-thaw-script into /usr/sbin directory; when the backup job starts running, NAKIVO Backup & Replication triggers these scripts.


Freeze and thaw scripts require root permissions to be executed.

If a non-root user executes the scripts via sudo command, the following requirements must be met.

1. Provided credentials should be root

2. Provided credentials must have full access without a password in /etc/sudoers 

#User privilege specification
root ALL=(ALL:ALL) ALL
#Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
#Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
#See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
nakivo ALL=(ALL) NOPASSWD:ALL

3. Provided credentials must be allowed to execute freeze/thaw scripts without a password in /etc/sudoers

#User privilege specification
root ALL=(ALL:ALL) ALL
#Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
#Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
#See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
nakivo ALL=(ALL) NOPASSWD: /usr/sbin/pre-freeze-script, /usr/sbin/post-thaw-script

4. If NAKIVO Backup & Replication logs into Amazon EC2 instance and there's no password for Linux user, provided credentials must have a password to execute sudo:

    1. log into the instance via SSH client using pem key
    2. Execute sudo passwd ubuntu
    3. Open /etc/sudoers in a text editor
    4. Add ubuntu ALL=(ALL) NOPASSWD:ALL to the bottom of the file
    5. Open /etc/ssh/sshd_config in a text editor
    6. Add set up PasswordAuthentication yes to the bottom of the file
    7. Reboot the instance
    8. Log into the instance via SSH client without pem key, enter password
  • No labels