Monthly Archives: January 2007

Incremental backup of Zimbra on LVM volume with duplicity

The best way to do a reliable backup of Zimbra Community Edition (ZCS) and minimize downtime is to put /opt/zimbra on a dedicate LVM volume.

The reason why you have to satisfy this requirement is that you cannot simply backup /opt/zimbra while Zimbra is running.

At the same time, creating a backup of a full Zimbra installation can take from several minutes to a few hours, depending on the size of your mailboxes and the resources of your server. This means that you cannot stop Zimbra, backup it and restart it as it would cause a huge downtime.

Welcome LVM.

Making a snapshot of a LVM volume takes only a few seconds. All we have to do is:

  • stop zimbra
  • make a snapshot of the LVM volume mounted under /opt/zimbra
  • start zimbra
  • mount the snapshot on a temporary dir
  • backup the temporary dir
  • unmount the snapshot
  • destroy the snapshot

You can find many examples of this procedure on Zimbra Wiki, but I wasn’t satisfied with any of them because they didn’t support incremental remote backups.

Welcome duplicity.

Duplicity is a nifty piece of software which can do either a full or incremental backup of a directory and store it on a local disk or on a remote storage, via ftp or scp.
duplicity is smart enough to detect when the last full backup was performed more than 1 month ago and will automatically switch from “incremental backup” to “full backup” in that case.
As a bonus it can also purge old backups automatically, without the need for additional scripting.

In my example, I use duplicity to do a remote backup via ftp.
I choose to use symmetrical encryption because I’m lazy. Asymmetrical encryption is supported too, though.

The script shall be run by cron everyday, as root. E.g.:
0 3 * * * /root/bin/

You need a little more than 2 GB of free disk space inside $TEMPDIR ! duplicity is smart enough to write one backup volume at a time (the size can be set in $VOLSIZE – in my example it’s 2GB), upload it, delete it, and then start writing the next backup volume. At any given time, your TEMPDIR will contain only a single 2GB backup volume.

SECURITY WARNING: in this example script, I put all passwords inside the script itself. Make sure to chmod 700 and chown root:root the script or any user will be able to download and decrypt your backups! Alternatively, you can move the configuration vars to an external file, chmod 600 it and source it inside the script.

Note: when you cut & paste the script, make sure the resulting file is in UNIX format.

Last update: 9 Aug 2010