Backups can be a tricky thing, all of us that did system administration, maintenance, or system engineering or architecture at some point had to choose a backup mechanism, that depending on the requirements can be a simple bash script that uses tar or rsync, or a robust solution like BackupPC or Bacula, backup appliances and so on.
Today while reading the BackuPC mail list someone asked about the best way to use it backup a MySQL DB, as always a multitude of options, one of my favourite ones is using MySQL-ZRM and BackupPC. I’m a fan boy of BackupPC, I’ve used it for years both in personal projects as in different enterprise projects, I’m not going to describe how to install or how to make BackupPC run on your system. There is a lot of online information about this (just check BackupPC home page).
Although BackupPC is a great tool it won’t guarantee the status of your databases on the moment of the copy, for that you need another tool, my favourite one is MySQL-ZRM. MySQL-ZRM will make sure that your new MySQL or mariadb backup is consistent, this backup can be retrieved by BackupPC and stored in the backup server.
Installing MySQL-ZRM on CentOS 7
As the title of the post says I’ll be using CentOS 7, so the first thing I need is to install the Epel repo on my CentOS 7 server:
rpm -Uvh https://ftp.fau.de/epel/7/x86_64/e/epel-release-7-1.noarch.rpm
Now that we have the repo installed we need to install MySQL-ZRM
yum install -y MySQL-zrm
Considerations on MySQL-ZRM on CentOS 7
There are two main differences in the configuration, the mode of the backup that can be:
Raw mode will make sure you that you’ll have the best performance possible during the backup, nevertheless it will need that you use LVM and I would only advice you to use it if you’re familiar with the concept. To start with you should have a logical volume for your mysql data dir (usually /var/lib/mysql/), then you should have available space on your volume group. At least double the space that you would need for MySQL operation during the backup, but please be generous here as if your ran out of space you will truncate your DBs. On the other hand the considerations over the performance may not be true as they will vary with your use case, RAW will make sure you that there were will be not locks on the DB during the time of the backup. If you really need performance to be unaltered during the seconds or minutes of the backup I would recommend a master/slave setup where you would to the backups from the slave host, thus not impacting the master.
The Logical backup mode doesn’t have any special requirements, nevertheless you’ll be “write locking” the tables during the time of the backup, with recent hardware even big backups can be fast, but if you are talking of a 200GB DB miracles won’t happen, in this cases I would recommend the RAW mode.
Setting up your MySQL server to make it suitable for MySQL-ZRM
To make your MySQL server suitable for MySLQ-ZRM you need to create a user with the right set of permission, also if you are not backing up data on the same server that you’re running MySQL-ZRM you need to enable TCP on your mysql.
Create mysql user with the correct set of permissions
mysql -h localhost -p # or whatever IP or hostname where your MySQL lives
grant select, insert, update, create, drop, reload, shutdown, alter, super, lock tables, replication client on *.* to ‘backupuser’@’localhost’ identified by ‘very secret password‘;
Setting up MySQL-ZRM on CentOS 7
After installing MySQL-ZRM we need to set it up, to do this we need to edit its configuration:
The config file is located at:
In this example we will use the Logical backup mode the main configuration changes are:
destination=/var/lib/mysql-zrm # backups destination folder (can be a NFS share, smb share, usb mount point, etc)
retention-policy=15D # How many days to keep the backup on the destination folder.
compress=1 # compress backups 1 = enabled, 0 = disabled
compress-plugin=/usr/bin/gzip # you’re able
all-databases=1 # do you want to backup all the databases on the mysql server? In this case we do
user=”backupuser” # authorized user to backup your databases
password=”very secret password” # the password
host=”your.server.hostname” # server host name
routines=1 # do we want to backup MySQL routines? In this case yes
verbose=0 # do we want the log to be verbose
mailto=”firstname.lastname@example.org” # backup admin email, if you have a local MTA correctly configured you’ll receive an email if backups didn’t finish properly, this will depend on the email policy described below
If you are backing up a remote server you’ll also need to enable TCP transfers on my.cnf, this can be achieved by setting on the [mysql] section:
port = 3306
Please keep in mind that you should be very careful when exposing MySQL, so set your iptables firewall to only allow IP connections to the backup server and other desired mysql clients, bellow is an example of how to do it:
iptables -I INPUT -m tcp -p tcp –dport 3306 -i eth0 -s 10.2.3.4/32 -m comment -j ACCEPT –comment “Allow access to web server”
iptables -I INPUT -m tcp -p tcp –dport 3306 -i eth0 -s 10.2.3.5/32 -m comment -j ACCEPT –comment “Allow access to MySQL-ZRM server”
Where –dport is destination port, -i eth0 is the interface where you want the filter to be active (you may skip it and it will be active in all the interfaces), -s IP are the allowed IPs, and -j ACCEPT is the target for the rule, in this case ACCEPT the package.
Setting up MySQL-ZRM backup frequency
MySQL-ZRM uses cron to do the backups, so the frequency is the one defined in the cron entry, many just use root crontab to do everything, although this is possible it’s not the most correct way of doing it.
Again there are multiple possibilities of doing this:
- Use mysql-zrm-scheduler, this is a tool that will help you create the crontab entry with the correct parameters, you can check how it works just by typing mysql-zrm-scheduler on the command line.
- Edit the crontab entry directly if you know the parameters (my favourite and all the parameters are also very well documented)
For a once a day backup of your database you would need to create the following file:
With the following content:
0 1 * * * root /usr/bin/zrm-pre-scheduler –action backup –backup-set `hostname -s` –backup-level 0 –interval daily
0 3 * * * root /usr/bin/mysql-zrm –action purge
This will trigger a backup every night at 1:00 AM, and it will also trigger a purge of the old content at 3:00 AM, please not that if you’re backing up another server than localhost you should replace hostname -s for the FQDN of the desired server.
Integrating with BackupPC
Integration may be achieve by 2 distinct means:
- Let BackupPC retrieve the files from the destination folder specified above, easiest and probably will suit most setups.
- Trigger backup execution within BackupPC.
I’ll focus on the second option as the first one is enabled by default if you include the destination in the folders to be backed up by BackupPC.
MySQL-ZRM scheduler configuration if integrated with BackupPC
Edit your /etc/cron.d/mysql-zrm like this:
0 3 * * * root /usr/bin/mysql-zrm –action purge
As you see the there’s one entry that is missing, the command execution will be triggered by BackupPC.
BackupPC triggering MySQL-ZRM configuration
I’ll assume you already have your BackupPC server configured and that the destination folder is already in the path to be backed up.
- Login to BackupPC web interface
- Select the server that holds the DBs to be backedup
- Choose “Edit config”
- Choose “Backup Settings” tab (default)
- Bellow “User Commands” there is a text box with the name “DumpPreUserCmd” where you’ll insert:
mysql-zrm-backup -backup-set `hostname -s` –backup-level 0
Setting up MySQL backups is not a hard task, there are a multitude of options out there this is just one of them. I would recommend you guys to have a deep look at the official BackupPC and MySQL-ZRM documentation. This post touches just the surface of what those two pieces of software can do.
As important as doing backups is a good test on recovering the data to the desired state, it’s not enough to be able to list the backup content, you should be able to restore the full service, then you must check if you are able to do it from a full backup, then do it based on and differential or incremental backup. It’s also important to know what are those and be “fluent” with the backup software. This may be the difference between a headache and getting your head cut.
Keep calm and keep your backups up to date!
Pedro M. S. Oliveira