Dump

Dump is a very useful tool for backing up entire partitions on OpenBSD. It can be done remotely.

WARNING: If your filesystem is being actively written to, data corruption may occur.

Dump Primer

dump is a classic BSD tool for backing up entire filesystems.

Before you dump, make sure you have enough disk space for the entire dump. To see how much space it will take, and how much you have available, run:

$ df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a     1005M    111M    844M    12%    /
/dev/sd0k      192G   28.7G    153G    16%    /home
/dev/sd0d      3.9G   22.1M    3.7G     1%    /tmp
/dev/sd0f     12.3G    7.3G    4.4G    63%    /usr
/dev/sd0e     14.7G   41.2M   14.0G     0%    /var

Dumping /home will require at least 28.7G of space.

Here's a simple way to dump your /home folder:

$ doas dump -a -f home.dmp /home

This will create home.dmp in your current directory. -f tells you where the dump file will be created, /home is the partition, and -a tells dump to "auto-size".

NOTE: see restore for backup restoration details.

nodump flags

Some files do not need to be backed up because they can easily be downloaded elsewhere. These files can be set to nodump using chflags. You can then use ls -lo to view the special flag:

$ chflags nodump /path/to/file
$ ls -lo /path/to/file
-rw-------  1 username  group  nodump 4452 Dec 29 18:53 file

For example, if you never edit or store any irreplaceable files in /usr, you can run:

$ doas chflags -R nodump /usr
$ ls -lo /usr
drwxr-xr-x   7 root   wheel  nodump  512 Oct  4 18:47 X11R6
drwxr-xr-x   2 root   wheel  nodump 5632 Nov 21 22:17 bin
drwxr-xr-x   2 root   wheel  nodump 1024 Nov 21 22:14 games
drwxr-xr-x  33 root   bin    nodump 3072 Nov 21 22:14 include
drwxr-xr-x   7 root   wheel  nodump 4608 Dec  8 19:22 lib
...

To remove the nodump flag, run:

$ chflags -R dump /path/to/file
$ ls -lo /path/to/file
-rw-------  1 username   group  - 4452 Dec 29 18:53 file

Options

Let's add some helpful options:

$ doas dump -0 -a -h 0 -f home.dmp /home

-0 requests a full backup (a complete copy of the file system). You can use -1, -2 and so forth to perform an incremental backup: only files that are new or modified since the last dump of a lower level are copied.

-h 0 makes dump obey nodump flags for dumps at or above level 0 (in other words, always obey nodump flags).

-u adds time of last backup to /etc/dumpdates, and security(8) will notify you once it has been passed since last backup.

Dump over SSH

You can dump to standard output instead of to a file by specifying -f -:

WARNING: Do not actually run the next line of code, or else your screen will be garbled and your system may crash. Type ctrl+c to cancel if you already have, and type reset if your screen has been garbled.

$ doas dump -0 -a -u -h 0 -f - /home

We can redirect standard output to a file:

$ doas dump -0 -a -u -h 0 -f - /home > home.dmp

We can use a remote host to run the dump command using ssh, then redirect the standard output to a file:

$ ssh example.ircnow.org "doas dump -0 -a -u -h 0 -f - /home" > home.dmp

NOTE: The above command pulls the backup from a remote host to the backup location. This requires ssh without password (ssh keys) and doas without password which is a security concern. A better model is to use a push model for the backups where only the process doing the backup needs to be root (usually run from cron) and pushes the backup to a user account without wheel access on the destination machine. This makes pushing the backups more secure. Here's a version of the above command for pushing the backup instead of pulling it:

dump -0 -a -u -h 0 -f - /etc | ssh backups@example.ircnow.org 'cat >/mnt/backups/example.ircnow.org/etc.dmp'

I'll swing by later to update this document to use this model instead as a more secure use of dump. ...Izzy


We take this idea and create a script with it in the next section.

Complete Functions

Put the following functions at the end of ~/.profile:

dump-ssh () {

        echo "Dumping in $PWD: type ctrl+c to abort, enter to continue"
        read $cancel
        if [ $1 ] ; then
                remote=$1
        else
                remote=user@example.ircnow.org
        fi
        ssh $remote "doas dump -0 -a -u -h 0 -f - /" > root.dmp
        ssh $remote "doas dump -0 -a -u -h 0 -f - /home" > home.dmp
        ssh $remote "doas dump -0 -a -u -h 0 -f - /home/vmm" > vmm.dmp
        ssh $remote "doas dump -0 -a -u -h 0 -f - /mnt" > mnt.dmp
        ssh $remote "doas dump -0 -a -u -h 0 -f - /var" > var.dmp
        ssh $remote "doas dump -0 -a -u -h 0 -f - /var/www/htdocs" > htdocs.dmp
        ssh $remote "doas dump -0 -a -u -h 0 -f - /usr" > usr.dmp
        date > date
        md5 root.dmp home.dmp vmm.dmp mnt.dmp var.dmp htdocs.dmp usr.dmp date > md5sum
}

dump-local () {
        echo "Dumping in $PWD: type ctrl+c to abort, enter to continue"
        read $cancel
        doas dump -0 -a -u -h 0 -f - / > root.dmp
        doas dump -0 -a -u -h 0 -f - /home > home.dmp
        doas dump -0 -a -u -h 0 -f - /home/vmm > vmm.dmp
        doas dump -0 -a -u -h 0 -f - /mnt > mnt.dmp
        doas dump -0 -a -u -h 0 -f - /var > var.dmp
        doas dump -0 -a -u -h 0 -f - /var/www/htdocs > htdocs.dmp
        doas dump -0 -a -u -h 0 -f - /usr > usr.dmp
        date > date
        md5 root.dmp home.dmp vmm.dmp mnt.dmp var.dmp htdocs.dmp usr.dmp date > md5sum
}

dump-local will make a complete local backup of the current system, and dump-ssh will make a complete remote backup of the server you specify.

WARNING: If you have any other partitions besides the ones in the function, you must add them, or the partition will not get backed up.

Source it, then call it on the server:

$ . ~/.profile
$ dump-ssh example.ircnow.org
$ dump-local