OpenAFS Wiki/ admin/ cern backup setup

CERN backup setup ca. 2011

Base numbers

  • ~55 file servers
  • 850 million files (50% yearly growth)
  • total backup size on tapes: ~ 650TB
  • total number of objects on tapes: ~5 million
  • daily transfer to tape: 1-2.5 TB

Requirements

  • backup dumps: daily
  • backup retention policy: 6 months
  • restore directly done by the users (that is w/o admin intervention)
  • same backup policy for all volumes: all volumes are equal and no volumes are more equal than others

Current organization

  • components:
    • frontend: AFS "native" backup system (butc, backup commands)
    • tape backend: TSM backup service and tape manager
  • granularity:
    • full backup cycle to tape ~ every 30-50 days
    • 1 or 2 differential backups to tape per full backup cycle (differential = "diff to the last full")
    • daily incremental backups to tape ("diff to the last incremental")
    • "yesterday" also available as “BK” clone on disk
      • for home directories these clones are already mounted and directly accessible to users
  • servers are backed-up in parallel by a cronjob every evening (i.e. every 24 hours)
    • partitions on a server are backup-up in sequence
  • load-balancing the data flow to the backup service:
    • avoid all servers doing full backups at the same time

Problems/Issues

  • scalability: need 24 hour window to complete a dump of all partitions on a server (may be a problem for increasingly larger servers)
    • more parallelism in dumping the volumes?
    • using more features of the TSM (e.g. more accounts) may be required in the future
  • maintenance:
    • current administration layer for backup dump/restore is overly complex and drags a lot of historical/obsolete code

Detailed details

  • AFS backup system frontend
    • backup volsets: one volset per partition
      • database model: a volset dump contains a list of volume dumps
    • dump hierarchy:
      • simply defined as a chain: full-i1-...-i52 (no differentials)
      • differential backups are determined based on additional state information stored locally via perl Catalog module
      • once a differential is created, the backup database keeps track of the parentship of subsequent incrementals
    • several layers of wrappers perl/ksh/arc/... to manage dumps and restores
      • butc wrapped by expect script and fired on demand (no permanent butc processes), requires locking
      • end-user backup restore integrated into the afs_admin interface
        • restore done in a “synchronous” mode: an authenticated RPC to a restore server (one of afs file server nodes) is made using "arc"
        • the RPC connection is kept alive until user leaves a temporary shell which is positioned where recovered volumes are temporarily mounted

  • TSM backend

    • TSM server (one TSM account at the moment, using "archive" mode)
    • butc linked against XBSA/TSM library
      • each volume dump is stored as a separate object in TSM with the volset dump id prefix ("/{volsetdumpid}/{volname}.backup")