Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to backup NSM: Taking a snapshot of NSM

0

0

Article ID: KB11476 KB Last Updated: 28 Dec 2010Version: 4.0
Summary:
Before upgrading a NSM install, it is a good idea to make a backup of the current install.  The backup provides a quick way to "roll-back" if necessary.
Symptoms:

 
Solution:
During a NSM upgrade, some issue may prevent the upgrade from succeeding.  Taking a "snapshot" (making a backup) of the current running NSM would provide a quick "roll-back" if needed.  The steps to backup and restore are documented below.


Directories Referenced in the Backup steps

NSM uses these paths (by default): 
/usr/netscreen           --the binary apps, docs, libraries and utilities
/var/netscreen/GuiSvr    --the "guiSvr" data directory
/var/netscreen/DevSvr    --the "devSvr" data directory

There are a few specific locations worth noting:
/var/netscreen/dbbackup         --the NSM nightly backups...one directory for each day's backups
/var/netscreen/installerbackup  --a copy of important files the NSM install/upgrade script keeps when an upgrade is performed
/var/netscreen/GuiSvr/errorLog  --errorLogs
/var/netscreen/DevSvr/errorLog  --errorLogs
/var/netscreen/GuiSvr/firmware  --versions of ScreenOS that have been added to NSM for upgrading devices
/var/netscreen/GuiSvr/xdb       --the actual device config "database"
/var/netscreen/DevSvr/logs      --the "traffic logs"

NOTE:  To efficiently back up the system, the backups do not need to be backed up, nor do the traffic logs (they are huge), nor does the firmware (which can easily be downloaded again).


Follow these steps to make a "snapshot" of the current installation.

  1. Become root on the system.
  2. Check the following paths:  /var/netscreen  /var/netscreen/GuiSvr /var/netscreen/GuiSvr/xdb /var/netscreen/DevSvr  for any files that end with  .tar  .gz  or .tgz  these are extra backups that should be moved or removed before proceeding as they increase the size of this backup unneccesarily.

  3. Verify there is sufficient space to backup the install. 
    Depending on the space available, the tar commands below may need to have different destination directories.
    The examples listed save all the data to the /var/nsmBackup directory.

    Use the -k or -h commands to get a rough idea of how much space is needed.
    -k lists space in kilobytes 
    -h option may be useful if your OS supports "human readable" output

    df -k   --to find the available space
    du -s /usr/netscreen
    du -s /var/netscreen/GuiSvr
  4. Shutdown all NSM services.  If running in HA, shutdown the backup server first.  Verify which is backup with the "status" option. IE: /etc/init.d/guiSvr status The server that
    /etc/init.d/haSvr stop
    /etc/init.d/guiSvr stop
    /etc/init.d/devSvr stop
  5. Create an "exclude" file for the /var files that will not need to be backed up.
    touch /tmp/exclude.nsmbackup
    echo GuiSvr/firmware/* >> /tmp/exclude.nsmbackup
    echo DevSvr/logs/* >> /tmp/exclude.nsmbackup
    echo dbbackup >> /tmp/exclude.nsmbackup
    echo installerbackup >> /tmp/exclude.nsmbackup
  6. Create a directory to hold the backups in /var. (If available space, the directory /var is sufficient): [On an NSMXpress system replace /var/nsmBackup in all future steps with /var/cores and skip this step]
    mkdir /var/nsmBackup
  7. Backup /usr/netscreen:       
    Recomendation:  Append the current verision of NSM to the end of the backup files created but before .tar.gz is found using the output from running: /etc/init.d/guiSvr version
    If you are running a patch, and the build number ends with a letter followed by a number 2010.4 (Build LGB14z2q14), note the build with the backup name IE: /var/nsmBackup/nsmUsrNetscreenBackup-2010.4q14.tar.gz

    tar cf - /usr/netscreen | gzip > /var/nsmBackup/nsmUsrNetscreenBackup.tar.gz
  8. Backup /var/netscreen:
    tar cfX - /tmp/exclude.nsmbackup /var/netscreen | gzip > /var/nsmBackup/nsmVarNetscreenBackup.tar.gz

The NSM install is now backed up into two archived/gzipped files: 
/var/nsmBackup/nsmUsrNetscreenBackup.tar.gz
/var/nsmBackup/nsmVarNetscreenBackup.tar.gz

If upgrading, the next step is to follow the upgrade guide and install the appropriate NSM system update and then the new version of NSM.


Follow these steps to RESTORE the backups.

  1. Become root.

  2. Stop the NSM services.
    /etc/init.d/haSvr stop
    /etc/init.d/guiSvr stop
    /etc/init.d/devSvr stop
  3. Delete the upgraded data.  !!!!  Be careful !!!
    rm -rf /usr/netscreen
    rm -rf /var/netscreen/GuiSvr/*
    cd /var/netscreen/DevSvr
    ls -la

    --in DevSvr, delete all the data except the logs and profiler_data directories using the rm -rf command.
  4. Move the backup files to the proper locations and unzip/untar:
    mv /var/nsmBackup/nsmUsrNetscreenBackup.tar.gz /.
    mv /var/nsmBackup/nsmVarNetscreenBackup.tar.gz /.
    cd /
    gunzip nsmUsrNetscreenBackup.tar.gz
    tar xf nsmUsrNetscreenBackup.tar
    gunzip nsmVarNetscreenBackup.tar.gz
    tar xf nsmVarNetscreenBackup.tar
  5. Verify the correct NSM system update is installed by running it again.  If you can't find the system update for this restored version of NSM, download it from http://www.juniper.net/support

  6. Start NSM:
    /etc/init.d/haSvr start
    /etc/init.d/guiSvr start
    /etc/init.d/devSvr start
  7. Verify NSM is running with the status command:
    /etc/init.d/haSvr status /etc/init.d/guiSvr status /etc/init.d/devSvr status
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search