OceanStor BCManager 8.1.0 EBackup User Guide (Virtualization) 03
Uploaded by
Steve JagerOceanStor BCManager 8.1.0 EBackup User Guide (Virtualization) 03
Uploaded by
Steve JagerOceanStor BCManager
8.1.0
eBackup User Guide
Issue 03
Date 2022-05-25
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2023. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: https://e.huawei.com
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. i
OceanStor BCManager
eBackup User Guide About This Document
About This Document
Overview
Provides an introduction to OceanStor BCManager 8.1.0 eBackup (eBackup for
short), including the product positioning, features, architecture, service
configuration process, management operations, and system maintenance.
Intended Audience
This document is intended for:
● Network planning engineers
● Data Configuration Engineer
● Network Monitoring Engineer
● System Maintenance Engineer
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation which, if not
avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, may result in minor or moderate injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. ii
OceanStor BCManager
eBackup User Guide About This Document
Symbol Description
Calls attention to important information, best practices and
tips.
NOTE is used to address information not related to personal
injury, equipment damage, and environment deterioration.
Change History
Issue Date Description
03 2022-05-25 This issue is the third official release.
Resolved some usability issues.
02 2021-10-30 This issue is the second official release.
Production storage supports Huawei
distributed block storage 8.1.0/8.1.1.
01 2021-04-09 This issue is the first official release.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. iii
OceanStor BCManager
eBackup User Guide Contents
Contents
About This Document................................................................................................................ ii
1 Overview....................................................................................................................................1
1.1 Product Positioning................................................................................................................................................................. 1
1.2 Features...................................................................................................................................................................................... 2
1.3 Principles of Backup and Restore...................................................................................................................................... 4
1.4 Product Architecture............................................................................................................................................................... 6
1.5 Deployment Scenario............................................................................................................................................................. 8
1.6 Restrictions.............................................................................................................................................................................. 10
1.7 Technical Specifications...................................................................................................................................................... 14
2 Installation and Uninstallation..........................................................................................18
2.1 Installation and Configuration Process......................................................................................................................... 18
2.2 Preparing for Installation................................................................................................................................................... 20
2.2.1 Checking the Deployment Environment....................................................................................................................20
2.2.2 Network Planning............................................................................................................................................................. 22
2.3 Installing eBackup................................................................................................................................................................ 24
2.3.1 Installing eBackup Using a Template......................................................................................................................... 25
2.3.2 Installing eBackup Using a Software Package........................................................................................................ 27
2.3.3 Installing an eBackup Patch.......................................................................................................................................... 28
2.4 Configuring eBackup Servers............................................................................................................................................ 29
2.4.1 Configuring a Backup Server......................................................................................................................................... 29
2.4.2 (Optional) Configuring a Backup Proxy.................................................................................................................... 34
2.5 Configuring Management Data Backup Storage.......................................................................................................38
2.5.1 NFS......................................................................................................................................................................................... 39
2.5.2 S3............................................................................................................................................................................................ 43
2.5.3 FTP.......................................................................................................................................................................................... 48
2.5.4 SFTP........................................................................................................................................................................................ 53
2.6 (Optional) Configuring HA................................................................................................................................................ 57
2.7 Importing a License.............................................................................................................................................................. 59
2.8 (Optional) Interconnecting with FusionCube Center Vision.................................................................................. 59
2.9 Uninstalling eBackup........................................................................................................................................................... 62
3 Backup......................................................................................................................................64
3.1 Backup Process...................................................................................................................................................................... 64
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. iv
OceanStor BCManager
eBackup User Guide Contents
3.2 Preparing for Backup........................................................................................................................................................... 65
3.3 (Optional) Registering a Backup Proxy Manually..................................................................................................... 67
3.4 Configuring Production Storage...................................................................................................................................... 68
3.4.1 Adding an eBackup Server to a Huawei Distributed Block Storage Cluster (Applicable to Huawei
Distributed Block Storage 8.1.0/8.1.1).................................................................................................................................. 69
3.4.2 Adding a FusionSphere Protected Environment..................................................................................................... 72
3.5 Creating a Storage Unit...................................................................................................................................................... 76
3.6 Creating a Storage Pool...................................................................................................................................................... 86
3.7 Creating a Repository.......................................................................................................................................................... 88
3.8 Creating a Protected Set.....................................................................................................................................................90
3.9 Creating a Backup Policy.................................................................................................................................................... 93
3.10 Creating a Backup Plan.................................................................................................................................................. 100
3.11 (Optional) Executing a Backup Job Manually........................................................................................................103
3.12 (Optional) Viewing a Backup Job...............................................................................................................................105
3.13 Example for Backing Up the FusionSphere VM Configuration........................................................................ 107
4 Restore................................................................................................................................... 114
4.1 Restoring FusionSphere VMs.......................................................................................................................................... 114
4.1.1 Restoring a VM................................................................................................................................................................ 114
4.1.2 Batch Restoring VMs...................................................................................................................................................... 116
4.1.3 Restoring a Disk on a VM............................................................................................................................................ 118
4.1.4 Batch Restoring Disks on Multiple VMs.................................................................................................................. 119
4.1.5 Restoring Files on a Disk (File-Level Restore)...................................................................................................... 121
4.2 (Optional) Viewing a Restore Job.................................................................................................................................127
4.3 Example for Restoring the FusionSphere VM Configuration...............................................................................129
5 Managing Backup and Restore........................................................................................ 131
5.1 User Management............................................................................................................................................................. 131
5.2 Backup Storage Management........................................................................................................................................145
5.2.1 Managing a Storage Unit............................................................................................................................................. 145
5.2.2 Managing a Storage Pool.............................................................................................................................................151
5.2.3 Managing a Repository................................................................................................................................................. 153
5.3 Protected Environment Management......................................................................................................................... 156
5.3.1 Managing a FusionSphere Protected Environment............................................................................................. 157
5.3.2 Related Operations......................................................................................................................................................... 160
5.4 Protected Set Management............................................................................................................................................ 161
5.5 Backup Policy Management........................................................................................................................................... 166
5.6 Backup Plan Management.............................................................................................................................................. 171
5.7 Backup Management........................................................................................................................................................ 175
6 System Maintenance.......................................................................................................... 181
6.1 System Monitoring............................................................................................................................................................. 181
6.1.1 Managing a Job............................................................................................................................................................... 181
6.1.2 Handling an Alarm......................................................................................................................................................... 185
6.1.3 Viewing and Exporting Events.................................................................................................................................... 187
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. v
OceanStor BCManager
eBackup User Guide Contents
6.1.4 Managing an eBackup Server..................................................................................................................................... 187
6.2 System Configuration........................................................................................................................................................191
6.2.1 Advanced Settings.......................................................................................................................................................... 192
6.2.2 Configuring Email Notification...................................................................................................................................193
6.2.3 Configuring System Time and Zone......................................................................................................................... 196
6.3 Power-On and Power-Off eBackup servers............................................................................................................... 198
6.3.1 Powering On eBackup servers.................................................................................................................................... 198
6.3.2 Powering Off eBackup Servers................................................................................................................................... 199
6.4 Security Management....................................................................................................................................................... 200
6.4.1 Account Management................................................................................................................................................... 200
6.4.1.1 Changing the Password of the eBackup Login Account................................................................................ 200
6.4.1.2 Changing the Password of the NBIUser Account............................................................................................. 202
6.4.1.3 Changing the Account Password of the IAM Authentication Microservice.............................................203
6.4.1.4 Changing the Password of the hcp Account...................................................................................................... 205
6.4.1.5 Changing the Password of the root Account..................................................................................................... 208
6.4.1.6 Changing the grub Password.................................................................................................................................. 209
6.4.1.7 Changing the Password of a Database Account...............................................................................................211
6.4.2 Certificate Management............................................................................................................................................... 213
6.4.2.1 Replacing SSL Certificates of eBackup Microservices......................................................................................213
6.4.2.2 Resetting Certificates of eBackup Microservices to Factory Settings........................................................ 216
6.4.2.3 Changing the SSL Certificate Key File Password of the eBackup Microservices.................................... 217
6.4.2.4 Replacing the SSL Certificate of eBackup OMMHA for Communication Between the Active and
Standby Backup Servers.......................................................................................................................................................... 219
6.4.2.5 Replacing the SSL Certificate of the eBackup GaussDB................................................................................. 221
6.4.2.6 Replacing the SSL Certificate of eBackup GaussDB for Communication Between the Active and
Standby Backup Servers.......................................................................................................................................................... 224
6.4.2.7 Replacing User IAM Certificate............................................................................................................................... 226
6.4.2.8 Changing the Password of the Private Key File of the GaussDB, OMMHA, or IAM User
Authentication Certificate....................................................................................................................................................... 228
6.4.2.9 Managing Certificates................................................................................................................................................ 230
6.4.3 Managing an eBackup Key.......................................................................................................................................... 231
6.4.4 Disabling the HTTP Protocol of the eBackup Web Server................................................................................ 233
6.4.5 Configuring LDAPS......................................................................................................................................................... 235
6.5 Logging In to eBackup Server Using Public Key Authentication........................................................................238
6.6 Inspection.............................................................................................................................................................................. 241
6.7 Configuration Items........................................................................................................................................................... 250
6.8 Script Description............................................................................................................................................................... 256
6.8.1 Installation.........................................................................................................................................................................256
6.8.1.1 Installing and Uninstalling Script of eBackup....................................................................................................256
6.8.2 Uninstallation................................................................................................................................................................... 257
6.8.2.1 Uninstalling the eBackup Software....................................................................................................................... 257
6.8.3 Upgrade.............................................................................................................................................................................. 258
6.8.3.1 Establishing a Trust Relationship Between Nodes........................................................................................... 258
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. vi
OceanStor BCManager
eBackup User Guide Contents
6.8.3.2 Clearing a Trust Relationship Between Nodes and Files Generated in an Upgrade............................ 258
6.8.3.3 Stopping Services......................................................................................................................................................... 259
6.8.4 Process................................................................................................................................................................................ 259
6.8.4.1 Starting the eBackup Process.................................................................................................................................. 259
6.8.4.2 Stopping the eBackup Process................................................................................................................................ 260
6.8.4.3 Viewing the eBackup Process.................................................................................................................................. 260
6.8.4.4 Restarting the eBackup Process..............................................................................................................................261
6.8.5 HA......................................................................................................................................................................................... 262
6.8.5.1 Stopping the HA Process and HA Monitoring Process................................................................................... 262
6.8.5.2 Starting the HA Process and HA Monitoring Process..................................................................................... 262
6.8.5.3 Stopping the HA Process........................................................................................................................................... 263
6.8.5.4 Querying the HA Active/Standby State............................................................................................................... 263
6.8.5.5 Clearing HA Configuration Information.............................................................................................................. 264
6.8.5.6 Monitoring Data Synchronization Between Active and Standby Gauss Databases............................. 264
6.8.6 Others................................................................................................................................................................................. 265
6.8.6.1 Using Backup Database Files to Restore a Database..................................................................................... 265
6.8.6.2 Restoring a Database by Importing backups..................................................................................................... 266
6.8.6.3 Backup and Restoration Script of Huawei Distributed Block Storage.......................................................266
6.8.6.4 Auxiliary Scripts of iptables...................................................................................................................................... 268
6.8.6.5 Using the Inspection Tool to View Desired Information................................................................................ 271
6.8.6.6 Enabling CLI................................................................................................................................................................... 272
6.8.6.7 Managing open-iscsi...................................................................................................................................................273
6.8.6.8 Enabling the Log Collection Tool........................................................................................................................... 273
6.8.6.9 S3 Connection Check Tool........................................................................................................................................ 274
6.8.6.10 Deleting Residual Differential Bitmap Volumes After Data Backup....................................................... 275
6.8.6.11 Deleting Residual Snapshots After Data Backup........................................................................................... 277
6.8.6.12 Deleting Residual Backup Data............................................................................................................................ 278
7 Troubleshooting...................................................................................................................280
7.1 Troubleshooting Process...................................................................................................................................................280
7.2 Information Collection...................................................................................................................................................... 281
7.2.1 Collecting System Messages and Alarm Information.........................................................................................281
7.2.2 Collecting Log Information.......................................................................................................................................... 282
7.3 Troubleshooting Cases...................................................................................................................................................... 288
7.3.1 Installation and Uninstallation................................................................................................................................... 288
7.3.1.1 The Uninstallation Task Lasts for a Long Period After the uninstall.sh Command Is Executed...... 288
7.3.1.2 The Newly Added Backup Proxy Cannot Be Viewed on the Backup Server Page.................................289
7.3.2 Login.................................................................................................................................................................................... 291
7.3.2.1 The eBackup GUI Displays a Message Indicating "System Is in Restricted Mode" When I Log In to
eBackup......................................................................................................................................................................................... 291
7.3.3 Backup................................................................................................................................................................................ 292
7.3.3.1 A Backup Job May Be in the In progress State and Cannot Be Interrupted If the Network of an
NFS Storage Unit Is Constantly or Intermittently Interrupted During Backup.....................................................292
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. vii
OceanStor BCManager
eBackup User Guide Contents
7.3.3.2 A Backup Job May Be in the In progress State for a Long Time If Networks of Production Storage
Are Constantly or Intermittently Interrupted During Backup.................................................................................... 293
7.3.3.3 A VM Fails to Be Backed Up and a VM Snapshot Fails to Be Created on the Task Details Page....294
7.3.3.4 VM Backup Fails and the Disk Description Fails to Be Obtained in the Task Details on the GUI...297
7.3.3.5 Disks of VMs Cannot Be Selected When You Create or Modify a Protected Set on eBackup.......... 297
7.3.3.6 What Should I Do If an Internal Error Is Reported After a Disk Fails to Be Opened, Read, Or Closed
During Backup?.......................................................................................................................................................................... 300
7.3.4 Restore................................................................................................................................................................................ 302
7.3.4.1 xfs File System in FusionSphere VMs Failed to Be Mounted........................................................................302
7.3.4.2 After a Restore Job Is Successfully Executed, Restored Non-system Disks Are Not Displayed on the
Virtual Machine Running Windows 7................................................................................................................................. 303
7.3.4.3 Linux VM Network Adapters Are in Disorder When Data Is Restored From a VM Or System Disks
to a New VM............................................................................................................................................................................... 305
7.3.4.4 Residual Disk Cannot Be Automatically Detached from the Target VM After a File-Level Restore
Task Fails....................................................................................................................................................................................... 308
7.3.5 Application........................................................................................................................................................................ 309
7.3.5.1 When a User Runs the rescan-scsi-bus.sh Command to Scan for the New Mapped LUNs, the Task
Keeps Running for a Long Time........................................................................................................................................... 309
7.3.5.2 The eBackup Service Stops When the Capacity Usage of the /opt Partition on the Backup Server
Exceeds 96%................................................................................................................................................................................ 309
7.3.5.3 A Standby Node Fails to Be Removed When the HA Function Is Being Used and the Standby Node
Is in the Irrecoverable Inaccessible State...........................................................................................................................310
7.3.5.4 In an HA Scenario, After Command sh status_ha.sh Is Executed on Both Active and Standby
Nodes, the Command Output Indicates Abnormal GaussDB Resources................................................................311
7.3.5.5 In an HA Scenario, the Active and Standby Nodes Are Correctly Configured. However, Services on
the Active Node Fail to Be Started...................................................................................................................................... 313
7.3.5.6 Backup Proxies Fail to Be Registered on the Backup Server Because Public and Private Key
Information Has Changed After eBackup Is Reconfigured......................................................................................... 314
7.3.5.7 The License Becomes Unavailable After HA Is Enabled and an Active/Standby Switchover Is
Performed..................................................................................................................................................................................... 315
7.3.5.8 Backups Are Lost After the HA Function Is Enabled and an Active/Standby Switchover Is
Performed..................................................................................................................................................................................... 316
7.3.5.9 Failed to Delete backups........................................................................................................................................... 317
7.3.6 Maintenance..................................................................................................................................................................... 319
7.3.6.1 Large Time Difference Between the NTP Server and Backup Server........................................................ 319
7.3.6.2 The NTP Service of a Backup Proxy Is Abnormal, the Time of the Backup Proxy Fails to Be
Synchronized with that of the Backup Server, and No Alarm Is Generated......................................................... 320
8 Disaster Recovery................................................................................................................ 323
8.1 Recovery Process................................................................................................................................................................. 323
8.2 Collect Information............................................................................................................................................................ 324
8.3 Installing a Backup Server............................................................................................................................................... 325
8.4 Configuring a Backup Server.......................................................................................................................................... 326
8.5 Configuring Management Data Backup Storage.................................................................................................... 326
8.6 Restoring System Management Data and Storage Units.....................................................................................327
8.6.1 NFS....................................................................................................................................................................................... 327
8.6.2 S3.......................................................................................................................................................................................... 334
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. viii
OceanStor BCManager
eBackup User Guide Contents
8.6.3 FTP....................................................................................................................................................................................... 341
8.6.4 SFTP..................................................................................................................................................................................... 348
8.7 Restoring a Backup Proxy................................................................................................................................................ 355
9 Common Operations.......................................................................................................... 357
9.1 Logging In to the eBackup GUI..................................................................................................................................... 357
9.2 Creating a FusionCompute Interconnection Account............................................................................................ 358
9.3 Configuring Routes in Huawei Distributed Block Storage Scenarios............................................................... 359
9.4 Reconfigure eBackup Servers after Changing the IP Address............................................................................. 361
9.5 Adding the IP Address of a DNS Server...................................................................................................................... 366
9.6 Modifying Configurations of Mismatched Certificate Alarms............................................................................ 366
9.7 Changing the MAC Address of an eBackup VM...................................................................................................... 367
9.8 Configuring Network Adapter Binding....................................................................................................................... 370
9.8.1 Configuring Network Adapter Binding (IPv4).......................................................................................................370
9.8.2 Configuring Network Adapter Binding (IPv6).......................................................................................................375
9.9 Configuring an iSCSI Initiator on the eBackup Server........................................................................................... 381
9.10 Configuring CHAP Authentication Information on the eBackup Server....................................................... 383
9.11 Installing the OS............................................................................................................................................................... 384
9.11.1 Software and Hardware Configurations............................................................................................................... 384
9.11.2 Installing an OS for a Physical Server................................................................................................................... 385
9.11.2.1 Starting the Physical Server................................................................................................................................... 386
9.11.2.2 Configuring RAIDs..................................................................................................................................................... 388
9.11.2.3 Installing the OS........................................................................................................................................................ 391
9.11.2.4 Configuring the Network (IPv4).......................................................................................................................... 396
9.11.2.5 Configuring the Network (IPv6).......................................................................................................................... 401
9.11.3 Common Problems....................................................................................................................................................... 405
9.11.3.1 Message Warning checking storage configuration or Custom partitioning selected Is Displayed
......................................................................................................................................................................................................... 405
9.11.3.2 Message Error checking storage configuration Is Displayed During the OS Installation................ 408
10 Related Concept Introduction........................................................................................412
10.1 Backup................................................................................................................................................................................. 412
10.2 Restore................................................................................................................................................................................. 415
10.3 Backup Storage................................................................................................................................................................. 417
10.4 Protected Environments Supported by eBackup................................................................................................... 418
10.5 Protected Set..................................................................................................................................................................... 419
10.6 Backup Policies..................................................................................................................................................................420
10.7 Backup Plan....................................................................................................................................................................... 426
10.8 Backups................................................................................................................................................................................427
10.9 Common Concepts.......................................................................................................................................................... 428
11 FAQ....................................................................................................................................... 429
11.1 In What Configuration Modes Can Disks Not Be Restored by eBackup in LAN-free Mode.................. 429
11.2 Do VMs Created on FusionCompute Need to Be Restarted After Their CPUs and Memory Are
Adjusted........................................................................................................................................................................................ 430
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. ix
OceanStor BCManager
eBackup User Guide Contents
11.3 What Disk Modes are Not Supported by eBackup...............................................................................................430
11.4 Can Management Data Backup Storage and Backup Storage Storing User VM Data Use One Shared
Directory....................................................................................................................................................................................... 430
11.5 No Backup Is Generated for VMs on FusionCompute.........................................................................................431
11.6 What Is the Impact of Removing an eBackup Server When the Production Storage Is Huawei
Distributed Block Storage....................................................................................................................................................... 431
A Glossary.................................................................................................................................432
B Abbreviation.........................................................................................................................444
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. x
OceanStor BCManager
eBackup User Guide 1 Overview
1 Overview
This chapter describes product positioning, features, architectures, deployment
scenarios, technical specifications, and restrictions of OceanStor BCManager
eBackup (eBackup for short) in a virtual backup scenario.
1.1 Product Positioning
1.2 Features
1.3 Principles of Backup and Restore
1.4 Product Architecture
1.5 Deployment Scenario
1.6 Restrictions
1.7 Technical Specifications
1.1 Product Positioning
This section describes positioning and values of the eBackup software in virtual
backup scenarios.
Background
As the trend of cloud-based enterprise IT systems speeds up, an increasing number
of enterprises deploy their service systems in cloud and virtual environments. Data
protection in cloud and virtual environments includes:
● Protection for massive data on VMs and disks
● Backup and restore of virtual machines (VMs)
● Reduction of backup cost and the total cost of ownership (TCO) for IT
systems
Enterprises and users are in urgent need for backup solutions that provide easy-to-
operate and cost-effective protection for backup of massive data on VMs, disks.
Software Positioning
eBackup is virtual and cloud-oriented backup software developed by Huawei.
Based on VM or disk snapshot, Changed Block Tracking (CBT), and snapshot
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 1
OceanStor BCManager
eBackup User Guide 1 Overview
comparison technologies, the software provides comprehensive protection for user
data in virtualization and private cloud backup scenarios. This document applies
only to virtualization scenarios.
Virtualization refers to the concept of converting physical resources into virtual
resources such as servers, networks, memories, and storage devices. In this case,
the physical structures are logically split and users can use resources in a better
way.
In virtual backup scenarios, eBackup supports backup and restoration of VM data
and disk data.
Virtual Backup Solution
Based on Huawei FusionSphere virtualization platforms, eBackup Virtual Backup
Solution adopts VM/disk snapshot and CBT technologies to protect massive VM
data. The eBackup Virtual Backup Solution consists of the following:
● Backup object
Indicates an object to be backed up. eBackup Virtual Backup Solution can
protect data of VMs on Huawei FusionSphere virtualization platforms.
● eBackup software
Backs up and restores data in the virtual environment. The eBackup software
can be deployed using a template or a software package. The software
cannot be deployed using a template and a software package at the same
time in one eBackup system. Its performance can be expanded by adding
backup proxies.
● Backup storage
NAS (Network Attached Storage) storage, S3 (Simple Storage Service) storage
and SAN (Storage Area Network) storage can be used as backup storage.
● Backup policy
Protection policies can be created for VMs and one or multiple disks.
Permanent incremental backup is supported to reduce the amount of data to
be backed up.
1.2 Features
The eBackup software provides data protection for massive virtual machines
(VMs) and disks in virtual environments. The eBackup software provides the
following function and security features.
Function Features
Table 1-1 shows function features provided by the eBackup software.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 2
OceanStor BCManager
eBackup User Guide 1 Overview
Table 1-1 Function features
Feature Description
All-round data ● Supports VM and disk backup and restore.
protection ● Supports fine-grained OS file restoration.
● Supports full backup and incremental backup of data.
● Supports full restore and incremental restore of data.
● Supports backup data deduplication and compression.
● Supports periodic automated backup.
● Supports periodic full backup.
Distributed ● Supports backup server and backup proxy distributed
backup architecture. You can expand the number of backup
architecture proxies based on the number of VMs.
● Supports NAS, S3 and SAN(XFS) storage as backup
storage.
High reliability ● Distributes services of a faulty backup proxy to other
backup proxies.
● Provides disaster recovery when an operating system or
host node is damaged.
● Supports the high availability (HA) function. If the active
backup server fails, the standby backup server takes over
services of the faulty backup server to ensure service
continuity.
High ● Supports dynamic expansion of backup proxies to linearly
performance improve backup performance.
and cost ● Supports backup data deduplication and compression,
effectiveness reducing space occupied by backup data and lowering
purchasing costs of backup storage.
● Supports incremental backup and restore, shortening
backup and restore windows.
● Supports the LAN-free backup and restore mode that
provides high backup and restore performance.
● Supports the LAN-base backup and restore mode in which
backup and restore data is transmitted over LANs.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 3
OceanStor BCManager
eBackup User Guide 1 Overview
Feature Description
Easy ● Supports deployment on VMs using templates or on
management servers using software packages, simplifying eBackup
and software installation and deployment and shortening
maintenance deployment time.
● Provides the GUI and command-line interface (CLI) for
centralized management of backup and restore jobs and
the system, presenting users with an intuitive interface for
operation and maintenance.
● Supports the intelligent VM recognition and backup policy
configuration wizard, simplifying configuration and
maintenance and reducing maintenance costs.
● Provides an inspection tool to help you conveniently check
the operating status of the eBackup software.
● Provides a log collection tool to help you quickly collect
log information.
Third-party Provides northbound Representational State Transfer (REST)
system interfaces that integrate third-party systems into the
integration eBackup software.
Security Features
The eBackup software provides the following security features:
● HTTPS security access
● Sensitive data (such as eBackup passwords and private keys) encryption
● Verification code authentication for login and login error lock settings to
prevent brute force password cracking
● User password complexity and session timeout policies
● Integrity check before installation
● User operation logs
● Default database hardening, web hardening, and OS hardening
● Web application security, such as protection against cross-site scripting,
structured query language (SQL) injection attacks, and cross-site request
forgery (CSRF) attacks
1.3 Principles of Backup and Restore
This section describes the principles of permanent incremental backup and non-
synthetic incremental restore.
Permanent Incremental Backup
A full backup is performed for initial backup of eBackup, followed by permanent
incremental backups. All backups generated by a backup object in one backup
plan, such as backups 1, 2, and 3 shown in Figure 1-1, form a backup chain in
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 4
OceanStor BCManager
eBackup User Guide 1 Overview
time sequence. All backups on this chain are generated by the same backup object
and stored in the same repository when this object is backed up based on the
same backup policy.
Figure 1-1 Backup principles
Figure 1-1 shows three backups generated by three backups that are performed
for a disk at different points of time. A, B, C, D, E, and F are backup data blocks in
the backups.
● The first backup is a full backup, generating backup 1, followed by an
incremental backup generating backups 2 and 3.
● During the second incremental backup, if data changes occur in data blocks B
and C on the disk, backup data blocks B1 and C1 are generated in backup 2. If
no data change occurs in data blocks A and D, these data blocks in backup 1
are referenced by backup 2.
● During the third incremental backup, if data changes occur in data block D,
backup data block D1 is generated in backup 3. If no data change occurs in
data blocks A, B1, and C1, these data blocks in backup 2 are referenced by
backup 3. If new data blocks E and F are written into the disk, backup data
blocks E and F are generated in backup 3.
● When a backup is deleted, backup data blocks referenced by this image will
not be deleted, but other backup data blocks will. For example, when you
delete backup 2, database D is used by backup 1, and data block D is not
deleted. Data blocks A, B1, and C1 will stay because they are referenced by
backup 3.
Non-synthetic Incremental Restore
When you restore data, eBackup does not synthesize data blocks of multiple
backups into one backup. Instead, eBackup uses each backup as a virtual full-
backup and restores incremental data.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 5
OceanStor BCManager
eBackup User Guide 1 Overview
Figure 1-2 Restore principles
Figure 1-2 shows how eBackup restores data for the damaged data blocks C1 and
F using backup 3.
● eBackup restores data in incremental mode. When a disk is damaged,
eBackup compares the data of the damage time point with data in a backup.
If both data is consistent, no restore is required. If not, eBackup restores only
the differential data at the damage time point. As shown in the figure,
backup 3 is used to restore only data blocks C1 and F.
● When restoring disk data using a backup, you do not need to synthesize
backup data blocks before the restore. For example, when restoring disk data
using backup 3, you do not need to synthesize backup data block C1 from
backup 2 into backup 3.
1.4 Product Architecture
This section describes the internal architecture of the eBackup software and its
logical architecture in virtual backup scenarios.
Internal Software Architecture
Figure 1-3 shows internal architecture of the eBackup software.
The eBackup software includes a backup server and backup proxies.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 6
OceanStor BCManager
eBackup User Guide 1 Overview
Figure 1-3 eBackup software architecture
Table 1-2 describes each component.
Table 1-2 eBackup components
Component Description
Backup server Schedules and monitors backup and
restore jobs, manages backup storage
and production systems, and receives
and responds to user requests.
In addition, a backup server provides
the functions of a backup proxy.
Backup proxy Receives backup and restore jobs from
the backup server and executes the
jobs by interacting with production
systems and backup storage.
Maintenance terminal Provides GUI- and CLI-based
management to monitor and manage
the backup system and jobs. Users can
initiate backup and restore requests
through a maintenance terminal.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 7
OceanStor BCManager
eBackup User Guide 1 Overview
If a fault occurs on the eBackup software, refer to 8 Disaster Recovery to restore
the system.
Backup Solution Architecture
Take eBackup deployed on a physical server as an example. The components are
described as follows:
● eBackup software
The eBackup software is deployed on backup server and backup proxy. After
initial configuration, the software can implement backup and recovery
management.
● FusionSphere virtualization environment
FusionSphere virtualizes hardware resources using the virtualization software
deployed on physical servers so that one physical server can function as
multiple virtual servers. FusionSphere contains key components, such as VRM
(Virtual Resource Management), Computing Node Agent (CNA), and
production storage.
● Production storage
FusionSphere virtualization environment
Supported production storage: Huawei distributed block storage and
virtualized storage (including SAN, NAS, and local disks)
● Backup storage
NAS storage, S3 storage and SAN(XFS) storage can be used as backup storage
to improve backup performance and backup reliability.
1.5 Deployment Scenario
Before installing the eBackup software, plan a deployment solution based on site
requirements.
LAN-Free Backup Deployment Scenario
LAN-Free backup is applicable to scenarios where a large amount of data needs to
be backed up and requirements on backup windows are demanding.
A backup window is an interval during which data is backed up without seriously
affecting applications that use the data.
In LAN-Free backup mode, backup and restore jobs do not occupy Ethernet
network resources, releasing network bandwidth.
In the FusionSphere virtualization scenario, when the production storage is
Huawei distributed block storage, only LAN-Free backup and restore are
supported.
Figure 1-4 shows the LAN-Free backup deployment scenario.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 8
OceanStor BCManager
eBackup User Guide 1 Overview
Figure 1-4 LAN-Free backup deployment scenario diagram
LAN-Base Backup Deployment Scenario
LAN-Base backup is applicable to scenarios where a small amount of data needs
to be backed up and no special requirements are posed on backup windows.
In LAN-Base backup mode, backup and restore data is transmitted through
Ethernet networks. During backup, backup proxies transmit backup data to backup
storage over Ethernet networks.
In the FusionSphere virtualization scenario, when the production storage is
virtualized local disks, only LAN-Base backup and restore are supported.
Figure 1-5 shows the LAN-Base backup deployment scenario.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 9
OceanStor BCManager
eBackup User Guide 1 Overview
Figure 1-5 LAN-Base backup deployment scenario diagram
1.6 Restrictions
Restrictions on Backup and Restore
● VMs created on FusionCompute can be backed up and restored.
● VMs whose protected environment is VMware cannot be backed up or
restored.
● LUNs whose protected environment is a storage device cannot be backed up
or restored.
● If the production storage is Huawei distributed block storage, backup and
restore in LAN-free mode are supported.
● If the production storage is virtualized storage (including SAN storage, NAS
storage, and local disks), only the LAN-Base backup and restore mode is
supported.
● Disks that have not been mounted to VMs cannot be backed up or restored.
● S3 and SAN(XFS) storage units do not support deduplication-related backup
or restore.
● Supported production storage: Huawei distributed block storage and
virtualized storage (including SAN, NAS, and local disks). The ARM platform
of FusionCompute 8.1.1 does not support virtualized SAN storage.
● Disks whose bus type is SCSI or VIRTIO can be backed up and restored. Disks
whose bus type is IDE cannot be backed up or restored. If IDE disks have been
mounted to a VM, the VM can be backed up only after the IDE disks are
unmounted.
● Backup and restore across wide area networks (WANs) between protected
environments (such as FusionCompute VRM, CNA, and production storage)
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 10
OceanStor BCManager
eBackup User Guide 1 Overview
and the eBackup system, between backup proxies, and between backup
proxies and backup storage are not supported.
● As the number of disks on which concurrent backup and restore jobs can be
performed is limited at the production end, accessing disks may take a long
period of time during backup and restore until other backup and restore jobs
have finished and the production system releases available resources.
● If no CBT information is returned by the production end during the execution
of a full backup job, no data will be backed up. In this case, when the
generated backup is used for restore, no data will be written into the disks at
the production end. That is, the data in such disks remains consistent with
that before the restore.
● In an eBackup system, ARM and x86 servers cannot be deployed together.
● Backups of ARM and x86 architectures do not support cross-restore. For
example, backups generated by ARM VMs cannot be restored to x86 VMs,
clusters, or hosts.
● VMs that have both Huawei distributed block storage and virtualized storage
mounted cannot be backed up. You can select disks of the same type on a VM
for backup. If multiple disks of the VM need to be restored, the datastores to
which the disks are to be restored must be of the same type.
● If the VM disk is set to Independent & persistent or Independent &
nonpersistent, the disk is not backed up when the VM is backed up.
● If the system disk of a VM is set to Independent & persistent or
Independent & nonpersistent, data can be restored to the original VM. If the
system disk of a specified VM is set to Independent & persistent or
Independent & nonpersistent, the VM cannot be restored to the specified
VM.
● If the data disk of a VM is set to Independent & persistent or Independent
& nonpersistent, data can be restored to the original VM. If the data disk of
a specified VM is set to Independent & persistent or Independent &
nonpersistent, the VM can be restored to the specified VM.
● Shared disk backup and recovery are not supported.
● One set of eBackup supports only one set of Huawei distributed block storage
as production storage.
● If the storage unit type is SAN(XFS), the backup storage supports only IP SAN.
● eBackup nodes do not support hybrid deployment of IPv4 and IPv6. For
example, IPv4 and IPv6 cannot be deployed on the same network plane and
on different network planes. The eBackup IP address types cannot be
switched between IPv4 and IPv6.
● The network type (IPv4 or IPv6) of the production storage and backup
storage must be the same as that of the eBackup server.
● Backup and restoration cannot be performed for FusionCompute VMs in the
HA solution (distributed storage-based HA solution).
Backup Restrictions
● The eBackup software must be deployed on physical servers or VMs.
● When eBackup is deployed on a VM, resources occupied by eBackup must be
isolated to prevent mutual impact with service VMs.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 11
OceanStor BCManager
eBackup User Guide 1 Overview
● When eBackup is deployed on VMs, different eBackup nodes must be
deployed on different physical servers.
● Local disks of servers cannot serve as backup storage.
● One eBackup system supports either private cloud backup or virtual backup.
● eBackup supports crash-consistent backup of disk data but not support
application-consistent backup.
● VRM management nodes cannot be backed up.
● If the backup server and backup proxy are deployed in a virtual environment,
do not back up the VM where the backup server or backup proxy reside.
Otherwise, eBackup may become abnormal.
● Template VMs or linked clone VMs cannot be backed up.
● If Changed Block Tracking (CBT) is used to back up VMs, restrictions of the
CBT feature must be complied with. If any of the following events occurs
during VM running, the CBT-based backup function becomes unavailable and
full backup will be implemented next time:
– Hosts where VMs reside are faulty or powered off.
– VMs are restored using snapshots.
● Before deleting production VMs, deleting or detaching disks from production
VMs, or migrating storage, you need to delete backup plans of the production
VMs in the eBackup backup management system. Otherwise, the preceding
operations may fail.
● The latest backup of each VM will be retained even after the expiration time
arrives.
Restore Restrictions
● File-level restore is supported for FusionSphere VMs.
● You cannot restore the backup data on a VM of an earlier FusionSphere
version to a VM of the later FusionSphere version.
● File-level restore is not supported when UltraPath is used on FusionCompute
CNA hosts.
● When performing file-level restore, pay attention to the following points:
– Target VMs must support disk detaching during VM running. For details,
see Detaching a Disk from a VM in the FusionCompute 8.1.0 Product
Documentation.
– If disk attaching or detaching during file-level restore is not supported by
target VMs, you can attach disks to VMs that meet requirements and
then use the VMs to share disks with target VMs to perform file-level
restore.
– File-level restore is not supported for target VMs added to disaster
recovery (DR) clusters.
– During file-level restore, you are advised not to attach CentOS system
volumes. Otherwise, the existing /boot partition will be overwritten.
● Do not restore data of non-system disks to FusionSphere VM system disks.
Otherwise, the system will fail to be started.
● Before restoring a VM, ensure that the VM has been shut down. Otherwise,
the eBackup backup management system will forcibly shut it down.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 12
OceanStor BCManager
eBackup User Guide 1 Overview
● During the VM restore, do not perform other operations on the VM, such as
starting and deleting the VM, deleting or uninstalling VM disks, creating
snapshots, migrating storage, and exporting images. Otherwise, the VM
restore or corresponding operations may fail, or an error may occur during
data restore or exporting.
● If only a part of the disks that have undergone volume management (such as
logical volume management on Linux or dynamic volume management on
Windows) are restored, data on these disks cannot be properly accessed.
● Network adapter IP addresses stored on disks of operating systems are
historical backup data. Therefore, in VM or disk restore scenarios where disks
of operating systems are restored, note the following:
– If target VMs are the original ones, network adapter IP addresses stored
on disks of operating systems can be used in the current restored
network environment.
– If target VMs are not the original ones, network adapter IP addresses
stored on disks of operating systems cannot be used in the current
restored network environment. After restore, you need to log in to VMs
through VNC and reconfigure them.
● In some VM restore scenarios, eBackup will associate network adapters of
newly created VMs with the original port group. If eBackup fails to detect the
original port group, it will delete the network adapters. Therefore, you must
add network adapters based on your actual conditions and associate the
network adapters to a proper network after the restore is complete. Such VM
restore scenarios include:
– Restoring VMs to other protected environments.
– Restoring VMs to the original protected environments (The port group
that is associated with the network adapters of the VMs does not exist in
the location to which the VMs are restored.)
● In the following restore scenarios, disk space into which backup data is not
written will not be zeroed or reclaimed:
– Incremental restore where backup data is written into original disks.
– Full restore where backup data is written into original disks.
● Restoring disks of a VM will fail in the following scenarios:
– Other disks (data disks) are restored to the original VM and the original
data disks exist. The datastore type during the restore is different from
that of the original VM data disks.
– The system disk is restored to a new VM and the system disk of the new
VM exists. The datastore type during the restore is different from that of
the new VM system disks.
Precautions
Note the following precautions:
● The eBackup backup management system is used to back up VM
configuration information and raw disk data. The VM configuration
information includes the number of VM disks, configuration parameters,
number and configuration of CPUs, and memory capacity, and does not
include sensitive or privacy VM information. Raw disk data is stored in
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 13
OceanStor BCManager
eBackup User Guide 1 Overview
multiple backups or in a backup by eBackup. Raw disk data will not be
parsed, protecting user data privacy.
● The eBackup backup management system performs restore or expiration
operations for backup data as instructed by administrators. These operations
do not parse raw data of user disks, preventing user data leakage.
● Backup data is restored to user-specified locations. Administrators can
perform operations on restored data. All data restore operations are
performed only after the user's written permission is obtained. This helps
prevent user data leakage.
● Expired backup data will be deleted based on user-defined backup data
retention policies. When backup data reaches the expiration time or a certain
number of backup copies is generated, the eBackup backup management
system automatically deletes backups that have expired or that are not
associated with any backup data.
1.7 Technical Specifications
This section describes technical specifications of the eBackup software in virtual
backup scenarios.
Management Specifications
Table 1-3 lists specifications of a single eBackup system.
Table 1-3 eBackup software specifications
Item Specification Remarks
Maximum number of 10,000 ● Indicates the number
backup VMs of VMs supported by
the eBackup software,
not the number of
VMs detected by the
eBackup software.
● If the number of VMs
to be backed up
exceeds 10,000, you
are advised to deploy
multiple eBackup
systems.
Number of protected 4 -
environments
Maximum number of 2,000 The value is 1000 by
system users default. Contact Huawei
technical support to
modify the
configuration.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 14
OceanStor BCManager
eBackup User Guide 1 Overview
Item Specification Remarks
Maximum number of 64 -
backup proxy systems
Maximum number of 10,000 -
backup policies
Maximum number of 10,000 -
backup plans
Maximum number of 10,000 -
protected sets
Maximum number of 10,000 ● The total number of
storage units storage units of SAN,
and NFS types do not
exceed 350, the
number of SAN
storage units does not
exceed 64, and the
total number of
storage units of the
SAN, NFS, and S3
types does not exceed
10000.
● S3 and SAN(XFS)
storage units do not
support deduplication.
● You are advised to set
the capacity of a SAN
storage unit to 5 GB
to 64 TB. Otherwise,
the formatting may
fail or service
functions and
performance may be
affected.
Maximum number of 10,000 -
storage pools
Maximum number of 10,000 -
repositories
Maximum number of 40 The default value is 20.
concurrent backup and For details, see 6.2.1
restore jobs supported by Advanced Settings or
a backup proxy 6.7 Configuration
Items.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 15
OceanStor BCManager
eBackup User Guide 1 Overview
NOTE
It is recommenced that each backup proxy system be deployed with 200 VMs for planning
and configuration. The number of VMs configured for each backup proxy system varies
based on the performance of production servers, backup servers, backup storage devices,
and networks in different scenarios.
Deployment Environment Specifications
Table 1-4 shows deployment environment specifications of the eBackup software.
Table 1-4 Deployment environment specifications of the eBackup software
Item Specification Remarks
Operating The eBackup software is -
system deployed on physical servers
using software packages or on
virtual machines (VMs) using
software packages or templates.
● Using the template:
Supports FusionCompute
8.1.0.
● Using a software package:
Operating system version:
ARM: EulerOS release 2.0
(SP9)
x86: EulerOS release 2.0
(SP9)
NOTE
For FusionCompute 8.0.1 and
earlier versions, if the
production storage is
FusionStorage, eBackup can be
deployed only on physical
servers.
CPU 8core*2.0GHz 1. CPU and memory
specifications are
Memory 16 GB specifications required for
running the eBackup
software. Disk space includes
the space required for
installing the operating
system and eBackup
software.
2. If the production storage is
Huawei distributed block
storage, the Agent and VBS
of Huawei distributed block
storage must be installed on
the eBackup server. The CPU,
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 16
OceanStor BCManager
eBackup User Guide 1 Overview
Item Specification Remarks
Disk 120 GB memory, and disk resources
Used to store the installation required for installing and
files, logs, and events of an running the Agent and VBS
operating system and the must be added. For details
eBackup software. about the specifications, see
the product documentation
of the corresponding Huawei
distributed block storage
version.
NOTE
The CPU overcommitment ratio of
the host where eBackup resides
cannot exceed 4:1. If the eBackup
VM is created on FusionCompute,
you can view the CPU
overcommitment ratio of the host
on FusionCompute.
NOTE
For details about the compatibility specifications of maintenance terminals and storage
devices, see OceanStor BCManager 8.1.0 eBackup Compatibility List (Virtualization).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 17
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
2 Installation and Uninstallation
This section describes the installation and uninstallation processes of the eBackup
software, including the installation process, installation preparations, installation
and uninstallation operations, and backup server and backup proxy configuration,
helping you install the software successfully.
2.1 Installation and Configuration Process
2.2 Preparing for Installation
2.3 Installing eBackup
2.4 Configuring eBackup Servers
2.5 Configuring Management Data Backup Storage
2.6 (Optional) Configuring HA
2.7 Importing a License
2.8 (Optional) Interconnecting with FusionCube Center Vision
2.9 Uninstalling eBackup
2.1 Installation and Configuration Process
Before using eBackup, you are advised to view the overall installation and
configuration process of eBackup to facilitate successful installation and
configuration.
Figure 2-1 shows the installation process.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 18
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Figure 2-1 Installation process
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 19
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
NOTICE
If multiple eBackup servers have been planned for a backup management system,
install eBackup on all eBackup servers. After installation, initialize one eBackup
server as the backup server and other eBackup servers as backup proxies.
You can expand or reduce the capacity of the eBackup backup management
system based on the number of VMs to be backed up. To expand the capacity, you
need to install and configure new backup proxies and add them to the eBackup
backup management system. For details, see 2.3.1 Installing eBackup Using a
Template, 2.3.2 Installing eBackup Using a Software Package, and 2.4.2
(Optional) Configuring a Backup Proxy. To reduce the capacity, uninstall
eBackup on backup proxies. For details, see 2.9 Uninstalling eBackup.
2.2 Preparing for Installation
To ensure correct, smooth, and efficient installation of the eBackup software,
check the software deployment environment and plan networks.
2.2.1 Checking the Deployment Environment
To ensure that the eBackup software will function properly, check the deployment
environment, make sure that the eBackup servers and maintenance terminal meet
the deployment requirements, and plan communication ports.
Deployment Environment Specifications
Table 2-1 shows deployment environment specifications of the eBackup software.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 20
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Table 2-1 Deployment environment specifications of the eBackup software
Item Specification Remarks
Operating The eBackup software is -
system deployed on physical servers
using software packages or on
virtual machines (VMs) using
software packages or templates.
● Using the template:
Supports FusionCompute
8.1.0.
● Using a software package:
Operating system version:
ARM: EulerOS release 2.0
(SP9)
x86: EulerOS release 2.0
(SP9)
NOTE
For FusionCompute 8.0.1 and
earlier versions, if the
production storage is
FusionStorage, eBackup can be
deployed only on physical
servers.
CPU 8core*2.0GHz 1. CPU and memory
specifications are
Memory 16 GB specifications required for
running the eBackup
software. Disk space includes
the space required for
installing the operating
system and eBackup
software.
2. If the production storage is
Huawei distributed block
storage, the Agent and VBS
of Huawei distributed block
storage must be installed on
the eBackup server. The CPU,
memory, and disk resources
required for installing and
running the Agent and VBS
must be added. For details
about the specifications, see
the product documentation
of the corresponding Huawei
distributed block storage
version.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 21
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Item Specification Remarks
Disk 120 GB NOTE
The CPU overcommitment ratio of
Used to store the installation the host where eBackup resides
files, logs, and events of an cannot exceed 4:1. If the eBackup
operating system and the VM is created on FusionCompute,
eBackup software. you can view the CPU
overcommitment ratio of the host
on FusionCompute.
NOTE
For details about the compatibility specifications of maintenance terminals and storage
devices, see OceanStor BCManager 8.1.0 eBackup Compatibility List (Virtualization).
2.2.2 Network Planning
Before installing and configuring the eBackup software, you need to understand
the requirements and suggestions of the software on network connections and
complete network planning.
Figure 2-2 shows the network diagram of the eBackup software.
Figure 2-2 Network diagram of eBackup
Table 2-2 Networking information
Item Description
Management node Management nodes refer to VRM, and host nodes refer
and host at the to FusionCompute compute nodes.
production end For details, see 10.4 Protected Environments
Supported by eBackup.
Production storage All accessible storage resources at the production end,
including local disks of hosts or dedicated storage
systems.
The FusionSphere virtualization environment supports
the following production storage: Huawei distributed
block storage and virtualized storage (including SAN,
NAS, and local disks).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 22
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Item Description
Backup storage Physical storage devices that store backup data.
● Stores backup data of user VMs and supports NFS, S3,
and SAN(XFS).
● Stores backup data of eBackup management data
and supports NFS, FTP, SFTP, and S3 storage.
Number and roles of To ensure that the eBackup software runs properly and
network planes securely, four network planes need to be configured. The
roles are as follows: Management plane, internal
communication plane, production storage plane, and
backup storage plane. The backup management plane
and production management plane are the same
network plane.
Management plane Backup management plane: communication plane for
eBackup to provide external services. Maintenance
terminals or third-party systems can log in to the
eBackup backup management system over the backup
management plane and configure and manage backup
and recovery jobs.
Production management plane: communication plane
between the backup server/backup proxy and the
management plane at the production end; plane for
transferring backup and recovery data in LAN-base
manner.
Internal Communication plane between the backup server and
communication backup proxies.
plane NOTE
If there is only one backup server, the internal communication
plane needs to be planned because the backup server also
provides the backup proxy function.
Production storage Communication plane between the backup server and
plane the backup proxy and the storage plane of the
production end. This plane is used to back up and restore
data in LAN-Free mode.
The recommended network bandwidth between eBackup
and production storage is 10GE.
Backup storage Communication plane between the backup server,
plane backup proxy, and backup storage. This plane is used to
back up and restore data in LAN-Free mode.
The recommended network bandwidth between eBackup
and backup storage is 10GE.
The eBackup software can be installed in either of the following modes: installed
on FusionCompute using a template or installed using a software package on a
physical server. For two installation modes, you need to configure different
network adapters for the management plane, internal communication plane,
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 23
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
production storage plane, and backup storage plane. If the number of network
adapters is sufficient, you are advised to configure four different network adapters
for four network planes.
NOTICE
● To ensure network security, it is strongly recommended that the management
plane, internal communication plane, production storage plane, and backup
storage plane be configured on four different network segments to isolate each
other.
● If a network adapter is configured in each of the two sub-planes (backup
management plane and production management plane) to implement data
off-loading, the two sub-planes must be in different network segments. If just
one network adapter is configured for the two-sub planes, the two-sub planes
must be configured as the same IP address.
● When the number of network adapters is insufficient, multiple network planes
can be used together, but there are network security risks. In addition, you need
to ensure that several network adapters are configured for each network
segment. The network segments correspond to the network adapters.
● If the management plane, internal communication plane, production storage
plane, or backup storage plane uses the same network segment, they must
share the same IP address. You are not allowed to configure multiple static IP
addresses on the same network segment in the same operating system.
● To ensure the safety of the data on the storage plane, management plane and
internal communication plane, you are strongly advised to deploy the three
planes as trusted VLANs, respectively. Ensure that the VLAN does not interwork
with any external untrusted network. Otherwise, potential network security
risks exist.
● Plan the different network segments or IP addresses that access management
plane or storage plane. For example, the network segment that the
management plane resides is 10.142.0.0/16, so the different network segments
means the network segments except 10.142.0.0/16.
● Plan the floating IP address of the internal communication plane. The network
segment of the floating IP address is the same as that of the internal
communication plane. Plan the floating IP address of the management plane.
The network segment of the floating IP address is the same as that of the
management plane. The floating IP address is used to configure the HA
function.
● For all the eBackup servers in one backup management system, the internal
communication plane IP address must be in the same network segment.
2.3 Installing eBackup
Install the eBackup software and complete initial configuration. You can install the
software using a template or the installation package based on the installation
scenario.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 24
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
2.3.1 Installing eBackup Using a Template
On FusionCompute, deploy a VM using a template. After the deployment is
complete, the eBackup software is automatically installed. This section uses an
ARM VM on FusionCompute 8.1.0 as an example. The procedure for deploying an
x86 VM is the same.
Prerequisites
● You have obtained the user name and password for logging into
FusionCompute.
● You have prepared for the installation. For details, see 2.2.1 Checking the
Deployment Environment and 2.2.2 Network Planning.
● You have obtained eBackup template package OceanStor BCManager
8.1.0_eBackup_KVMtemplate_euler_arm64_virtualization.zip (ARM
template package) or OceanStor BCManager
8.1.0_eBackup_KVMtemplate_euler_x86_64_virtualization.zip (x86
template package). How to obtain:
– For enterprise users: Click here.
– For carrier users: Click here.
NOTE
To prevent the software package from being maliciously tampered with during
transmission or storage, download the corresponding digital signature file for integrity
verification while downloading the software package.
After the software package is downloaded from Huawei Support website, verify its
PGP digital signature by referring to OpenPGP Signature Verification Guide. If the
verification fails, do not use the software package, and contact Huawei technical
support.
Before the software package is used for installation or upgrade, its digital signature
also needs to be verified by referring to the OpenPGP Signature Verification Guide to
ensure that the software package is not tampered with. To obtain this document, visit
the following link:
For carrier users, log in to http://support.huawei.com/carrier/
digitalSignatureAction.
For enterprise users, log in to https://support.huawei.com/enterprise/en/tool/pgp-
verify-TL1000000054.
● If the LAN-Free backup feature is used, ensure that the production storage at
the production end provides Ethernet ports to connect to eBackup.
NOTICE
To ensure sufficient network bandwidth resources for backup, you are advised
to install the backup software on physical servers.
For details about the installation method, see 2.3.2 Installing eBackup Using
a Software Package.
Procedure
Step 1 Import an eBackup template.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 25
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
For details, see Importing a Template in the FusionCompute 8.1.0 Product
Documentation. The key parameters are described as follows:
● Import the template from the local host. The template file is extracted from
the OceanStor BCManager
8.1.0_eBackup_KVMtemplate_euler_arm64_virtualization.zip package.
Obtain the x86 template file by decompressing OceanStor BCManager
8.1.0_eBackup_KVMtemplate_euler_x86_64_virtualization.zip.
● Select the CPU and memory specifications based on 2.2.1 Checking the
Deployment Environment.
● Configure the network adapter based on 2.2.2 Network Planning.
Step 2 Use the imported eBackup template to deploy VMs.
For details, see Deploying a VM Using an Existing Template in the System in
the FusionCompute 8.1.0 Product Documentation. The key parameters are
described as follows:
● Select the CPU and memory specifications based on 2.2.1 Checking the
Deployment Environment.
● Configure the network adapter based on 2.2.2 Network Planning.
● On the Customize OS page, select Customize using the Customization
Wizard.
– Configure Computer Name on the Customize Attributes tab page.
– On the NIC Settings tab page, configure the planned IP addresses,
subnet masks, and default gateways for the four network adapters.
Step 3 If the VM is not started, click Start to start the VM.
Step 4 Run the following commands in sequence to disable the SELINUX option and
restart the system. Otherwise, eBackup logs may fail to be dumped.
/usr/bin/sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
reboot
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 26
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Follow-up Procedure
After eBackup has been installed, you need to assign a role for each eBackup
server. Two roles are available: backup server and backup proxy. For details, see
2.4 Configuring eBackup Servers.
2.3.2 Installing eBackup Using a Software Package
This section describes how to install the eBackup software using a software
package on a physical server.
Prerequisites
● You have installed the OS on a physical server. For details about how to install
the OS, see 9.11 Installing the OS. You can obtain OS installation package
OceanStor BCManager 8.1.0_EulerOS_ARM.zip (OS installation package of
the ARM server) or OceanStor BCManager 8.1.0_EulerOS_X86.zip (OS
installation package of the x86 server) from the following path:
– For enterprise users: Click here.
– For carrier users: Click here.
NOTE
● The default password of user root for installing the Euler operating system is
Cloud12#$.
● After the operating system is installed on the physical server, run the
following commands in sequence to disable the SELINUX option and restart
the system. Otherwise, eBackup logs may fail to be dumped.
/usr/bin/sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
reboot
● You have obtained eBackup software installation package
eBackup_8.1.0_Euler_arm64.tar.gz (ARM server software package) or
eBackup_8.1.0_Euler_x86_64.tar.gz (x86 server software package). The path
is as follows:
– For enterprise users: Click here.
– For carrier users: Click here.
NOTE
To prevent the software package from being maliciously tampered with during transmission
or storage, download the corresponding digital signature file for integrity verification while
downloading the software package.
After the software package is downloaded from Huawei Support website, verify its PGP
digital signature by referring to OpenPGP Signature Verification Guide. If the verification
fails, do not use the software package, and contact Huawei technical support.
Before the software package is used for installation or upgrade, its digital signature also
needs to be verified by referring to the OpenPGP Signature Verification Guide to ensure
that the software package is not tampered with. To obtain this document, visit the
following link:
For carrier users, log in to http://support.huawei.com/carrier/digitalSignatureAction.
For enterprise users, log in to https://support.huawei.com/enterprise/en/tool/pgp-verify-
TL1000000054.
● You have prepared for the installation. For details, see 2.2.1 Checking the
Deployment Environment and 2.2.2 Network Planning. IP addresses of
network adapters on servers have been configured according to network
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 27
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
plans. All the IP addresses are static ones. You can bind the network adapters
of eBackup servers, configure virtual network adapters, and set multiple IP
addresses for a single network adapter.
The bond configuration is used as an example to describe how to configure
the IP address of the eBackup server. For details, see 9.8 Configuring
Network Adapter Binding.
Procedure
Step 1 Copy the eBackup software installation package to any directory on the server.
Step 2 Run the cd eBackup software installation package directory command to go to the
directory where the eBackup software installation package is stored.
Step 3 Run the following command to decompress the installation package:
tar zxvf eBackup software package
Step 4 Run the following command to enter the installation script directory:
cd Directory for storing the eBackup software installation script
For example: cd eBackup_8.1.0/action/
Step 5 Run the following command to install the backup software.
sh ebackup_utilities.sh install virtual
The installation is successful if the following command output is displayed:
Successfully installed eBackup.
Please perform 'ebackup_utilities.sh config' to continue.
NOTE
● The path where eBackup is installed is /opt/huawei-data-protection/ebackup.
● Installation-related logs are saved in the installation path of eBackup.
----End
Follow-up Procedure
After eBackup has been installed, you need to assign a role for each eBackup
server. Two roles are available: backup server and backup proxy. For details, see
2.4 Configuring eBackup Servers.
2.3.3 Installing an eBackup Patch
This section describes how to install the eBackup patch package after eBackup is
installed.
Prerequisites
You have obtained the OceanStor BCManager 8.1.0_eBackup_patch.tar.gz
eBackup patch package.
● For enterprise users: Click here.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 28
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
● For carrier users: Click here.
Procedure
Step 1 Use WinSCP to copy eBackup patch package OceanStor BCManager
8.1.0_eBackup_patch.tar.gz to the /home/hcp/ directory of the eBackup server.
Step 2 Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 3 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 4 Run the following command to go to directory /home/hcp/:
cd /home/hcp/
Step 5 Run the following command to decompress the eBackup patch package:
tar xvf "OceanStor BCManager 8.1.0_eBackup_patch.tar.gz"
Step 6 Run the following command to go to directory /home/hcp/patch:
cd /home/hcp/patch
Step 7 Run the following command to install the patch:
sh patch.sh
Step 8 Repeat the preceding steps to install the patch on all other eBackup servers.
----End
2.4 Configuring eBackup Servers
After the eBackup backup software is installed, complete initial configuration of
servers for eBackup to function properly. The configuration items include server
roles and network plane options.
2.4.1 Configuring a Backup Server
Initiate a server on which eBackup is installed as backup server and configure
related parameters.
Prerequisites
● Parameters of backup servers have been planned based on pre-installation
preparations. For details, see 2.2.2 Network Planning.
● You have configured an IP address for the NIC of the eBackup server.
– If you install eBackup using a template, configure the NIC IP address
when provisioning an eBackup VM using the template. For details, see
Step 2.
– If you install eBackup using a software package, configure the NIC IP
address before installing eBackup. For details, see Prerequisites.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 29
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Procedure
Step 1 If eBackup uses the IPv6 network type and the production storage is Huawei
distributed block storage, add the eBackup server to the Huawei distributed block
storage cluster before configuring the eBackup server. Otherwise, skip this step.
For details, see 3.4.1 Adding an eBackup Server to a Huawei Distributed Block
Storage Cluster (Applicable to Huawei Distributed Block Storage 8.1.0/8.1.1).
If the eBackup server has not been added to the Huawei distributed block storage
cluster, adding the eBackup server to the Huawei distributed block storage cluster
will fail after the eBackup server is configured. This is because after a floating IP
address is configured for eBackup, two IP addresses are bound to the same NIC. As
a result, the eBackup server cannot be added to the cluster on Huawei distributed
block storage.
Step 2 Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 3 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 4 Run the TMOUT=0 command to disable user logout upon system timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 5 Run the cd eBackup initial configuration script directory command to switch to the
initial configuration script directory.
NOTE
If the VM is deployed in template mode, the eBackup initial configuration script is in
the /opt/eBackup_xxx/action directory, where xxx indicates the version number of
eBackup.
Step 6 Run the sh ebackup_utilities.sh config command to start initial configuration.
IPv4 and IPv6 are supported.
NOTE
eBackup nodes do not support hybrid deployment of IPv4 and IPv6. For example, IPv4 and
IPv6 cannot be deployed on the same network plane and on different network planes. The
eBackup IP address types cannot be switched between IPv4 and IPv6.
The following command output is displayed:
Please select network type for this machine:
1.ipv4
2.ipv6
Step 7 For example, if the IPv4 environment is used, input 1 and press Enter.
Please select a role for this machine:
1.Backup Server
2.Backup Proxy
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 30
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
3.Backup Manager
4.Backup Workflow Server
Step 8 Type 1 and press Enter.
Note:
In the following steps you will be required to configure four network planes for eBackup.
The definition of each network plane is as follows:
Backup management plane: the communication plane for eBackup to provide external services.
Internal communication plane: the communication plane between backup server and backup proxy.
Production management plane: the communication plane between eBackup and the management plane of
the production end.
Storage plane: the communication plane between eBackup and the storage plane of the production end
and communication plane between eBackup and backup storage.
======================================================================================
==============
Set network adapter for 'Backup management' network plane:
[1] enp4s0 MAC=28:6e:d4:89:ad:1c IP=10.133.40.209 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e0:8a IP=192.168.40.209 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:ea:6d IP=10.122.10.20 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:ac:4e IP=10.122.40.15 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Backup management' network
plane?
Step 9 Select a network adapter to be bound with the backup management plane, and
press Enter.
For example, if you select network adapter enp4s0 to be bound with the backup
management plane, input 1, and press Enter.
Set network adapter for 'Internal communication' network plane:
[1] enp4s0 MAC=28:6e:d4:89:ad:1c IP=10.133.40.209 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e0:8a IP=192.168.40.209 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:ea:6d IP=10.122.10.20 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:ac:4e IP=10.122.40.15 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Internal communication' network
plane?
Step 10 Select a network adapter to be bound with the internal communication plane, and
press Enter.
For example, if you select network adapter enp5s0 to be bound with the internal
communication plane, input 2, and press Enter.
Set network adapter for 'Production management' network plane:
[1] enp4s0 MAC=28:6e:d4:89:ad:1c IP=10.133.40.209 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e0:8a IP=192.168.40.209 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:ea:6d IP=10.122.10.20 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:ac:4e IP=10.122.40.15 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Production management'
network plane?
Step 11 Select a network adapter to be bound with the production management plane,
and press Enter.
For example, if you select network adapter enp4s0 to be bound with the
production management plane, input 1, and press Enter.
Set network adapter for 'Production Storage' network plane:
[1] enp4s0 MAC=28:6e:d4:89:ad:1c IP=10.133.40.209 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e0:8a IP=192.168.40.209 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:ea:6d IP=10.122.10.20 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:ac:4e IP=10.122.40.15 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Production Storage' network
plane?
Step 12 Select a network adapter to be bound with the production storage plane, and
press Enter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 31
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
For example, if you select network adapter enp6s0 to be bound with the
production storage plane, input 3, and press Enter.
Set network adapter for 'Backup Storage' network plane:
[1] enp4s0 MAC=28:6e:d4:89:ad:1c IP=10.133.40.209 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e0:8a IP=192.168.40.209 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:ea:6d IP=10.122.10.20 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:ac:4e IP=10.122.40.15 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Backup Storage' network plane?
Step 13 Select a network adapter to be bound with the backup storage plane, and press
Enter.
For example, if you select network adapter enp7s0 to be bound with the backup
storage plane, input 4, and press Enter.
Enter a floating IP address that is in the same network segment as the internal communication plane.
Step 14 Input the floating IP address of the internal communication plane and press Enter.
If the command output is as follows, the configuration is successful.
Configuration succeeded.
The ebk_accelerator agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_accelerator service succeeded.
The ebk_backup agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_backup service succeeded.
The ebk_copy agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_copy service succeeded.
The ebk_delete agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_delete service succeeded.
The ebk_fsbackup agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_fsbackup service succeeded.
The ebk_jobmanager agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_jobmanager service succeeded.
The ebk_mgr agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_mgr service succeeded.
The ebk_restore agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_restore service succeeded.
The ebk_vmware agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_vmware service succeeded.
service hcp start:completed
Redirecting to /bin/systemctl restart sshd.service
chattr: Operation not supported while reading flags on /opt/huawei-data-protection/ebackup/db/etc/init.d
You can access the eBackup UI using the following link.
https://192.168.9.100:8088 or 192.168.9.100
Alternatively, you can access the eBackup CLI through SSH session.
Step 15 Optional: If you cannot use a browser to access the eBackup server, add the IP
address of the maintenance terminal where the browser resides to the firewall
rules of the eBackup server.
NOTE
Security of eBackup has been hardened. By default, external systems only on the same
network segments as eBackup network planes can access the eBackup server. If the IP
address of a maintenance terminal where the browser resides and that of the backup server
management plane are not on the same network segment, configure firewall rules to
enable the maintenance terminal to access the backup server. For details, see 6.8.6.4
Auxiliary Scripts of iptables.
1. Run the cd /opt/huawei-data-protection/ebackup/bin command to enter
the save path of the iptables script.
2. Run the sh iptablesHelper.sh accept HCPManagementPlane IP address or
network segment of the maintenance terminal where the browser resides
Backup management plane IP address or network segment of eBackup
command to add iptables rules
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 32
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Step 16 For security purposes, harden the security of the operating system
comprehensively to improve system security. For details, see OceanStor
BCManager 8.1.0 eBackup Security Hardening (Euler).
----End
Follow-up Procedure
Check whether the installation is successful:
● Open a web browser and input https://Backup management plane IP address
of the backup server:8088 or input Backup management plane IP address of
the backup server only. If the login is successful, the installation succeeded.
For details, see 9.1 Logging In to the eBackup GUI.
● Use the hcp account to log in to the backup server through SSH (the default
password is PXU9@ctuNov17!). Run cd /opt/huawei-data-protection/
ebackup/cli/ to go to /opt/huawei-data-protection/ebackup/cli/. Run sh
hcpcli.sh admin, and enter the password (the default password is
PXU9@ctuNov17!, which is the same as the password of user admin for
logging in to the eBackup GUI) as prompted. At your initial login to the
system, change the initial password as prompted. If the login is successful, the
installation succeeded.
After you log in to the eBackup system, you need to view the status of eBackup
nodes to discover and handle exceptions in a timely manner. For details, see 6.1.4
Managing an eBackup Server.
If you want to change the IP address of an eBackup server after the configuration,
you need to configure the eBackup server again by referring to 9.4 Reconfigure
eBackup Servers after Changing the IP Address.
After configuration, eBackup uses the time zone of the system by default. To
modify the time zone or add an NTP server, see 6.2.3 Configuring System Time
and Zone.
After configuration, an eBackup node has a default public/private key pair. If you
want to query or update the public/private key pair or handle connection
exceptions on the backup server or a backup proxy, log in to the backup server,
and go to the CLI mode to perform the related operations. For details, see
descriptions of the change server_keypair, change proxy_keypair, show
server_public_key, and add public_key commands in Server Key Management
of OceanStor BCManager 8.1.0 eBackup Command Reference. For security
purposes, you need to update the private and public keys of eBackup servers in
time after configuration and periodically during the running of the system.
Security of eBackup has been hardened. By default, external systems only on the
same network segments as eBackup network planes can access the eBackup
server. Therefore, other network segments or IP addresses used to access the
management or storage plane (including production storage plane and backup
storage plane) must be configured. Configure routers and firewalls in sequence. If
multiple network adapters or IP addresses are configured on the storage plane, for
example, for multipath or network adapter binding, you can use the auxiliary
commands of iptables.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 33
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
2.4.2 (Optional) Configuring a Backup Proxy
If backup proxies are planned for an eBackup management system, you need to
initialize servers (except the backup server) running eBackup as backup proxies
and configure related parameters.
Prerequisites
● Multiple backup proxies can be configured in an eBackup system. Parameters
of backup proxies have been planned. For details, see 2.2.2 Network
Planning.
● A backup server has been configured.
● You have configured an IP address for the NIC of the eBackup server.
– If you install eBackup using a template, configure the NIC IP address
when provisioning an eBackup VM using the template. For details, see
Step 2.
– If you install eBackup using a software package, configure the NIC IP
address before installing eBackup. For details, see Prerequisites.
● If you need to expand the capacity of the backup system (by adding a backup
proxy) and the system to be expanded has unfinished tasks, add the new
eBackup node to the Huawei distributed block storage cluster and then
initialize the eBackup node. Otherwise, tasks delivered to the node may fail.
For details about how to add a new eBackup node to a Huawei distributed
block storage cluster, see 3.4.1 Adding an eBackup Server to a Huawei
Distributed Block Storage Cluster (Applicable to Huawei Distributed
Block Storage 8.1.0/8.1.1).
Procedure
Step 1 If eBackup uses the IPv6 network type and the production storage is Huawei
distributed block storage, add the eBackup server to the Huawei distributed block
storage cluster before configuring the eBackup server. Otherwise, skip this step.
For details, see 3.4.1 Adding an eBackup Server to a Huawei Distributed Block
Storage Cluster (Applicable to Huawei Distributed Block Storage 8.1.0/8.1.1).
If the eBackup server has not been added to the Huawei distributed block storage
cluster, adding the eBackup server to the Huawei distributed block storage cluster
will fail after the eBackup server is configured. This is because after a floating IP
address is configured for eBackup, two IP addresses are bound to the same NIC. As
a result, the eBackup server cannot be added to the cluster on Huawei distributed
block storage.
Step 2 Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 3 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 4 Run the TMOUT=0 command to disable user logout upon system timeout.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 34
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 5 Run the cd eBackup initial configuration script directory command to switch to the
initial configuration script directory.
NOTE
If the VM is deployed in template mode, the eBackup initial configuration script is in
the /opt/eBackup_xxx/action directory, where xxx indicates the version number of
eBackup.
Step 6 Run the sh ebackup_utilities.sh config command to start initial configuration.
IPv4 and IPv6 are supported.
NOTE
eBackup nodes do not support hybrid deployment of IPv4 and IPv6. For example, IPv4 and
IPv6 cannot be deployed on the same network plane and on different network planes. The
eBackup IP address types cannot be switched between IPv4 and IPv6.
The following command output is displayed:
Please select network type for this machine:
1.ipv4
2.ipv6
Step 7 For example, if the IPv4 environment is used, input 1 and press Enter.
Please select a role for this machine:
1.Backup Server
2.Backup Proxy
3.Backup Manager
4.Backup Workflow Server
Step 8 Type 2 and press Enter.
Note:
In the following steps you will be required to configure four network planes for eBackup.
The definition of each network plane is as follows:
Backup management plane: the communication plane for eBackup to provide external services.
Internal communication plane: the communication plane between backup server and backup proxy.
Production management plane: the communication plane between eBackup and the management plane of
the production end.
Storage plane: the communication plane between eBackup and the storage plane of the production end
and communication plane between eBackup and backup storage.
======================================================================================
==============
Set network adapter for 'Backup management' network plane:
[1] enp4s0 MAC=28:6e:d4:89:da:cc IP=10.133.40.211 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e3:e8 IP=192.168.40.211 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:eb:6f IP=10.122.10.21 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:cd:5e IP=10.122.40.16 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Backup management' network
plane?
Step 9 Select a network adapter to be bound with the backup management plane, and
press Enter.
For example, if you select network adapter enp4s0 to be bound with the backup
management plane, input 1, and press Enter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 35
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Set network adapter for 'Internal communication' network plane:
[1] enp4s0 MAC=28:6e:d4:89:da:cc IP=10.133.40.211 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e3:e8 IP=192.168.40.211 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:eb:6f IP=10.122.10.21 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:cd:5e IP=10.122.40.16 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Internal communication' network
plane?
Step 10 Select a network adapter to be bound with the internal communication plane, and
press Enter.
For example, if you select network adapter enp5s0 to be bound with the internal
communication plane, input 2, and press Enter.
Set network adapter for 'Production management' network plane:
[1] enp4s0 MAC=28:6e:d4:89:da:cc IP=10.133.40.211 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e3:e8 IP=192.168.40.211 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:eb:6f IP=10.122.10.21 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:cd:5e IP=10.122.40.16 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Production management'
network plane?
Step 11 Select a network adapter to be bound with the production management plane,
and press Enter.
For example, if you select network adapter enp4s0 to be bound with the
production management plane, input 1, and press Enter.
Set network adapter for 'Production Storage' network plane:
[1] enp4s0 MAC=28:6e:d4:89:da:cc IP=10.133.40.211 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e3:e8 IP=192.168.40.211 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:eb:6f IP=10.122.10.21 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:cd:5e IP=10.122.40.16 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Production Storage' network
plane?
Step 12 Select a network adapter to be bound with the production storage plane, and
press Enter.
For example, if you select network adapter enp6s0 to be bound with the
production storage plane, input 3, and press Enter.
Set network adapter for 'Backup Storage' network plane:
[1] enp4s0 MAC=28:6e:d4:89:da:cc IP=10.133.40.211 MASK=255.255.0.0
[2] enp5s0 MAC=28:6e:d4:88:e3:e8 IP=192.168.40.211 MASK=255.255.0.0
[3] enp6s0 MAC=28:6e:d4:87:eb:6f IP=10.122.10.21 MASK=255.255.0.0
[4] enp7s0 MAC=28:6e:d4:86:cd:5e IP=10.122.40.16 MASK=255.255.0.0
Which network adapter from the above list would you like to bind to the 'Backup Storage' network plane?
Step 13 Select a network adapter to be bound with the backup storage plane, and press
Enter.
For example, if you select network adapter enp7s0 to be bound with the backup
storage plane, input 4, and press Enter.
Please input the leader IP(The IP of internal communication plane at backup server):
Step 14 Enter the internal communication plane IP address of the backup server, and press
Enter.
Please input the floating IP address at backup server:
Step 15 Enter the internal communication plane floating IP address of the backup server,
and press Enter.
Do not check the network segment.
Please enter the public key of the backup server. To obtain the public key, run the following CLI command:
show server_public_key.
To use the default public key, press Enter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 36
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Step 16 Input the public key of the backup server and press Enter. If you use the default
public key, press Enter.
NOTE
You have performed the initial configuration on the backup proxy. Once you replace the
backup server, reconfigure the backup proxy. When reconfiguring the backup proxy, you
cannot use the default public key. Perform the following operations to obtain a new public
key of the backup server. For details, see Related Operations.
If the command output is as follows, the configuration is successful.
Configuration succeeded.
The ebk_accelerator agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_accelerator service succeeded.
The ebk_backup agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_backup service succeeded.
The ebk_copy agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_copy service succeeded.
The ebk_delete agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_delete service succeeded.
The ebk_fsbackup agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_fsbackup service succeeded.
The ebk_jobmanager agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_jobmanager service succeeded.
The ebk_mgr agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_mgr service succeeded.
The ebk_restore agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_restore service succeeded.
The ebk_vmware agent of OceanStor BCManager eBackup was started successfully.
Start:ebk_vmware service succeeded.
service hcp start:completed
Removed /etc/systemd/system/sockets.target.wants/rpcbind.socket.
Redirecting to /bin/systemctl restart sshd.service
You can access the eBackup UI using the following link.
https://backup server's backup management plane:8088 or backup server's backup management plane
Alternatively, you can access the eBackup CLI through SSH session.
Step 17 For security purposes, harden the security of the operating system
comprehensively to improve system security. For details, see OceanStor
BCManager 8.1.0 eBackup Security Hardening (Euler).
----End
Related Operations
Obtain the public key of the backup server.
Step 1 Log in to the backup server using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the following command to go to the cli directory:
cd /opt/huawei-data-protection/ebackup/cli/
Step 3 Run the following command and enter the password of user admin:
sh hcpcli.sh admin
The default password is PXU9@ctuNov17!, which is the same as the password of
user admin for logging in to the eBackup GUI.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 37
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
NOTE
If it is your first login, change the password as prompted.
Step 4 Run the following command to go to the setting view.
setting
Step 5 Run the following command to obtain the public key of the backup server:
show server_public_key
----End
Follow-up Procedure
After you log in to the eBackup system, you need to view the status of eBackup
nodes to discover and handle exceptions in a timely manner. For details, see 6.1.4
Managing an eBackup Server.
If you want to change the IP address of an eBackup server after the configuration,
you need to configure the eBackup server again by referring to 9.4 Reconfigure
eBackup Servers after Changing the IP Address.
After configuration, an eBackup node has a default public/private key pair. If you
want to query or update the public/private key pair or handle connection
exceptions on the backup server or a backup proxy, log in to the backup server,
and go to the CLI mode to perform the related operations. For details, see
descriptions of the change server_keypair, change proxy_keypair, show
server_public_key, and add public_key commands in Server Key Management
of OceanStor BCManager 8.1.0 eBackup Command Reference. For security
purposes, you need to update the private and public keys of eBackup servers in
time after configuration and periodically during the running of the system.
Security of eBackup has been hardened. By default, external systems only on the
same network segments as eBackup network planes can access the eBackup
server. Therefore, other network segments or IP addresses used to access the
management or storage plane (including production storage plane and backup
storage plane) must be configured. Configure routers and firewalls in sequence. If
multiple network adapters or IP addresses are configured on the storage plane, for
example, for multipath or network adapter binding, you can use the auxiliary
commands of iptables.
2.5 Configuring Management Data Backup Storage
The backup of eBackup management data (such as databases and configuration
files) is used to restore the eBackup management system after a disaster occurs.
This chapter describes how to configure management data backup storage and
configure a backup policy. eBackup supports NFS, S3, FTP and SFTP storage as
management data backup storage.
Context
● When eBackup management data is backed up, the shared storage capacity
must be calculated in advance. When the shared storage capacity is
insufficient, the latest backup job will fail. The available capacity of shared
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 38
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
storage must be at least 65 GB. The capacity is planned based on the backup
data retention policy.
– When Daily Backup is selected
Capacity of shared storage for storing backup management data =
[(Number of yearly backup copies + Number of monthly backup copies +
Number of weekly backup copies + Number of daily backup copies +1) x
10 + 15] GB.
When Yearly Backup is set to Permanent, planned capacities depend on
the number of years for saving backup copies. The capacity of shared
storage for storing backup management data = [(Number of planned
yearly backup copies + Number of monthly backup copies + Number of
weekly backup copies + Number of daily backup copies+ 1) × 10 + 15]
GB.
– When Hourly Backup is selected
Capacity of shared storage for storing backup management data =
[(Number of yearly backup copies + Number of monthly backup copies +
Number of weekly backup copies + Number of daily backup copies +
Number of hourly backup copies + 1) × 10 + 15] GB.
When Yearly Backup is set to Permanent, planned capacities depend on
the number of years for saving backup copies. The capacity of shared
storage for storing backup management data = [(Number of planned
yearly backup copies + Number of monthly backup copies + Number of
weekly backup copies + Number of daily backup copies + Number of
hourly backup copies + 1) × 10 + 15] GB.
● Configure separate backup storage space for eBackup management data.
2.5.1 NFS
When eBackup uses the NFS shared storage as the backup storage for
management data (such as databases and configuration files), configure backup
storage information and backup policies to restore the eBackup management
system after management data exceptions occur as instructed in this section.
Prerequisites
● You have planned the capacity of the NFS shared storage. The capacity of the
shared storage must meet the requirements. Otherwise, the backup job will
fail. For details, see Context.
● You have created the NFS shared storage in advance. The client IP address of
the NFS share is the backup storage plane IP address of the eBackup server,
and the storage side does not restrict the permission of user root of the
eBackup server. That is, user root has full control permission on the NFS share
directory. For example, if OceanStor 9000 is used as the NFS shared storage,
select no_all_squash and no_root_squash when setting NFS file sharing
parameters, and set the permission to Read and write.
Procedure
Configuring the backup storage
Step 1 Log in to the eBackup backup management system using a browser.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 39
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Step 2 On the menu bar, choose > Configuration > Management Data Backup >
Set Backup Storage.
Step 3 Configure the backup storage information for eBackup management data.
eBackup supports the NFS, S3, FTP and SFTP storage as the backup storage for
management data. This section describes how to configure the backup storage of
the NFS type. Table 2-3 describes the related parameters.
NOTICE
Backup storage of management data and backup storage for storing user VM data
cannot use the same NFS shared directory. Otherwise, the backup task may fail.
Table 2-3 Backup storage parameters (NFS)
Parameter Description Setting Rule
Type Type of backup storage NFS
of management data.
Path Share path to access NFS IPv4 path format: IP address or
storage. domain name:/share path or
share name.
IPv6 path format: [IP address] or
domain name:/share path or
share name.
IP address and domain name
indicate the service IP address
and domain name of the NAS
storage system, respectively. If the
backup storage is OceanStor
V300R006C00 or later, enter
share name in the path. For other
backup storage versions, enter
share path.
The path contains a maximum of
1 to 255 characters, including
letters, digits, and special
characters (.#%-=@{_}/:). It
cannot end with a slash (/).
NOTICE
The NFS management data backup
storage and the NFS storage unit or
FTP management data backup
storage cannot use the same file
system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 40
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Parameter Description Setting Rule
Identifier Name of a subdirectory The identifier length ranges from
saving the management 1 to 64 characters and can
data, which differentiates contain only letters, digits,
backup copies of underscores (_), and hyphens (-).
management data in the
eBackup system.
If a subdirectory Whether to write backup -
with the same data of eBackup if a sub-
name already folder with the same
exists, the name exists.
system uses the ● If selected,
existing If a subfolder with the
subdirectory same name exists, the
forcibly. contents of the
subfolder are
overwritten.
NOTE
If multiple eBackup
systems use the same
backup subfolder, the
management data
backup will be
unavailable. You are
advised to name
different subfolders for
multiple eBackup
systems.
● If unselected,
If multiple eBackup
systems use the same
backup subfolder, the
management data
backup will be
unavailable. You are
advised to name
different subfolders
for multiple eBackup
systems.
Step 4 Click OK to finish configuring backup storage.
After the configuration is completed, the backup storage configuration status will
be shown to the right of the Set Backup Storage button.
● : The configuration is in progress.
● No icon: The configuration is successful.
● : The configuration failed. If the configuration fails, click Set Backup
Storage and reconfigure.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 41
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Configuring a backup policy
Step 5 Click Automatic Backup Settings.
In the dialog box that is displayed, configure a backup policy as prompted.
● When Daily Backup is selected, the following figure shows the default system
settings.
NOTE
If you change the value of Daily Backup to Hourly Backup, Hourly Backup does not
take effect immediately. After the modification, the first backup job is Daily Backup.
After the backup job is complete, the next backup job is Hourly Backup.
If you need Hourly Backup to take effect immediately after the modification, log in to
the active eBackup node and run the service hcp restart command to restart the
eBackup service.
● When Hourly Backup is selected, the following figure shows the default
system settings.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 42
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Step 6 After the automatic backup policy is configured, click OK. The policy takes effect
immediately.
You are advised to set the backup time to off-peak hours to reduce impact on
services, for example, 00:00 to 02:00.
If backup time overlaps (for example, monthly backup and weekly backup happen
on the same Monday), the system defines backup data with the highest priority.
The priority is Yearly Backup > Monthly Backup > Weekly Backup > Daily Backup >
Hourly Backup.
----End
2.5.2 S3
When eBackup uses the S3 storage as the backup storage for management data
(such as databases and configuration files), configure backup storage information
and backup policies to restore the eBackup management system after
management data exceptions occur as instructed in this section.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 43
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Prerequisites
● You have planned the capacity of the S3 shared storage. The capacity of the
shared storage must meet the requirements. Otherwise, the backup job will
fail. For details, see Context.
● You have obtained the domain name or IP address of the S3 storage service
plane from the S3 storage service administrator, as well as the bucket name,
AK, and SK that stores backup data.
Procedure
Configuring the backup storage
Step 1 Log in to the eBackup backup management system using a browser.
Step 2 On the menu bar, choose > Configuration > Management Data Backup >
Set Backup Storage.
Step 3 Configure the backup storage information for eBackup management data.
eBackup supports the NFS, S3, FTP and SFTP storage as the backup storage for
management data. This section describes how to configure the backup storage of
the S3 type. Table 2-4 describes the related parameters.
NOTICE
Backup storage of management data and backup storage for storing user VM data
cannot use the same bucket. Otherwise, the backup task may fail.
Table 2-4 Backup storage parameters (S3)
Parameter Description Setting Rule
Type Type of backup storage S3
of management data.
Protocol Network protocol for the ● When using the HTTPS
communication between protocol, import a valid
the eBackup certificate for the backup
management system and management system to verify
S3 storage. Options the S3 storage information.
include HTTP and HTTPS. Obtain the certificate from the
S3 storage administrator.
For details about how to
import a certificate, see section
6.4.2.9 Managing
Certificates.
● Security risks arise if the
protocol is set to HTTP. You are
advised to select the HTTPS
protocol.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 44
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Parameter Description Setting Rule
AK Access Key (AK): Obtain the AK and SK from the
Confirms the identity of storage administrator.
a user accessing the
object-based storage
system.
SK Secret Key (SK): Allows a
user to access an object-
based storage system.
Secret access keys and
access key IDs are in
one-to-one match.
Path Path to access S3 IPV4 path format: IP or domain
storage. name:/bucket name
IPV6 path format: [IP] or domain
name:/bucket name
IP and domain name indicate the
service IP address of an object-
based storage system and the
domain name of the object-based
storage system, respectively. A
bucket name contains 3 to 255
letters, digits, and special
characters. Special characters
include periods (.), hyphens (-),
and underscores (_).
Identifier Name of a subdirectory The identifier length ranges from
saving the management 1 to 64 characters and can
data, which differentiates contain only letters, digits,
backup copies of underscores (_), and hyphens (-).
management data in the
eBackup system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 45
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Parameter Description Setting Rule
If a subdirectory Whether to write backup -
with the same data of eBackup if a sub-
name already folder with the same
exists, the name exists.
system uses the ● If selected,
existing If a sub-folder with
subdirectory the same name exists,
forcibly. backup data of
eBackup will be
written to the existing
sub-folder with the
same name.
NOTE
If multiple eBackup
systems use the same
backup subfolder, the
management data
backup will be
unavailable. You are
advised to name
different subfolders for
multiple eBackup
systems.
● If unselected,
If multiple eBackup
systems use the same
backup subfolder, the
management data
backup will be
unavailable. You are
advised to name
different subfolders
for multiple eBackup
systems.
Step 4 Click OK to finish configuring backup storage.
After the configuration is completed, the backup storage configuration status will
be shown to the right of the Set Backup Storage button.
● : The configuration is in progress.
● No icon: The configuration is successful.
● : The configuration failed. If the configuration fails, click Set Backup
Storage and reconfigure.
Configuring a backup policy
Step 5 Click Automatic Backup Settings.
In the dialog box that is displayed, configure a backup policy as prompted.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 46
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
● When Daily Backup is selected, the following figure shows the default system
settings.
NOTE
If you change the value of Daily Backup to Hourly Backup, Hourly Backup does not
take effect immediately. After the modification, the first backup job is Daily Backup.
After the backup job is complete, the next backup job is Hourly Backup.
If you need Hourly Backup to take effect immediately after the modification, log in to
the active eBackup node and run the service hcp restart command to restart the
eBackup service.
● When Hourly Backup is selected, the following figure shows the default
system settings.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 47
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Step 6 After the automatic backup policy is configured, click OK. The policy takes effect
immediately.
You are advised to set the backup time to off-peak hours to reduce impact on
services, for example, 00:00 to 02:00.
If backup time overlaps (for example, monthly backup and weekly backup happen
on the same Monday), the system defines backup data with the highest priority.
The priority is Yearly Backup > Monthly Backup > Weekly Backup > Daily Backup >
Hourly Backup.
----End
2.5.3 FTP
When eBackup uses the FTP storage as the backup storage for management data
(such as databases and configuration files), configure backup storage information
and backup policies to restore the eBackup management system after
management data exceptions occur as instructed in this section.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 48
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Prerequisites
● You have planned the capacity of the FTP shared storage. The capacity of the
shared storage must meet the requirements. Otherwise, the backup job will
fail. For details, see Context.
● eBackup has full control permission on the FTP shared directory.
Procedure
Configuring the backup storage
Step 1 Log in to the eBackup backup management system using a browser.
Step 2 On the menu bar, choose > Configuration > Management Data Backup >
Set Backup Storage.
Step 3 Configure the backup storage information for eBackup management data.
eBackup supports the NFS, S3, FTP and SFTP storage as the backup storage for
management data. This section describes how to configure the backup storage of
the FTP type. Table 2-5 describes the related parameters.
Table 2-5 Backup storage parameters (FTP)
Parameter Description Setting Rule
Type Type of backup storage FTP
of management data.
Protocol Network protocol for the ● When using the FTPs protocol,
communication between import a valid certificate for
the eBackup the backup management
management system system to verify the FTP
and FTP storage. storage information. Obtain the
Options include FTP and certificate from the FTP storage
FTPs. administrator.
For details about how to
import a certificate, see section
6.4.2.9 Managing Certificates.
● Security risks arise if the
protocol is set to FTP. You are
advised to select the FTPS
protocol.
Address IP address or domain -
name of the FTP server.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 49
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Parameter Description Setting Rule
Port Management port of the Set this parameter to the actual
FTP server. port of the FTP server.
● If the connection mode of the
FTP server is set to Implicit,
the default port is 990.
● If the connection mode of the
FTP server is set to Explicit, the
default port is 21.
● If the FTP service is enabled
and Implicit or Explicit cannot
be selected, the default port
number is 21.
Username User name for logging in -
to the FTP server.
Password Password for logging in -
to the FTP server.
Path Path for accessing the The path format is "/File path".
FTP server. The file path is the file directory
where the FTP backup storage
resides. A file path consists of 1 to
255 letters, digits, and special
characters including .#%-=@{_}~/:
and cannot end with a slash (/).
NOTICE
The FTP management data backup
storage and the NFS storage unit or
NFS management data backup
storage cannot use the same file
system.
Identifier Name of a subdirectory The identifier length ranges from
saving the management 1 to 64 characters and can contain
data, which only letters, digits, underscores
differentiates backup (_), and hyphens (-).
copies of management
data in the eBackup
system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 50
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Parameter Description Setting Rule
If a subdirectory Whether to write backup -
with the same data of eBackup if a
name already sub-folder with the
exists, the same name exists.
system uses the ● If selected,
existing If a sub-folder with
subdirectory the same name
forcibly. exists, backup data of
eBackup will be
written to the
existing sub-folder
with the same name.
NOTE
If multiple eBackup
systems use the same
backup subfolder, the
management data
backup will be
unavailable. You are
advised to name
different subfolders for
multiple eBackup
systems.
● If unselected,
If multiple eBackup
systems use the same
backup subfolder, the
management data
backup will be
unavailable. You are
advised to name
different subfolders
for multiple eBackup
systems.
Step 4 Click OK to finish configuring backup storage.
After the configuration is completed, the backup storage configuration status will
be shown to the right of the Set Backup Storage button.
● : The configuration is in progress.
● No icon: The configuration is successful.
● : The configuration failed. If the configuration fails, click Set Backup
Storage and reconfigure.
Configuring a backup policy
Step 5 Click Automatic Backup Settings.
In the dialog box that is displayed, configure a backup policy as prompted.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 51
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
● When Daily Backup is selected, the following figure shows the default system
settings.
NOTE
If you change the value of Daily Backup to Hourly Backup, Hourly Backup does not
take effect immediately. After the modification, the first backup job is Daily Backup.
After the backup job is complete, the next backup job is Hourly Backup.
If you need Hourly Backup to take effect immediately after the modification, log in to
the active eBackup node and run the service hcp restart command to restart the
eBackup service.
● When Hourly Backup is selected, the following figure shows the default
system settings.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 52
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Step 6 After the automatic backup policy is configured, click OK. The policy takes effect
immediately.
You are advised to set the backup time to off-peak hours to reduce impact on
services, for example, 00:00 to 02:00.
If backup time overlaps (for example, monthly backup and weekly backup happen
on the same Monday), the system defines backup data with the highest priority.
The priority is Yearly Backup > Monthly Backup > Weekly Backup > Daily Backup >
Hourly Backup.
----End
2.5.4 SFTP
When eBackup uses the SFTP storage as the backup storage for management data
(such as databases and configuration files), configure backup storage information
and backup policies to restore the eBackup management system after
management data exceptions occur as instructed in this section.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 53
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Prerequisites
● You have planned the capacity of the SFTP shared storage. The capacity of the
shared storage must meet the requirements. Otherwise, the backup job will
fail. For details, see Context.
● eBackup has full control permission on the SFTP shared directory.
Procedure
Configuring the backup storage
Step 1 Log in to the eBackup backup management system using a browser.
Step 2 On the menu bar, choose > Configuration > Management Data Backup >
Set Backup Storage.
Step 3 Configure the backup storage information for eBackup management data.
eBackup supports the NFS, FTP and SFTP storage as the backup storage for
management data. This section describes how to configure the backup storage of
the FTP type. Table 2-6 describes the related parameters.
Table 2-6 Backup storage parameters (SFTP)
Parameter Description Setting Rule
Type Type of backup storage SFTP
of management data.
Address IP address or domain -
name of the SFTP server.
Port Management port of the 22
SFTP server.
The default port is 22.
Username User name for logging in -
to the SFTP server.
Password Password for logging in -
to the SFTP server.
Path Path for accessing the The path format is "/File path".
SFTP server. The file path is the file directory
where the SFTP backup storage
resides. A file path consists of 1
to 255 letters, digits, and special
characters including .#%-
=@{_}~/: and cannot end with a
slash (/).
Note: If SFTP management data backup storage is used for disaster recovery,
the SFTP address and path configured before disaster recovery must be the
same as the SFTP address and path configured during disaster recovery.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 54
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Step 4 Click OK to finish configuring backup storage.
After the configuration is completed, the backup storage configuration status will
be shown to the right of the Set Backup Storage button.
● : The configuration is in progress.
● No icon: The configuration is successful.
● : The configuration failed. If the configuration fails, click Set Backup
Storage and reconfigure.
Configuring a backup policy
Step 5 Click Automatic Backup Settings.
In the dialog box that is displayed, configure a backup policy as prompted.
● When Daily Backup is selected, the following figure shows the default system
settings.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 55
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
NOTE
If you change the value of Daily Backup to Hourly Backup, Hourly Backup does not
take effect immediately. After the modification, the first backup job is Daily Backup.
After the backup job is complete, the next backup job is Hourly Backup.
If you need Hourly Backup to take effect immediately after the modification, log in to
the active eBackup node and run the service hcp restart command to restart the
eBackup service.
● When Hourly Backup is selected, the following figure shows the default
system settings.
Step 6 After the automatic backup policy is configured, click OK. The policy takes effect
immediately.
You are advised to set the backup time to off-peak hours to reduce impact on
services, for example, 00:00 to 02:00.
If backup time overlaps (for example, monthly backup and weekly backup happen
on the same Monday), the system defines backup data with the highest priority.
The priority is Yearly Backup > Monthly Backup > Weekly Backup > Daily Backup >
Hourly Backup.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 56
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
2.6 (Optional) Configuring HA
You can configure high availability (HA) for backup servers to enhance the
reliability of backup servers.
Context
HA refers to that active and standby modules work in hot or cold backup mode to
implement specific functions. When the active module is faulty, the standby
module automatically takes over the role of the active module to implement
system functions, improving system reliability.
To enable eBackup to support the HA function, plan at least two eBackup servers.
(Initialize one as the backup server, and the other servers as backup proxies.) After
eBackup is installed and configured, the HA function is disabled by default. You
need to configure HA parameters to configure eBackup as an HA system. After the
configuration, the backup server and one backup proxy work in active/standby
mode. After the backup server fails, the backup proxy takes over the role of the
backup server to ensure normal system operation.
Prerequisites
The advanced-edition license has been imported. For details, see 2.7 Importing a
License.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Server.
Step 3 Click the drop-down arrow of HA Management and choose Add HA member
from the shortcut menu that is displayed.
Step 4 Select a backup proxy whose Accessibility Status is Accessible, and Register
Status is Registered as the standby node in the HA system as prompted. Then set
the backup server as the active node.
Step 5 Configure the gateway arbitration information.
Set Floating IP address and Quorum gateway(s). IP Address Type does not
need to be set. The system matches the IP address type of the current eBackup
node.
The arbitration gateway must be connected to the management plane of the
active and standby nodes and the IP addresses must be unique. In addition, the IP
address cannot start with 127.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 57
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Follow-up Procedure
To improve system O&M security, you are advised to use a certificate issued by a
third-party certification authority to replace the SSL certificates used for
communication between active and standby nodes and encrypt the private key
files. For details, see 6.4.2.4 Replacing the SSL Certificate of eBackup OMMHA
for Communication Between the Active and Standby Backup Servers and
6.4.2.6 Replacing the SSL Certificate of eBackup GaussDB for Communication
Between the Active and Standby Backup Servers.
The eBackup system time is within the validity period of SSL certificates used for
communication between active and standby nodes. If certificates expire,
Accessibility Status of Backup server (standby) is Inaccessible. In this case,
replace the expired certificates with a new one. You can perform the following
steps to query the validity period of the certificates:
1. Use PuTTY to log in to the active and standby nodes, respectively.
Default account: hcp. Default password: PXU9@ctuNov17!.
2. Run the su root command and enter the password of user root to switch to
user root.
The default password of user root is Cloud12#$.
3. Run the TMOUT=0 command to prevent the system from exiting due to
timeout.
4. Run the openssl x509 -text -in /opt/huawei-data-protection/ebackup/ha/
local/cert/server.crt command to check the validity period of the SSL
certificates of eBackup OMMHA for communication between the active and
standby backup servers.
5. Run the openssl x509 -text -in /opt/huawei-data-protection/ebackup/db/
cert/server.crt command to check the validity period of the SSL certificates of
eBackup GaussDB for communication between the active and standby backup
servers.
NOTE
In the follow-up usage, pay attention to the validity periods of certificates. Replace
certificates before they expire. Otherwise, the HA function may become abnormal.
You can remove HA members or modify HA parameters on this page.
NOTE
After you add an HA member or change an HA parameter, Accessibility Status of Backup
server (standby) is Inaccessible. Information will be automatically refreshed after a while,
and Accessibility Status changes to Accessible.
To reconfigure an eBackup server, perform the following operations:
1. Remove an HA member.
a. Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
b. On the navigation bar, choose > Server.
c. Click the drop-down arrow of HA Management and choose Delete HA
member from the shortcut menu that is displayed.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 58
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
2. Refer to 2.4 Configuring eBackup Servers to reconfigure the eBackup server.
3. Optional: If you want to configure eBackup as an HA system, please see this
chapter to set HA parameters.
NOTE
eBackup can be configured as an HA system only when there are at least two eBackup
servers in the system, that is, there is at least one independent backup proxy server.
If security of eBackup has been hardened, external systems only on the same
network segments as eBackup network planes can access eBackup servers by
default. If the IP address of a maintenance terminal where the browser resides
and that of the standby node management plane are not on the same network
segment, configure firewall rules to enable the maintenance terminal to access
the standby node. For details, see 6.8.6.4 Auxiliary Scripts of iptables.
2.7 Importing a License
The value-added functions controlled by the software license can be used only
after the license of the eBackup software is imported.
For details about the license and how to import the license, see OceanStor
BCManager 8.1.0 eBackup License Application Guide.
2.8 (Optional) Interconnecting with FusionCube Center
Vision
After interconnection, you can log in to the eBackup GUI from FusionCube Center
Vision without a password required. Alarms on eBackup will be uploaded to
FusionCube Center Vision in real time so that alarm information can be easily
obtained and managed in a centralized manner. This section uses FusionCube
Center Vision 6.0 as an example. The operations may vary depending on the
product version.
Prerequisites
● You have obtained the IP address, user name, and password for logging in to
FusionCube Center Vision.
● The network connection between eBackup and FusionCube Center Vision is
normal.
Interconnecting the Backup Server with FusionCube Center Vision
Interconnect the backup server with FusionCube Center Vision.
Step 1 Use PuTTY to log in to the backup server using the management plane IP address.
Default account: hcp Default password: PXU9@ctuNov17!
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 59
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Step 3 Run the TMOUT=0 command to disable user logout upon system timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 4 Run the following command to go to the /conf directory:
cd /opt/huawei-data-protection/ebackup/microservice/ebk_iam/conf
Step 5 Modify the hcpconf.ini configuration file.
1. Run the following command to open the hcpconf.ini configuration file and
press i to modify the configuration file:
vi hcpconf.ini
2. Set parameters for FusionROBO.
– OcAddress: IP address for logging in to FusionCube Center Vision.
– OcPort: Port number for accessing FusionCube Center Vision. The default
value is 30443.
3. Press Esc, enter :wq, and press Enter to save the change and exit.
----End
Interconnecting FusionCube Center Vision with eBackup
Step 1 Log in to FusionCube Center Vision.
Login address: https://IP address:30443
Step 2 On FusionCube Center Vision, create an account for interconnecting with the
backup server of eBackup. For details, see Creating Accounts in the FusionCube
1000 Solution 6.0 Product Documentation.
NOTE
● When creating an account, set the account role to admin.
● After the account is created, use the new account to log in to FusionCube Center Vision
and change the initial password as prompted. Use the new password to interconnect
with eBackup.
Step 3 On the map of the FusionCube Center Vision home page, find the site where
eBackup is located and click the site.
Step 4 Click next to the site name and select eBackup Configuration.
Step 5 On the eBackup Configuration page, configure the management IP address of
the backup server and click Save.
If eBackup is configured in HA mode, enter the floating IP address of the eBackup
management platform.
Step 6 After the configuration is complete, click In this case, you can log in to the
eBackup management system without a password required, as shown in Figure
2-3.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 60
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
Figure 2-3 Logging in to the eBackup management system
----End
Configuring Alarm Reporting on the eBackup Management System
On the eBackup management system, configure alarms to be reported on
FusionCube Center Vision. After the configuration is complete, all alarms on
eBackup will be reported on FusionCube Center Vision for centralized
management.
Step 1 Log in to the eBackup management system and choose > Configuration >
Alarm Reporting.
Step 2 Set alarm reporting parameters, as shown in Table 2-7.
Table 2-7 Alarm reporting parameters
Parameter Description
Enable Alarm Reporting After this parameter is enabled, alarms
on eBackup will be reported to
specified addresses.
Service Type Select FusionCube Center Vision.
URL Address of FusionCube Center Vision,
that is, the address for logging in to
FusionCube Center Vision.
Format: Domain name or IP
address:Port number, for example,
192.168.10.10:30443
Username Account in Step 2.
Password Password of the account in Step 2.
After the configuration is successful, you can manage eBackup alarms on
FusionCube Center Vision.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 61
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
2.9 Uninstalling eBackup
This section describes how to uninstall the eBackup software when it is no longer
needed.
Prerequisites
● You have prepared a cross-platform remote access tool.
● If the eBackup server is a backup server, ensure that no jobs are running
during the uninstallation to avoid impacts on services. If the eBackup server is
a backup proxy, ensure that no jobs associated with the server are running.
● You have closed all the databases and files related to eBackup.
● If the eBackup server is a backup proxy, unregister the backup proxy. For
details, see 6.1.4 Managing an eBackup Server.
● If you need to remotely log in to an eBackup server to uninstall the eBackup
software but user root of this eBackup server does not have the SSH-based
remote login permission, perform the following steps to grant the SSH-based
remote login permission to user root:
a. Use PuTTY to log in to the eBackup server as user hcp using the
management IP address.
b. Run the su root command to switch to user root.
c. Run the vi /etc/ssh/sshd_config command and press i to edit the
configuration file.
▪ Change the value of PermitRootLogin no to PermitRootLogin yes.
▪ Change the value of PasswordAuthentication no to
PasswordAuthentication yes.
▪ Add root to the AllowUsers configuration item and separate it with
other existing accounts with spaces.
▪ Add root to the AllowGroups configuration item and separate it
with other existing groups with spaces.
d. Press Esc to exit the editing mode. Run the :wq command to save the
changes and exit the CLI.
e. Run the service sshd restart command to restart the SSH service.
f. Run exit command to exit the system.
Procedure
Step 1 Use PuTTY to log in to the eBackup server as user root.
The default password of the root user is Cloud12#$.
Step 2 Run the TMOUT=0 command to disable user logout upon system timeout.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 62
OceanStor BCManager
eBackup User Guide 2 Installation and Uninstallation
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 3 Run the w command to check whether other users are logging in to the eBackup
server as user hcp.
Check whether hcp is displayed in the USER column in the command output.
[root@eBackup ~]# w
17:14:50 up 56 min, 3 users, load average: 6.83, 5.80, 4.76
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 17:14 1.00s 0.01s 0.01s w
hcp pts/1 16:33 38:58 0.08s 0.05s sshd: hcp [priv]
root pts/2 17:11 3:06 0.03s 0.03s -bas
● If yes, another user is logging in to the eBackup server as user hcp. Log out
the user. Alternatively, run the pkill -kill –t Value corresponding to the TTY
column command, such as pkill -kill -t pts/1, to stop the user login. Go to
Step 4.
● If no, go to Step 4.
Step 4 Run cd /opt/huawei-data-protection/ebackup/bin to enter the path of the
uninstallation script.
Step 5 Run sh uninstall.sh to start uninstalling the backup software.
================================================================================
Uninstalling eBackup from the machine
================================================================================
Are you sure you want to uninstall the software? (y/n, default y):
Step 6 Input y and press Enter.
The following command output is displayed:
Check whether a protected environment of the storage device type exists. If such a protected environment
exists, run the 'delete V3MapInfo' command on the backup server to delete the information that eBackup
created on the storage device. Then, uninstall eBackup again.(y/n, default y):
Step 7 After reading the information that is displayed, enter y to confirm the information
and press Enter.
NOTE
After you execute the sh uninstall.sh script to uninstall the software in the /opt/huawei-
data-protection/ebackup/bin path, you can view the log in the /var/log/messages path
by entering hcp_log as a keyword to search for the log. After you execute sh
ebackup_utilities.sh uninstall to uninstall the software in the path where the backup
software package resides, the uninstallation log is saved in the current path.
----End
Follow-up Procedure
After uninstalling the backup software, you can run service ntp stop and
chkconfig ntp off to stop the NTP service if you do not need it (make sure that
other applications on servers do not cling to the NTP service).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 63
OceanStor BCManager
eBackup User Guide 3 Backup
3 Backup
Backup is a process of replicating data from the production end to the back-end
storage with which the backup system is associated. If the production system fails
or data in the production system is lost, the backup data can be used to restore
the system or data. The eBackup backup management system can back up
FusionSphere VM data to its associated back-end storage.
3.1 Backup Process
3.2 Preparing for Backup
3.3 (Optional) Registering a Backup Proxy Manually
3.4 Configuring Production Storage
3.5 Creating a Storage Unit
3.6 Creating a Storage Pool
3.7 Creating a Repository
3.8 Creating a Protected Set
3.9 Creating a Backup Policy
3.10 Creating a Backup Plan
3.11 (Optional) Executing a Backup Job Manually
3.12 (Optional) Viewing a Backup Job
3.13 Example for Backing Up the FusionSphere VM Configuration
3.1 Backup Process
This section describes the backup configuration process.
Figure 3-1 shows the backup process.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 64
OceanStor BCManager
eBackup User Guide 3 Backup
Figure 3-1 Backup Process
3.2 Preparing for Backup
Before backup, prepare the data required for service configuration so that you can
find related data quickly and accurately.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 65
OceanStor BCManager
eBackup User Guide 3 Backup
Collect related information based on requirements described in the Table 3-1. You
are advised to print the table for information collection purposes so that data can
be found easily in later service configuration.
Table 3-1 Data
Data Description Value or Operatio
Default n
Value
A1: IP eBackup backup management ___________ 9.1
address of system has only one backup server. Logging
the backup The IP address of the backup server In to the
server backup management plane can be eBackup
backup used to log in to eBackup backup GUI
manageme management system where you can
nt plane configure and manage backup or
restore services. Obtain the IP
address of the backup server backup
management plane from the
eBackup backup management
system administrator.
A2: user eBackup backup management User name:
name and system provides a default super admin
password of administrator. The super Password:
the administrator has all operation rights ____________
eBackup and can manage all resources. The
backup user name of the super administrator
manageme is admin and is unchangeable. The
nt system default password is
super PXU9@ctuNov17!. For details about
administrat how to change the password, see
or 6.4.1.1 Changing the Password of
the eBackup Login Account.
Obtain the password from the
eBackup backup management
system administrator.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 66
OceanStor BCManager
eBackup User Guide 3 Backup
Data Description Value or Operatio
Default n
Value
B1: VRM IP As the management node of ___________ 3.4.2
address FusionCompute, Virtual Resource Adding a
Management (VRM) provides a FusionSp
management interface to centrally here
manage virtualized resources. When Protected
adding a FusionSphere Protected Environm
Environment, enter the IP address of ent
VRM so that eBackup backup
management system can access
FusionCompute and then perform
backup and restore jobs on
FusionCompute. The VRM IP address
can be an IPv4 or IPv6 address.
● If FusionCompute is deployed in
single node mode, the VRM IP
address is the management IP
address of FusionCompute.
● If FusionCompute is deployed in
active/standby mode, the VRM IP
address is the floating IP address
of FusionCompute.
Obtain the VRM IP address from the
FusionCompute administrator.
B2: User When adding a FusionSphere User name:
name and Protected Environment, enter the Password:
password of user name and password of the
the FusionCompute interconnection
FusionCom account so that eBackup backup
pute management system can access
interconnec FusionCompute, and then performs
tion backup and restore jobs on
account FusionCompute.
NOTE
You need to create a FusionCompute
interconnection account on
FusionCompute for security, refer to 9.2
Creating a FusionCompute
Interconnection Account.
3.3 (Optional) Registering a Backup Proxy Manually
At your initial login to eBackup backup management system, the system
automatically registers the backup server and backup proxies. If you want to
register backup proxies again after unregistering them, you need to manually
register them to eBackup backup management system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 67
OceanStor BCManager
eBackup User Guide 3 Backup
Prerequisites
Accessibility Status and Register Status of the backup proxy that you want to
register is Accessible and Unregistered respectively.
Context
For more details about the servers, go to 6.1.4 Managing an eBackup Server.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Server.
Step 3 Select a backup proxy that you want to register in either of the following methods:
● Select a backup proxy from the list.
● Query a required backup proxy in the upper right part of the list and select
the backup proxy.
Step 4 Register the backup proxy in either of the following methods:
● In the upper left core of the list, click Register.
● In the preview area on the right, click Register.
Step 5 In the Warning dialog box, click OK.
----End
3.4 Configuring Production Storage
eBackup backup management system protects VMs in the FusionSphere
environments. After adding the FusionSphere protected environment to eBackup
backup management system, eBackup backup management system can back up
and restore VMs in the protected environment.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 68
OceanStor BCManager
eBackup User Guide 3 Backup
3.4.1 Adding an eBackup Server to a Huawei Distributed Block
Storage Cluster (Applicable to Huawei Distributed Block
Storage 8.1.0/8.1.1)
If the production storage is a Huawei distributed block storage cluster, add the
backup server and backup proxy to the cluster so that eBackup can back up the
production storage.
Prerequisites
You have obtained the OceanStor-Pacific_8.1.x_api.tar.gz software package from
the following path:
● For enterprise users: Click here.
● For carrier users: Click here.
Procedure
Step 1 Create VBS on DeviceManager.
1. Log in to DeviceManager using a browser.
2. On the top navigation bar, choose Resources > Access > VBS.
3. Choose New Node > Manually Add Node.
4. Configure the eBackup node information. Table 3-2 describes the key
parameters.
Table 3-2 eBackup node configuration information
Parameter Description
Management IP Address Management plane IP address of the
backup server
Cabinet Cabinet where an eBackup node
resides
Node Role Select Compute.
Firewall Enable the firewall.
Installation Mode Select Regular installation.
Username hcp
Password Password of user hcp
The default password is
PXU9@ctuNov17!.
Password of root Password of the root account and of
the eBackup server
The default password is Cloud12#$.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 69
OceanStor BCManager
eBackup User Guide 3 Backup
Parameter Description
Note: Only the parameters that need to be set are described in this table.
The parameters that are not described do not need to be set.
5. After the nodes are successfully configured, click Next.
6. On the Configure Storage Network tab page, set the key parameters as
follows:
– Select Yes in Use Configured Storage IP Address Only.
– Storage IP Address Range: Start and end IP addresses of the production
storage plane of the backup server and backup proxy.
– Mask/Prefix: When the eBackup IP address is an IPv4 address, set this
parameter to the subnet mask of the production storage plane of the
backup server and backup proxy. When the eBackup IP address is an IPv6
address, set this parameter to the prefix of the production storage plane
of the backup server and backup proxy.
7. After the storage network is configured successfully, click Next.
8. Click Install to install the node.
9. After the installation is complete, click Finish.
10. Repeat the preceding steps to create VBS for the backup proxy.
Step 2 Import the Huawei distributed block storage certificate to the backup server and
backup proxy.
NOTE
Before performing the following operations, back up the /opt/huawei-data-protection/
ebackup/vbstool/ directory of the backup server and backup proxy. For example, run the
following command to back up the /vbstool directory to the /opt directory:
cp -r /opt/huawei-data-protection/ebackup/vbstool/ /opt/
1. Log in to the distributed storage management node to obtain the certificate.
a. Use PuTTY to log in to the distributed storage management node as user
fsadmin through the floating IP address.
b. Run the su - root command and enter the password of user root to
switch to user root.
c. Run the following command and enter the password of user admin to
log in to the CLI.
ismcli -u admin
d. Run the following command to export the FSM certificate and key file.
export fsm certificate
A password needs to be set during the export. The password is used to
encrypt the exported file.
Information similar to the following is displayed:
admin:/>export fsm certificate
Export password:******
Reenter password:******
fsm certificate path : /opt/omm/oms/workspace/certificate/fsm-server.pem
fsm key path : /opt/omm/oms/workspace/certificate/fsm-server.key
ca certificate path : /opt/omm/oms/workspace/certificate/ca.pem
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 70
OceanStor BCManager
eBackup User Guide 3 Backup
2. Log in to the eBackup server.
Perform the following operations on the backup server and backup proxy in
sequence.
a. Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
b. Run the su root command and enter the password of user root to switch
to user root.
The default password of user root is Cloud12#$.
3. Run the following commands to delete the file attributes and create the /
scripts directory.
chattr -i /opt/huawei-data-protection/ebackup/vbstool/
chattr -i -R /opt/huawei-data-protection/ebackup/vbstool/lib
chattr -i -R /opt/huawei-data-protection/ebackup/vbstool/conf
mkdir -p /opt/huawei-data-protection/ebackup/vbstool/lib/scripts/
4. Use WinSCP to upload the certificate and key file obtained in Step 2.1 to
the /home/hcp directory and then copy them to the /opt/huawei-data-
protection/ebackup/vbstool/lib/scripts/ directory.
5. Run the following command to decompress the jre file.
mkdir -p /opt/huawei-data-protection/ebackup/tmp/javarunenv/
tar -zmxvf /opt/dsware/agent/jre-*.tar.gz -C /opt/huawei-data-protection/ebackup/tmp/javarunenv/
6. Use WinSCP to upload OceanStor-Pacific_8.1.x_api.tar.gz to the /home/hcp/
directory of the backup server and run the following command to decompress
the package.
tar -zxvf /home/hcp/OceanStor-Pacific_*_api.tar.gz
7. Run the following commands in sequence in the /home/hcp/ directory to
copy the corresponding files:
cd OceanStor-Pacific_*_api
rm -rf lib/log4j-*
/bin/cp client_self.keystore client_trust.keystore dsware-api.properties fsa_server.key manager-
ssl.properties primary_ks.key standby_ks.key /opt/huawei-data-protection/ebackup/vbstool/conf/
/bin/cp dr_cli.xml readme.txt version zk-client.jks /opt/huawei-data-protection/ebackup/vbstool/
/bin/cp dsware-api-*.jar /opt/huawei-data-protection/ebackup/vbstool/lib/
/bin/cp primary_ks.key standby_ks.key /opt/huawei-data-protection/ebackup/vbstool/lib/
/bin/cp -r scripts/* /opt/huawei-data-protection/ebackup/vbstool/lib/scripts/
/bin/cp -r lib/* /opt/huawei-data-protection/ebackup/vbstool/lib/
8. Run the following command to create the storage_port.ini file.
touch /opt/huawei-data-protection/ebackup/vbstool/storage_port.ini
9. Run the following command to copy the so file.
– If the eBackup server uses the x86 architecture:
/bin/cp -r /opt/huawei-data-protection/ebackup/vbstool/lib/linux-x86-64/* /opt/huawei-data-
protection/ebackup/vbstool/lib/
– If the eBackup server uses the ARM architecture:
/bin/cp -r /opt/huawei-data-protection/ebackup/vbstool/lib/linux-aarch64/* /opt/huawei-data-
protection/ebackup/vbstool/lib/
10. Run the following commands to import environment variables.
– If the eBackup server uses the x86 architecture:
export LD_LIBRARY_PATH=/usr/lib64:/opt/huawei-data-protection/ebackup/vbstool/lib/linux-
x86-64
– If the eBackup server uses the ARM architecture:
export LD_LIBRARY_PATH=/usr/lib64:/opt/huawei-data-protection/ebackup/vbstool/lib/linux-
aarch64
11. Run the following command in sequence to set eBackup environment
variables to avoid conflicts with certificate environment variables.
VBSTOOL_PATH=/opt/huawei-data-protection/ebackup/vbstool/lib
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 71
OceanStor BCManager
eBackup User Guide 3 Backup
sed -i "s#export LD_LIBRARY_PATH=.*#export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:
$VBSTOOL_PATH#g" /opt/huawei-data-protection/ebackup/vbstool/vrmVBSTool.sh
12. Run the following command to replace the certificate.
sh /opt/huawei-data-protection/ebackup/vbstool/lib/scripts/replace_cert.sh -s /opt/huawei-data-
protection/ebackup/vbstool/lib/scripts/fsm-server.pem -c /opt/huawei-data-protection/ebackup/
vbstool/lib/scripts/ca.pem -k /opt/huawei-data-protection/ebackup/vbstool/lib/scripts/fsm-server.key -
f Enter the FSM floating IP address -j /opt/huawei-data-protection/ebackup/tmp/javarunenv/jre*
During the replacement, you need to enter the password of the certificate,
which is the password set in Step 2.1.
The certificate is successfully imported when the client_self.keystore,
client_trust.keystore, and dsware-api.properties files exist in the /opt/
huawei-data-protection/ebackup/vbstool/conf/cert/FSM floating IP
address/ directory.
13. Run the following command to add a file attribute.
chattr +i /opt/huawei-data-protection/ebackup/vbstool/
chattr +i -R /opt/huawei-data-protection/ebackup/vbstool/lib
chattr +i -R /opt/huawei-data-protection/ebackup/vbstool/conf
----End
3.4.2 Adding a FusionSphere Protected Environment
eBackup backup management system protects VMs in the FusionSphere
environment. After adding the FusionSphere protected environment to eBackup
backup management system, eBackup backup management system can back up
and restore VMs in the protected environment.
Prerequisites
● Network connectivity is normal between servers and the FusionCompute
management plane.
● For servers, Accessibility Status is Accessible and Register Status is
Registered.
● The system has connected to FusionCompute and an interconnection account
has been created. For details about how to create an interconnection account,
go to 9.2 Creating a FusionCompute Interconnection Account.
Context
For details about FusionSphere protected environments, go to 10.4 Protected
Environments Supported by eBackup.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > FusionSphere.
Step 3 Click in the Protected Environment area.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 72
OceanStor BCManager
eBackup User Guide 3 Backup
Step 4 Enter the basic information of a FusionSphere protected environment. Table 3-3
describes related parameters.
Table 3-3 Parameters of the FusionSphere protected environment
Paramet Description Value
er
Name Name of a protected The name contains 1 to 128
environment. The name is user- letters, digits, pluses (+),
definable. underscores (_), hyphens (-),
periods (.), and the at symbol
(@).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 73
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Value
er
VRM IP As the management node of Obtain it from 3.2 Preparing for
FusionCompute, Virtual Resource Backup (data preparation item
Management (VRM) provides a B1).
management interface to
centrally manage virtualized
resources.
● If FusionCompute is deployed
in single node mode, the VRM
IP address is the management
IP address of FusionCompute.
● If FusionCompute is deployed
in active/standby mode, the
VRM IP address is the floating
IP address of FusionCompute.
Usernam User name of the eBackup Obtain it from 3.2 Preparing for
e backup management system and Backup (data preparation item
FusionCompute interconnection B2).
account.
Password Password of the eBackup backup
management system and
FusionCompute interconnection
account.
Protocol Network protocol for HTTPS is used by default. HTTPS
communication between is recommended because HTTP
eBackup backup management has network security risks.
system and the FusionCompute
management plane. Possible
values are HTTP and HTTPS.
Port Port for communication between ● When HTTPS is used, the
eBackup backup management default port is 7443.
system and the FusionCompute ● When HTTP is used, the
management plane. default port is 7070.
NOTE
HTTP is an insecure protocol and
port 7070 is disabled by default.
You are advised to use HTTPS to
communicate with the VRM
node. If the HTTP protocol is
required, enable port 7070. For
details, see Disabling or
Enabling Port 7070 in
FusionCompute 8.1.0 Product
Documentation. For other
FusionCompute versions, see the
desired product documentation.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 74
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Value
er
Certificat Certificate for authenticating the When HTTPS is used, security
e protected environment. risks arise if the valid CA root
● Auto Match certificate is not imported to
If you have imported system. It is recommended that
certificates for the protected you import valid certificate to
environment by choosing ensure that the backup
management system can verify
the protected environment. To
> Certificate, the
keep the compatibility with the
system automatically
protected environment, eBackup
discovers a matching
backup management system
certificate from the imported
ignores the protocol versions of
ones.
the certificate.
● Manually Upload
The certificate can be obtained
by the following method:
1. Log in to any eBackup server
(the backup server is
recommended) as user hcp
(The default password is
PXU9@ctuNov17!).
2. Run openssl s_client -
connect VRM IP:Port -
showcerts. VRM IP and Port
are the parameters in this
table.
3. In the command output, copy
the content of the last
certificate to any new file,
and rename the file as xx.crt.
xx is user-defined, and xx.crt
is the certificate to be
imported.
-----BEGIN CERTIFICATE-----
......(the details are omitted.)
-----END CERTIFICATE-----
Step 5 Click OK.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 75
OceanStor BCManager
eBackup User Guide 3 Backup
NOTE
● When a FusionSphere protected environment is added, the system automatically obtains
the VM information. The structure of the navigation tree is the same as that of the
protected environment.
● If a VM that is not bound to a CNA host exists in the protected environment and the VM
is powered on, the VM is displayed under a CNA host on the FusionCompute page. On
the eBackup page, the VM is not displayed under any CNA host and is displayed in
parallel with the CNA host. The inconsistency does not affect the backup and restore of
the VM.
● After the FusionSphere protected environment is successfully added, view the
environment name in the navigation tree on the left. You can see that the system
automatically adds the IP address of the VRM to the end of the name for you to quickly
locate the protected environment.
● When you add a FusionSphere protected environment for the first time, the system
automatically scans for the environment information. You can view the scanning
progress by choosing > Job.
When the scanning succeeds, the icon next to the tier 1 node is , with the scanning
date and time displayed in the labels of the scanning job icon. If the scanning fails or is
in progress, the icon next to the tier 1 node is , with the latest scanning date and time
displayed in the labels of the scanning job icon.
● By default, the system scans for the environment information every hour. If the
information is changed, you can click or next to each tier 1 node to manually
trigger the scanning.
● After a successful scan, go to the Protected Environment area and click to refresh
the information in the navigation on the left.
----End
Follow-up Procedure
The VM that you want to protect can be backed up only after it is added to a
protected set. Select the VM that you want to protect and click Add to Existing
Protected Set or Add to New Protected Set to add it to a protected set.
3.5 Creating a Storage Unit
A storage unit is a basic storage unit for backup data of users. It is allocated in the
space mapped by the back-end storage. The back-end storage space that is
successfully mapped can be used only after a storage unit is created.
Prerequisites
● Network connectivity is normal between eBackup servers and back-end
storage devices.
● You have planned and configured shared storage in advance. For details about
operations on the storage side, refer to the corresponding device manual.
● When the NAS shared storage is used, the client IP address of a NAS share is
the backup storage plane IP address of the eBackup server.
● To ensure data security, it is recommended that the shared directory be used
only by eBackup servers when NAS storage is used. For example, if NFS
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 76
OceanStor BCManager
eBackup User Guide 3 Backup
storage is used, set the client IP address of the NFS share to the backup
storage plane IP address of the eBackup server. When the S3 storage is used,
the specified bucket is used only by eBackup. Otherwise, backup data may be
illegally obtained.
● If you select SAN(XFS) (volumes on the storage device are mapped to the
eBackup server and formatted into XFS file systems) as backup storage,
ensure that an iSCSI initiator has been configured on the eBackup server
before creating a storage unit. For details, see Configuring an iSCSI Initiator
on the eBackup Server. Then, map the volumes on the storage devices to the
backup server and backup proxy. For details about how to create volume
mappings, see Related Operations. The following uses OceanStor 5000,
5000F, 6000, 6000F V5 series and V500R007 version as an example. For details
about how to create volume mappings for other storage products, see the
desired product documentation.
NOTE
You are advised to use NAS or S3 storage units because SAN(XFS) storage units have
the following restrictions:
● SAN(XFS) storage units do not support capacity expansion. Plan the capacity
before using SAN(XFS) storage units.
● A SAN(XFS) storage unit can be bound to only one backup proxy at a time. All
backup and restore jobs of the storage unit are performed by one backup proxy. No
load balancing mechanism is available. If the backup proxy is faulty, the system
provides a failover mechanism to ensure normal service running.
Context
For details about storage units, go to 10.3 Backup Storage.
You are advised to configure an independent storage unit for each set of eBackup.
You are advised not to use the same storage unit for multiple sets of eBackup.
Otherwise, when the storage unit is restored, copies created by other eBackup will
be scanned to the faulty eBackup.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 In the navigation bar, choose > Storage Unit.
Step 3 Click Create.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 77
OceanStor BCManager
eBackup User Guide 3 Backup
Step 4 Set parameters of a storage unit.
eBackup supports NFS, S3, and SAN(XFS) as backup storage.
S3 and SAN(XFS) storage units do not support deduplication.
NOTICE
Backup storage of management data and backup storage for storing user VM data
cannot use the same NAS shared directory. Otherwise, the backup job may fail.
● NFS
Table 3-4 describes the related parameters.
Table 3-4 Storage unit (NFS) parameters
Parame Description Configuration Principle
ter
Name User-defined storage The name consists of 1 to 128
unit name characters and contains only letters,
digits, pluses (+), underscores (_),
hyphens (-), periods (.), and at symbols
(@).
Descript Description of a The description contains a maximum of
ion storage unit 1024 characters.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 78
OceanStor BCManager
eBackup User Guide 3 Backup
Parame Description Configuration Principle
ter
Storage Storage level of a – Default: applies to backup or
Unit storage unit replication operations.
Level – 1: applies to backup operations only.
– 2: applies to replication operations
only.
In virtualization scenarios, replication is
not supported.
Type Type used by the back- NFS
end storage
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 79
OceanStor BCManager
eBackup User Guide 3 Backup
Parame Description Configuration Principle
ter
Path Path for accessing the IPv4 path format: IP address or domain
NFS shared storage name:/share path or share name
IPv6 path format: [IP address] or
domain name:/share path or share
name
IP address and domain name indicate
the service IP address and domain
name of the NAS storage system,
respectively. If the backup storage is
OceanStor V300R006C00 or later, enter
share name in the path. For other
backup storage versions, enter share
path. The path contains 1 to 255
characters, including letters, digits, and
special characters .#%-=@{_}/:. It
cannot end with a slash (/).
Obtain the shared storage path from
the storage administrator.
NOTE
– An NFS share path can be used to create
only one storage unit.
– The client IP address of the NAS share is
the backup storage plane IP address of
the backup server. You can enter * to
represent all client IP addresses. You are
advised to enter the client IP address of
the NAS share. Otherwise, backup data
may be accessed illegally.
– Ensure that the storage side does not
limit the permissions of user root of the
eBackup server and that the user has full
permissions to the shared NAS directory.
For example, if you use the OceanStor
9000 WushanFS distributed file system,
choose no_all_squash and
no_root_squash when you configure
NFS parameters.
– If you use NFS storage, set the
permission to Read and write.
– The NFS management data backup
storage or NFS storage unit cannot use
the same file system as the FTP
management data backup storage.
Otherwise, the FTP management data
fails to be backed up.
● Table 3-5 describes basic information about S3 storage units and related
parameters.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 80
OceanStor BCManager
eBackup User Guide 3 Backup
NOTICE
Backup storage of management data and backup storage for storing user VM
data cannot use the same bucket. Otherwise, the backup job may fail.
Table 3-5 Storage unit (S3) parameters
Parame Description Configuration Principle
ter
Name User-defined storage The name consists of 1 to 128
unit name characters and contains only letters,
digits, pluses (+), underscores (_),
hyphens (-), periods (.), and at symbols
(@).
Descript Description of a The description contains a maximum of
ion storage unit 1024 characters.
Storage Storage level of a – Default: applies to backup or
Unit storage unit replication operations.
Level – 1: applies to backup operations only.
– 2: applies to replication operations
only.
In virtualization scenarios, replication is
not supported.
Type Type used by the back- S3
end storage
Protoco Network protocol used – When using the HTTPS protocol,
l for communication import a valid certificate for the
between the eBackup backup management system to
management system verify the S3 storage information.
and S3 storage. Both Obtain the certificate from the S3
HTTP and HTTPS are storage administrator in advance.
supported. For details about how to import a
certificate, see 6.4.2.9 Managing
Certificates.
– HTTP has security risks. You are
advised to select HTTPS for security
purposes.
AK Access Key (AK) is the Obtain them from the storage
access key identifier in administrator.
the object storage
service system, which
is used to identify
users accessing the
system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 81
OceanStor BCManager
eBackup User Guide 3 Backup
Parame Description Configuration Principle
ter
SK Secret Key (SK) is the
security access key of a
user in the object
storage service system,
which enables the user
to access the object
storage service system.
An SK corresponds to
an AK.
Path Path for accessing the An IPv4 path format is IP address (or
S3 storage domain name):/Bucket name.
An IPv6 path format is [IP address] (or
domain name):/Bucket name.
IP address and domain name indicate
the service IP address and domain
name of the object storage service
system, respectively. The bucket name
consists of 3 to 255 characters,
including letters, digits, and special
characters .-_, for example,
192.168.10.10:/eBackup.123.
Obtain the shared storage path from
the storage administrator.
NOTE
– A bucket can be used to create only one
storage unit.
– S3 storage units do not support
deduplication.
– For details about the maximum number
of buckets supported by a storage unit,
see S3 in 6.7 Configuration Items.
● SAN(XFS)
Table 3-6 describes related parameters.
Table 3-6 Storage unit parameters (SAN(XFS))
Parame Description Configuration Rule
ter
Name User-defined storage unit name The name consists of 1 to
128 characters and
contains only letters,
digits, pluses (+),
underscores (_), hyphens
(-), periods (.), and at
symbols (@).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 82
OceanStor BCManager
eBackup User Guide 3 Backup
Parame Description Configuration Rule
ter
Descript Description of a storage unit The description contains a
ion maximum of 1024
characters.
Storage Storage level of a storage unit – Default: applies to
Unit backup operations and
Level intra-region replication.
– 1: applies to backup
operations only.
– 2: applies to intra-
region replication only.
The intra-region
replication function is not
supported in virtualization
scenarios.
Type Type of backup storage SAN(XFS)
Format When the storage type is set to Format LUNs
LUNs SAN(XFS), select or deselect Format
LUNs. After this parameter is set
successfully, it cannot be modified.
– If you select Format LUNs, the
volume will be formatted and an
XFS file system will be created
for the volume. All data on the
volume will be lost after
formatting. Ensure that data on
the volume has been backed up
or is no longer used.
– If you deselect Format LUNs,
ensure that the file system of the
volume is in XFS format.
Otherwise, Accessibility Status
of the storage unit is
Inaccessible after the storage
unit is created. If you want to use
the volume as the backup
storage, delete the storage unit
and create a new one.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 83
OceanStor BCManager
eBackup User Guide 3 Backup
Parame Description Configuration Rule
ter
Target Indicates the IP address of the 192.168.1.10
IP Ethernet port on the storage system
Address that connects to the eBackup server.
The following uses OceanStor 5310
V500R007C60SPC300 as an example
to describe how to query the IP
address.
1. Log in to DeviceManager of the
storage system.
2. Choose Provisioning > Port >
Ethernet Ports.
The number of initiators of the
Ethernet port is not 0, and the
initiators include the initiator
name of the eBackup server. The
IP address of the Ethernet port is
the IP address to be queried.
Volume WWN of the backup storage -
WWN volume.
For details about how to query the
WWN of a volume, see Viewing
LUN Information.
Step 5 Click OK.
NOTE
● After a storage unit is created, the system automatically mounts storage space.
● The Accessibility Status of the storage unit is Scanning after you create a storage unit
(the storage unit is connecting with backup proxies). Wait for the system to
automatically refresh the status. For details, see Viewing a storage unit in 5.2.1
Managing a Storage Unit.
Step 6 After a SAN(XFS) storage unit is created, if the storage system has multiple
Ethernet port IP addresses, configure multiple links to improve the availability of
the storage unit. Otherwise, skip this step.
1. Use PuTTY to log in to the backup proxy.
Default account: hcp. Default password: PXU9@ctuNov17!.
2. Run the su root command and enter the password of user root to switch to
user root.
The default password of user root is Cloud12#$.
3. Run the following command to discover the target:
iscsiadm -m discovery -t st -p iscsi_ip
iscsi_ip indicates the IP address of the Ethernet port that connects to eBackup.
4. Run the following command to scan disks:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 84
OceanStor BCManager
eBackup User Guide 3 Backup
upRescan
5. Run the following command to check whether multiple links exist:
upadmin show path
6. Log in to other backup proxies and repeat the preceding steps.
----End
Related Operations
This section uses OceanStor 5000, 5000F, 6000, 6000F V5 series V500R007 version
as an example to describe how to map volumes on a storage device to backup
server and backup proxies. For details about other storage products, see the
related product documentation. For details about supported backup storage types,
see the OceanStor BCManager 8.1.0 eBackup Compatibility List
(Virtualization).
Step 1 Install UltraPath.
1. Use PuTTY to log in to the backup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
2. Run the su root command and enter the password of user root to switch to
user root.
The default password of user root is Cloud12#$.
3. Run the TMOUT=0 command to disable user logout upon system timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are
advised to run the exit command to exit the system after completing your operations.
4. Run the following command to check whether UltraPath has been installed:
upadmin show version
Check whether information similar to the following is displayed:
[root@eBackup conf]# upadmin show version
Software Version : xx.xx.xx
Driver Version : xx.xx.xx
– If yes, UltraPath has been installed. Skip this step.
– If no, UltraPath has not been installed. Install UltraPath. For details, see
Installing UltraPath in the OceanStor UltraPath for Linux 21.6.1 User
Guide.
5. Repeat the preceding steps to install UltraPath on the backup proxy.
Step 2 Create a LUN for backup storage.
For details, see Creating a LUN.
Step 3 Create a LUN group.
For details, see Creating a LUN Group.
Step 4 Create a host for the eBackup server.
For details, see Creating a Host. When creating a host, you need to associate the
host with an initiator. To obtain the name of the associated initiator, see Step 4.1.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 85
OceanStor BCManager
eBackup User Guide 3 Backup
1. Query the initiator name.
a. Log in to the eBackup GUI as user admin.
b. Click > Server.
c. Click the server whose initiator name is to be queried. In the displayed
area, click Details to view iSCSI initiator name of the server.
2. When the iSCSI protocol is used to connect to the IP network of a remote
target, you are advised to enable CHAP authentication. For details, see 9.10
Configuring CHAP Authentication Information on the eBackup Server. If
CHAP authentication is not enabled, security risks may exist.
Perform operations on storage systems by following instructions provided in
corresponding product documents.
NOTE
Because IP networks that the iSCSI technology uses to connect to remote targets do
not protect the data they transport, you must ensure connection security. One of the
protocols that iSCSI implements is the Challenge Handshake Authentication Protocol
(CHAP), which verifies the legitimacy of initiators that access targets on the network.
CHAP uses a three-way handshake algorithm to verify the identity of your host and, if
applicable, of the iSCSI target when the host and target establish a connection. CHAP
authentication includes unidirectional CHAP authentication in which storage systems
authenticate iSCSI initiators but iSCSI initiators do not authenticate storage systems
and bidirectional CHAP authentication in which an additional level of security enables
iSCSI initiators to authenticate storage systems.
Step 5 Create a host group.
For details, see Creating a Host Group.
Step 6 Create a mapping view and add host groups and LUN groups the mapping view.
For details, see Creating a Mapping View.
----End
3.6 Creating a Storage Pool
A storage pool consists of one storage unit only. A storage pool provides an
abstract layer to implement physical isolation. The failure of a storage pool does
not affect backup services in other storage pools.
Prerequisites
Before creating a storage pool, create a storage unit.
Context
For details about storage pools, go to 10.3 Backup Storage.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 86
OceanStor BCManager
eBackup User Guide 3 Backup
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Storage Pool.
Step 3 Click Create.
Step 4 Enter the basic information of a storage pool. Table 3-7 describes related
parameters.
Table 3-7 Storage pool parameters
Paramet Description Configuration Rule
er
Name Name of a storage pool. The The name contains 1 to 128
name is user-definable. letters, digits, pluses (+),
underscores (_), hyphens (-),
periods (.), and the at symbol
(@).
Descripti Description of a storage pool. The description contains a
on maximum of 1024 characters.
Storage Click . In the Add Storage A storage unit cannot be added
Unit Unit dialog box, select an to multiple storage pools.
existing storage unit or create a
storage unit if no storage units
are available.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 87
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Configuration Rule
er
Alarm When the usage of the storage An appropriate capacity alarm
Threshol pool capacity exceeds the threshold helps you monitor the
d threshold, an alarm is raised, capacity usage of a storage pool.
prompting users to expand The default value is 80% and the
capacity or delete unneeded recommended value ranges from
backup data. If you do not 70% to 90%.
expand capacity or delete
unneeded backup data, the
follow-up backup jobs may fail.
Step 5 Click OK.
----End
3.7 Creating a Repository
A repository is a space allocated in a storage pool. It provides storage space to
store backup data and provides data source to restore data. Before backup, create
a repository.
Prerequisites
Before creating a repository, 3.6 Creating a Storage Pool.
Context
For details about repositories, go to 10.3 Backup Storage.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Repository.
Step 3 Click Create.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 88
OceanStor BCManager
eBackup User Guide 3 Backup
Step 4 Enter the basic information of a storage pool. Table 3-8 describes related
parameters.
Table 3-8 Repository parameters
Paramet Description Value
er
Name Name of a repository. The name The name consists of 1 to 128
is user-definable. characters and contains only
letters, digits, pluses (+),
underscores (_), hyphens (-),
periods (.), and at symbols (@).
Descripti Description of a repository. The description contains a
on maximum of 1024 characters.
Storage Select an existing storage pool ● If a storage pool has been
Pool and create a repository in the specified for a repository,
storage pool. select the storage pool.
● If no storage pool is specified
for a repository and the
available resources need to be
used, select a proper storage
pool that can provide
sufficient storage space for
the backup data.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 89
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Value
er
Full You can choose to enable or ● ON: The capacity of a
Quota disable Full Quota. repository is the maximum
available capacity.
● OFF: The capacity of a
repository is specified by a
user.
Capacity Capacity of a repository. The repository capacity cannot
This parameter is available when exceed the free capacity of the
Full Quota is OFF. backup storage pool.
Alarm When the usage of the A proper capacity alarm
Threshol repository capacity exceeds the threshold helps you monitor the
d threshold, an alarm is reported, capacity usage of a repository.
prompting users to expand The default value is 80% and the
capacity or delete unnecessary recommended value ranges from
backup data. If you do not 70% to 90%.
expand capacity or delete
unnecessary backup data,
follow-up backup jobs may fail.
Step 5 Click OK.
----End
3.8 Creating a Protected Set
A protected set consists of backup objects to be protected. You can apply the same
backup policy to all backup objects in a protected set to reduce backup time and
increase backup efficiency.
Prerequisites
The protected environment where the backup objects to be protected reside has
been added to eBackup backup management system and the backup objects have
been detected.
Context
For details about protected sets, go to 10.5 Protected Set.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Protected Set.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 90
OceanStor BCManager
eBackup User Guide 3 Backup
Step 3 Click Create.
Step 4 Enter the basic information of a protected set. Table 3-9 describes related
parameters.
Table 3-9 Protected set parameters
Paramet Description Configuration Rule
er
Name Name of a protected set. The name contains 1 to 128 letters,
The name is user-definable. digits, pluses (+), underscores (_),
hyphens (-), periods (.), and the at
symbol (@).
Descripti Description of a protected The description contains a maximum
on set. of 1024 characters.
Protected After selecting the protected Select the protected environment
Environm environment type, select the where the backup objects to be
ent protected environment protected reside.
added to eBackup backup
management system.
Currently, a protected
environment of the
FusionSphere type can be
selected.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 91
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Configuration Rule
er
Available Backup objects that can be You can use either of the following
Objects added to the Selected methods to select backup objects: in
the navigation tree, select the
Objects list by clicking . required backup objects; set filtering
Backup objects that can be criteria and select the required
added to the Excluded backup objects that meet the filtering
criteria.
Objects . NOTE
● If a VM that is not bound to a CNA
host exists in the protected
environment and the VM is powered
on, the VM is displayed under a CNA
host on the FusionCompute page. On
the eBackup page, the VM is not
displayed under any CNA host and is
displayed in parallel with the CNA
host. The inconsistency does not
affect the backup and restore of the
VM.
● The users can select multiple backup
objects at the same time by hold
down Ctrl or Shift.
Selected Objects to be backed up. By default, the system considers all
Objects Select the selected backup disks on VMs as backup objects. To
exclude some disks, click and
objects and click to remove the disks in the VM Disks
remove them from Selected dialog box.
Objects. NOTE
eBackup backup management system
uses IDE (Bus Number: Slot Number) to
identify a disk.
The maximum summation of selected
objects and excluded objects is 200.
NOTE
If you select disks of multiple VMs as
backup objects, all disks of the VMs are
selected by default.
Excluded Objects not to be backed up. The maximum summation of selected
Objects Select the excluded backup objects and excluded objects is 200.
objects and click to
remove them from
Excluded Objects.
Step 5 Click OK.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 92
OceanStor BCManager
eBackup User Guide 3 Backup
3.9 Creating a Backup Policy
A backup policy defines rules for executing backup jobs and generating backups. A
backup plan can initiate a backup job only after a backup policy is set for the
backup plan. You can create different backup policies to meet diverse backup
requirements.
Context
For details about policies, go to 10.6 Backup Policies.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
The default user name is admin, and the default password is PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Backup Policy.
Step 3 Click Create.
Step 4 Set the basic information of the backup policy. Table 3-10 describes related
parameters.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 93
OceanStor BCManager
eBackup User Guide 3 Backup
Table 3-10 Policy parameters
Paramet Description Configuration Rule
er
Backup User-defined name of the The name consists of 1 to 128
Policy backup policy. characters and contains only
Name letters, digits, pluses (+),
underscores (_), hyphens (-),
periods (.), and at symbols (@).
Descripti Description of a backup policy. The description contains a
on maximum of 1024 characters.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 94
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Configuration Rule
er
Schedule Schedules backup job The more frequently data is
execution of the backup policy backed up, the more thoroughly
specified by applications. The data is protected; however, the
value can be Periodic or One backup time is also longer,
time. requiring a longer backup time
When Schedule is set to and occupying larger space.
Periodic, you need to set Choose a schedule based on data
scheduling plans for importance and service volume.
incremental backup. You can Adopt a high backup frequency for
determine whether to enable important data.
periodic full backup based on
site requirements. Related
parameters are described as
follows:
NOTE
If incremental backup and full
backup are set to be executed at
the same point in time, the
system will execute full backup
first.
● Weeks in a Month: Execute
backup jobs weekly or in a
specific week of each
month.
● Days in a Week: Execute
backup jobs on a certain
day of a week, which is used
together with Weeks in a
Month. For example,
execute backup jobs on
Wednesday and Sunday in
the first week of each
month.
● Excluded Days in a Month:
Execute backup jobs not in
those specific days.
● Execution Time: A specific
point in time. The system
automatically executes
backup jobs at the point in
time. You can set one or
more points in time. The
system performs backup
jobs in time sequence. You
can set one or more points
in time. The system
performs backup jobs in
time sequence.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 95
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Configuration Rule
er
● Execution Period: A specific
execution period. The
system executes a backup
job many times at a certain
interval within a specific
period of time. You can set
one or more execution
periods.
NOTE
● A new backup job is started
only after an ongoing backup
job is completed.
● After a VM is added to a
protected set that is associated
with a backup plan within a
specific period of time, the
system will start a backup job
for the VM when the specific
period of time is exceeded
even though an ongoing
backup job is not completed.
● If the specific period of time is
exceeded, an ongoing backup
job can continue but the
backup job in Pending state
will not be processed.
One time Backup jobs to which a specific The backup policy execution time
backup policy is set are must be later than the current
executed only once. The system time.
backup policy execution time
needs to be set. The parameter
is valid only to full backup. This
parameter is available only
when Schedule is set to One
time.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 96
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Configuration Rule
er
Retentio Defines the retention and the ● Total number of retained
n number of the backups backups
generated by a protected – The value of total number of
object. Three types of retained backups ranges
Retention are available: Three from 1 to 100, and the
types of Retention are default value is 90.
available:
– The value of the number of
● Permanent retained backups in a year
Backups are retained ranges from 0 to 999, and
permanently. the default value is 10.
● By backup quantity – The value of the number of
Total number of retained retained backups in a month
backups ranges from 0 to 999, and
For example, after the the default value is 10.
following configuration is – The value of the number of
performed, the actual retained backups in a week
number of retained copies ranges from 0 to 9999, and
is: the default value is 10.
Retain the latest 90 copies; – The value of the number of
retained backups in a day
Retain the latest copy of
ranges from 0 to 99999, and
each year for the previous
the default value is 10.
10 years (excluding the
current year); ● Retained for a period
Retain the latest copy of – The value of the retention
each month for the previous period for years ranges from
10 months (excluding the 1 to 25, and the default
current month); value is 1.
– The value of the retention
Retain the latest copy of
period for months ranges
each week for the previous
from 1 to 300, and the
10 weeks (excluding the
default value is 1.
current week);
– The value of the retention
Retain the latest copy of
period for weeks ranges
each day for the previous 10
from 1 to 1300, and the
days (excluding the current
default value is 1.
day);
– The value of the retention
The union of all the period for days ranges from
preceding copies is 1 to 9125, and the default
obtained. value is 1.
If backups are retained
permanently, they can be used to
restore data at any time. However,
space occupied by backups cannot
be reused. If the space provided by
repository is used up by backups,
● By time the system will not generate new
Retained for a period backups.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 97
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Configuration Rule
er
Backups generated When determining the number of
according to a backup policy retained backups and the
will be retained for xx years, retention period, consider the
months, weeks, or days. following:
Once the retention period is ● Data importance and disaster
exceeded, the system recovery requirements. If data
automatically deletes of the latest month must be
expired backups. retained, you are advised to set
Retained until a specific day the retention period to at least
Backups generated one month.
according to a backup policy ● Available space of repository. If
will be retained to a specific the available space of
point in time. Once the repository is sufficient, you are
point in time is exceeded, advised to retain multiple
the system automatically copies of important backups or
deletes expired backups. retain those backups for a long
time.
Create After this option is selected, This function will affect backup
Verificati the system creates verification performance. If you have
on Data data for backup data. The demanding requirements on
verification data will be used to integrity and consistency of
verify the integrity and backup data and have no
consistency of the backup data. requirements on backup
If this option is not selected, performance, you are advised to
the system verifies only the enable this option to ensure data
consistency of the metadata of availability after data restore.
the backup data.
NOTE
Backup data is the real data of
users. Backup metadata is the
additional information about
location of data blocks and
number of disks.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 98
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Configuration Rule
er
Data Format of backup data saved If there is a large amount of
Layout on the backup storage. The duplicate backup data (for
value can be: example, a monthly report is
● Dedupe generated based on the last
Deduplication is a data monthly report), you are advised
compression technology to use deduplication. In some
that searches for duplicate special scenarios (such as
data, saves only one backup structured databases, ZIP files, and
of the data, and uses streaming media files), you are
pointers that point to the not advised to use deduplication
unique backup to replace because there is not much
the duplicate copies. duplicate backup data. Using
eBackup backup deduplication depends on actual
management system uses scenarios and specific needs.
deduplication to minimize NOTE
the occupation of storage If Dedupe and Compress are not
used, backup data is stored in the
space and address the
original format.
increasing demand for
If you use the basic license, the
storage capacity.
Dedupe and Compress features are
● Compress not supported.
Compressing backup data
effectively helps save
storage space.
If Dedupe and Compress are
used at the same, the system
performs deduplication prior to
performing compression.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 99
OceanStor BCManager
eBackup User Guide 3 Backup
Paramet Description Configuration Rule
er
Retry Maximum number of retries. The value of retry times ranges
After setting the parameter from 0 to 10. The default is 3
value to ON, you need to set times.
Retry Times and Retry The value of the retry window
Window. The retry time ranges from 1 to 168. The default
window specifies the maximum is 4 hours.
time duration allowed for the
backup job to retry since its For example, backup job A is
failure. performed at 9:00. At 9:10, backup
job A fails. In the retry plan, the
number of retries is set to 3 and
the retry window is set to one
hour. By default, the system
performs a failed backup job five
minutes after the backup job
execution failure. Therefore,
backup job A is performed again
between 9:15 and 10:10.
● If backup job A still fails after
three retries within the
specified period or the three
retries cannot be completed
within the specified period, the
system will not perform backup
job A again.
● If backup job A successes
within the specified period, the
system will not perform backup
job A again.
Step 5 Click OK.
----End
3.10 Creating a Backup Plan
A backup plan consists of a repository, protected set, and backup policy. After a
backup plan is created, you can perform backup jobs for the backup plan.
Prerequisites
Before creating a backup plan, create a repository, a protected set, and a backup
policy.
Context
● After configuring associated jobs for a backup plan, you can use the backup
plan wizard to select created objects and start backup jobs. This section
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 100
OceanStor BCManager
eBackup User Guide 3 Backup
instructs you to create a backup plan by selecting a repository, protected set,
and backup policy. In addition, eBackup backup management system provides
the quick entry for creating a backup plan which aims at providing a key job
configuration wizard to help the user that initially uses eBackup backup
management system to quickly create a backup plan.
● For details about backup plans, go to 10.7 Backup Plan.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Backup Plan.
Step 3 Click Create.
Step 4 On the General Info page, enter the basic information of a backup plan.
1. In Name, enter a backup plan name.
NOTE
The name contains 1 to 128 letters, digits, pluses (+), underscores (_), hyphens (-),
periods (.), and the at symbol (@).
2. In Description, describe the backup plan.
3. Click Next.
The Protected Set page is displayed.
Step 5 Select a protected set using either of the following methods:
● Select a protected set from the list.
● Query a required protected set in the upper right part of the list and select
the protected set.
NOTE
● If no protected sets are available in the list, click the Create Protected Set tab in the
upper right part of the page to create a protected set.
● If there is no VM or VM disk in the protected set, the system will not execute the
backup job.
Step 6 Click Next.
The Backup Policy page is displayed.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 101
OceanStor BCManager
eBackup User Guide 3 Backup
Step 7 Select a backup policy in either of the following modes:
● Select a backup policy from the list.
● Query a required backup policy in the upper right part of the list and select
the backup policy.
NOTE
If no backup policies are available in the list, click the Create Backup Policy tab in the
upper right part of the page to create a backup policy.
Step 8 (Optional) Select Activate Now.
After this option is selected, the system automatically executes backup jobs based
on the selected or newly created backup policy. If you do not select this option,
you can choose > Backup Plan to manually activate the backup task to be
executed.
NOTE
If the selected backup policy is set to One time and the creation time of the backup plan is
later than the execution time of the backup policy, the system immediately executes the
backup task after the backup plan is created (select Activate).
Step 9 Click Next.
The Repository page is displayed.
Step 10 Select a repository in either of the following modes:
● Select a repository from the list.
● Query a required repository in the upper right part of the list and select the
repository.
NOTE
● If no repositories are available in the list, click the Create Repository tab in the upper
right part of the page to create a repository.
● If a backup job requires more storage capacity than the free capacity of its repository
while the storage pool of the repository has sufficient capacity, the backup job will be
executed. If the capacity of the repository is used up, no backup job will be executed.
Step 11 Click Finish.
NOTICE
You are advised not to run multi backup plans that contain one same VM at the
same time. Or the backup jobs may fail.
----End
Follow-up Procedure
After creating a backup plan, choose > Backup Plan and view information
about the created backup plan.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 102
OceanStor BCManager
eBackup User Guide 3 Backup
3.11 (Optional) Executing a Backup Job Manually
For a created backup plan, you can execute a backup job automatically based on a
backup policy or execute a backup job manually.
Prerequisites
The available storage capacity of the repository is sufficient for the backup plan to
execute backup jobs.
Context
Two methods to execute backup jobs are available:
● Automatic:
A backup job is automatically executed according to a backup policy.
● Manual:
A backup job is manually enabled by a user and is executed according to a
backup policy.
When a backup job is manually executed, eBackup backup management system
supports full backup and incremental backup. You can select a backup type based
on actual needs and available storage resources. Table 3-11 describes backup
types.
Table 3-11 Backup types
Backup Description Configuration Suggestion
Type
Full All data on a backup object is You can adopt full backup if you
backup backed up, no matter when data have high data protection
was changed or backed up last requirements and sufficient
time. According to the backup storage resources but have no
policy, the system initially requirements for backup and
executes full backup by default. restore time.
You can manually trigger full If the system has not executed
backup based on actual needs. any backup job before, you can
Full backup provides the most only select full backup to
complete backup protection; perform backup jobs. If the
however, full backup takes a system has performed backup
long time and occupies a large jobs before, you can select full
space. backup or incremental backup
to perform backup jobs.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 103
OceanStor BCManager
eBackup User Guide 3 Backup
Backup Description Configuration Suggestion
Type
Increment Data change since last full You can adopt full backup +
al backup backup or incremental backup is incremental backup if you have
backed up. The amount of high requirements for backup
backup data is small and the time and have sufficient storage
backup time is short. resources.
According to the backup policy,
the system initially executes full
backup by default. If the system
detects that the previous backup
is unavailable during the
backup, the system implements
full backup. If the backup is
available, incremental backup is
implemented.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Backup Plan.
Step 3 Manually execute backup in either of the following methods.
● Mouse over a backup plan where you want to execute backup and click in
the function pane.
● Click the backup plan and click in the preview area on the right.
NOTE
● If there is an ongoing backup job of the same protected object in the backup plan, the
system adds a backup job and set it in the Pending state.
● If backup jobs have been executed in the backup plan before, click . The system
automatically executes incremental backup.
● If backup jobs have not been executed in the backup plan before, click . The
system automatically executes full backup.
● At any time after a backup plan is created, you can click in
the preview area on the right and the system will perform full backup to meet
the requirement of manual backup job triggering.
The Confirm dialog box is displayed.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 104
OceanStor BCManager
eBackup User Guide 3 Backup
Step 4 Click Yes.
----End
3.12 (Optional) Viewing a Backup Job
After backing up a VM, you can view the backup job to know the backup job
status and progress.
Prerequisites
Backup jobs have been executed on the VMs to be backed up.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 In the navigation tree, choose > Job.
Step 3 Optional: In the search field in the upper right corner, set the search condition;
(set Type to Backup), or click Advanced, set conditions, and click OK to search for
desired backup jobs.
Step 4 View backup jobs. Table 3-12 describes related parameters.
NOTE
Users can set the types of backup job parameters that need to be displayed. Method: Click
in the upper right corner in the main window of jobs and select the types of backup job
parameters that need to be displayed.
Table 3-12 Backup job parameters
Parameter Description
ID Job ID. Unique identifier of a backup job in the eBackup backup
management system.
Type Job type. The backup job type is Backup.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 105
OceanStor BCManager
eBackup User Guide 3 Backup
Parameter Description
Status Operating status of a backup job, including:
● Aborted
Backup jobs have been aborted. Only the backup job in the
Pending or In progress state can be aborted.
● Aborting
Backup jobs are being aborted.
● Pending
In the event of multiple background jobs, the system sorts the
jobs in order of command deliver time and job priority. Jobs
waiting to be processed are set to the Pending state. Manual
backup jobs have a higher priority than automatic ones.
● In progress
A backup job is being processed. You can view its progress by
viewing its percentage.
● Completed
A backup job has been completed.
● Failed
Backup jobs have been failed.
● Verifying
Verifying that the backup job can be scheduled.
NOTE
A backup job may be in In progress status and cannot be interrupted if
the network of an NFS storage unit is interrupted for a long time or
intermittently in the backup process. For details, see 7.3.3.1 A Backup Job
May Be in the In progress State and Cannot Be Interrupted If the
Network of an NFS Storage Unit Is Constantly or Intermittently
Interrupted During Backup.
Retry Times Number of retry times for backup jobs.
After show historical jobs is enabled in the advanced search,
Retry Times is not displayed but all retry jobs are displayed. After
show historical jobs is disabled, only the latest job is displayed.
Back Plan Name of a backup plan.
Name
Protected Object sub-item of a backup job.
Object If VM zyp_restore3 in protected FusionSphere environment hy02
Name is to be backed up, the protected object name is zyp_restore3.
Protected Object of a backup job.
Environmen If VM zyp_restore3 in protected FusionSphere environment hy02
t is to be backed up, the protected environment is hy02.
Progress Job progress.
Created Time when a backup job is created.
Time
End Time Time when a backup job ends.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 106
OceanStor BCManager
eBackup User Guide 3 Backup
Parameter Description
Backup Backup proxy associated with the backup job.
Proxy
Speed Execution rate of the backup job.
Backup Size Size of backup data generated by the backup job.
Step 5 Click a backup job. In the preview area on the right, view its details.
NOTE
If a backup job fails, that is, Status of the backup job is Failed, you can rectify the fault by
viewing the error information in Details.
Step 6 Optional: Manually stop a backup job in either of the following ways when an
error occurs due to misoperation or when you do not need to execute the backup
job:
● Click the backup job and click in the preview area on the right.
● Mouse over the backup job and click in the button area on the right.
----End
3.13 Example for Backing Up the FusionSphere VM
Configuration
This section explains how to use eBackup backup management system to back up
FusionSphere VMs from the aspect of user requirements, data planning,
configuration roadmap, procedure, and verification.
User Requirements
An enterprise uses FusionSphere VMs to run critical services. To ensure data
security on the VMs, the enterprise needs to back up data. The backup data can
be used to recover VMs when VM failures occur. The backup requirements are as
follows:
● The total capacity of disks to be protected is 30 GB. The capacity of stead
data is 27 GB. The amount of changed data on each working day is 0.1%, and
the data is unchanged at weekends.
● It is required to use the same NAS share storage system to store VM data and
backup data.
● Backup cannot interrupt ongoing services on working days.
● When a VM fails, the backup system can restore VMs to a backup point in
time within the latest 7 days.
Data Planning
With appropriate data planning, the eBackup backup management system can
meet diverse users' backup requirements. Data planning is as follows:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 107
OceanStor BCManager
eBackup User Guide 3 Backup
● NAS share storage is required to serve as back-end storage. To ensure that the
NAS share storage provides sufficient capacity, use the following formula:
Total capacity of reserved backup data ≤ Storage unit capacity × Storage pool
capacity threshold × Repository capacity threshold, where Total capacity of
reserved backup data = Capacity of steady data + Capacity of steady data ×
Amount of daily changed data × (Retention days of backups - Data
unchanged days). Set the alarm thresholds of the storage pool capacity and
repository capacity to 80% and put data in to the preceding formula like 27
(GB) + 27 (GB) × 0.1% × (7-2) ≤ Storage unit capacity × 80% × 80%. From
the formula, you can calculate the storage unit capacity, which is 42.4 GB at
least. Considering unstable data changes and storage space occupation of
configuration files, set the storage unit capacity to 45 GB. In this way, the NAS
shared path provides 45 GB of storage capacity.
● The eBackup backup management system provides flexible policies to meet
different requirements. To avoid affecting normal services, it is planned to
perform one backup job for the protected VMs at 22:00 every working day.
● The eBackup backup management system provides three backup retention
policies: Permanent, By backup quantity, and By time. The user requires the
backup system to restore VMs to a backup point in time within the latest 7
days. Therefore, the backup policy is set to By time and the retention period
is set to 7 days.
Configuration Roadmap
1. Add a FusionSphere protected environment.
2. Add the protected VM to a protected set.
3. Create a backup policy based on data planning.
4. Configure the storage space and alarm threshold for backup data.
5. Create a backup plan and automate scheduling of the backup plan based on
the backup policy.
Procedure
Step 1 Add a FusionSphere protected environment.
1. Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
2. On the navigation bar, choose > FusionSphere.
3. Click in the Protected Environment area.
4. Enter the basic information of a FusionSphere protected environment.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 108
OceanStor BCManager
eBackup User Guide 3 Backup
5. Click OK.
Step 2 Add the protected VM to a protected set.
1. On the navigation bar, choose > Protected Set.
2. Click Create.
The Create Protected Set page is displayed.
3. Enter the basic information of a protected set.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 109
OceanStor BCManager
eBackup User Guide 3 Backup
4. Click OK.
Step 3 Create a backup policy based on data planning.
1. On the navigation bar, choose > Backup Policy.
2. Click Create.
The Create Backup Policy page is displayed.
3. Enter the basic information of a backup policy.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 110
OceanStor BCManager
eBackup User Guide 3 Backup
4. Click OK.
Step 4 Configure the storage space and alarm threshold for backup data.
1. On the navigation bar, choose > Storage Unit.
2. Click Create.
The Create Storage Unit page is displayed.
3. Enter the basic information of a storage unit.
4. Click OK.
5. On the navigation bar, choose > Storage Pool.
6. Click Create.
The Create Storage Pool page is displayed.
7. Enter the basic information of a storage pool.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 111
OceanStor BCManager
eBackup User Guide 3 Backup
8. Click OK.
9. On the navigation bar, choose > Repository.
10. Click Create.
The Create Repository page is displayed.
11. Enter the basic information of a repository.
Step 5 Create a backup plan and automate scheduling of the backup plan based on the
backup policy.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 112
OceanStor BCManager
eBackup User Guide 3 Backup
1. On the navigation bar, choose > Backup Plan.
2. Click Create.
The Backup Wizard page is displayed.
3. On the General Info page, enter the basic information of a backup plan.
4. Click Next.
The Protected Set page is displayed.
5. Select the protected set created in Step 2.
6. Click Next.
The Backup Policy page is displayed.
7. Select the backup policy created in Step 3.
NOTE
By default, Activate is selected. After you select this option, the system automatically
executes the backup job based on the selected or new backup policy.
8. Click Next.
The Repository page is displayed.
9. Select the repository created in Step 4.
10. Click Completed.
----End
Verification
The backup plan will automatically schedule backup jobs based on the backup
policy. After backup jobs are completed, users can view the backup jobs and the
generated backups.
To view the backup job, choose > Job.
To view the backups, choose > FusionSphere.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 113
OceanStor BCManager
eBackup User Guide 4 Restore
4 Restore
When the protected objects data is damaged or lost at the production end and
needs to be restored, eBackup backup management system restores the backup
data on the back-end storage to the production end using the backups generated
at a specific point in time.
4.1 Restoring FusionSphere VMs
4.2 (Optional) Viewing a Restore Job
4.3 Example for Restoring the FusionSphere VM Configuration
4.1 Restoring FusionSphere VMs
eBackup backup management system supports VM restore, batch VM restore, VM
disk restore, batch VM disk restore, and file-level recovery in FusionSphere.
4.1.1 Restoring a VM
This section describes how to restore a VM that has been backed up to a specified
location.
Prerequisites
● The VM to be restored is a FusionCompute VM or a VDI VM.
● The VM that you want to restore has been fully backed up and the backup's
status is Valid.
Context
● A VM can be restored to a specified location. Full restore is performed. Backup
data is restored to a new specified path, that is, a new host or cluster and
datastore specified on the original or another VRM. A new VM is created in
the specified location, to which the backup data is restored.
● eBackup can connect to multiple sets of FusionCompute. If multiple sets of
FusionCompute are added to the protected environment, VMs can be
restored.
● For details about backups, go to 10.8 Backups.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 114
OceanStor BCManager
eBackup User Guide 4 Restore
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > FusionSphere.
Step 3 In the Backed Up Environment area, click the protected environment where the
VM that you want to restore resides.
Step 4 Select the VM that you want to restore by performing either of the following
operations.
● Click the VM in the list.
● Find the VM by querying it on the upper right of the list. Then click the VM.
Step 5 In the preview area on the right, place the pointer on the backup required for
restoration and click .
Step 6 Restore VM to new location.
NOTE
● Before the restore, you can either perform a fast verification by selecting Quick
Verification or perform a full verification by selecting Full Verification. If the
verification status is Valid, the backup can be used to restore the VM.
● VMs whose type is FusionCompute VM or VDI VM support Restore VM to New
Location.
1. Click Restore VM to New Location.
2. Set the basic information about Restore VM to New Location.
Table 4-1 Restore VM to New Location basic information
Paramet Description
er
Protected Name of the protected environment that the VM is restored to.
Environm
ent
Name
Compute Compute resources that VMs use after restoration, including the
Resource clusters and hosts of the selected protected environment.
Datastor All accessible storage resources of the selected Protected
e Environment, including local disks of hosts and dedicated
storage systems.
To improve data security, you can save the data of the VM's
system disk in a separate datastore (the corresponding OS
Disk) and save data of other disks in another datastore of the
same type (the corresponding Other Disks) during restoration.
New VM Name of the new customized VM. The name consists of 1 to
Name 256 characters.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 115
OceanStor BCManager
eBackup User Guide 4 Restore
3. Optional: Select Start VM after restore.
4. Click OK.
----End
Follow-up Procedure
After the restoration, you can log in to FusionCompute based on the target
location to view the information about the restored VM.
NOTE
After backup data of a FusionSphere Linux VM is restored to a new VM, the network
adapters on the new Linux VM may be in disorder. For details, see 7.3.4.3 Linux VM
Network Adapters Are in Disorder When Data Is Restored From a VM Or System Disks
to a New VM.
4.1.2 Batch Restoring VMs
This section describes how to batch restore VMs that have been backed up to
specified locations.
Prerequisites
● The VM to be restored is a FusionCompute VM or a VDI VM.
● The VM that you want to restore has been fully backed up and the backup's
status is Valid.
Context
● VMs can be batch restored either to specified locations. Full restore is
performed. Backup data is restored to new specified paths, that is, new hosts
or clusters and datastores specified on the original or other VRMs. New VMs
are created in the specified locations, to which the backup data is restored.
● You can batch restore only VMs of the same protected environment. You can
batch restore VMs to the same protected environment. Batch restored VMs
use the same Compute Resource and Datastore.
● For details about backups, go to 10.8 Backups.
● The latest backup of each VM is used by default to batch restore VMs.
● It is recommended that the length of the VM name is from 1 to 226. Or
unknown error may happen.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > FusionSphere.
Step 3 In the Backed Up Environment area, click the protected environment where the
VMs that you want to restore reside.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 116
OceanStor BCManager
eBackup User Guide 4 Restore
Step 4 Select the VMs that you want to restore by performing either of the following
operations.
● Click the VMs in the list.
● Find the VMs by querying them on the upper right of the list. Then click the
VMs.
Step 5 Batch restore VM to new location.
NOTE
Before the restore, you can either perform a fast verification by selecting Quick
Verification or perform a full verification by selecting Full Verification. If the verification
status is Valid, the backup can be used to restore the VM.
1. Click Batch Restore VM to New Location.
2. Set the basic information about Batch Restore VM to New Location.
Table 4-2 Batch Restore VM to New Location basic information
Parame Description
ter
Protecte The name of the protected environment that the VMs are
d restored to.
Environ
ment
Name
Comput The computing resources that the VMs use after the restore,
e including the clusters and hosts of the selected Protected
Resourc Environment.
e
Datastor All accessible storage resources of the selected Protected
e Environment, including local disks of hosts and dedicated
storage systems.
To improve data security, you can save the data of the VMs'
system disks in separate datastores (the corresponding OS
Disks) and save data of other disks in another datastore of the
same type (the corresponding Other Disks) during the restore.
3. Optional: Select Start VM after restore.
4. Click OK.
----End
Follow-up Procedure
After the restore, you can log in to FusionCompute based on the target locations
to view the information about the restored VMs.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 117
OceanStor BCManager
eBackup User Guide 4 Restore
4.1.3 Restoring a Disk on a VM
This section describes how to restore disks on a single VM to the original VM and
a specified VM.
Prerequisites
● The VM where the disk to be restored resides is a VM created on
FusionCompute, or a VDI VM.
● The VM disk that you want to restore has been fully backed up and the
backup's status is Valid.
Context
Disks on a VM can be restored to the original VM or a specified VM.
● Restoring a VM disk to the original VM
– If the original disk exists, the data on the disk will be overwritten or
replaced. Incremental restore is priority-ranked performed when the disk
is backed up using CBT.
– If you restore the system disk, the system disk on the original VM will be
replaced or overwritten.
– If the original disk is removed, full restore is performed. That is, a new
disk will be created and mounted in the original VM.
● Restoring a disk to the specified VM
Create a disk for full restore and mount the disk to the specified VM.
For details about backups, go to 10.8 Backups.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > FusionSphere.
Step 3 In the Backed Up Environment area, click the protected environment where the
VM disk that you want to restore resides.
Step 4 Select the VM disk that you want to restore by performing either of the following
operations.
● Click the VM where the VM disk resides in the list.
● Find the VM where the VM disk resides by querying the VM on the upper
right of the list. Then click the VM.
Step 5 Select the backup required for restoration.
● In the preview area on the right, place the pointer on the backup required for
the VM restoration and click .
● In the preview area on the right, place the pointer on the backup required for
the VM disk restoration and click .
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 118
OceanStor BCManager
eBackup User Guide 4 Restore
Step 6 You can restore VM disks to the original VM or a specified VM. Restore VM disks
to the original VM, go to Step 7; Restore VM disks to a specified VM, go to Step 8.
NOTE
Before the restore, you can either perform a fast verification by selecting Quick
Verification or perform a full verification by selecting Full Verification. If the verification
status is Valid, the backup can be used to restore the VM.
Step 7 Restore VM disk to original VM.
1. Click Restore VM Disk to Original VM.
2. Select the VM disk that you want to restore.
3. Optional: Select Start VM after restore.
4. Click OK.
Step 8 Restore the VM disk to a specific VM.
1. Click Restore VM Disk to Specific VM.
2. Select the VM that you want to restore the backup disk to.
3. Select the Datastore.
NOTE
– Datastore provides storage space for restored disks. The drop-down menu lists all
datastores accessible by the target VM. You can select a datastore for the VM disk.
– You can click to select datastores for other VM disks on the VM so that the VM
disks are restored.
– If you want to restore the system disk to a specified VM and the system disk of the
specified VM exists, the datastore type must be the same as that of the system disk
of the specified VM.
4. Optional: Select Start VM after restore.
5. Click OK.
----End
Follow-up Procedure
After the restoration, you can log in to FusionCompute based on the target
location to view the information about the restored VM disk.
NOTE
When a disk (xfs file system) is repetitively recovered to a VM that has mounted multiple
disks (xfs file system), xfs file systems failed to be mounted. Refer to 7.3.4.1 xfs File
System in FusionSphere VMs Failed to Be Mounted.
After backup data of a FusionSphere Linux VM system disk is restored to a new VM, the
network adapters on the new Linux VM may be in disorder. For details, see 7.3.4.3 Linux
VM Network Adapters Are in Disorder When Data Is Restored From a VM Or System
Disks to a New VM.
4.1.4 Batch Restoring Disks on Multiple VMs
This section describes how to batch restore disks on multiple VMs that have been
backed up to the original VMs.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 119
OceanStor BCManager
eBackup User Guide 4 Restore
Prerequisites
● The VM to be restored is a FusionCompute VM or a VDI VM.
● The VM disks that you want to restore have been fully backed up and their
backups' status is Valid.
Context
● If the original disk exists, the data on the disk will be overwritten or replaced.
Incremental restore is priority-ranked performed when the disk is backed up
using CBT. If you restore the system disk, the system disk on the original VM
will be replaced or overwritten. If the original disk is removed, full restore is
performed. That is, a new disk will be created and mounted in the original
VM. You can restore the disks to their original datastores. Alternatively, you
can migrate the disks to another datastore. If you migrate the disks to
another datastore, you can specify datastores for the system disk and other
disks separately.
● You can batch restore only VM disks of the same Protected Environment's
VMs.
● For details about backups, go to 10.8 Backups.
● The latest backup of each disk is used by default to batch restore disks.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > FusionSphere.
Step 3 In the Backed Up Environment area, click the protected environment where the
VM disk that you want to restore resides.
Step 4 Select the VM disks that you want to restore by performing either of the following
operations.
● Click the VMs where the VM disks reside in the list.
● Find the VMs by querying them on the upper right of the list.
NOTE
Before the restore, you can either perform a fast verification by selecting Quick
Verification or perform a full verification by selecting Full Verification. If the verification
status is Valid, the backup can be used to restore the VM.
Step 5 Click Batch Restore VM Disk.
Step 6 Select the VM disks that you want to batch restore.
NOTE
All VM disks that can be created on a VM are selected by default. If a VM disk does not
exist, it is ignored automatically.
Step 7 Optional: Select the datastores that you want to restore the VM disks to.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 120
OceanStor BCManager
eBackup User Guide 4 Restore
NOTE
● Datastore provides storage space for restored disks. The drop-down menu lists all
datastores in the protected environment. When selecting a datastore, ensure that it can
be accessed by the original VMs; otherwise, the batch restore will fail.
● If you do not specify any datastore, all VM disks are restored to their original datastores.
● If there are system VM disks among the selected VM disks, to improve data security, you
can save the system VM disks in a separate datastore (the corresponding OS Disk) and
save other VM disks in another datastore of the same type (the corresponding Other
Disks).
Step 8 Optional: Select Start VM after restore.
Step 9 Click OK.
----End
Follow-up Procedure
After the restore, you can log in to FusionCompute based on the target location to
view the information about the restored VM disk.
4.1.5 Restoring Files on a Disk (File-Level Restore)
Verify that fine-grained file restoration can be used to restore files stored in
backup VM disks. Mount the disk where the files to be restored reside to the
target VM (the original VM or a new VM). After the mounting is successful, log in
to the target VM and copy the files to be restored to the specified location.
Prerequisites
● The VM where the disk files to be restored reside is a VM created on
FusionCompute.
● A full backup has been successfully performed for the VM disk where the files
to be restored reside, and the backup is in the Valid state.
● The CNA bound to the target VM must use the universal multipathing
software. If no CNA is bound to the target VM, all CNAs in the cluster must
use the universal multipathing software.
● The production storage plane of eBackup must be connected to the storage
plane of CNA over the Ethernet.
● You have imported the license file of the advanced edition.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 121
OceanStor BCManager
eBackup User Guide 4 Restore
NOTICE
● Before performing file-level restoration, ensure that the target VM is running
properly.
● Do not select a VM that is being backed up or restored as the target VM for
file-level restore.
● When file-level restore and disk restore are performed at the same time, do not
select the same VM as the target VM. Otherwise, the file-level restore may fail
and the target VM may work improperly.
● By default, the file-level restore task delivered by eBackup automatically binds
the restored disk to the target VM.
If you want to use the manual mounting mode or semi-automatic mounting
mode, run the restore FileLevel command to restore the files on the disk. For
details, see restore FileLevel in the OceanStor BCManager 8.1.0 eBackup
Command Reference.
Procedure
Step 1 On the navigation bar, choose > FusionSphere.
Step 2 In the Backed Up Environment area, click the protected environment where the
file that you want to restore resides.
Step 3 Use either of the following methods to select the VM where the file to be restored
resides:
● In the list, click the VM where the file to be restored resides.
● In the upper right corner of the list, search for the VM where the file to be
restored resides and click the VM.
Step 4 You can restore all disks of a VM to a target VM (when multiple disks are
managed by the volume management software) or restore a disk of a VM to a
target VM. In the preview area on the right, hover the mouse pointer over the
backup, and click .
Step 5 Do not use a service VM as the target VM for file-level restoration. Restore the
disk to the new VM, go to 6; Restore the disk to the original VM, go to 10.
NOTE
Before the restore, you can either perform a fast verification by selecting Quick
Verification or perform a full verification by selecting Full Verification. If the verification
status is Valid, the backup can be used to restore backup data.
Step 6 Restore the disk to a new VM.
NOTICE
Ensure that the OS type of the target VM is the same as that of the source VM.
1. Select Restore to New VM.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 122
OceanStor BCManager
eBackup User Guide 4 Restore
2. Select the new VM to which the disk is to be restored.
3. Click OK.
Step 7 On the navigation bar, choose > Job.
Step 8 Check Status and Progress of the file-level restore job. When Status is In
progress and Progress is 100%, go to the next step.
Step 9 Restore files.
The file restore operations vary depending on the OS type of the target VM.
CentOS 6.5 64bit is used as an example.
If the disk is not managed by the volume management software, the operation is
the same as that of restoring the disk to the original VM.
If the disk is managed by the volume management software, perform the
following operations:
1. Log in to FusionCompute and go to the VM that you want to restore.
2. Run the fdisk -l command to view the newly bound disk.
NOTE
If the newly bound disk is not displayed after you run the fdisk -l command, run the
echo 1 > /sys/bus/pci/rescan command to scan the PCI bus again. Run the fdisk -l
command again.
3. Run the pvscan command to scan for physical volumes.
Assume that /dev/xvdh and /dev/xvdi form the vg-flr volume group. When
you use other operating system with a UUID conflict issue, go to Step 9.4.
Otherwise, go to Step 9.5.
Found duplicate PV NBUng5IN8q2hGweLlYhqFBFM94W0zZph: using /dev/xvdh not /dev/xvdf
Found duplicate PV x9T42onhN59dWXal727jdN6Q9MdJxmvr: using /dev/xvdi not /dev/xvde
PV /dev/xvdi VG vg-flr lvm2 [20.00 GiB / 5.00 GiB free]
PV /dev/xvdh VG vg-flr lvm2 [20.00 GiB / 5.00 GiB free]
4. Run the following command to rename the volume group to resolve the UUID
conflict.
vgimportclone --basevgname Name of the new volume group Name of the
newly bound disk partition
For example, run the vgimportclone --basevgname vg-flr_snap /dev/
xvdh /dev/xvdi command to rename the volume group that consists of /dev/
xvdh and /dev/xvdi as vg-flr_snap.
NOTE
If file-level restore has been performed before the target VM is restored and the
volume group name has been changed, you can run the dmsetup remove /dev/New
volume group name/* command to delete the duplicate volume group before
performing this step to avoid volume group renaming failure caused by volume group
name conflicts, you can also use an unused name as the name of the new volume
group.
5. Run the vgchange -ay command to activate the volume group.
6. Run the lvdisplay command to display the logical volumes.
7. Run the mkdir Mounting directory command to create a mounting directory.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 123
OceanStor BCManager
eBackup User Guide 4 Restore
8. Run the mount -o ro Name of the newly bound logical volume Mounting
directory command to mount the newly bound logical volume to the specified
directory.
9. Run the cd Mounting directory command to go to the mounting directory and
copy files as required.
10. After the files are copied, run the umount Mounting directory command to
unmount the logical volume.
The following uses Windows Server 2008 R2 Enterprise 64bit as an example.
If the disk is a basic disk, the operation is the same as that for restoring the disk to
the original VM.
If the disk is a dynamic disk (containing only simple volumes), perform the
following operations:
1. Log in to FusionCompute and go to the VM that you want to restore.
2. Choose Start > Administrative Tools > Server Manager. The Server
Manager page is displayed.
3. Choose Storage > Disk Management to view the newly bound disk.
4. If the newly bound disk is in the offline state, set its state to online.
5. When the newly bound disk is online, right-click and select Import Foreign
Disks from the shortcut menu.
6. Go to the newly bound disk and copy files as required.
7. After the file copy is complete, set the newly bound disk to the offline state.
Step 10 Restore the disk to the original VM.
1. Select Restore to Original VM.
2. Click OK.
Step 11 On the navigation bar, choose > Job.
Step 12 Check Status and Progress of the file-level restore job. When Status is In
progress and Progress is 100%, go to the next step.
Step 13 Restore files.
The file restore operations vary depending on the OS type of the target VM.
CentOS 6.5 64bit is used as an example.
If the disk is not managed by the volume management software, perform the
following operations:
1. Log in to FusionCompute and go to the VM that you want to restore.
2. Run the fdisk -l command to view the newly bound disk.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 124
OceanStor BCManager
eBackup User Guide 4 Restore
NOTE
If the newly bound disk is not displayed after you run the fdisk -l command, run the
echo 1 > /sys/bus/pci/rescan command to scan the PCI bus again. Run the fdisk -l
command again.
3. Run the mkdir Mounting directory command to create a mounting directory.
4. Run the mount -o ro Name of the newly bound disk partition Mounting
directory command to mount the newly bound disk to the specified directory.
NOTE
If the file system type of the volume is XFS and the volume is restored to the original
VM, run the mount -o ro,nouuid Name of the newly bound disk partition Mounting
directory command to mount the disk to avoid UUID conflicts.
5. Run the cd Mounting directory command to go to the mounting directory and
copy files as required.
6. After the files are copied, run the umount Mounting directory command to
unmount the disk.
If the disk is managed by the volume management software, perform the
following operations:
1. Log in to FusionCompute and go to the VM that you want to restore.
2. Run the fdisk -l command to view the newly bound disk.
NOTE
If the newly bound disk is not displayed after you run the fdisk -l command, run the
echo 1 > /sys/bus/pci/rescan command to scan the PCI bus again. Run the fdisk -l
command again.
3. Run the pvscan command to scan for physical volumes.
Assume that /dev/xvdh and /dev/xvdi form the vg-flr volume group. If other
OSs are used and no UUID conflict occurs, skip Step 13.4 and go to Step
13.5.
Found duplicate PV NBUng5IN8q2hGweLlYhqFBFM94W0zZph: using /dev/xvdh not /dev/xvdf
Found duplicate PV x9T42onhN59dWXal727jdN6Q9MdJxmvr: using /dev/xvdi not /dev/xvde
PV /dev/xvdi VG vg-flr lvm2 [20.00 GiB / 5.00 GiB free]
PV /dev/xvdh VG vg-flr lvm2 [20.00 GiB / 5.00 GiB free]
4. Run the vgimportclone --basevgname Name of the new volume group
Name of the newly bound disk partition command to rename the volume
group and solve the UUID conflict problem.
For example, run the vgimportclone --basevgname vg-flr_snap /dev/
xvdh /dev/xvdi command to rename the volume group that consists of /dev/
xvdh and /dev/xvdi as vg-flr_snap.
NOTE
If file-level restore has been performed before the target VM is restored and the
volume group name has been changed, you can run the dmsetup remove /dev/New
volume group name/* command to delete the duplicate volume group before
performing this step to avoid volume group renaming failure caused by volume group
name conflicts, you can also use an unused name as the name of the new volume
group.
5. Run the vgchange -ay command to activate the volume group.
6. Run the lvdisplay command to display the logical volumes.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 125
OceanStor BCManager
eBackup User Guide 4 Restore
7. Run the mkdir Mounting directory command to create a mounting directory.
8. Run the mount -o ro Name of the newly bound logical volume Mounting
directory command to mount the newly bound logical volume to the specified
directory.
NOTE
If the file system type of the volume is XFS and the volume is restored to the original
VM, run the mount -o ro,nouuid Name of the newly bound logical volume Mounting
directory command to mount the volume to avoid UUID conflicts.
9. Run the cd Mounting directory command to go to the mounting directory and
copy files as required.
10. After the files are copied, run the umount Mounting directory command to
unmount the logical volume.
The following uses Windows Server 2008 R2 Enterprise 64bit as an example.
If the disk is a basic disk, perform the following operations:
1. Log in to FusionCompute and go to the VM that you want to restore.
2. Choose Start > Administrative Tools > Server Manager. The Server
Manager page is displayed.
3. Choose Storage > Disk Management to view the newly bound disk.
4. If the newly bound disk is in the offline state, set its state to online.
NOTICE
If the connection fails, go to Step 14 to end the current task. Then, perform 6
to restore data to the new VM.
5. Set the newly bound disk to read-only.
a. Choose Start > Command Prompt.
b. Run the following commands in sequence to obtain the partition list:
diskpart
list volume
c. Run the following command to specify a partition: Set number to the
drive letter of the disk to be set to read-only.
select volume [number]
d. Run the following command to set the disk to read-only:
attributes volume set readonly
NOTE
To set multiple disks to read-only, repeat 5.c and 5.d.
6. Go to the newly bound disk and copy files as required.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 126
OceanStor BCManager
eBackup User Guide 4 Restore
7. After the file copy is complete, set the newly bound disk to the offline state.
If a disk is a dynamic disk, file-level restore to the original VM is not supported.
After this step is complete, go to Step 14.
Step 14 After the files are copied, end the task.
1. Shut down the target VM.
2. After that, you can perform either of the following operations to abort the
job.
– Click the file-level restore job and in the preview area on the right, click
.
– Move the mouse pointer to the file-level restore job and click in the
button area on the right.
----End
4.2 (Optional) Viewing a Restore Job
This section describes how to view a restore job to know its status and progress
after it has been started.
Prerequisites
At least one restore job has been started.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 In the navigation tree, choose > Job.
Step 3 Optional: On the search bar in the upper right corner, set the search criteria
(select restore type). Alternatively, click Advanced to set search criteria and click
OK to initiate a search.
Step 4 View the information about restore jobs. Table 4-3 describes related parameters.
NOTE
Users can set the types of restore job parameters that need to be displayed. Method: Click
in the upper right corner in the main window of jobs and select the types of restore job
parameters that need to be displayed.
Table 4-3 Parameters of a restore job
Parameter Description
ID Job ID. Unique identifier of a restore job in eBackup backup
management system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 127
OceanStor BCManager
eBackup User Guide 4 Restore
Parameter Description
Type Job type. A restore job's type is Restore machine, Restore VM
disk, or File-level restore.
Status The running status of the restore job, which can be any of the
following values:
● Aborted
Restore jobs have been aborted. Restore jobs can be stopped
only when its status is Pending or In progress.
● Aborting
Restore jobs are being aborted.
● Pending
In the event of multiple background jobs, the system sorts the
jobs in order of command deliver time and job priority. Jobs
waiting to be processed are set to the Pending state. Manual
restore jobs have a higher priority than automatic ones.
● In progress
The job is being performed, with its progress indicated by the
completed percentage.
● Completed
The job is completed.
● Failed
Restore job failed.
● Verifying
Verifying that the backup job can be scheduled.
Back Plan Name of a backup plan.
Name
Protected Object's subitem of a restore job.
Object For example, if VM zyp_restore3 of protected FusionSphere
Name environment hy02 is being restored, the protected object name
value is zyp_restore3.
Protected Object of a restore job.
Environmen For example, if VM zyp_restore3 of protected FusionSphere
t environment hy02 is being restored, the protected environment
value is hy02.
Progress Progress of a restore job.
Created Time when a restore job is created.
Time
End Time Time when a restore job is completed.
Backup Backup proxy associated with the job.
Proxy
Speed Execution rate of the restore job.
Backup Size This parameter applies to backup jobs only.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 128
OceanStor BCManager
eBackup User Guide 4 Restore
Step 5 Click the job whose information you want to view. In the preview area on the
right, view the details about the job.
NOTE
If the job fails to be performed, that is, its Status is Failed, you can rectify the fault by
viewing the error information in Details.
Step 6 Optional: You can manually stop the job by performing either of the following
operations if you do not need the job.
● Click the job. In the preview area on the right, click .
● Place the pointer on the job. In the operation button area on the right, click
.
----End
4.3 Example for Restoring the FusionSphere VM
Configuration
This example shows how to use the eBackup backup management system to
restore a FusionSphere VM from the following aspects: user requirements,
procedure, and verification.
User Requirements
After backing up a FusionSphere VM as instructed in 3.13 Example for Backing
Up the FusionSphere VM Configuration, the user has a FusionSphere VM whose
data is damaged and needs the eBackup backup management system to restore
the VM. Specifically, the user needs to restore the VM fully to four days ago on
Sunday. Backup data is restored to new specified new paths.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > FusionSphere.
Step 3 Select the VM that you want to restore.
Step 4 Hover the mouse pointer over the generation time of the backup in the preview
area on the right and click .
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 129
OceanStor BCManager
eBackup User Guide 4 Restore
Step 5 Click Restore VM to New Location, and set the information of the new VM.
Step 6 Select Start VM after restore.
Step 7 Click OK.
----End
Verification
After the restore, you can go to > Job to view the recovery job and log in to
FusionCompute to view the VM information based on the target location.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 130
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
5 Managing Backup and Restore
The chapter describes the management of users, backup storage, protected
environment, protected set, backup policy, backup plan and backup, helping you
manage the related jobs smoothly.
5.1 User Management
5.2 Backup Storage Management
5.3 Protected Environment Management
5.4 Protected Set Management
5.5 Backup Policy Management
5.6 Backup Plan Management
5.7 Backup Management
5.1 User Management
Configuring system administrators helps ensure system data security. Only the
default system super administrator can manage users, including modifying user
information, deleting users, forcing users to go offline, and locking or unlocking
users.
About Users
After configuring users, you can configure system security policies, implement
rights-based service management, as well as monitor and manage online users in
real time.
● User roles and rights
eBackup backup management system provides three user roles: Super
administrator, Administrator, Regular user. Table 5-1 shows the rights of
each user role.
NOTE
One eBackup system supports a maximum of 2000 users.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 131
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Table 5-1 User right description
User Role Right Description
Super The system provides a super administrator (admin) by
administrat default. The super administrator has all operation rights and
or can manage all resources. Other users cannot change the
super administrator's name, reset the super administrator's
password, delete or lock the super administrator, or forcibly
take the super administrator offline. The super administrator
can change their own login password. The super
administrator can create an Administrator and Regular user
to implement rights-based management.
Administrat An administrator has all rights except system settings.
or
Regular A regular user only has the rights to view system resources.
user
● System Security Policies
System security policies contain password and login policies. For details about
how to configure system security policies, see the related part in Related
Operations.
– The password policy specifies the password length, complexity, validity
period, and expiration warning period of eBackup backup management
system.
– The login policy specifies the session timeout duration, password lock,
number of incorrect passwords, lock mode, and automatic unlock of
eBackup backup management system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 132
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Related Operations
Operation Navigation Description Key Parameter
Path
Configuring On the Background ● Session Timeout
a security navigation bar, A system security Duration (minutes)
policy policy contains Session timeout
choose > password and login duration specifies
Account > policies. This the timeout for
Security operation configures logging in to
Policy. a security policy to eBackup backup
improve system management
security. system.
If a user performs no
Precautions
operation on
● For security eBackup backup
purposes, you are management system
advised to enable during the specified
Password period of time, the
Validity Period session is
(days), Min. automatically
Password Use disconnected. To go
Period (minutes) on performing
and Password operations on
Lock. eBackup backup
● The value of management
Password system, the user
Expiration needs to log in to
Reminder (days) the system again.
must be less than ● Number of Attempts
or equal to that Times allowed for
of Password consecutively
Validity Period entering incorrect
(days). If the passwords. If the
value is greater number of
than that of consecutive
Password password attempts
Validity Period reaches Number of
(days), the value Attempts, the
will automatically account will be
change to that of locked.
Password NOTE
Validity Period This parameter is
(days). available only when
Password Lock is
● The value of Min. enabled.
Password Use
The super administrator
Period (minutes)
can unlock an account, or
must be less than you can wait until the
or equal to that account is automatically
of Password unlocked.
Validity Period ● Lock Mode
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 133
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
(days). You can configure
Otherwise, the this parameter when
system reports an Password Lock is
error. enabled.
– Permanent
– For a Local
user whose
roles are
Administrator
and Regular
user: If the
value of
Number of
Attempts is
reached, the
system locks
the user
permanently.
The user can
be manually
unlocked only
by the super
administrator.
– For a super
administrator
of Local user
as well as
Interface
interconnecti
on user and
LADP user: If
the value of
Number of
Attempts is
reached, the
system
automatically
locks the
account. After
the account is
locked, the
system
automatically
unlocks the
account 15
minutes later.
– Temporary
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 134
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
If the value of
Number of
Attempts is
reached, the
system
automatically
locks the account.
If the account is
locked, the super
administrator can
manually unlock
it. Alternatively,
wait until the
account is
automatically
unlocked.
● Automatic Unlock
(minutes)
Automatic unlock
time after an
account is locked.
You can configure
this parameter when
Password Lock is
enabled and
Temporary is
selected.
– This parameter is
available to
temporary lock
only. This
parameter
becomes
unavailable if an
administrator or
a regular user is
manually locked
by the super
administrator. In
this case, the
administrator can
be manually
unlocked only.
– This parameter is
available to
administrators
and regular users.
The super
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 135
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
administrator will
be automatically
unlocked 15
minutes later.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 136
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
Viewing user On the Background ● Type
information navigation bar, This operation User type, including:
displays basic user – Local user
choose > information, A local user is a
Account > including user roles man-machine
Users. and locked status. interaction
Precautions account. The
account is used to
The super log in to eBackup
administrator can backup
view information management
about all users. After system to
logging in to the manage backup
system, and restore
Administrators and services.
Regular users can
only view their own – LDAP user
information. An LDAP user is a
man-machine
interaction
account (LDAP
authentication).
The account is
used to log in to
eBackup backup
management
system to
manage backup
and restore
services.
– Interface
interconnection
user
An interface
interconnection
user is a
machine-to-
machine
interaction
account. The
account is used to
interconnect
eBackup backup
management
system with other
systems.
eBackup provides
a preset interface
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 137
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
interconnection
user. The default
user name is
NBIUser. The
default password
is
Huawei@CLOUD
8!.
● Role
User role. For details
about role types and
permissions, see
Table 5-1.
NOTE
Administrator and
Regular user can
only search
themselves in the
upper right corner.
● Locked Status
Specifies whether a
user is automatically
locked or is locked
by the super
administrator.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 138
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
Creating a On the Background ● Type
user navigation bar, This operation User type. For
creates a user whose details, see related
choose > role is Administrator content in the
Account > or Regular user to previous line.
Users, and control user system An Interface
click Create. operations and interconnection
improve system user has the right of
security. an administrator.
Precautions ● Role
Perform this User role. For details
operation as the about role types and
super administrator, permissions, see
who has the highest Table 5-1.
system rights. For optimal service
system reliability
and service data
security, create users
based on the
permission of
different user roles
to control user
operations.
● Password
User login password.
By default, a
password:
– Contains 8 to 16
characters.
– Contains at least
one special
character. Special
characters
include !"#$
%&'()*+,-./:;<=>?
@[\]^`{_|}~ and
spaces.
– Contains at least
two of the
following types of
characters:
uppercase letters,
lowercase letters,
and digits.
– Cannot contain
three consecutive
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 139
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
identical
characters.
– Cannot be the
same as the user
name or the
reverse of the
user name.
– In addition, the
password cannot
be the same as
the passwords in
the following
path: /opt/
huawei-data-
protection/
ebackup/
microservice/
ebk_iam/conf
(case-insensitive).
● Max. Number of
User Connections
Indicates the
maximum number
of sessions per user.
If the value of this
parameter is OFF,
the number of
sessions per user is
unlimited.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 140
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
Modifying On the Background None
user navigation bar, This operation
information changes passwords
choose > and roles of
Account > administrators or
Users. Hover regular users.
the mouse
Precautions
pointer over
the user to be ● This operation
modified, and can modify
click on the information of
right. administrators
and regular users,
but cannot
modify that of the
super
administrator.
● If the password of
a user is reset,
notify the user of
the new password
so that the user
can use the new
password to log
in to the eBackup
backup
management
system.
Deleting a On the Background None
user navigation bar, This operation
deletes an unneeded
choose > Administrator or
Account > Regular user.
Users. Hover
Precautions
the mouse
pointer over Only the super
the user to be administrator can
deleted, and delete users.
click on the However, the super
right. administrator cannot
delete itself.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 141
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
Forcing a On the Background None
user to go navigation bar, This operation forces
offline an administrator or
choose > regular user to go
Account > offline.
Users. Hover
Precautions
the mouse
pointer over ● Only the super
the user to be administrator can
forced to go force users to go
offline, and offline. However,
click on the the super
right. administrator
cannot force itself
to go offline.
● This operation
can be performed
only when icon
is available.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 142
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
Locking a On the Background None
user navigation bar, This operation locks
an administrator or
choose > regular user.
Account >
Precautions
Users. Hover
the mouse ● Only the super
pointer over administrator can
the user to be lock users.
locked, and However, the
click on the super
right. administrator
cannot lock itself.
● A locked user
cannot log in to
the eBackup
backup
management
system.
● The super
administrator can
use either of the
following two
methods to lock a
user:
– Automatic
locking: By
setting
Password Lock
and Number
of Attempts,
the user whose
password is
incorrectly
entered for
certain
consecutive
times is
automatically
locked. For
details, see
configuring a
security policy
in this table.
– Manual
locking:
Manually lock
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 143
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
a user as the
super
administrator.
The locked
user can be
used to log in
to the eBackup
system only
after the super
administrator
manually
unlock it.
Unlocking a On the Background None
user navigation bar, This operation
unlocks an
choose > administrator or
Account > regular user.
Users. Hover
Precautions
the mouse
pointer over This operation
the user to be unlocks a locked
unlocked, and user. Users can be
click on the unlocked using
right. either of the
following two
methods:
● Automatic
locking: If
Password Lock is
set, the system
automatically
unlocks users
after the locking
time expires.
● Manual
unlocking: The
super
administrator can
manually unlock
users who are
automatically or
manually locked.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 144
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
5.2 Backup Storage Management
Backup storage is the back-end storage space for use by the eBackup backup
management system, which consists of storage units, storage pools, and
repositories. You can view, modify, and delete storage units, storage pools, and
repositories.
5.2.1 Managing a Storage Unit
A storage unit is a basic unit divided from the space mapped from a back-end
storage device and used for storing backup data. You can view, modify, and delete
storage units.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 145
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
Viewing a ● Viewing Background ● Accessibility
storage unit basic This operation displays Status
information: basic information about a There are four
On the storage unit. states:
navigation – All accessible
bar, choose Precautions
All backup
Before performing this proxies in
> operation, ensure that the eBackup
Storage the storage unit has been backup
Unit. created. managemen
● Viewing t system can
details: access the
On the storage unit.
navigation – Partial
bar, choose accessible
Some of the
> backup
Storage proxies in
Unit. On the the eBackup
page that is backup
displayed, managemen
click the t system can
desired access the
storage unit. storage unit.
– Inaccessible
None of the
backup
proxies in
the eBackup
backup
managemen
t system can
access the
storage unit.
– Scanning
The storage
unit is
connecting
with backup
proxies.
● Type
Storage unit
type, which can
be:
– NFS
When the
back-end
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 146
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
storage is
NAS storage
and is
shared to
the backup
server and
backup
proxies using
NFS, the
type of the
storage unit
is NFS.
– S3
When the
back-end
storage is S3
storage and
is shared to
the backup
server and
backup
proxies using
S3, the type
of the
storage unit
is S3.
– SAN(XFS)
If the back-
end storage
is IP SAN,
map a
volume on
the storage
device to the
eBackup
server and
format the
volume into
the XFS file
system. The
volume can
be identified
by the
eBackup
server and
the storage
unit type is
SAN(XFS).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 147
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
● Capacity
Total storage
unit capacity.
– When the
back-end
storage is
NAS storage,
the total
capacity of
the storage
unit is that
of the
shared
directory.
– When the
back-end
storage is S3
storage, the
total
capacity of
the storage
unit is that
of the
bucket.
– When the
back-end
storage is
SAN(XFS)
storage, the
total
capacity of
the storage
unit is the
total
capacity of
the volume.
● Path
Path for
accessing back-
end storage.
– When the
back-end
storage is
NAS storage,
the path is
used to
access an
NFS share.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 148
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
– When the
back-end
storage is S3
storage, the
path is used
to access a
bucket.
– If the back-
end storage
is SAN(XFS),
the path for
accessing
the back-end
storage is IP
address of
the target
+WWN of
the volume.
Modifying a On the Background None
storage unit navigation bar, This operation modifies
information about a
choose > storage unit. After
Storage Unit. modification, the system
Move the automatically
mouse pointer synchronizes the
to the storage modification to the
unit that you associated storage pool.
want to modify
Precautions
and click in
the button area ● Before performing this
on the right, or operation, ensure that
click the the storage unit has
storage unit been created.
that you want ● Before changing the
to modify and path of a storage unit,
click in the ensure that no jobs
preview area are running on the
on the right. storage unit. The path
of a SAN (XFS) storage
unit cannot be
changed.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 149
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
Deleting a On the Background None
storage unit navigation bar, This operation deletes an
unneeded storage unit.
choose >
Precautions
Storage Unit.
Move the ● Before performing this
mouse pointer operation, ensure that
to the storage the storage unit to be
unit that you deleted is not
want to delete associated with any
and click in storage pool.
the button area ● If any associated
on the right, or storage pool is
click the displayed in the
storage unit Storage Pool area,
that you want find it on the storage
to delete and pool page. Ensure that
click in the the storage pool is
preview area unneeded and delete
on the right. it. Then delete the
storage unit.
● After a SAN (XFS)
storage unit is deleted,
if eBackup no longer
has a SAN (XFS)
storage unit with the
same target, perform
the following steps to
disconnect eBackup
from the storage
device through iSCSI.
1. Use PuTTY to log in
to the eBackup
server.
Default account:
hcp. Default
password:
PXU9@ctuNov17!.
2. Run the su root
command and
enter the password
of user root to
switch to user root.
The default
password of the
root user is
Cloud12#$.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 150
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Description Key Parameter
Path
3. Run the following
commands in
sequence to
disconnect an
eBackup server
from the storage
device over iSCSI:
iscsiadm -m node -
p ISCSI_IP:PORT -u
iscsiadm -m node -
o delete -p
ISCSI_IP:PORT
ISCSI_IP indicates
the target IP
address configured
in the storage unit.
The default value
of PORT is 3206.
4. Repeat the
preceding steps to
disconnect other
eBackup servers
from the storage
device over iSCSI.
5.2.2 Managing a Storage Pool
A storage pool must contain one storage unit only. A storage pool provides an
abstraction layer and realizes physical isolation. You can view, modify, and delete a
created storage pool.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 151
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Path Description Key Parameter
Viewing a ● Viewing basic Background Alarm Threshold
storage pool information: This operation When the usage of
On the displays basic the storage pool
navigation bar, information about exceeds the
a storage pool. threshold, an alarm
choose > is generated,
Precautions
Storage Pool. prompting you to
Before performing expand the capacity
● Viewing details:
this operation, or delete unneeded
On the
ensure that the backup data to
navigation bar,
storage pool has release storage
been created. space. If you do not
choose >
Storage Pool. expand the capacity
On the page that or delete unneeded
is displayed, click backup data,
the desired subsequent backup
storage pool. jobs may fail.
Modifying a On the navigation Background None
storage pool This operation
bar, choose > modifies
Storage Pool. Move information about
the mouse pointer a storage pool.
to the storage pool After modification,
that you want to the system
modify and click automatically
in the button area synchronizes the
on the right, or click modification to
the storage pool the associated
that you want to storage unit and
modify and click repository.
in the preview area
Precautions
on the right.
Before performing
this operation,
ensure that the
storage pool has
been created.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 152
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Path Description Key Parameter
Deleting a On the navigation Background None
storage pool This operation
bar, choose > deletes an
Storage Pool. Move unneeded storage
the mouse pointer pool.
to the storage pool
Precautions
that you want to
delete and click Before performing
in the button area this operation,
on the right, or click ensure that the
the storage pool storage pool to be
that you want to deleted is not
delete and click associated with
in the preview area any repository.
on the right. If any associated
repository is
displayed in the
Repository area,
find it on the
repository page.
Ensure that the
repository is
unneeded and
delete it. Then
delete the storage
pool.
5.2.3 Managing a Repository
A repository provides storage space for backup copies and source data for restore
jobs. Backups generated during a backup job are saved in a repository. You can
view, modify, delete or release space a created repository.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 153
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Path Description Key Parameter
Viewing a ● Viewing basic Background Alarm Threshold
repository information: This operation When the usage of
On the displays basic the repository
navigation bar, information about exceeds the
a repository. threshold, an alarm
choose > is generated,
Precautions
Repository. prompting you to
Before performing expand the capacity
● Viewing details:
this operation, or delete unneeded
On the
ensure that the backup data to
navigation bar,
repository has release storage
been created. space. If you do not
choose >
Repository. On expand the capacity
the page that is or delete unneeded
displayed, click backup data,
the desired subsequent backup
repository. jobs may fail.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 154
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Path Description Key Parameter
Modifying a On the navigation Background None
repository This operation
bar, choose > modifies
Repository. Move information about
the mouse pointer a repository. After
to the repository modification, the
that you want to system
modify and click automatically
in the button area synchronizes the
on the right, or click modification to
the repository that the associated
you want to modify backup plan.
and click in the
Precautions
preview area on the
right. ● Before
performing this
operation,
ensure that the
repository has
been created.
● After
modification,
the capacity of
the repository
cannot be less
than the used
capacity or
greater than
the total
available
capacity of the
storage pool to
which the
repository
belongs.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 155
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Path Description Key Parameter
Deleting a On the navigation Background None
repository This operation
bar, choose > deletes an
Repository. Move unneeded
the mouse pointer repository.
to the repository
Precautions
that you want to
delete and click Before performing
in the button area this operation,
on the right, or click ensure that the
the repository that repository to be
you want to delete deleted is not
and click in the associated with
preview area on the any backup plan.
right. If any associated
backup plan is
displayed in the
Backup Plan area,
find it on the
backup plan page.
Ensure that the
backup plan is
unneeded and
delete it. Then
delete the
repository.
Releasing On the navigation Background None
space This operation
bar, choose > deletes an
Repository. Move unneeded backup
the mouse pointer from a repository
to the repository to release space.
whose space you
Precautions
want to release and
Before performing
click in the
this operation,
button area on the
ensure that the
right, or click the
repository has
repository and click
been created.
in the preview
area on the right.
5.3 Protected Environment Management
eBackup backup management system supports VM data backup and restore in a
FusionSphere environment. You can view, modify, and delete a protected
environment that has been discovered in eBackup backup management system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 156
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
5.3.1 Managing a FusionSphere Protected Environment
As the source of backup data, a protected environment is often called the
production end. You can view, modify, and delete a protected environment that
has been added to the eBackup backup management system.
Icon Description
After a FusionSphere protected environment is added to the eBackup backup
management system, the system automatically obtains VM information. Table 5-2
lists the related icons.
Table 5-2 Icons in a FusionSphere protected environment
Object Icon Description
Site / Sites are collections of physical resources (such as hosts and
VMs) and virtualized resources. When there are too many
resources for a site, you can deploy another site. Resources of
different sites are independent and can be cascaded to a Web
client for centralized management.
denotes that the certificate is not added, and denotes
that the certificate is added.
Cluster Clusters are collections of hosts. After hosts are added to
clusters, resources on the host and the associated storage and
network resources become a part of the cluster resources for
use by VMs running on the hosts.
Host Hosts are physical servers running virtualization software. VMs
can run on hosts, which provide CPU and memory resources
and capabilities such as GPU, USB devices, network connection,
and storage access for VMs. Multiple VMs can run on a single
host.
VM VMs are virtualized computers. Like physical computers, VMs
run on operating systems, on which application software is
running. VMs run on hosts and obtain the necessary CPU and
memory resources as well as capabilities such as video adapter,
USB devices, network connection, and storage access. Multiple
VMs can run on a single host.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 157
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Related Operations
Operation Navigation Path Description Key Parameter
Viewing a ● Viewing basic Background ● Protection Status
FusionSphere information: This operation displays Protection status of a VM
protected On the navigation information about a in the last week.
environment FusionSphere protected ● UUID
bar, choose environment. After a Unique identifier of a VM
> FusionSphere. FusionSphere protected in a protected
Click tier 1, tier 2, environment is added to environment.
and tier 3 nodes the eBackup backup ● Last Backup Time
in the navigation management system, the Start time when the VM is
tree. system automatically backed up in the last time.
● Viewing details: obtains VM information. If the VM has never been
On the navigation Precautions backed up before, the
● Before performing this value is --.
bar, choose operation, ensure that ● Host
> FusionSphere. the FusionSphere Name of the host where
Click tier 1, tier 2, protected the VM resides. If the VM is
and tier 3 nodes environment has been not bound to any host, the
in the navigation created and added to value is --.
tree and view VM the eBackup backup
information. management system.
● If information of the
protected
environment is
changed, you need to
manually synchronize
changes to the
eBackup backup
management system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 158
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Path Description Key Parameter
Modifying a On the navigation Background None
FusionSphere If the information of a
protected bar, choose > FusionSphere protected
environment FusionSphere. In the environment, such as the
Protected IP address of the VRM
Environment area, and authentication
select the desired tier information, is changed,
1 node in the you need to synchronize
navigation tree on the changes in the
the left and click . eBackup backup
management system so
that the system can
promptly obtain the VM
information and correctly
back up VMs managed
by the VRM.
Precautions
● Before performing this
operation, ensure that
the FusionSphere
protected
environment has been
added to the eBackup
system.
● If the IP address of
the VRM in the
protected
environment is
changed, ensure that
the changed IP
address is consistent
with that at the
production end. If the
system detects an
inconsistency, the
change fails.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 159
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Path Description Key Parameter
Deleting a 1. On the navigation Background None
FusionSphere This operation deletes an
protected bar, choose unneeded protected
environment > FusionSphere. environment.
2. In the Protected Precautions
Environment
Before performing this
area, select the
operation, ensure that
first-level node
to-be-deleted VMs
(that is, the
managed by VRM are
protected
not associated with any
environment to
protected sets.
be deleted) in the
navigation tree on
the left, and
check whether all
VMs in the right
area are in the
unprotected state.
● If yes, perform
3.
● If no, modify
or delete the
associated
protection set
when the VM
does not need
to be
protected.
3. In the Protected
Environment
area, select the
desired tier 1
node in the
navigation tree on
the left and click
.
5.3.2 Related Operations
After protected objects of a protected environment have been added to eBackup
backup management system, you can use the quick entry to add the protected
objects to an existing protected set. Alternatively, you can create a protected set
and add the protected objects to it.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 160
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operation Navigation Path Description Key
Parameter
Adding a 1. Select a path based Background None
protected on the protected This operation creates
object to a environment type. a protected set and
newly On the navigation bar, adds one or more
created protected objects to
protected set choose > the protected set.
FusionSphere.
2. In the navigation tree
on the left, click the
desired tier 1, tier 2,
or tier 3 node. On the
right, select one or
more protected
objects that you want
to add to a protected
set.
3. Click Add to New
Protected Set.
Adding a 1. Select a path based Background None
protected on the protected This operation adds
object to an environment type. one or more protected
existing On the navigation bar, objects to an existing
protected set protected set.
choose >
Precautions
FusionSphere.
● You can add
2. In the navigation tree
protected objects to
on the left, click the
only one protected
desired tier 1, tier 2,
set at a time and
or tier 3 node. On the
the protected set
right, select one or
must be in the
more protected
same protected
objects that you want
environment as the
to add to a protected
protected objects. If
set.
you want to add
3. Click Add to Existing protected objects to
Protected Set. multiple protected
sets, repeat this
operation.
5.4 Protected Set Management
A protected set defines backup objects, which can be one or more protected
objects. You can assign or exclude disks for all or specified VMs. You can view,
modify, verify, clone or delete a created protected set.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 161
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operatio Navigation Path Description Key Parameter
n
Viewing a ● Viewing basic Background ● Protected Object
protected information: This operation Number
set On the displays Number of protected
navigation bar, information about objects in the
the protected protected set.
choose > environment and Click the parameter
Protected Set. protected objects value displayed as a
● Viewing details: in a protected set. hyperlink. In the
On the Precautions dialog box that is
navigation bar, displayed, you can
Before performing view details about
this operation, protected objects in
choose > ensure that the
Protected Set. the protected set.
protected set has
On the page Click next to a
been created.
that is protected object to
displayed, click rapidly locate the
the desired protected object in the
protected set. protected
environment
navigation tree.
● Time of Last
Validation
Time when the
validity of the path of
a protected object in
the protected set is
verified for the last
time.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 162
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operatio Navigation Path Description Key Parameter
n
Modifying On the navigation Background None
a This operation
protected bar, choose > modifies a
set Protected Set. protected set,
Move the mouse including adding
pointer to the backup objects to
protected set that or deleting backup
you want to objects from the
modify and click protected set.
in the button After modification,
area on the right, the system
or click the automatically
protected set that synchronizes the
you want to modification to
modify and click the associated
in the preview backup plan.
area on the right.
Precautions
Before performing
this operation,
ensure that the
protected set has
been created.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 163
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operatio Navigation Path Description Key Parameter
n
Verifying On the navigation Background None
a This operation
protected bar, choose > verifies the path
set Protected Set. of a protected
Move the mouse object in a
pointer to the protected set.
protected set that
Precautions
you want to verify
● Before
and click in the
performing this
button area on the
operation,
right, or click the
ensure that the
protected set that
protected set
you want to verify
has been
and click in the created.
preview area on
the right. ● If verification
fails, check
whether the
protected
object in the
protected set
exists or
whether the
path of the
protected
object is
changed.
Cloning a On the navigation Background None
protected This operation
set bar, choose > clones a protected
Protected Set. set to create a
Move the mouse duplicate. Then
pointer to the you can modify
protected set that the duplicate to
you want to clone quickly obtain a
and click in the new protected set
button area on the instead of creating
right, or click the one, saving
protected set that configuration
you want to clone time.
and click .
Precautions
Before performing
this operation,
ensure that the
protected set has
been created.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 164
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operatio Navigation Path Description Key Parameter
n
Deleting a 1. On the Background None
protected navigation bar, This operation
set deletes an
choose > unneeded
Protected Set. protected set.
2. Click the Precautions
protected set
Before performing
that you want
this operation,
to delete, and
ensure that the
check whether
protected set to
it is associated
be deleted is not
with any
associated with
backup plan in
any backup plan.
the preview
area on the
right.
● If any
associated
backup plan
is displayed
in the
Backup
Plan area,
find it on
the backup
plan page.
Modify the
information
of the
backup plan
to remove
the
association
relationship
between the
protected
set and the
backup plan.
Alternatively,
ensure that
the backup
plan is
unneeded
and delete
it. Then
delete the
protected
set.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 165
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operatio Navigation Path Description Key Parameter
n
● If no
associated
backup
plans are
displayed in
the Backup
Plan area,
delete the
protected
set directly.
3. Use either of
the following
methods to
delete the
protected set:
● Move the
mouse
pointer to
the
protected
set that you
want to
delete and
click in
the button
area on the
right.
● Click the
protected
set that you
want to
delete and
click in
the preview
area on the
right.
5.5 Backup Policy Management
A backup policy defines the scheduling policy for the system to automatically back
up protected objects. The backup policy includes the scheduling plan, backup
retention policy, and backup verification policy. One backup policy can be used by
multiple backup plans. You can view, modify, clone, and delete policies.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 166
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Navigation Path Description Key Parameter
on
Viewing ● Viewing basic Background ● Data Layout
a information: This operation Layout of backups
backup On the navigation displays information in repositories. The
policy about a backup value can be:
bar, choose policy, including the – Regular
> Backup Policy. scheduling plan, Deduplication
● Viewing details: backup data layout, and
On the navigation and associated compression are
backup plans. not enabled.
bar, choose Precautions Backups are
> Backup Policy. retained in a
Before performing general layout.
On the page that this operation,
is displayed, click ensure that the – Dedupe
the backup policy backup policy has Deduplication is
that you want to been created. a data reduction
view. technology. The
deduplication
technology
automatically
searches for
duplicate data,
saves only one
copy of the
duplicate data,
and uses
pointers that
point to the
unique copy to
replace
duplicate copies.
Deduplication is
able to reduce
the required
storage capacity,
addressing the
increasing
demand for
storage capacity.
– Compress
Backup data is
compressed,
reducing the
required back-
end storage
capacity.
● Backup Plan
Number of backup
plans associated
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 167
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Navigation Path Description Key Parameter
on
with the backup
policy.
Modifyin On the navigation Background None
ga This operation
backup bar, choose > modifies the backup
policy Backup Policy. Move policy associated
the mouse pointer to with a backup plan
the backup policy to adjust the
that you want to scheduling plan and
modify and click in retry policy of the
the button area on protected object in
the right, or click the the backup plan.
backup policy that
Precautions
you want to modify
and click in the ● Before
preview area on the performing this
right. operation, ensure
that the backup
policy has been
created.
● After a backup
policy is
modified, the
system will
automatically
update to-be-
executed backup
jobs associated
with the backup
policy. If backup
jobs associated
with the backup
policy are being
performed, they
are performed
based on the
original backup
policy instead of
the modified one.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 168
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Navigation Path Description Key Parameter
on
Cloning On the navigation Background None
a This operation
backup bar, choose > clones a backup
policy Backup Policy. Move policy to create a
the mouse pointer to duplicate. Then you
the backup policy can modify the
that you want to duplicate to quickly
clone and click in obtain a new
the button area on backup policy
the right, or click the instead of creating
backup policy that one.
you want to clone
Precautions
and click in the
preview area on the Before performing
right. this operation,
ensure that the
backup policy has
been created.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 169
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Navigation Path Description Key Parameter
on
Deleting 1. On the navigation Background None
a This operation
backup bar, choose deletes an unneeded
policy > Backup Policy. backup policy.
2. Click the backup Precautions
policy that you
● Before
want to delete,
performing this
and check
operation, ensure
whether the
that the backup
backup policy is
policy to be
associated with
deleted is not
any backup plan.
associated with
● If any any backup plan.
associated
● After the backup
backup plan is
policy is deleted,
displayed in the
back jobs
Backup Plan
associated with
area, find it on
the backup policy
the backup
are automatically
plan page.
canceled.
Modify the
information of
the backup
plan to remove
the association
relationship
between the
backup policy
and the backup
plan.
Alternatively,
ensure that the
backup plan is
unneeded and
delete it. Then
delete the
backup policy.
● If no associated
backup plans
are displayed in
the Backup
Plan area,
delete the
backup policy
directly.
3. Use either of the
following methods
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 170
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Navigation Path Description Key Parameter
on
to delete the
backup policy:
● Move the
mouse pointer
to the backup
policy that you
want to delete
and click in
the button area
on the right.
● Click the
backup policy
that you want
to delete and
click in the
preview area
on the right.
5.6 Backup Plan Management
Backup plan consists of backup policy, protected set, and repository. One backup
plan is associated with one backup policy, one protected set, and one repository
only. You can view, execute, modify, clone or delete backup plans.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 171
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Navigation Path Description Key Parameter
on
Viewing ● Viewing basic Background ● Status of the
a information: This operation backup plan. The
backup On the navigation displays information value can be:
plan about a backup plan, – Active
bar, choose including the status, Indicates that
> Backup Plan. associated protected the backup
● Viewing details: set, associated plan is in the
On the navigation repository, and the Active state.
start time of the When the
bar, choose latest backup job. backup plan in
> Backup Plan. Precautions this state, the
On the page that system can
Before performing perform
is displayed, click this operation, ensure
the backup plan backup jobs as
that the backup plan scheduled. In
that you want to has been created.
view. the preview
area, you can
click the
arrowhead
beside Active
to deactivate
the backup
plan.
– Inactive
Indicates that
the backup
plan is in the
Inactive state.
When the
backup plan in
this state, the
system cannot
perform
backup jobs as
scheduled but
you can
manually
perform
backup jobs. In
the preview
area, you can
click the
arrowhead
beside Inactive
to activate the
backup plan.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 172
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Navigation Path Description Key Parameter
on
Executin On the navigation Background None
ga This operation
backup bar, choose > executes a backup
plan Backup Plan. Move plan.
the mouse pointer to
Precautions
the backup plan that
you want to execute ● Before performing
this operation,
and click in the
ensure that the
button area on the
backup plan has
right, or click the
been created.
backup plan that you
want to execute and ● If backup jobs are
click in the being performed
preview area on the based on the
right. backup plan, the
system will add
new backup jobs
and set them to
the Pending state.
● If backup jobs
have been
performed based
on the backup
plan, the system
automatically
performs
incremental
backup after you
click .
● If no backup jobs
have been
performed based
on the backup
plan, the system
automatically
performs full
backup after you
click .
● You can select the
backup plan at
any time after the
backup plan is
created. Click
in
the preview area
on the right to
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 173
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Navigation Path Description Key Parameter
on
perform full
backup.
Modifyin On the navigation Background None
ga This operation
backup bar, choose > associates a new
plan Backup Plan. Move protected set and
the mouse pointer to backup policy with a
the backup plan that backup plan. After
you want to modify the backup plan is
and click in the modified, the system
button area on the will execute backup
right, or click the jobs based on the
backup plan that you modified backup
want to modify and plan.
click in the
Precautions
preview area on the
right. Before performing
this operation, ensure
that the backup plan
has been created.
Cloning On the navigation Background None
a This operation clones
backup bar, choose > a backup plan to
plan Backup Plan. Move create a duplicate.
the mouse pointer to Then you can modify
the backup plan that the duplicate to
you want to clone quickly obtain a new
and click in the backup plan instead
button area on the of creating one.
right, or click the
backup plan that you Precautions
want to clone and Before performing
click in the this operation, ensure
preview area on the that the backup plan
right. has been created.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 174
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Navigation Path Description Key Parameter
on
Deleting On the navigation Background None
a This operation
backup bar, choose > deletes an unneeded
plan Backup Plan. Move backup plan.
the mouse pointer to
Precautions
the backup plan that
you want to delete ● When you delete
and click in the a backup plan, the
button area on the backup generated
right, or click the by the backup
backup plan that you plan is forcibly
want to delete and deleted. Before
click in the deleting a backup
preview area on the plan, ensure that
right. the backup of the
backup plan is not
used for restore.
● Ensure that no
backup job
associated with
the backup plan
to be deleted is
being executed in
the system.
Otherwise, the
deletion fails.
5.7 Backup Management
A backup is backup data generated after a backup plan performs a backup job
based on a backup policy. The backup contains all data required to restore backup
objects. You can view, modify, restore, and delete backups.
The following jobs have two entries:
● Entry 1:
a. In the navigation tree, choose > FusionSphere.
b. In the navigation tree on the left, locate the path of the protected object
that has been backed up, and click the protected object on the right.
● Entry 2:
a. In the navigation tree, choose > All Backups.
b. Click the backup that you want to view, modify, restore, or delete.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 175
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Operation Entry Description Key Parameter
on
Viewing ● View the Background ● Status
a backup through This operation Verification status of a
backup entry 1. displays the backup. The value can
● View the generation time be:
backup through and verification – Valid
entry 2. status of backups Indicates that Quick
NOTE of a backup object, Verification or Full
The functions and allows you to Verification has
provided by the restore, and delete been performed to
two entries are a backup. the backup and the
basically the
Precautions verification result
same. The
difference is shows that the
Before performing backup can be used
that you can
this operation, to restore data.
view delete and
verify backups ensure that
backups have been – Invalid
in batches
through entry 2 created. Indicates that Quick
and you can Verification or Full
restore data in Verification has
batches through been performed to
entry 1. the backup and the
verification result
shows that the
backup is invalid.
That is, data in the
backup has been
damaged or is
unavailable and the
backup cannot be
used to restore data.
– Not verified
Indicates that the
backup has not been
verified. You need to
verify the backup
before using it to
restore data.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 176
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Operation Entry Description Key Parameter
on
NOTE
● If you have
enabled Dedupe
but disabled
Create
Verification Data
when creating a
backup policy, full
verification can be
performed on the
generated
backups.
● If you have
disabled Dedupe
and Create
Verification Data
when creating a
backup policy, full
verification cannot
be performed on
the generated
backups.
● Protected Object
(UUID)
Unique identifier of the
backup–associated
protected object in the
protected environment.
● Protected Object
(GUID)
Unique identifier of the
backup–associated
protected object in
eBackup.
● Path
Path of the backup–
associated protected
object in the protected
environment.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 177
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Operation Entry Description Key Parameter
on
Modifyin ● Change the Background ● Retained for a period
g the expiration time This operation backups generated
expiratio of the backup modifies the according to a backup
n time through entry expiration time of policy will be retained
of a 1. a backup. The for xx years, months,
backup In the preview change does not weeks, or days. Once
area on the affect the backup the retention period is
right, hover the plan and backup exceeded, the system
mouse pointer policy associated automatically deletes
over the with the backup. expired backups.
backup and After the change, ● Retained until a specific
click . the backup is day
● Change the retained based on Backups generated
expiration time the new retention according to a backup
of the backup policy. policy will be retained
through entry Precautions to a specific point in
2. time. Once the point in
In the preview Before performing time is exceeded, the
area on the this operation, system automatically
right, click ensure that the deletes expired
backup whose backups.
expiration time
under you want to
Retention. modify exists.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 178
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Operation Entry Description Key Parameter
on
Using a ● Restore data Background ● VM restore
backup through entry This operation If a VM at the
to 1. uses a backup to production end is
restore In the preview restore the damaged or removed,
data area on the protected object perform this operation
right, hover the associated with to restore the VM.
mouse pointer the backup, You can restore a single
over the including restoring VM or batch restore
backup and VMs or disks of VMs. For details, see
click . the VM. 4.1.1 Restoring a VM,
Precautions and 4.1.2 Batch
● Restore data
Restoring VMs.
through entry ● Before restoring
2. a VM, ensure ● Disk restore
Click that full backup If data on a virtual disk
has been of a VM is damaged,
in
performed for lost, or removed,
the preview
the VM and the perform this operation
area on the
backup is in the to restore the disk.
right.
Valid state. You can restore a single
● Before restoring disk or batch restore
a disk or files disks. For details, see
on a disk, 4.1.3 Restoring a Disk
ensure that full on a VM, and 4.1.4
backup has Batch Restoring Disks
been performed on Multiple VMs.
for the disk and ● File-level restore
the backup is in If data of a file on a
the Valid state. disk of a VM is
damaged, lost, or
removed, perform this
operation.
For details, see 4.1.5
Restoring Files on a
Disk (File-Level
Restore).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 179
OceanStor BCManager
eBackup User Guide 5 Managing Backup and Restore
Operati Operation Entry Description Key Parameter
on
Deleting ● Delete the Background None
a backup through This operation
backup entry 1. deletes an
In the preview unneeded backup
area on the to release storage
right, hover the space.
mouse pointer
over the Precautions
backup and ● Before
performing this
click .
operation,
● Delete the ensure that the
backup through backup that
entry 2. you want to
Click delete will not
in the preview be used to
area on the restore data.
right. ● Ensure that
backup jobs
associated with
the backup to
be deleted are
not being
performed.
Otherwise, the
backup fails to
be deleted.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 180
OceanStor BCManager
eBackup User Guide 6 System Maintenance
6 System Maintenance
6.1 System Monitoring
6.2 System Configuration
6.3 Power-On and Power-Off eBackup servers
6.4 Security Management
6.5 Logging In to eBackup Server Using Public Key Authentication
6.6 Inspection
6.7 Configuration Items
6.8 Script Description
6.1 System Monitoring
You can view information such as executed jobs, alarms, and events to monitor
the status of eBackup backup management system.
6.1.1 Managing a Job
This section explains how to view the status and progress of backup jobs, restore
jobs, and other jobs. You can manually stop ongoing jobs.
Context
Table 6-1 describes task types of eBackup and their legends.
Table 6-1 Task description
Job Type Legend Description
Backup The system delivers this job when users back up
protected objects in the protected environment. More
backup objects indicate longer backup time.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 181
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Job Type Legend Description
Restore This task is delivered by the system when a user uses
machine existing backups to restore data to a new VM. A larger
backup size indicates longer restore time.
File-level The system delivers this job when users use backups to
restore restore specific files in VM disk. In file level restore,
larger file size indicates longer restore time.
Scan The system delivers this job when users manually scan
protected for objects in the protected environment.
environm
ent
Verify The system delivers this job when users add protected
credentia environments.
ls
Delete The system delivers this job when users delete specific
backup backups of specific protected objects.
Verify The system delivers this job when users verify the
backup integrity of specific backups of specific protected
objects.
Delete The system delivers this job when users delete specific
backup backup plans.
plan
Restore The system delivers this job when users restore specific
VM disk disks of specific VMs.
Retrieve The system delivers this job when users use HA
backup function and the backups lost.
Add HA The system delivers this job when users add HA
member member.
Modify The system delivers this job when users modify HA
HA parameters.
paramete
rs
Delete The system delivers this job when users delete HA
HA member.
member
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 In the navigation tree, choose > Job.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 182
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 3 Optional: In the upper right corner, set the search criteria and click , or click
Advanced to set search criteria and click OK to search for desired background
jobs.
Step 4 View information about background jobs.
Table 6-2 describes related parameters.
NOTE
Users can set the types of job parameters that need to be displayed. Method: Click in
the upper right corner in the main window of jobs and select the types of job parameters
that need to be displayed.
Table 6-2 Job parameters
Parameter Description
ID Job ID. Unique identifier of a job in eBackup backup management
system.
Type Job type. Table 6-1 describes task types of eBackup and their
legends.
Status Status of the background job. The value can be:
● Failed
Background jobs have been failed.
● Aborted
Background jobs have been aborted.
● Aborting
Background jobs are being aborted.
● Pending
When multiple jobs are running in the background, the system
executes the jobs in order of command delivery time and
priority. Background jobs waiting to be processed are set to the
Pending state. Manual backup and recovery jobs have a higher
priority than others.
● In progress
If background jobs are being executed, users can view the job
execution progress.
● Completed
Background jobs have been completed.
● Verifying
Verifying that a job can be scheduled.
Retry Times Number of retry times for jobs.
After show historical jobs is enabled in the advanced search,
Retry Times is not displayed but all retry jobs are displayed. Click
the number in the Retry Times column. The retry task window is
displayed. You can view detailed information about all retry jobs.
After show historical jobs is disabled, only the latest job is
displayed.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 183
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description
Protected Sub-operation object of the background job.
Object For example, if VM vm11 in protected environment FusionSphere
Name F11 is being restored, Protected object name is vm11.
Backup Backup plan corresponding to a task.
Plan Name
Protected Operation object of the background job.
Environmen For example, if VM vm11 in protected environment FusionSphere
t F11 is being restored, Protected Environment is F11.
Progress Progress of the background job.
Created Time when the background job is created.
Time
End Time Them when the background job is ended.
Backup Backup proxy associated with the job.
Proxy
Speed Execution rate of the job.
Backup Size Size of backup data generated by the backup job.
NOTE
This parameter applies to backup jobs only.
Step 5 Manually end the job.
If a background job does not need to be executed, use either of the following
methods to stop it:
● Move the mouse pointer to the backup job that you want to stop and click
in the button area on the right.
● Click the backup job that you want to stop and click in the preview area on
the right.
NOTE
– Background jobs can be aborted in the Pending state when the types are Verify
credentials, Scan environment, Delete backup and Delete backup plan.
– You can stop multiple jobs at the same time. To batch stop jobs, click Abort in the
upper left corner of the job list.
Step 6 View task details.
Click the job whose basic information you want to view. In the preview area on the
right, view the basic information.
In the preview area, you can view the ID of the job, backup proxy, backup plans ,
and details related to this job.
You can view the execution rate of the jobs whose types are Backup, Restore
machine and Restore VM disk.
You can view the space saving of the backup jobs.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 184
OceanStor BCManager
eBackup User Guide 6 System Maintenance
NOTE
If the backup policy associated with the backup job has enabled Dedupe and Compress or
either of them, the backup storage usage can be reduced. Snapshot Size indicates the
volume of data to be backed up. Backup Size indicates the volume of backup data. You can
view the space saving. If Dedupe and Compress are not enabled, 0% space saving will be
displayed for the backup job.
Step 7 Export the job.
You can collect and analyze backup and restore data based on all or some of the
exported backup jobs, or analyze and locate problems.
● Click Export All in the upper left corner to export all jobs.
● Select a job in the left pane and click Export in the upper left corner to export
the selected job.
● In the upper right corner of the page, select a job based on the search criteria
and click Export List to export the task.
NOTE
The export time may be long. Do not close the current page. If you need to perform
operations, open a new page.
----End
6.1.2 Handling an Alarm
This section explains how to view alarms and perform recommended actions to
handle alarms. If an alarm has been handled, you need to manually clear the
alarm. Besides, you can export alarms to the local PC.
Context
The alarm severity indicates the severity and importance of an alarm. The
management system classifies alarms into three severities: Critical, Major, and
Minor. Table 6-3 describes the definition and handling methods of different
severities of alarms.
Table 6-3 Alarm severities
Seve Leg Definition Handling Suggestion and
rity end Description
Critic A critical alarm interrupts A critical alarm must be
al services or causes the system handled immediately.
to break down. Otherwise, the system may
break down.
Majo A major alarm affects a part of A major alarm must be handled
r the system in a limited range as soon as possible. Otherwise,
or decreases the system important functions cannot
performance. work correctly.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 185
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Seve Leg Definition Handling Suggestion and
rity end Description
Mino A warning alarm has no A warning alarm prompts the
r impact on the system. The maintenance personnel to query
system detects a potential or the alarm causes and rectify
imminent fault that may affect potential faults.
services.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 In the navigation tree, choose > Alarm.
Step 3 Optional: In the upper right corner, set the search criteria and click , or click
Advanced to set search criteria and click OK to search for desired alarms.
Step 4 Click the alarms that you want to handle and follow instructions in Suggestions
to handle the alarm.
Step 5 Clear an alarm.
Some alarms in the system need to be manually recovered. If alarms have been
recovered but alarms still exist, or alarm objects have been deleted and related
alarms cannot be automatically cleared, system maintenance engineers can
manually clear alarms to prevent them from affecting follow-up maintenance.
1. After alarms are handled, select alarms that you want to clear and use either
of the following methods to clear them:
– Select the alarms that you want to clear and click Clear in the upper left
button area of the alarm list.
– Click the alarms that you want to clear and click in the preview area
on the right.
2. Click OK in the dialog box that is displayed.
Step 6 Optional: Export alarms. (This section uses Internet Explorer 11 as an example.)
Use either of the following methods to export alarms:
● Select the alarms that you want to export and click Export in the upper left
button area of the alarm list.
● Click the alarms that you want to export and click in the preview area on
the right.
NOTE
You can click Export All to export all alarms to the local PC.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 186
OceanStor BCManager
eBackup User Guide 6 System Maintenance
6.1.3 Viewing and Exporting Events
An event is a general term for all the situations occurring on network elements,
for example, adding, deleting, and modifying an object and changing the status of
an object. You can export one, multiple, or all events.
Context
The similarities and differences of alarms and events are as follows:
● Similarity
Both the alarms and events reflect the changes detected by the management
system on the managed objects.
● Differences
– Alarms are special events. Alarms indicate that anomalies or faults occur
on the management system or its managed objects. Alarms must be
handled as soon as possible to protect services.
– Events only indicate changes to the managed objects. These changes may
not cause service exceptions.
– There are three alarms severities: Critical, Major, and Minor. There are
four event levels: Critical, Major, Minor, and Warning.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 In the navigation tree, choose > Event.
Step 3 Optional: In the upper right corner, set the search criteria and click , or click
Advanced to set search criteria and click OK to search for desired events.
Step 4 Click the event that you want to handle and follow instructions in Suggestions to
handle the event.
Step 5 Optional: Export events. (This section uses Internet Explorer 11 as an example.)
Use either of the following methods to export events:
● Select the events that you want to export and click Export in the upper left
button area of the event list.
● Click the events that you want to export and click in the preview area on
the right.
NOTE
You can click Export All to export all events to the local PC.
----End
6.1.4 Managing an eBackup Server
This operation allows you to view the status of the backup server and backup
proxies of eBackup backup management system to discover and handle anomalies
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 187
OceanStor BCManager
eBackup User Guide 6 System Maintenance
in a timely manner. In addition, you can set HA parameters to configure eBackup
as an HA system.
Context
HA refers to that active and standby modules work in hot or cold backup mode to
implement specific functions. When the active module is faulty, the standby
module automatically takes over the role of the active module to implement
system functions, improving system reliability.
To enable eBackup to support the HA function, plan at least two eBackup servers.
Initialize one as the backup server, and the other servers as backup proxies. By
default, eBackup does not support the HA function. You need to set HA
parameters to configure eBackup as an HA system. After the configuration, the
backup server and one backup proxy work in active/standby mode. After the
backup server fails, the backup proxy takes over the role of the backup server to
ensure normal system operation.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Server.
Step 3 Optional: Enter the IP address of the internal communication plane of the
eBackup server in the search box in the upper right corner and click to quickly
search for the server.
Step 4 View information about the server. Table 6-4 describes key server parameters.
Table 6-4 Key server parameters
Parameter Description
ID The only identification of the server in eBackup backup
management system.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 188
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description
Accessibility Status of the server. The value can be:
Status ● Accessible
The communication between the backup server and backup
proxies is normal and backup and restoration services run
correctly.
● Inaccessible
The backup server communicates with backup proxies
through heartbeat to check the status of backup proxies. If
the backup server cannot detect a backup proxy in a specific
period of time, the status of the backup proxy is changed to
inaccessible.
● Partially Accessible
Some microservices of the backup server and backup proxy
are abnormal.
Register Registry status of the server. The value can be:
Status ● Registered
After the backup server and backup proxies are deployed at
eBackup backup management system, they are automatically
registered with eBackup backup management system.
● Unregistered
If you manually unregister a backup proxy, Register Status of
the server changes to Unregistered. If you want to use the
backup proxy to perform backup and restoration jobs, register
it with eBackup backup management system.
Backup Backup management plane IP address of the server.
Managemen
t Plane IP
Address
Internal Internal communication plane IP address of the server.
Communicat
ion Plane IP
Address
Role The eBackup server has two roles:
● Backup server
As the control center of eBackup backup management
system, the backup server is responsible for scheduling and
monitoring backup and restoration jobs, managing backup
storage, backup proxies, and production systems, and
processing and responding to users' operations. A backup
server also provides the functions of a backup proxy.
● Backup proxy
Backup proxies are responsible for receiving backup and
restoration jobs delivered by the backup server and
interacting with production systems and backup and
restoration systems to perform backup and restoration jobs.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 189
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description
NTP Time Status of time consistency between the backup proxies and
Synchronizat backup server. The value can be Synchronized, Unsynchronized
ion Status or Unknown.
If the state of a backup proxy is Unsynchronized, users can click
the backup proxy and click Synchronize Time in the right
information pane to keep time consistency between the backup
proxy and backup server.
If the backup proxy is restarted or newly registered, the state
may become Unknown. In this case, users need to wait for the
system to automatically synchronize the time of the backup
proxy.
iSCSI Name of the iSCSI initiator on the server.
initiator
name
UltraPath Whether the server has UltraPath software installed.
software
installed or
not
Huawei Floating IP address of the management plane of the server that
Distributed is added to the Huawei distributed block storage cluster.
Block
Storage
Mgmt.
Floating IP
NOTE
The backup server functions as a backup proxy. To facilitate the user to view and manage
the detailed information about the backup server or backup proxy, the backup server and
backup proxy are displayed as independent information on the page.
Step 5 Register or unregister backup proxies.
NOTE
You cannot register or deregister the backup server configured with HA or associated with
backup proxies.
● Registering a selected backup proxy
Select a backup proxy whose Accessibility Status is Accessible and Register
Status is Unregistered and use either of the following methods to register
the proxy:
– Click Register in the upper left area of the server list and click OK in the
Warning dialog box that is displayed.
– Click in the preview area on the right and click OK in the Warning
dialog box that is displayed.
● Registering all backup proxies
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 190
OceanStor BCManager
eBackup User Guide 6 System Maintenance
eBackup backup management system supports batch registering of all backup
proxies, improving configuration efficiency. Click Register All and click OK in
the Confirm dialog box that is displayed. Then the system executes the
command to batch register backup proxies whose Accessibility Status is
Accessible and Register Status is Unregistered.
● Unregistering a selected backup proxy
Select the backup proxy whose Register Status is Registered and perform
the following operations to deregister the backup proxy:
– Click in the preview area on the right and click OK in the Warning
dialog box that is displayed.
– Select multiple backup proxies and click Deregister to deregister them in
batches.
NOTICE
Before unregistering a backup proxy whose Accessibility Status is Inaccessible
and Register Status is Registered, ensure that the server meets one of the
following requirements:
● The server is shut down.
● The server is started and all the storage units on the server are unmounted.
You can run mount |grep /opt/huawei-data-protection/ebackup/bricks to
view mounting directory names. If there are mounted storage units, run
umount -l /opt/huawei-data-protection/ebackup/bricksMounting directory
name to unmount the storage units.
After unregistering a backup proxy whose Accessibility Status is Accessible and
Register Status is Registered, ensure that all the storage units on the server are
unmounted. You can run mount |grep /opt/huawei-data-protection/ebackup/
bricks to view mounting directory names. If there are mounted storage units, run
umount -l /opt/huawei-data-protection/ebackup/bricksMounting directory
name to unmount the storage units.
After unregistering a backup proxy (including unmounting the storage units), stop
the eBackup service and uninstall the eBackup software to ensure that the backup
proxy will not automatically connect to the backup server subsequently. If you
want to use the backup proxy subsequently reinstall the eBackup software and
configure the backup proxy again.
Step 6 Optional: Set HA parameters if you want to configure eBackup as an HA system.
For details, see 2.6 (Optional) Configuring HA.
NOTE
eBackup can be configured as an HA system only when there are at least two eBackup
servers in the system, that is, there is at least one independent backup proxy server.
----End
6.2 System Configuration
This chapter introduces common system configuration operations.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 191
OceanStor BCManager
eBackup User Guide 6 System Maintenance
6.2.1 Advanced Settings
This operation allows you to configure system parameters to adjust configuration
items of all associated jobs in a unified manner.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 In the navigation tree, choose > Configuration > Advanced Settings.
Step 3 Configure global system parameters. Table 6-5 describes related parameters.
Table 6-5 Global system parameters
Parameter Description Configuration Rule
Log Level Set the level of background run If you need detailed system run
logs. After this parameter is set, logs to locate faults, you are
the system prints logs of this advised to set the log level to a
level and higher levels and low level, for example, DEBUG.
saves the logs to the /opt/ The default level is INFO.
huawei-data-protection/
ebackup/logs directory or
microservice directory /opt/
huawei-data-protection/
ebackup/microservice/
ebk_xxx/logs on each server.
ebk_xxx indicates the
microservice name.
This parameter indicates the
importance of logs. eBackup
backup management system
classifies system run logs into
six levels: CRITICAL, ERROR,
WARNING, INFO, DEBUG, and
TRACE.
Enable During backup or restore LAN SSL is enabled by default.
LAN SSL through the LAN-Base, this Security risks arise if the
option is used to specify parameter is disabled.
whether SSL is used by the
backup proxy to communicate
with the production end.
Max. Maximum number of connected The parameter value must be
Number of users supported by eBackup an integer from 1 to 20000. The
Sessions backup management system. default value is 10000.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 192
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description Configuration Rule
Heartbeat Backup server communicates The parameter value must be
Timeout with a backup proxy through an integer from 1 to 6000. The
Duration heartbeat to check the default value is 600.
(seconds) accessibility status of the
backup proxy. If the backup
server cannot detect a backup
proxy in a specific period of
time, the status of the backup
proxy is changed to inaccessible.
Max. Maximum number of The parameter value must be
Number of concurrent backup and restore an integer from 1 to 40.
Concurrent jobs supported by eBackup Default value: 20
Backup backup management system.
and After the setting, restart the
Restore eBackup process on the backup
Jobs server for the setting to take
(single effect.
backup
proxy)
Step 4 Confirm your configuration and click OK.
----End
6.2.2 Configuring Email Notification
You can enable email notification so that alarms are automatically sent to the
specified recipients through emails. You can configure this function only when an
external Simple Mail Transfer Protocol (SMTP) server is available and can
communicate properly with the management network of eBackup.
Prerequisites
An SMTP server is available and has been configured.
Context
You need to input email addresses for sending remote alarm notification.
Therefore, you are obligated to take considerable measures, in compliance with
the laws of the countries concerned and the user privacy policies of your company,
to ensure that the personal data of users is fully protected.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 In the navigation tree, choose > Configuration > Email Notification.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 193
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 3 Select Enable to enable the email notification function.
Step 4 Configure email notification parameters. Table 6-6 describes related parameters.
Table 6-6 Email notification parameters
Parameter Description Configuration Rule
Sender Sender email address. The parameter value must
Email be in the email address
format, for example,
[email protected].
SMTP Server IP address or domain name of the Example: 192.168.10.10
SMTP server. This is an SMTP-
compliant email-sending server. The
emails containing alarm
information can be sent to specified
email boxes through the SMTP
server.
SMTP Server Port number of the SMTP server. The parameter value must
Port be an integer from 1 to
65,535. The default value
is 25.
Interval for Interval at which sending alarm The parameter value must
Sending notification emails to recipients. be an integer from 1 to
Email 1440. The default value is
Notification 5.
(minutes)
SMTP server Whether the SMTP server -
authenticati authenticates senders' identities. If
on SMTP server authentication is not
selected, Username and Password
cannot be configured.
Username SMTP user name of a sender. If -
SMTP server authentication is
selected, the SMTP server
authenticates the ID of the sender
based on the specified account and
password in the event that alarm
notification emails are sent through
the SMTP server.
NOTE
After SMTP server authentication is
selected, Username cannot be blank.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 194
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description Configuration Rule
Password SMTP password of the sender. If -
SMTP server authentication is
selected, the SMTP server
authenticates the ID of the sender
based on the specified account and
password in the event that alarm
notification emails are sent through
the SMTP server.
Enable the SSL is a security protocol that Security risks arise if no
security provides secure channels above the security protocol is
protocol transfer layer to provide secure and enabled. If the SMTP
(SSL) complete data for network server supports TLS, the
communications. Enabling the system will use TLS with
security protocol helps improve higher security after the
data transfer security. eBackup security protocol is
backup management system enabled.
provides SSL and TLS to NOTE
communicate with the SMTP server. After the security protocol is
As an upgraded version of SSL, TLS
is more secure. enabled, choose >
For TLS, TLS1.1 and TLS1.2 are Certificate, import the CA
certificate of the SMTP
supported. For SSL, SSL3.0 is
server, and name the
supported. certificate
SSLEmail_client.cer to allow
eBackup to authenticate the
email server.
Step 5 Add a recipient email address.
1. In the lower area of Recipient Email, click Add Recipient.
The system automatically adds a row. You can click to delete unnecessary
recipients.
2. In Recipient Email, enter the email address of a recipient.
3. In Alarm Severity, select the severity of alarms that you want to send to the
recipient.
The value can be Critical, Major, or Minor.
4. Confirm your configuration and click Test of each recipient to check whether
they can receive test emails.
5. Click OK.
NOTE
A maximum of 30 recipient email addresses are supported and each alarm severity
can add 10 recipient email addresses.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 195
OceanStor BCManager
eBackup User Guide 6 System Maintenance
6.2.3 Configuring System Time and Zone
You can configure, modify, and view the system time zone and NTP server
information.
Prerequisites
Currently, only an external NTP server running Linux is supported.
Procedure
Step 1 If eBackup has been added to the Huawei distributed block storage cluster, the
Huawei distributed block storage cluster automatically synchronizes NTP
configurations to the backup server and backup proxy. Perform the following steps
to stop NTP synchronization of Huawei distributed block storage. Skip this step in
other scenarios.
1. Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
2. Run the su root command and enter the password of user root to switch to
user root.
The default password of user root is Cloud12#$.
3. Run the following command to enter the /conf directory and check whether
the value of configuration item IsEnableNtpService in configuration file
servercfg.cfg is TRUE.
cd /opt/dfv/oam/oam-u/nma/conf
– If yes, go to Step 1.4.
– If no, go to Step 2.
4. Run the following command to go to the /scripts directory and check
whether the nma_ctl.sh script exists:
cd /opt/dfv/oam/oam-u/nma/scripts/
– If yes, go to Step 1.5.
– If no, go to Step 2.
5. Run the following commands in sequence to stop the NTP synchronization of
Huawei distributed block storage:
bash /opt/dfv/oam/oam-u/nma/scripts/nma_ctl.sh stopNtpService
6. Run the following command to start NTP of eBackup:
systemctl start ntpd
systemctl enable ntpd
7. Repeat Step 1.1 to Step 1.6 on other eBackup nodes.
8. Restart the eBackup process.
If you only need to change the IP address of the NTP server, skip this step
because the eBackup process does not need to be restarted. After the eBackup
process is restarted, the active and standby eBackup servers are switched over.
After Step 1.1 to Step 1.7 are performed, NTP synchronization of Huawei
distributed block storage is disabled. The eBackup process is restarted to
disable the NTP service on the eBackup page. If the NTP service is enabled,
users cannot change the system time and time zone.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 196
OceanStor BCManager
eBackup User Guide 6 System Maintenance
a. Use PuTTY to log in to the active backup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
b. Run the su root command and enter the password of user root to switch
to user root.
The default password of user root is Cloud12#$.
c. Run the following command to restart the eBackup process:
service hcp restart
d. After the eBackup process is restarted, log in to the eBackup
management system and choose > System Time & Zone. The NTP
service is disabled.
Step 2 If eBackup has been added to the Huawei distributed block storage cluster and
NTP synchronization of Huawei distributed block storage cannot be stopped by
performing the preceding steps, perform this step. Otherwise, skip this step.
NOTE
When you configure NTP on the eBackup GUI, only the NTP configurations of the active
and standby backup servers are modified. The NTP configurations of other backup proxies
are not automatically modified.
1. Use PuTTY to log in to each backup proxy.
Default account: hcp. Default password: PXU9@ctuNov17!.
2. Run the su root command and enter the password of user root to switch to
user root.
The default password of user root is Cloud12#$.
3. Run the following command and press i to edit the ntp.conf configuration
file:
vi /etc/ntp.conf
4. Change the IP address following server in the configuration file to the
management plane IP address of the backup server.
5. Press Esc to exit the editing mode and run the :wq! command to save and
close the configuration file.
Step 3 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 4 On the navigation bar, choose > System Time & Zone.
Step 5 Configure the system time and time zone. Table 6-7 describes related parameters.
Table 6-7 Parameters
Parameter Description
System Time System time of the eBackup server (including
the backup server and all backup proxies)
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 197
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description
System Zone If you modify the system zone of the server not
supported by eBackup (for example, running
yast to modify the system zone in the control
center of the operating system), nothing will be
displayed on the system zone page. In such a
case, you must reconfigure the system zone to
ensure the normal operating of eBackup backup
management system.
NTP Service Status If an external NTP service is required, enable the
NTP service and configure the NTP server
address.
NOTE
You cannot disable an enabled NTP server.
NTP Server 1 IP address or domain name of the external NTP
server.
NTP Server 2 IP address or domain name of the external NTP
server.
Step 6 After confirming your configuration, click OK.
----End
6.3 Power-On and Power-Off eBackup servers
This chapter describes how to power on and power off the eBackup servers.
6.3.1 Powering On eBackup servers
This section describes how to power on the eBackup servers to resume all services.
Context
The eBackup servers can be deployed in a physical server or VM, you need to
power on the eBackup servers according to the deployed environment and
scenarios.
NOTICE
If the HA function is enabled, power on the active node and then the standby
node. Otherwise, data within 10 minutes after the last power-off may be lost.
If the active and standby nodes are powered off and then powered on in the
specified sequences and if the interval between the power-off and power-on
exceeds 10 minutes, perform operations by following instructions in 7.3.5.5 In an
HA Scenario, the Active and Standby Nodes Are Correctly Configured.
However, Services on the Active Node Fail to Be Started.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 198
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Procedure
● Power on the eBackup physical server.
The backup server and backup proxy are deployed on the physical server.
Power on the eBackup server safely using iBMC.
● Power on the eBackup VM.
The following uses FusionCompute 8.x.x as an example.
a. Log in to FusionCompute.
b. In the navigation tree on the left, click .
c. Click the VM tab.
d. Find the eBackup VM to be powered on.
e. Locate the row that contains the VM and choose More > Power > Start.
f. Click OK.
The VM is powered on if its status changes to Running.
----End
Follow-up Procedure
Check whether eBackup server is successfully started. Run your browser, and enter
https://Management plane IP address or management plane floating IP address
of the backup server:8088, and log in to the backup server as user admin. If you
can log in, the backup server is successfully started.
6.3.2 Powering Off eBackup Servers
Power off the eBackup Server when it is not used, such as in holidays, or during
power supply cut-off, to reduce power consumption and human resource costs for
customers and to protect data from being lost.
Prerequisites
● When powering off the eBackup Server, make sure no running service on
eBackup Server.
● When powering off the eBackup Server, you cannot perform other operations
on it.
● You have prepared a cross-platform remote access tool, for example, PuTTY.
Context
After the eBackup Server is powered off, services are interrupted.
NOTICE
If the HA function is enabled, power off the standby node and then the active
node. Otherwise, data within 10 minutes after the last power-off may be lost.
Run the service hcp status command as user root. If AdminNode is running is
displayed in the command output, the node is the active node. Otherwise, the
node is the standby node.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 199
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Procedure
Step 1 Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run TMOUT=0 to prevent the system from exiting due to timeout.
NOTE
After you run this command, the system continues to run when no operation is performed,
resulting in a risk. For security, run exit to exit the system.
Step 4 Run shutdown -h now command to power off the eBackup server.
----End
6.4 Security Management
This section describes security operations related to eBackup account
management and certificate management.
6.4.1 Account Management
To ensure security of the backup system, regularly change the passwords of the
eBackup accounts.
NOTE
For details about all the accounts of eBackup backup management system, see OceanStor
BCManager 8.1.0 eBackup Account List (Virtualization).
6.4.1.1 Changing the Password of the eBackup Login Account
Upon your initial login, you need to change the initial password to ensure account
security. Regularly changing the password helps improve user information security.
Prerequisites
● You have obtained the backup management plane IP address, user name, and
password of backup server.
● You have prepared a cross-platform remote access tool, for example, PuTTY.
Context
● Upon initial login to eBackup as user admin, you need to change the intial
password (PXU9@ctuNov17!) as prompted.
● You are asked to change your password if you are using a new account, or
your password expired, or you are logging in to eBackup for the first time
after the administrator resets your account.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 200
OceanStor BCManager
eBackup User Guide 6 System Maintenance
● You can change the password of the eBackup login account in GUI or CLI.
Procedure
● Change the password in GUI.
a. Log in to the eBackup GUI as user admin.
b. In the upper right corner of the management page, click the drop-down
arrow next to the login user.
c. In the shortcut menu that is displayed, choose Change Password.
d. Enter the old password, a new password, and the confirm password in
Old Password, New Password, and Confirm Password respectively.
By default, a password:
▪ Contains 8 to 16 characters.
▪ Contains at least one special character. Special characters include !"#
$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces.
▪ Contains at least two of the following types of characters: uppercase
letters, lowercase letters, and digits.
▪ Cannot contain three consecutive identical characters.
▪ Cannot be the same as the user name or the reverse of the user
name or contain consecutive characters of the user name.
▪ In addition, the password cannot be the same as the passwords in
the following path: /opt/huawei-data-protection/ebackup/
microservice/ebk_iam/conf (case-insensitive).
e. Click OK.
● Change the password in CLI.
a. Use PuTTY to log in to the backup server as user hcp.
b. Run su root, and input the password of the root account to switch to the
root account.
c. Run TMOUT=0 to prevent the system from exiting due to timeout.
NOTE
After you run this command, the system continues to run when no operation is
performed, resulting in a risk. For security, run exit to exit the system.
d. Run cd /opt/huawei-data-protection/ebackup/cli to enter the CLI
command path.
e. Run sh hcpcli.sh admin and input the CLI login password to enter the CLI
mode.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 201
OceanStor BCManager
eBackup User Guide 6 System Maintenance
If you log in for the first time, you need to change the initial password to
ensure account security.
To change the password of an account, log in using the account first.
NOTE
The password of admin used in the CLI is the same as that of admin used for
logging in to the eBackup GUI. If the password of admin is changed using the
CLI, the password of admin used for logging in to the GUI is also changed.
f. Run the management command.
The system enters the management view.
g. Run change user_password to change the login password.
Password Rule Example
● Contains 8 to 16 characters. Huawei@CLOUD8
● Contains one special character. Special
characters include ~`!@#$%^&*()_+|{}:"<>?-=
\[];',./ and space.
● Contains any two types of the uppercase
letters, lowercase letters, and digits.
● Cannot contain three consecutive same
characters.
● Cannot be the same as the user name or the
user name typed backwards.
● In addition, the password cannot be the
same as the passwords in the following
path: /opt/huawei-data-protection/
ebackup/microservice/ebk_iam/conf (case-
insensitive).
h. Input the old password and press Enter.
The following information is displayed:
management:/>change user_password
Old password:*********
New password:
i. Input a new password and press Enter.
The following information is displayed:
Reenter password:
j. Input the new password again and press Enter.
The password is changed successfully if the following information is
displayed:
Command executed successfully.
6.4.1.2 Changing the Password of the NBIUser Account
You are advised to periodically change the password of the northbound REST
interface interconnection user of eBackup to ensure information security.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 202
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Procedure
Step 1 Log in to the backup server GUI as user admin.
Step 2 Disable the password locking function.
To prevent the account from being locked during password change, choose
Settings > Account > Security Policy, and deselect Password Lock before
changing the password. After changing the password, select Password Lock again.
Security risks exist if you deselect Password Lock. Select Password Lock again as
soon as possible after changing the password.
Step 3 Choose > Account > Users.
Step 4 Move the mouse pointer to the line where the NBIUser account resides and click
to change the password of the account.
Step 5 Set Password and Confirm Password.
In addition, the password cannot be the same as the passwords in the following
path: /opt/huawei-data-protection/ebackup/microservice/ebk_iam/conf (case-
insensitive).
The password complexity requirements are as follows:
● Contains 8 to 16 characters.
● Contains at least one special character, including !"#$%&'()*+,-./:;<=>?
@[\]^`{_|}~ and spaces.
● Contain any two types of the uppercase letters, lowercase letters, and digits.
● Can contain a maximum of three consecutive identical characters.
● Cannot be the same as the account name or the reverse of the user name or
contain consecutive characters of the account name.
Step 6 Click OK.
----End
6.4.1.3 Changing the Account Password of the IAM Authentication
Microservice
You are advised to periodically change passwords of microservices to improve user
information security.
Prerequisites
● You have obtained the backup management plane IP address of the backup
server as well as user name and password used for login.
● You have prepared a cross-platform remote access tool, for example, PuTTY.
Procedure
Step 1 Log in to eBackup GUI as an administrator.
Step 2 Disable the password locking function.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 203
OceanStor BCManager
eBackup User Guide 6 System Maintenance
To prevent the account from being locked during password change, choose >
Account > Security Policy, and deselect Password Lock before changing the
password. After changing the password, select Password Lock again. Security risks
exist if you deselect Password Lock. Select Password Lock again as soon as
possible after performing operations in this section.
Step 3 On the navigation bar, choose > Account > Users.
Step 4 You can move the mouse pointer to or click the desired interface interconnection
user (The default account is msuser). Then, click , and change the password of
the user.
Step 5 Enter the new password and then confirm it.
By default, a password:
● Contains 8 to 16 characters.
● Contains at least one special character, including !"#$%&'()*+,-./:;<=>?
@[\]^`{_|}~ and spaces.
● Contains at least two of the following types of characters: uppercase letters,
lowercase letters, and digits.
● Cannot contain three consecutive identical characters.
● Cannot be the same as the user name or the reverse of the user name or
contain consecutive characters of the user name.
● In addition, the password cannot be the same as the passwords in the
following path: /opt/huawei-data-protection/ebackup/microservice/
ebk_iam/conf (case-insensitive).
Step 6 Click OK.
Step 7 Use PuTTY to log in to the eBackup server as user hcp.
On all nodes where eBackup is deployed, perform Step 7 to Step 15 to change the
passwords in the configuration file of internal components connected to the
nodes.
Step 8 Run su root, and input the password of the root account to switch to the root
account.
Step 9 Run the TMOUT=0 command to prevent PuTTY from exiting due to session
timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 10 Run the cd /opt/huawei-data-protection/ebackup/bin command to go to
the /bin path.
Step 11 Run the sh change_iam_passwd.sh command, and change the password of the
interface interconnection user (The default account is msuser).
The following command output is displayed:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 204
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Please enter the IAM user name of AdminNode and BackupNode. To use the default username (msuser)
press Enter.
Step 12 Enter the user name and password for accessing the IAM authentication
microservice, and press Enter.
You can use the default user name and press Enter.
The following command output is displayed:
Please enter the password of the IAM user:
Step 13 Type a new password and press Enter.
NOTE
The typed password must be the same as that set in Step 5.
The following command output is displayed:
Please confirm the password of the IAM user:
Step 14 Type the new password again and press Enter.
The password is changed successfully if the following command output is
displayed:
Change password for the user successfully, now you should restart the eBackup service to make
configuration effective.
Step 15 Run the service hcp restart command to restart the eBackup service so that the
change can take effect.
----End
6.4.1.4 Changing the Password of the hcp Account
Upon your initial login, you need to change the initial password of the hcp
account to ensure account security. Regularly changing the password helps
improve user information security.
Prerequisites
● You have prepared a cross-platform remote access tool, for example, PuTTY.
● You have obtained the backup management plane IP address of eBackup.
● You have obtained the passwords of the backup server's root and hcp
accounts.
Context
● Account hcp is an O&M account of the eBackup operating system used for
performing inspections and collecting logs. The initial password is
PXU9@ctuNov17!.
● You are advised to change the password before the password expires. To
query the password expiration time of the hcp account, perform the following
steps:
a. Log in to the server as user hcp.
b. Run the TMOUT=0 command to prevent the system from exiting due to
timeout.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 205
OceanStor BCManager
eBackup User Guide 6 System Maintenance
c. Run the chage -l hcp command.
▪ The value of Password expires is the password expiration time.
▪ Minimum number of days between password change indicates
that the password cannot be changed again within N days after the
password of account hcp is changed.
Procedure
● Method one
a. Use PuTTY to log in to the eBackup server as user hcp.
b. Run su root, and input the password of the root account to switch to the
root account.
c. Run TMOUT=0 to prevent the system from exiting due to timeout.
NOTE
After you run this command, the system continues to run when no operation is
performed, resulting in a risk. For security, run exit to exit the system.
d. Run passwd hcp to change password of the hcp account.
The following information is displayed:
Changing password for hcp.
New password:
Password Rule Example
● Contains at least 8 characters in the Euler Huawei@CLOUD8
operating system.
● Contains at least three types of the following
characters:
– Uppercase letter
– Lowercase letter
– Digit
– Special character. Special characters
include ~`!@#$%^&*()_+|{}:"<>?-=\[];',./
and space.
● The password cannot contain the user name
or the user name written backwards.
● The password cannot be based on a
dictionary word of the operating system.
e. Input a new password and press Enter.
The following information is displayed:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 206
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Retype new password:
f. Input the new password again and press Enter.
The password is changed successfully if the following information is
displayed:
passwd: all authentication tokens updated successfully.
● Method Two
a. Use PuTTY to log in to the eBackup server as user hcp.
b. Run the TMOUT=0 command to prevent the system from exiting due to
timeout.
NOTE
After the preceding command is executed, the system remains running even
when no operation is performed, posing security risks. For security purposes, run
the exit command to exit the system after you finish performing operations.
c. Run passwd to change password of the hcp account.
The following information is displayed:
Changing password for user hcp.
Changing password for hcp.
(current) UNIX password:
d. Input the old password and press Enter.
The following information is displayed:
New password:
The recommended password rule is as follows:
Password Rule Example
● Contains at least 8 characters in the Euler Huawei@CLOUD8
operating system.
● Contains at least three types of the following
characters:
– Uppercase letter
– Lowercase letter
– Digit
– Special character. Special characters
include ~`!@#$%^&*()_+|{}:"<>?-=\[];',./
and space.
● The password cannot contain the user name
or the user name written backwards.
● The password cannot be based on a
dictionary word of the operating system.
e. Input a new password and press Enter.
The following information is displayed:
Retype new password:
f. Input the new password again and press Enter.
The password is changed successfully if the following information is
displayed:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 207
OceanStor BCManager
eBackup User Guide 6 System Maintenance
all authentication tokens updated successfully.
6.4.1.5 Changing the Password of the root Account
Upon your first login to the server of the eBackup operating system, you are
advised to change the initial password of the root account to ensure account
security. Regularly changing the root password helps improve user information
security.
Prerequisites
● You have prepared a cross-platform remote access tool, for example, PuTTY.
● You have obtained the backup management plane IP address of eBackup
server whose password you want to change.
● You have obtained the login password of the hcp account and the root
account.
Procedure
Step 1 Use PuTTY to log in to the eBackup server as user hcp.
Step 2 Run su root, and input the password of the root account to switch to the root
account.
Step 3 Run TMOUT=0 to prevent the system from exiting due to timeout.
NOTE
After the preceding command is executed, the system remains running even when no
operation is performed, posing security risks. For security purposes, run the exit command
to exit the system after you finish performing operations.
Step 4 Run passwd to change the password of the root account.
The following information is displayed:
Changing password for user root.
Step 5 Type the old password and press Enter.
The following information is displayed:
New password:
The password complexity requirements are as follows:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 208
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Password Rule Example
● Contains at least 8 characters in the Euler Huawei@CLOUD8
operating system.
● Contains at least three types of the following
characters:
– Uppercase letter
– Lowercase letter
– Digit
– Special character. Special characters include ~`!
@#$%^&*()_+|{}:"<>?-=\[];',./ and spaces.
● The password cannot contain the user name or the
user name written backwards.
● The password cannot be based on a dictionary
word of the operating system.
Step 6 Input a new password and press Enter.
The following information is displayed:
Retype new password:
Step 7 Input the new password again and press Enter.
The password is changed successfully if the following information is displayed:
passwd: all authentication tokens updated successfully.
----End
6.4.1.6 Changing the grub Password
When eBackup is installed, the OS grub booting program is used. Administrators
can change the grub password of the node operating system to improve the
system maintenance security.
Prerequisites
● You have prepared a cross-platform remote access tool, for example, PuTTY.
● You have obtained the backup management plane IP address of eBackup.
● The passwords of users root and hcp have been obtained.
Procedure
Step 1 Use PuTTY to log in to the eBackup server as user hcp.
Step 2 Run su root, and input the password of the root account to switch to the root
account.
Step 3 Run TMOUT=0 to prevent the system from exiting due to timeout.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 209
OceanStor BCManager
eBackup User Guide 6 System Maintenance
NOTE
After you run this command, the system continues to run when no operation is performed,
resulting in a risk. For security, run exit to exit the system.
Step 4 Run the following command to generate a ciphertext for the grub password.
Euler operating system: grub2-mkpasswd-pbkdf2
Step 5 Type a new password and press Enter.
Password Rule (Recommended) Example
● Contains 8 to 32 characters. Huawei@CLOUD8
● Contains at least two types of the following
characters:
– Uppercase letter
– Lowercase letter
– Digit
● Contains at least one special character. Special
characters include ~`!@#$%^&*()_+|{}:"<>?-=\[];',./
and space.
● Differs from the user name.
● Differs from the current password.
● Differs from the user name written backwards.
The following information is displayed:
Retype password:
Step 6 Type the new password again and press Enter.
The command output returns the new password in ciphertext. Record the
ciphertext.
Step 7 Run the following command to open the file that contains grub boot parameters.
Euler operating system: vi /boot/grub2/grub.cfg
If the /boot/grub2/grub.cfg file does not exist, run the vi /boot/efi/EFI/euleros/
grub.cfg command.
Step 8 Press i to enter the editing mode.
Step 9 Replace the ciphertext the new password.
For the Euler operating system, replace the ciphertext next to the
password_pbkdf2 root parameter with that of the new password.
Step 10 Press Esc to exit editing mode, enter :wq, and press Enter.
The system saves the configuration and exits the vi editor.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 210
OceanStor BCManager
eBackup User Guide 6 System Maintenance
6.4.1.7 Changing the Password of a Database Account
To ensure eBackup backup management system database security, you are advised
to regularly change the password of your database account.
Prerequisites
● You have obtained the passwords of the GaussDB, eBkDbAdmin, eBkDbUser
and eBkDbUserSec database account.
● You have obtained the backup management plane IP address of eBackup
server.
● You have prepared a cross-platform remote access tool, for example, PuTTY.
Context
● The initial passwords of the GaussDB, eBkDbAdmin, eBkDbUser and
eBkDbUserSec account are Huawei@CLOUD8!.
● Log in to the database in an interactive way. For example, run ./gsql -d
admindb -U eBkDbAdmin -p 6432, and then input the password of the
database account. This avoids recording the password in files such
as .bash_history in case of password leakage.
Procedure
Step 1 Use PuTTY to log in to the backup server as user hcp.
If HA has been configured, perform the following operations on the active backup
server.
Step 2 Run su root, and input the password of the root account to switch to the root
account.
Step 3 Run TMOUT=0 to prevent the system from exiting due to timeout.
NOTE
After the preceding command is executed, the system remains running even when no
operation is performed, posing security risks. For security purposes, run the exit command
to exit the system after you finish performing operations.
Step 4 Run cd /opt/huawei-data-protection/eBackup/bin to enter the save path of the
script.
Step 5 Run sh change_db_passwd.sh to change the database password.
The following information is displayed:
The operations you can execute are:
1. Change_db_password
2. Switch ebk user
Please choose the operator number that you want to execute:
Step 6 Enter 1 and press Enter.
The following information is displayed:
Please enter the password of admin:
Step 7 Enter the password for user admin to log in to eBackup.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 211
OceanStor BCManager
eBackup User Guide 6 System Maintenance
The following information is displayed:
The users you can change password are:
1. eBkDbAdmin
2. eBkDbUserSec
3. GaussDB
Please choose the user's number that you want to change password:
Step 8 Enter 1, 2 or 3 and press Enter.
The following information is displayed:
Please input the old password:
NOTE
The database uses the dual account password mechanism. If you enter 2, in the second
item, eBkDbUserSec or eBkDbUser will be displayed as the equivalent account. If
eBkDbUserSec is displayed, the current used account is eBkDbUser. You can change only
the password of account eBkDbUserSec not used. After the modification is successful,
perform the following steps to switch to account eBkDbUserSec.
Step 9 Enter the old password and press Enter.
The following information is displayed:
Please input the new password:
Step 10 Enter the new password and press Enter.
Password Rule Example
● Contains 8 to 32 characters. Huawei@CLOUD8
● Contains at least three types of the following
characters:
– Uppercase letter
– Lowercase letter
– Digit
– Special character.
Special characters include ~!@#%^*()-_=+
[{}]:',./?
● Differs from the modified database user name.
● Differs from the current password.
● Differs from the modified database user name
written backwards.
The following information is displayed:
Please reenter the new password:
Step 11 Enter the new password again and press Enter.
The password is changed successfully if the information is displayed.
Change local password success.
The request that changing user passwd has been successfully sent to governance.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 212
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 12 The password is changed successfully. If you enter 2 in Step 8, change the
password of account eBkDbUserSec. Then, perform the following steps to switch
the user.
Step 13 Run the sh change_db_passwd.sh command to switch the active account to the
account whose password is changed.
The following information is displayed:
The operations you can execute are:
1. Change_db_password
2. Switch ebk user
Please choose the operator number that you want to execute:
Step 14 Enter 2 and press Enter.
The following information is displayed:
Please enter the password of admin:
Step 15 Enter the password of user admin.
The following information is displayed:
The current ebk user is eBkDbUser.Do you want switch user to eBkDbUserSec?
1. Yes
2. No
Please choose the operator number that you want to execute:
Step 16 Enter 1 and press Enter.
The switchover is successful if the following information is displayed:
The request that swithing user has been successfully sent to governance.
----End
6.4.2 Certificate Management
For security purposes, you are advised to use a certificate issued by a third-party
certification agency to replace the default certificate of eBackup.
6.4.2.1 Replacing SSL Certificates of eBackup Microservices
SSL certificates of eBackup microservices are used for SSL authentication. To
improve system O&M security, you are advised to use certificates issued by third-
party certification authorities to replace SSL certificates of eBackup microservices
and encrypt private key files.
Context
● Certificate replacement only supports certificates in the X509v3 PEM text
format and does not support certificates in the DER binary format.
● The eBackup microservices support SSL certificates issued by multi-level CAs.
Prerequisites
● You have obtained the CA certificate file, microservice certificate file, and
private key file.
● A cross-platform remote access tool, such as PuTTY, is available.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 213
OceanStor BCManager
eBackup User Guide 6 System Maintenance
● A cross-platform file transfer tool, such as WinSCP, is available.
Procedure
Step 1 Use PuTTY to log in to the eBackup server as user hcp.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to session
timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 4 Use hcp account through WinSCP to save new CA certificate files, microservice
certificate files, and private key files to path /tmp.
You can run the chmod 444 certificate file name command to allow account
hcpprocess to read CA certificate files, microservice certificate files, and private
key files.
Example: chmod 444 /tmp/cacert.pem
Step 5 Run the cd /opt/huawei-data-protection/ebackup/cli command to go to the CLI
command path.
Step 6 Select operations to perform based on the role:
NOTE
If you want to replace the eBackup Portal certificate, you only need to log in to the backup
server to perform the replacement.
● Backup server:
If HA has been configured, perform the following operations only on the
active backup server.
a. Run the following command, and enter the CLI login password to go to
the CLI mode.
sh hcpcli.sh admin
The default password is PXU9@ctuNov17!, which is the same as the
password of user admin for logging in to the eBackup GUI.
b. Run the following command. The system enters the setting view.
setting
c. Run the following command. The following command output is displayed:
change certification replace
The following command output is displayed:
WARN: This operation may restart nginx service.
Are you sure you want to continue. [yes/no]?
● Backup proxy:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 214
OceanStor BCManager
eBackup User Guide 6 System Maintenance
If HA has been configured, perform the following operations on the standby
backup server and backup proxy.
a. Run the following command.
export LD_LIBRARY_PATH=/opt/huawei-data-protection/ebackup/libs/
b. Run the following command to replace the certificate.
su -s /bin/sh hcpprocess -c "/opt/huawei-data-protection/
ebackup/cli/nginxcert_utilities.sh replace"
The following command output is displayed:
WARN: This operation may restart nginx service.
Are you sure you want to continue. [yes/no]?
Step 7 After reading the information that is displayed, type yes to confirm the
information and press Enter.
The following shows a command output example:
Please select microservice name:
1.ebk_governance
2.ebk_iam
3.ebk_license
4.ebk_alarm
5.ebk_backup
6.ebk_restore
7.ebk_delete
8.ebk_copy
9.ebk_vmware
10.ebk_lb
11.ebk_accelerator
12.ebk_mgr
13.ebk_fsbackup
14.ebk_jobmanager
15.all
Step 8 Type the ID of the microservice whose certificate you want to replace, and press
Enter.
If you need to replace the eBackup Portal certificate, type the ID corresponding to
the ebk_lb microservice.
NOTICE
If HA has been configured for the backup server and backup proxy, do not select
the following microservices when replacing the certificate of the standby backup
server: ebk_governance, ebk_iam, ebk_license, ebk_alarm, ebk_lb, and all.
The following command output is displayed:
Please enter CA certificate file:
Step 9 Type the full path /tmp/** to the new CA certificate file, and press Enter.
The following command output is displayed:
Please enter certificate file:
Step 10 Type the full path /tmp/** to the new microservice certificate file, and press Enter.
The following command output is displayed:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 215
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Please enter private key file:
Step 11 Type the full path /tmp/** to the new private key file, and press Enter.
The following command output is displayed:
Please enter pass phrase for key file:
Step 12 Type the password of the private key file, and press Enter.
If the following command output is displayed, the replacement is successful:
Replace certificate. Successful
Step 13 Importing the Certificate to the Browser.
After replacing the eBackup portal certificate, you need to import the certificate to
the browser if you want no insecure link prompt to be displayed when you access
the eBackup portal.
For example, on the Google Chrome browser, choose Settings > Advanced >
Manage certificates > Trusted Root Certification Authorities > Import, select
certificates, and click Finish. Restart the browser.
----End
6.4.2.2 Resetting Certificates of eBackup Microservices to Factory Settings
If SSL certificates of eBackup microservices are faulty, you can reset the certificates
to factory settings.
Procedure
Step 1 Use PuTTY to log in to the eBackup server as user hcp.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to session
timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 4 Run the cd /opt/huawei-data-protection/ebackup/cli command to go to the CLI
command path.
Step 5 Select operations to perform based on the role:
● Backup server:
If HA has been configured, perform the following operations only on the
active backup server.
a. Run the sh hcpcli.sh admin command, and enter the CLI login password
to go to the CLI mode.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 216
OceanStor BCManager
eBackup User Guide 6 System Maintenance
The default password is PXU9@ctuNov17!, which is the same as the
password of user admin for logging in to the eBackup GUI.
b. Run the setting command.
The system enters the setting view.
c. Run the change certification reset command.
The following information is displayed:
WARN: This operation may restart nginx service.
Are you sure you want to continue. [yes/no]?
● Backup proxy:
If HA has been configured, perform the following operations on the standby
backup server and backup proxy.
a. Run the su -s /bin/sh hcpprocess -c "/opt/huawei-data-protection/
ebackup/cli/nginxcert_utilities.sh reset" command.
The following information is displayed:
WARN: This operation may restart nginx service.
Are you sure you want to continue. [yes/no]?
Step 6 Type yes, and press Enter.
The following shows a command output example:
Please select microservice name:
1.ebk_governance
2.ebk_iam
3.ebk_license
4.ebk_alarm
5.ebk_backup
6.ebk_restore
7.ebk_delete
8.ebk_copy
9.ebk_vmware
10.ebk_lb
11.ebk_accelerator
12.ebk_mgr
13.ebk_fsbackup
14.ebk_jobmanager
15.all
Step 7 Type the ID of the microservice whose certificate you want to reset, and press
Enter.
To restore all microservices to factory settings, enter the number corresponding to
the option all.
If the following command output is displayed, the reset is successful:
Reset certificate. Successful
----End
6.4.2.3 Changing the SSL Certificate Key File Password of the eBackup
Microservices
This section explains how to change passwords of private key files of eBackup
microservices' SSL certificates.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 217
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Procedure
Step 1 Use PuTTY to log in to the eBackup server as user hcp.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to session
timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 4 Run the cd /opt/huawei-data-protection/ebackup/cli command to go to the CLI
command path.
Step 5 Select operations to perform based on the role:
● Backup server:
If HA has been configured, perform the following operations only on the
active backup server.
a. Run the sh hcpcli.sh admin command, and enter the CLI login password
to go to the CLI mode.
The default password is PXU9@ctuNov17!, which is the same as the
password of user admin for logging in to the eBackup GUI.
b. Run the setting command.
The system enters the setting view.
c. Run the change certification keyfile_password command.
The following information is displayed:
WARN: This operation may restart nginx service.
Are you sure you want to continue. [yes/no]?
● Backup proxy:
If HA has been configured, perform the following operations on the standby
backup server and backup proxy.
a. Run the export LD_LIBRARY_PATH=/opt/huawei-data-protection/
ebackup/libs/ command.
b. Run the su -s /bin/sh hcpprocess -c "/opt/huawei-data-protection/
ebackup/cli/nginxcert_utilities.sh modify" command.
The following information is displayed:
WARN: This operation may restart nginx service.
Are you sure you want to continue. [yes/no]?
Step 6 Type yes, and press Enter.
The following shows a command output example:
Please select microservice name:
1.ebk_governance
2.ebk_iam
3.ebk_license
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 218
OceanStor BCManager
eBackup User Guide 6 System Maintenance
4.ebk_alarm
5.ebk_backup
6.ebk_restore
7.ebk_delete
8.ebk_copy
9.ebk_vmware
10.ebk_lb
11.ebk_accelerator
12.ebk_mgr
13.ebk_fsbackup
14.ebk_jobmanager
15.all
Step 7 Select the ID of the microservice whose password of the private key file needs to
be changed, and press Enter.
NOTICE
If HA has been configured for the backup server and backup proxy, do not select
the following microservices when changing the SSL certificate key file password of
the standby backup server microservices: ebk_governance, ebk_iam, ebk_license,
ebk_alarm, ebk_lb, and all.
Please enter old pass phrase:
Step 8 Type the old password, and press Enter.
● If you change the password of the private key file before delivery, the initial
password is PXU9@ctuNov17!.
● If the user has replaced the certificate or has changed the password of the
private key file, the user must provide the original password.
Please enter new pass phrase:
Step 9 Type a new password, and press Enter.
Verifying - Enter new pass phrase:
Step 10 Type the new password again, and press Enter.
If the following command output is displayed, the modification is successful:
Modify certificate pass phrase. Successful
----End
6.4.2.4 Replacing the SSL Certificate of eBackup OMMHA for
Communication Between the Active and Standby Backup Servers
The SSL certificates of eBackup OMMHA for communication between the active
and standby backup servers are used for SSL authentication. To improve system
O&M security, you are advised to use a certificate issued by a third-party
certification authority to replace the default one, and encrypt the private key file.
Context
● After adding an HA node, replace SSL certificates of eBackup OMMHA for
communication between the active and standby backup servers. New
certificates on both servers must be issued by the same CA certificate.
Otherwise, communication fails.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 219
OceanStor BCManager
eBackup User Guide 6 System Maintenance
● When you replace the SSL certificate, the system automatically restarts the
OMMHA process.
● Certificate replacement only supports certificates in the X509v3 PEM text
format and does not support certificates in the DER binary format.
Prerequisites
● You have obtained the CA certificate file, OMMHA certificate file, and private
key file. To ensure system security, you need to delete the CA certificate file,
OMMHA certificate file, and private key file immediately after certificate
replacement.
● You have obtained the management plane IP address of eBackup server.
● A cross-platform remote access tool, such as PuTTY, has been prepared.
● A cross-platform file transfer tool, such as WinSCP, has been prepared.
Procedure
Step 1 Use PuTTY to log in to the active and standby backup servers as user hcp.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to session
timeout.
NOTE
After you run this command, the system continues to run when no operation is performed,
resulting in a risk. For security purposes, you are advised to run the exit command to exit
the system after completing your operations.
Step 4 Use WinSCP to save the CA certificate file, OMMHA certificate file, and private
key file to path /tmp.
Step 5 Run the cd /opt/huawei-data-protection/ebackup/bin command to go to
the /bin directory.
Step 6 Run the sh cert_replace.sh ommha command.
The following command output is displayed:
WARN: This operation will restart OMMHA server and the link between primary node and standby node
may be disconnected for a while.
Are you sure you want to continue. [yes/no]?
Step 7 After reading the information that is displayed, enter yes to confirm the
information and press Enter.
The following command output is displayed:
Please enter CA certificate file:
Step 8 Enter the /tmp/** full path to the CA certificate file, and press Enter.
The following command output is displayed:
Please enter ommha certificate file:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 220
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 9 Enter the /tmp/** full path to the certificate file of OMMHA, and press Enter.
The following command output is displayed:
Please enter private key file:
Step 10 Enter the /tmp/** full path to the private key file, and press Enter.
The following command output is displayed:
Please enter pass phrase for key file:
Step 11 Enter the password of the private key file and press Enter.
If the following command output is displayed, the certificate file is successfully
replaced.
replace ommha certificate success!
If the following error information is displayed, no further action is required.
Because the HA certificate of the standby node is not replaced, the
communication between the active and standby HA services is abnormal. After the
HA certificate of the standby node is replaced, the communication between the
active and standby HA services becomes normal.
Error:replace ommha certificate failed!
ERROR: Restart apache failed.
Replace certificate. Failed.
Step 12 Run the cd /opt/huawei-data-protection/ebackup/ha/local/cert command to
go to the /cert directory.
Step 13 Run the openssl x509 -in **.pem -fingerprint -noout command, where **.pem
needs to be replaced with the CA certificate file name (for example, ca.pem) to
view the fingerprint information. If the fingerprint information of the two servers
is consistent, the two servers use the same CA certificate.
----End
6.4.2.5 Replacing the SSL Certificate of the eBackup GaussDB
The SSL certificate of the eBackup GaussDB is used for SSL authentication. To
improve system O&M security, you are advised to use a certificate issued by a
third-party certification authority to replace the SSL certificate of the eBackup
GaussDB and encrypt the private key file.
Context
● When you replace the SSL certificate of eBackup GaussDB, the system
automatically restarts GaussDB. To minimize the impact of the GaussDB re-
startup on services, you are advised to replace the certificate in off-peak
hours.
● Certificate replacement only supports certificates in the X509v3 PEM text
format and does not support certificates in the DER binary format.
● The eBackup GaussDB supports SSL certificates issued by multi-level CAs.
● If the HA function is not configured for the backup server, perform the
operations in this section on the backup server. If the HA function has been
configured for the backup server, replace the SSL certificate of eBackup
GaussDB by referring to 6.4.2.6 Replacing the SSL Certificate of eBackup
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 221
OceanStor BCManager
eBackup User Guide 6 System Maintenance
GaussDB for Communication Between the Active and Standby Backup
Servers.
Prerequisites
● You have obtained the CA certificate file, DB certificate file, and private key
file. To ensure system security, you need to delete the CA certificate file, DB
certificate file, and private key file immediately after certificate replacement.
● Management plane IP addresses of the backup server have been obtained.
● The password of the private key file of the eBackup GaussDB certificate has
been obtained. The initial password is PXU9@ctuNov17!.
● A cross-platform remote access tool, such as PuTTY, is available.
● A cross-platform file transfer tool, such as WinSCP, is available.
Procedure
Step 1 Use PuTTY to log in to the backup server through a management IP address.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to timeout.
NOTE
After the preceding command is executed, the system remains running even when no
operation is performed, which results in security risks. For security purposes, run the exit
command to exit the system after you finish performing operations.
Step 4 Use WinSCP to save the CA certificate file, DB certificate file, and private key file
to path /tmp.
Step 5 Run the cd /opt/huawei-data-protection/ebackup/bin command to go to
the /bin directory.
Step 6 Run the sh cert_replace.sh db command.
The following command output is displayed:
WARN: This operation will restart GaussDB server.
Are you sure you want to continue. [yes/no]?
Step 7 After reading the information that is displayed, enter yes to confirm the
information and press Enter.
The following command output is displayed:
Please enter CA certificate file:
Step 8 Enter the /tmp/** full path to the CA certificate file, and press Enter.
The following command output is displayed:
Please enter db certificate file:
Step 9 Enter the /tmp/** full path to the DB certificate file, and press Enter.
The following command output is displayed:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 222
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Please enter private key file:
Step 10 Enter the /tmp/** full path to the private key file, and press Enter.
The following command output is displayed:
Please enter pass phrase for key file:
Step 11 Enter the password of the private key file and press Enter.
If the following command output is displayed, the certificate file is successfully
replaced.
replace db certificate success!
----End
Follow-up Procedure
● If the SSL certificate of the backup server GaussDB is replaced and is not
generated by the CA root certificate of eBackup, you need to perform the
following operations on the backup server and all the backup proxies:
a. Use PuTTY to log in to the backup server and backup proxies as user hcp.
b. Run the su root command and enter the password of user root to switch
to user root.
The default password of user root is Cloud12#$.
c. Run the TMOUT=0 command to prevent PuTTY from exiting due to
timeout.
d. If the SSL certificate is issued by multi-level CAs, place all CA information,
such as the root CA and level-2 CA into certificate file cacert.pem in
sequence.
e. Use WinSCP to copy CA certificate file cacert.pem to the following paths:
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_backup/
conf
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_copy/
conf
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_delete/
conf
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_restore/
conf
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_vmware/
conf
NOTE
The name of the CA certificate file must be cacert.pem.
f. Run the chown hcpprocess:hcpmgr cacert.pem command to change the
owner of the CA certificate.
g. Run the chmod 400 cacert.pem command to change the permissions of
the CA certificate.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 223
OceanStor BCManager
eBackup User Guide 6 System Maintenance
h. Run the service hcp restart command to restart the eBackup service
process.
6.4.2.6 Replacing the SSL Certificate of eBackup GaussDB for
Communication Between the Active and Standby Backup Servers
The SSL certificates of eBackup GaussDB for communication between the active
and standby backup servers are used for SSL authentication. To improve system
O&M security, you are advised to use a certificate issued by a third-party
certification authority to replace the default one, and encrypt the private key file.
Context
● After adding an HA node, replace SSL certificates of eBackup GaussBD for
communication between the active and standby backup servers. New
certificates on both servers must be issued by the same CA certificate.
Otherwise, communication fails.
● When you replace the SSL certificate of eBackup GaussDB for communication
between the active and standby backup servers, the system automatically
restarts the GaussDB. To minimize the impact of the GaussDB re-startup on
services, you are advised to replace the certificate in off-peak hours.
● Certificate replacement only supports certificates in the X509v3 PEM text
format and does not support certificates in the DER binary format.
● The communication between eBackup GaussDB on active and standby backup
nodes supports SSL certificates issued by multi-level CAs.
Prerequisites
● You have obtained the CA certificate file, DB certificate file, and private key
file. To ensure system security, you need to delete the CA certificate file, DB
certificate file, and private key file immediately after certificate replacement.
● A cross-platform remote access tool, such as PuTTY, has been prepared.
● A cross-platform file transfer tool, such as WinSCP, has been prepared.
Procedure
Step 1 Use PuTTY to log in to the active and standby backup servers as user hcp.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to session
timeout.
NOTE
After the preceding command is executed, the system remains running even when no
operation is performed, posing security risks. For security purposes, run the exit command
to exit the system after you finish performing operations.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 224
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 4 Use WinSCP to save the CA certificate file, DB certificate file, and private key file
to path /tmp.
Step 5 Run the cd /opt/huawei-data-protection/ebackup/bin command to go to
the /bin directory.
Step 6 Run the sh cert_replace.sh db command.
The following command output is displayed:
WARN: This operation will restart GaussDB server.
Are you sure you want to continue. [yes/no]?
Step 7 After reading the information that is displayed, enter yes to confirm the
information and press Enter.
The following command output is displayed:
Please enter CA certificate file:
Step 8 Enter the /tmp/** full path to the CA certificate file, and press Enter.
The following command output is displayed:
Please enter db certificate file:
Step 9 Enter the /tmp/** full path to the DB certificate file, and press Enter.
The following command output is displayed:
Please enter private key file:
Step 10 Enter the /tmp/** full path to the private key file, and press Enter.
The following command output is displayed:
Please enter pass phrase for key file:
Step 11 Enter the password of the private key file and press Enter.
If the following command output is displayed, the certificate file is successfully
replaced.
replace db certificate success!
Step 12 Run the cd /opt/huawei-data-protection/ebackup/db/cert command to go to
the /cert directory.
Step 13 Run the openssl x509 -in **.pem -fingerprint -noout command, where **.pem
needs to be replaced with the CA certificate file name (for example, cacert.pem)
to view the fingerprint information. If the fingerprint information of the two
servers is consistent, the two servers use the same CA certificate.
----End
Follow-up Procedure
● If the SSL certificate of the backup server GaussDB is replaced and is not
generated by the CA root certificate of eBackup, you need to perform the
following operations on the backup server and all the backup proxies:
a. Use PuTTY to log in to the backup server and backup proxies as user hcp.
b. Run the su root command and enter the password of user root to switch
to user root.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 225
OceanStor BCManager
eBackup User Guide 6 System Maintenance
The default password of user root is Cloud12#$.
c. Run the TMOUT=0 command to prevent PuTTY from exiting due to
timeout.
d. If the SSL certificate is issued by multi-level CAs, place all CA information,
such as the root CA and level-2 CA into certificate file cacert.pem in
sequence.
e. Use WinSCP to copy CA certificate file cacert.pem to the following paths:
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_backup/
conf
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_copy/
conf
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_delete/
conf
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_restore/
conf
▪ /opt/huawei-data-protection/ebackup/microservice/ebk_vmware/
conf
NOTE
The name of the CA certificate file must be cacert.pem.
f. Run the chown hcpprocess:hcpmgr cacert.pem command to change the
owner of the CA certificate.
g. Run the chmod 400 cacert.pem command to change the permissions of
the CA certificate.
h. Run the service hcp restart command to restart the eBackup service
process.
6.4.2.7 Replacing User IAM Certificate
For details about replacing user IAM certificate, see this section. Perform
operations in this section on the backup server.
Context
● Certificate replacement only supports certificates in the X509v3 PEM text
format and does not support certificates in the DER binary format.
● IAM user authentication supports SSL certificates issued by multi-level CAs.
Prerequisites
● You have obtained the new CA certificate, IAM user authentication certificate
file, and private key file.
● A cross-platform remote access tool, such as PuTTY, is available.
● A cross-platform file transfer tool, such as WinSCP, is available.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 226
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Procedure
Step 1 Use PuTTY to log in to the backup server as user hcp.
If HA has been configured, perform the following operations on the active backup
server.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to session
timeout.
NOTE
After you run the preceding command, the system keeps running even no operation is
performed, resulting in a risk. For security purposes, you are advised to run the exit
command to exit the system after completing your operations.
Step 4 Use WinSCP to save the CA certificate file, IAM user authentication certificate file,
and private key file to the /opt path.
Step 5 Run the cd /opt/** command to go to the path where the IAM certificate to be
replaced is located.
For example: Run the cd /opt/huawei-data-protection/ebackup/microservice/
ebk_iam/script/ command.
Step 6 Run the sh replace_iam_cert.sh replace command.
The command output example is as follows:
WARN: This operation will replace the IAM cert and key.
Are you sure you want to continue. [yes/no]?
Step 7 Enter yes and press Enter.
The command output example is as follows:
Please enter CA certificate file:
Step 8 Enter the full path of the CA certificate /opt/**, and press Enter.
The following command output is displayed:
Please enter IAM certificate file:
Step 9 Enter the full path of the IAM certificate /opt/**, and press Enter.
The following command output is displayed:
Please enter private key file
Step 10 Enter the full path of the private key file /opt/**, and press Enter.
The following command output is displayed:
Please enter pass phrase for key file:
Step 11 Enter the password of the private key file, and press Enter.
If the following command output is displayed, the certificate file is successfully
replaced.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 227
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Replace IAM certificate.Successful
Step 12 Run the sh ebackup_stop.sh command to stop the IAM microservice.
The system will automatically restart the microservice.
----End
6.4.2.8 Changing the Password of the Private Key File of the GaussDB,
OMMHA, or IAM User Authentication Certificate
This section describes how to change the password of the private key file of the
GaussDB, OMMHA, or IAM user authentication certificate. In the factory settings
of IAM, the password of a private key file is generated randomly. Therefore, you
need to replace the IAM user authentication certificate before performing
operations in this section.
Procedure
Step 1 Use PuTTY to log in to the eBackup server where the private key file is stored.
● When HA is not configured, you need to log in to the backup server to change
the password of the GaussDB private key file. When HA is configured, you
need to log in to the active and standby backup servers.
● To change the password of the OMMHA private key file, you need to log in to
the active and standby backup servers.
● When HA is not configured, you need to log in to the backup server to change
the password of the private key file of the IAM user authentication certificate.
When HA is configured, you need to log in to the active backup server.
Step 2 Run the following command to go to the directory where the private key file is
stored:
cd Directory where the private key file is stored
Example:
The private key file of the GaussDB certificate is stored in the /opt/huawei-data-
protection/ebackup/db/cert directory.
The private key file of the OMMHA certificate is stored in the /opt/huawei-data-
protection/ebackup/ha/local/cert/ directory.
The private key file of the IAM user authentication certificate is stored in the /opt/
huawei-data-protection/ebackup/microservice/ebk_iam/conf directory.
Step 3 Run the following command to copy the CA certificate file, certificate file, and
private key file to another directory, for example, /tmp:
cp CA certificate file Certificate file Private key file /tmp
Example:
OMMHA: cp cacert.pem server.crt server.pem /tmp
GaussDB: cp cacert.pem server.crt server.key /tmp
IAM: cp ebk_cacert.pem server.crt server.key /tmp
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 228
OceanStor BCManager
eBackup User Guide 6 System Maintenance
In the preceding examples, ebk_cacert.pem indicates the name of the CA
certificate of IAM in factory settings. If you have replaced the IAM user
authentication certificate, this parameter indicates the name of the latest CA
certificate that is replaced by the user.
Step 4 Run the cd /tmp command to go to directory /tmp.
Step 5 Run the following command, enter the old and new passwords of the private key
file as prompted, and confirm the new password to change the password of the
private key file:
openssl rsa -in Private key file -out New private key file -aes256
In the preceding command, the name of New private key file is user-defined,
which must be different from the name of Private key file.
NOTE
● If OMMHA or GaussDB use the factory settings, the default password of the OMMHA
and GaussDB private key files are PXU9@ctuNov17!.
● In the factory settings of IAM, the password of a private key file is generated randomly.
Therefore, you need to replace the IAM user authentication certificate before performing
operations in this section.
● If IAM does not use the factory settings, the old password is provided by the user.
● The password of a private key file must meet the following complexity requirements:
– Contains 8 to 32 characters.
– Contains at least two types of the following characters: lowercase letters,
uppercase letters, digits, and special characters, including ~`!@#$%^&*()_+|{}:"<>?-
=\[];',./ and spaces.
Step 6 Replace the private key file on the eBackup server.
During the replacement, set the paths of the certificate file, CA certificate file, and
private key file to the new path set in Step 3.
● If you want to change the password of the private key file of the GaussDB SSL
certificate, replace the private key file by referring to 6.4.2.5 Replacing the
SSL Certificate of the eBackup GaussDB.
● If you want to change the password of the private key file of the SSL
certificate of the OMMHA active and standby backup servers, replace the
private key file by referring to 6.4.2.4 Replacing the SSL Certificate of
eBackup OMMHA for Communication Between the Active and Standby
Backup Servers.
● If you want to change the password of the private key file of the SSL
certificate of the GaussDB active and standby backup servers, replace the
private key file by referring to 6.4.2.6 Replacing the SSL Certificate of
eBackup GaussDB for Communication Between the Active and Standby
Backup Servers.
● If you want to change the password of the IAM user authentication
certificate, replace the private key file by referring to 6.4.2.7 Replacing User
IAM Certificate.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 229
OceanStor BCManager
eBackup User Guide 6 System Maintenance
6.4.2.9 Managing Certificates
You can import, view, and delete certificates on eBackup in a unified manner.
Procedure
Step 1 Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
Step 2 On the navigation bar, choose > Certificate.
Step 3 Import a certificate.
When eBackup and interconnected devices communicate using HTTPS, you are
advised to import a valid CA certificate. Otherwise, eBackup will fail to
authenticate information about the interconnected devices, resulting in security
risks.
1. Click Import.
2. Select the type of the certificate to be imported.
– Protected environment: When eBackup and protected environments
communicate using HTTPS, import a valid certificate to authenticate
information about the protected environments. Obtain the certificate
from a protected environment administrator.
– S3 storage: When an S3 storage unit is created, the communication
protocol between eBackup and the storage unit is HTTPS, and the S3
storage is used as the backup storage of management data, a valid
certificate can be used by the backup management system to verify the
storage unit information. Obtain the certificate from a storage device
administrator.
– Email server: When the email notification function is being enabled, if SSL
needs to be enabled, import a CA certificate of an SMTP server for
eBackup to authenticate email servers. Obtain the certificate from the
administrator of the SMTP server.
– FTP server: When the communication protocol between the server and
the FTP server is FTPS, a valid certificate enables the server to
authenticate the FTP server. Obtain the certificate from the administrator
of the FTP server.
3. Click , select the certificate you want to import, and click Upload.
4. Click OK.
Step 4 View a certificate.
On the Certificate page, view imported certificates. Table 6-8 shows detailed
information.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 230
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Table 6-8 Certificate details
Parameter Description
Fingerprint Mark used to identify a certificate.
Issued To Holder of the certificate.
Issued By Certificate authority that issues the certificate.
Type Type of the certificate to be imported. For details,
see 3.2.
Created Time Time when the certificate is applied for.
Certificate Expiration Time when the certificate expires. The expiration
Time time is confirmed after the certificate is issued.
Step 5 Delete a certificate.
Delete unnecessary or expired certificates.
1. Select a certificate that you want to delete, and click .
2. Read the information that is displayed, and click OK.
----End
6.4.3 Managing an eBackup Key
Viewing an eBackup Key
Step 1 Use PuTTY to log in to the eBackup server whose eBackup key is to be viewed.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the following command to switch to the directory containing the eBackup key
script:
cd /opt/huawei-data-protection/ebackup/bin/
Step 4 Run the following command to view the eBackup key of the current node:
sh import_kmc_key.sh -show
Information similar to the following is displayed.
[root@eBackup:/opt/huawei-data-protection/ebackup/bin]sh import_kmc_key.sh -show
/opt/huawei-data-protection/ebackup/bin
Current role is 0
***********************************************
Master key info for ebk_mgr
***********************************************
Master key information:
Domain:0, Key ID:1, Key status:0, Today-Create time:3 days
Domain:0, Key ID:2, Key status:1, Today-Create time:0 days
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 231
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Domain:1, Key ID:1, Key status:1, Today-Create time:0 days
***********************************************
Master key info for ebk_jobmanager
***********************************************
Master key information:
Domain:0, Key ID:1, Key status:0, Today-Create time:3 days
Domain:0, Key ID:2, Key status:1, Today-Create time:0 days
Domain:1, Key ID:1, Key status:1, Today-Create time:0 days
Table 6-9 describes the key parameters of an eBackup key.
Table 6-9 Key parameters of an eBackup key
Parameter Description
Key status Key status. The value can be 0, 1, or 2.
● 0: The key is not activated and can be used for
decryption.
● 1: The key is activated. The activated key can be used
for encryption and decryption.
● 2: The key is waiting for being activated and can be
used for decryption.
Today-Create time Number of days from which a key is generated.
----End
Importing an eBackup Key
If you need to use a self-prepared key instead of the key provided by eBackup, you
can import the key by referring to this section.
Before the import, ensure that the eBackup service is normal. You can run the
service hcp status command to check the microservice status. If the status of all
microservices is running, the eBackup service is normal.
Step 1 Use PuTTY to log in to the eBackup server to which an eBackup key is to be
imported.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the following commands in sequence in the directory where the key file is
stored to change the permission on the key file:
chmod 400 Key file name
chown root:root Key file name
Step 4 Run the following command to switch to the directory containing the eBackup key
script:
cd /opt/huawei-data-protection/ebackup/bin/
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 232
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 5 Run the following command to import an eBackup key:
sh import_kmc_key.sh -import
The following command output is displayed:
[root@eBackup:/opt/huawei-data-protection/ebackup/bin]sh import_kmc_key.sh -import
/opt/huawei-data-protection/ebackup/bin
Current role is 0
Please enter key file absolute path(eg:/opt/key.txt), the file size must be 16 bytes:
Enter the key path, for example, /opt/key.txt, as prompted.
NOTE
● The size of the key file must be 16 bytes.
● After the key is imported, the system automatically deletes the key file. Keep the key file
secure before importing it.
----End
Changing the eBackup Key Validity Period
The default validity period of an eBackup key is 1825 days. After the validity
period expires, eBackup randomly generates a key and automatically updates it.
Step 1 Use PuTTY to log in to the eBackup server whose eBackup key validity period is to
be modified.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the following command to switch to the directory containing the eBackup key
script:
cd /opt/huawei-data-protection/ebackup/bin/
Step 4 Run the following command to change the eBackup key validity period:
sh import_kmc_key.sh -change_expire_time
The following command output is displayed:
[root@eBackup:/opt/huawei-data-protection/ebackup/bin]sh import_kmc_key.sh -change_expire_time
/opt/huawei-data-protection/ebackup/bin
Current role is 0
Please enter the validity period of the master key. The validity period must be greater than or equal to 180
days and less than or equal to 36500 days:
Enter the validity period of the key as prompted. The validity period must range
from 180 days to 36500 days.
----End
6.4.4 Disabling the HTTP Protocol of the eBackup Web Server
The eBackup web server supports the insecure Hypertext Transfer Protocol (HTTP)
protocol. You are advised to disable the HTTP protocol of the web server.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 233
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Prerequisites
● A cross-platform remote access tool such as PuTTY has been installed.
● The IP address of the backup management plane and login passwords of the
hcp and root accounts have been obtained.
Context
The eBackup service must be restarted to disable the HTTP protocol. Stop the
eBackup service before disabling the HTTP protocol.
Procedure
Step 1 Use PuTTY to log in to the backup server.
If HA has been configured, perform the following operations on the active backup
server.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run TMOUT=0 to prevent the system from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 4 Run the cd /opt/huawei-data-protection/ebackup/ism/Apache24/conf/ command
to go to the directory for saving the configuration file.
Step 5 Disable the HTTP protocol.
1. Run the vi httpd.conf command to open the httpd.conf file.
2. Press i to enter the editing mode and edit the httpd.conf file.
3. Delete information similar to the following:
Listen 192.168.100.100:8080
<VirtualHost *:8080>
ServerName 192.168.100.100:8080
<Directory />
AllowOverride None
Options None
Require all denied
</Directory>
<Directory "${DoCR}">
Options None
AllowOverride None
Require all denied
</Directory>
RewriteEngine on
RewriteOptions Inherit
RewriteCond %{SERVER_PORT} 8080$
RewriteRule ^(.*) https://%{SERVER_NAME}:8088$1 [R,END]
</VirtualHost>
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 234
OceanStor BCManager
eBackup User Guide 6 System Maintenance
NOTE
192.168.100.100 is for reference only. The actual server name is used.
4. Press Esc to exit the editing mode.
5. Run the :wq command, save the changes, and close the httpd.conf file.
Step 6 Run the following commands to clear port configurations.
● IPv4: sed -i -e '/-p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080/d' -e
'/-p tcp -m tcp --dport 8080 -j ACCEPT/d' /etc/sysconfig/iptables
● IPv6: sed -i -e '/-p tcp -m tcp --dport 80 -j DNAT/d' /etc/sysconfig/ip6tables
NOTE
In the HA scenario, clear port configurations on both the active and standby backup
servers.
Step 7 Run the following command to make the configuration take effect:
● IPv4: iptables-restore /etc/sysconfig/iptables
● IPv6: ip6tables-restore /etc/sysconfig/ip6tables
Step 8 Run the service hcp restart command to restart the eBackup service.
NOTE
● In the HA scenario, perform the restart on the active backup server.
● The restart operation may trigger an HA active/standby switchover.
----End
Verification
Before performing operations in this section, you can access the eBackup GUI by
entering https://Floating IP address of the backup server or backup management
IP address of the backup server:port in the address box of a browser or entering
the IP address in the address box.
After performing the operations in this section, you can access the eBackup GUI
only by entering https://Floating IP address of the backup server or backup
management IP address of the backup server:8088.
6.4.5 Configuring LDAPS
LDAP over SSL (LDAPS) is a type of Lightweight Directory Access Protocol (LDAP),
and supports encryption protocols such as Transport Layer Security (TLS) and
Secure Socket Layer (SSL). Perform the operations in this section on the backup
server.
Prerequisites
● The LDAP CA certificate, certificate, and private key files have been obtained.
● A cross-platform remote access tool, such as PuTTY, has been obtained.
● A cross-platform file transfer tool, such as WinSCP, has been prepared.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 235
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Procedure
Step 1 Use PuTTY to log in to the node where the IAM microservice resides, that is, active
backup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the following command and enter the password of user root to switch to user
root.
su root
The default password of user root is Cloud12#$.
Step 3 Run the following command to prevent PuTTY from exiting due to timeout.
TMOUT=0
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 4 Run the following command to go to the directory for configuring the IAM
microservice.
cd /opt/huawei-data-protection/ebackup/microservice/ebk_iam/conf
Step 5 Run the following command to edit the configuration file:
vi hcpconf.ini
Step 6 Press i to enter the editing mode.
Step 7 Configure parameters in [LDAP].
1. Configure LDAPServer.
LDAPServer indicates the IP address or domain name of the LDAP server. The
network of the LDAP server must be able to communicate with the backup
management plane network of the backup server.
NOTE
– eBackup supports one LDAP server only.
– eBackup can interconnect with the LDAP server only in anonymous mode.
– eBackup does not support the LDAP authentication using an AD domain server.
2. Configure LDAPServerPort.
LDAPServerPort indicates the port of the LDAP server. The default value is
389.
3. Configure LDAPTLSPort.
LDAPTLSPort indicates the port of the LDAPS. The default value is 636.
4. Configure LDAPTransferType.
LDAPTransferType indicates the protocol used by eBackup to communicate
with the LDAP server.
The value can be 1 (LDAP) and 2 (LDAPS). The default value is 2.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 236
OceanStor BCManager
eBackup User Guide 6 System Maintenance
NOTE
The LDAPS protocol is recommended since it delivers higher security.
5. Configure LDAPUserDNPostfix.
LDAPUserDNPostfix indicates the user DN extension of the LDAP server.
The following uses the OpenLDAP server as an example.
a. Obtain the value of suffix from configuration file slapd.conf of the
OpenLDAP server.
The value of suffix here is suffix "dc=maxcrc,dc=com".
b. If the interconnected user is in ou=People, set
LDAPUserDNPostfix=ou=People,dc=maxcrc,dc=com.
6. Configure LDAPCertPath.
Set it to /opt/huawei-data-protection/ebackup/microservice/ebk_iam/
conf.
LDAPCertPath indicates the path for saving the LDAP certificate.
7. Configure LDAPCACertFile.
Set it to /opt/huawei-data-protection/ebackup/microservice/ebk_iam/
conf/LDAP_CACert.crt.
8. Configure LDAPPrivatekeyFile.
Set it to /opt/huawei-data-protection/ebackup/microservice/ebk_iam/
conf/LDAP_PriKey.key.
9. Configure LDAPCertFile.
Set it to /opt/huawei-data-protection/ebackup/microservice/ebk_iam/
conf/LDAP_Cert.crt.
NOTE
Before you enable LDAPS, make sure that configurations in Step 7.4, Step 7.6, Step 7.7,
Step 7.8, and Step 7.9 have been performed. Otherwise, the LDAP server cannot be
correctly connected.
Step 8 Press Esc to exit the editing mode. Run the :wq! command to save the changes
and exit the CLI.
Step 9 Confirm the protocol selected in Step 7.4.
● If 1(LDAP) is selected in Step 7.4, go to Step 13.
● If 2(LDAPS) is selected in Step 7.4, go to Step 10.
Step 10 Use a file transfer tool, such as WinSCP, to upload the LDAP certificate file
LDAP_Cert.crt, CA certificate file LDAP_CACert.crt, and private key file
LDAP_PriKey.key to the /opt/huawei-data-protection/ebackup/microservice/
ebk_iam/conf directory of the IAM microservice server.
NOTE
Ensure that file names are the same as those in Step 10 to prevent faults in subsequent
operations.
Step 11 Run the following commands to change the owner of the LDAP certificate:
chown hcpprocess:hcpmgr LDAP_CACert.crt
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 237
OceanStor BCManager
eBackup User Guide 6 System Maintenance
chown hcpprocess:hcpmgr LDAP_Cert.crt
chown hcpprocess:hcpmgr LDAP_PriKey.key
Step 12 Run the following commands to change the permission of the LDAP certificate:
chmod 400 LDAP_CACert.crt
chmod 400 LDAP_Cert.crt
chmod 400 LDAP_PriKey.key
Step 13 After the configurations are performed, manually restart the IAM microservice to
make the corresponding LDAP configurations to take effect. You can perform the
following operations:
1. Run the following command to go to the /opt/huawei-data-protection/
ebackup/microservice/ebk_iam/script directory:
cd /opt/huawei-data-protection/ebackup/microservice/ebk_iam/script
2. Run the following command to stop the IAM microservice:
sh ebackup_stop.sh
3. Wait for the IAM microservice to restart automatically. After the server is
restarted, the configurations take effect.
Run the following commands in sequence to check whether the IAM
microservice is restarted successfully:
cd /opt/huawei-data-protection/ebackup/microservice/ebk_governance/
logs
ps -ef | grep ebk_iam
If information similar to the following is displayed, the IAM microservice is
restarted successfully:
[root@eBackup logs]# ps -ef | grep ebk_iam
hcpproc+ 23726 1 0 Nov17 ? 01:14:20 /opt/huawei-data-protection/ebackup/microservice/
ebk_iam/bin ebk_iam
----End
6.5 Logging In to eBackup Server Using Public Key
Authentication
This section uses PuTTY as an example to describe how to generate a public and
private key pair as well as configure public key authentication to log in to the
eBackup server.
Prerequisites
You have prepared a cross-platform remote access tool, such as PuTTY.
Context
● After a private key is generated, it must be secured.
● The public key needs to be changed periodically. You can use the new public
and private key pair for login authentication to improve system security.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 238
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Procedure
Step 1 Generate a public and private key pair on the maintenance terminal.
1. Run the puttygen.exe.
2. In the Parameters area in the lower part of the page, set Type of key to
generate to SSH-2RSA and Number of bits in a generated key to an integer
from 2048 to 8192.
3. Click Generate and move the cursor over the blank area in the lower part of
the Key area to accelerate the public key generation.
The public key will be displayed in the area.
4. In Key passphrase, enter a password to encrypt the private key. In Confirm
passphrase, enter the password again.
NOTE
This step is optional. To protect the security of the private key file, you are advised to
configure a password to encrypt the private key file.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 239
OceanStor BCManager
eBackup User Guide 6 System Maintenance
5. Click Save private key to save the private key file to the local computer.
Step 2 Use PuTTY to log in to the ebackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 3 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 4 Run the TMOUT=0 command to prevent system timeout.
NOTE
After this command is executed, the system keeps running even when no operations are
performed, resulting in security risks. For security purposes, you are advised to run exit to
exit the system after completing your operations.
Step 5 Run cd ~ to enter the /home directory of the current login user.
Step 6 Run the ls -al command to check whether the .ssh file package exists in the
directory. If no, run mkdir .ssh to create the file package.
Step 7 Run cd .ssh to enter the .ssh file package.
Step 8 Run ll to check whether authorized_keys exists in the file package. If no, run
touch authorized_keys to create the file.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 240
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 9 Copy the generated public key to the authorized_keys file on the eBackup server
and save the file.
NOTE
If content exists in the authorized_keys file, copy the public key to a new line.
Step 10 Exit the eBackup server.
Step 11 Open PuTTY on the maintenance terminal. Enter the IP address or host name for
logging in to the eBackup server.
Step 12 In the Category area, choose Connection > SSH > Auth.
Step 13 Click Browse and select the private key file.
Step 14 Click Open. Enter the user name and password of the private key (if configured)
to log in to the eBackup server.
----End
6.6 Inspection
By accessing databases, SmartKit checks the eBackup server comprehensively and
in real time, analyzes faults, and provides solutions for fault rectification.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 241
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Prerequisites
● You have obtained a SmartKit installation package of V200R007C00RC10 or a
later version. This section uses V200R007C00RC10 as an example. The
package name is SmartKit_V2R7C00RC10.zip. Obtain the installation
package as follows:
– For enterprise users: Click here.
– For carrier users: Click here.
● You have obtained the OceanStor BCManager
8.1.0_eBackup_Service_Euler_arm64.zip (for Euler, Arm architecture), or
OceanStor BCManager 8.1.0_eBackup_Service_Euler_x86_64.zip (for Euler,
x86 architecture) software package.
Obtain the software packages as follows:
– For enterprise users: Click here.
– For carrier users: Click here.
NOTE
● During the inspection, obtain the software package that is compatible with the
eBackup server. Otherwise, the inspection result will be incorrect. For example, you
cannot use the X86 software package to inspect the TaiShan server.
● The software package name changes with the actual software version, software
package must be the actual version in use.
● The eBackup server is normal.
● You have obtained the backup management plane IP address of the eBackup
and hcp account password. The initial password of user hcp is
PXU9@ctuNov17!. Change the password regularly for security purposes.
NOTE
To prevent the software package from being maliciously tampered with during transmission
or storage, download the corresponding digital signature file for integrity verification while
downloading the software package.
After the software package is downloaded from Huawei Support website, verify its PGP
digital signature by referring to OpenPGP Signature Verification Guide. If the verification
fails, do not use the software package, and contact Huawei technical support.
Before the software package is used for installation or upgrade, its digital signature also
needs to be verified by referring to the OpenPGP Signature Verification Guide to ensure
that the software package is not tampered with. To obtain this document, visit the
following link:
For carrier users, log in to http://support.huawei.com/carrier/digitalSignatureAction.
For enterprise users, log in to https://support.huawei.com/enterprise/en/tool/pgp-verify-
TL1000000054.
Context
eBackup supports inspection by SmartKit and built-in tools. For details about how
to use built-in tools to implement inspection, see the 6.8.6.5 Using the Inspection
Tool to View Desired Information.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 242
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Procedure
Step 1 Decompress OceanStor BCManager 8.1.0_eBackup_Service_Euler_arm64.zip or
OceanStor BCManager 8.1.0_eBackup_Service_Euler_x86_64.zip in the
maintenance terminal.
After the decompression, you obtain the following two files:
● OceanStor-eBackup-xxx-Collect.zip
● OceanStor-eBackup-xxx-Inspect.zip
Step 2 Install and log in to SmartKit.
NOTE
The operation of SmartKit may vary between different versions.
Step 3 After you log in to SmartKit, if a message is displayed asking you to upgrade tools,
click Upgrade.
Step 4 On the home page, open Function Management.
Step 5 Click Import to import the OceanStor-eBackup-xxx-Inspect.zip inspection tool
package.
If the following information is displayed, copy the OceanStor-eBackup-xxx-
Inspect.zip inspection tool package to another directory of a shorter length.
Step 6 In the Verification and Installation window, select Inspection, and click Install.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 243
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 7 After the import is successful, Import succeeded message is displayed. Click OK.
Step 8 Select Storage and click Inspection.
Step 9 On the inspection page, click Inspection.
Step 10 Select Routine inspection (used in routine maintenance scenarios after service
deployment) and click Next.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 244
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 11 Click Add Device.
Step 12 Configure basic login information.
1. Enter the management plane floating IP address or management plane IP
address of the backup server.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 245
OceanStor BCManager
eBackup User Guide 6 System Maintenance
2. If passwords are not used to log in to the eBackup server, click Customize
Authentication. In the dialog box that is displayed, select an authentication
mode, and click OK.
Step 13 Click Next.
Step 14 Configure authentication information.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 246
OceanStor BCManager
eBackup User Guide 6 System Maintenance
● Username and password authentication
Enter your username and password and click Finish.
Default account: hcp. Default password: PXU9@ctuNov17!.
● Publickey authentication
Set Username to hcp, select a key file, enter the key password, and then click
Finish.
For details about how to obtain the key file and key password, see 6.5
Logging In to eBackup Server Using Public Key Authentication.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 247
OceanStor BCManager
eBackup User Guide 6 System Maintenance
If the following dialog box that is displayed, click OK.
If the following dialog box is displayed, click OK.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 248
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Step 15 Select the added device and click Next.
The Select Check Items dialog box is displayed.
Step 16 By default, all inspection items are selected. You can select the items you want to
check, and click Next.
Step 17 Select a path for saving the inspection result file and click Next. The system
automatically starts the inspection task.
Step 18 When the inspection is completed, click Open the result directory or View the
report to view the inspection result.
If Not passed exist in the inspection report, go to the next step. Otherwise, the
inspection is completed.
Step 19 Log in to the eBackup backup management system using a browser as user
admin.
Step 20 On the navigation bar, choose Monitor > Event. View events whose severity
is warning and handle the events according to suggestions.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 249
OceanStor BCManager
eBackup User Guide 6 System Maintenance
If the check items whose check results are Not passed are not displayed on the
eBackup GUI, contact technical support engineers.
----End
Follow-up Procedure
When viewing details about check items in an inspection report, pay special
attention to check items whose Result is Not passed. You need to follow
instructions in Suggestions to handle those items to ensure normal system
operation.
6.7 Configuration Items
eBackup configuration items are saved in the hcpconf.ini configuration file. You
can modify the configuration items to set desired functions. The hcpconf.ini
configuration file is saved in path /opt/huawei-data-protection/ebackup/conf/
on the backup server. Table 6-10 describes the configuration items.
Pay attention to the following when modifying the configuration items:
● You are advised not to change the configuration items not described in Table
6-10. Otherwise, the running of the eBackup service may be affected.
● After modifying some configuration items, you need to run the service hcp
restart command to restart the eBackup process.
● If the value of a configuration item is blank or falls without the range, the
system automatically restores the value to the default value.
● The hcpconf.ini configuration file where the AlarmEmailSendInterval,
OcAlarmPerformIP, OcAlarmPerformPort, OcAlarmPerformAccount,
AlarmType, and DonotAlarmEvent configuration items reside is stored in
the /opt/huawei-data-protection/ebackup/microservice/ebk_alarm/conf
path on the backup server.
Table 6-10 Configuration items
Configuration Function Value Whether
Item to
Restart
the
eBackup
Process
LogLevel Sets the log level. ● 0: Trace No
● 1: Debug
● 2: Info
● 3: Warning
● 4: Error
● 5: Critical
Default value: 2
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 250
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Configuration Function Value Whether
Item to
Restart
the
eBackup
Process
HeartBeatTimeout Sets the heartbeat ● Value range: an No
timeout. integer from 1 to 6000
● Unit: second
Default value: 600
AlarmEmailSendIn Sets the interval ● Value range: an No
terval time of the alarm integer from 1 to 1440
sending email. ● Unit: minute
Default value: 5
MaxWorkloadForB Sets the maximum Value range: an integer Yes
ackupAndRestore number of parallel from 1 to 40
backups and Default value: 20
restore jobs.
MaxWorkloadFor Sets the maximum Value range: integer from Yes
OtherJobs number of parallel 5 to 160
jobs (except Default value: 60
backup and restore
jobs).
MaxSessionNumb Sets the maximum Value range: an integer No
er number of from 1 to 20000
sessions. Default value: 10000
MaxLoadForFCHos Maximum number Value range: an integer Yes
t of VMs that can be ranging from 1 to 100
concurrently Default value: 16
backed up and
restored on a
FusionCompute
host.
VerifyPeerHostCer- Whether to enable ● 1: enable No
tification identity ● 0: disable
verification for
CNA. Default value: 1
Security risks arise if you
select 0.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 251
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Configuration Function Value Whether
Item to
Restart
the
eBackup
Process
AdminDBBackupN The system retains Value range: an integer Yes
umberByDay backup data of the from 1 to 30
latest n days and Default value: 1
deletes the daily
backup data
generated n days
ago.
AdminDBBackupN The system retains Value range: an integer Yes
umberByWeek the backup data of from 1 to 4
the last n weeks Default value: 1
and deletes the
weekly backup
data generated n
weeks ago.
AdminDBBackupN The system retains Value range: an integer Yes
umberByMonth the backup data of from 1 to 12
the last n months Default value: 1
and deletes the
weekly backup
data generated n
months ago.
AdminDBBackupN The system retains Value range: an integer Yes
umberByYear the backup data from 0 to 100
generated in the 0 indicates that the
latest n years and backups are reserved
deletes the yearly permanently, and 100
backup data indicates that the
generated n years backups are not reserved.
ago.
Default value: 100
OcAlarmPerformIP Management Default value: 0.0.0.0 Yes
plane IP address of
ManageOne.
OcAlarmPerformP Management Default value: 63234 Yes
ort plane port of
ManageOne.
OcAlarmPerformA Account used by Default value: NULL Yes
ccount ManageOne for
interconnection.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 252
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Configuration Function Value Whether
Item to
Restart
the
eBackup
Process
AlarmType Whether to enable Value range: an integer Yes
the alarm report from 0 to 10
function. ● 0: disable
● 1: enable
● 2 to 10: reserved
parameters.
Default value: 0
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 253
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Configuration Function Value Whether
Item to
Restart
the
eBackup
Process
S3 Maximum number Default value: 64 Yes
of connections
supported by a
storage unit whose
storage type is S3.
The maximum
number of
connections
supported by one
storage unit and
that of buckets
supported by a
backup system
depend on the
maximum number
of connections
supported by one
S3 storage system
and the maximum
number of
connections
supported by one
bucket,
respectively. The
following
requirements must
be met:
● Maximum
number of
connections
supported by
one storage
unit ≤
Maximum
number of
connections
supported by
one bucket in a
S3 storage
system
● Maximum
number of
connections
supported by
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 254
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Configuration Function Value Whether
Item to
Restart
the
eBackup
Process
one storage
unit x
Maximum
number of
buckets
supported by a
backup system
≤ Maximum
number of
connections
supported by
one S3 storage
unit
If either of the
preceding
requirements is
not met, backup
and restore jobs
may fail.
LDAPServer IP address or NOTE No
domain name of eBackup supports one LDAP
server only.
the LDAP server.
The network of the
LDAP server must
be able to
communicate with
the backup
management
plane network of
the eBackup
server.
LDAPServerPort Port of the LDAP Value range: an integer No
server. from 0 to 65535
Default value: 389
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 255
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Configuration Function Value Whether
Item to
Restart
the
eBackup
Process
LDAPTransferType Protocol used by The value can be 1 or 0. No
eBackup to ● 1
communicate with LDAP
the LDAP server.
● 0
TLS
Default value: 1
NOTE
The TLS protocol is
recommended because it
provides higher security.
LDAPUserDNPostfi User DN extension - No
x of the LDAP server. NOTE
LDAP
items
take
effect a
moment
later
after
configur
ation.
6.8 Script Description
This section introduces scripts commonly used during eBackup routine
maintenance. Improper use of scripts may interrupt services of the eBackup
software. Therefore, use scripts by following corresponding instructions.
6.8.1 Installation
6.8.1.1 Installing and Uninstalling Script of eBackup
Script Function
Used to install, uninstall, and initially configure the software of eBackup.
Script Path
Installation package path customized by users.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 256
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Script Users
The script is executed by the root account.
Execution Method
Install eBackup:
~> sh ebackup_utilities.sh install virtual
Initially configure eBackup:
~> sh ebackup_utilities.sh config
uninstall eBackup:
~> sh ebackup_utilities.sh uninstall
Script Parameters
None
Precautions
You need to run service hcp stop to stop the eBackup services before executing
the sh ebackup_utilities.sh config script.
6.8.2 Uninstallation
6.8.2.1 Uninstalling the eBackup Software
Script Function
Used to uninstall the eBackup software.
Script Path
/opt/huawei-data-protection/ebackup/bin
Script Users
The script is executed by the root account.
Execution Method
~> sh uninstall.sh
Script Parameters
None
Precautions
None
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 257
OceanStor BCManager
eBackup User Guide 6 System Maintenance
6.8.3 Upgrade
6.8.3.1 Establishing a Trust Relationship Between Nodes
Script Function
Used to establish a trust relationship between nodes
Script Path
/opt/huawei-data-protection/ebackup/bin
Script Users
The script is executed by the root account.
Execution Method
~> sh upgrade_tool.sh make_trust
Script Parameters
None
Precautions
The script is used in the upgrade of later versions. You can only execute this script
on the backup server.
6.8.3.2 Clearing a Trust Relationship Between Nodes and Files Generated in
an Upgrade
Script Function
Used to clear a trust relationship between nodes
Script Path
/opt/huawei-data-protection/ebackup/bin
Script Users
The script is executed by the root account.
Execution Method
~> sh upgrade_tool.sh clean_trust
Script Parameters
None
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 258
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Precautions
The script is used for upgrade in the later versions. You only can execute this script
on the backup server.
6.8.3.3 Stopping Services
Script Function
Used to stop the backup services of all nodes in eBackup backup management
system
Script Path
/opt/huawei-data-protection/ebackup/bin
Script Users
The script is executed by the root account.
Execution Method
~> sh upgrade_tool.sh stop_all
Script Parameters
None
Precautions
The script is used in the upgrade of the later versions. You can only execute this
script on the backup server.
6.8.4 Process
6.8.4.1 Starting the eBackup Process
Script Function
Used to start the eBackup process
Script Path
Any path
Script Users
The script is executed by the root account.
Execution Method
~> service hcp start or /etc/init.d/hcp start
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 259
OceanStor BCManager
eBackup User Guide 6 System Maintenance
NOTE
To forcibly start the eBackup process, run the service hcp start force or /etc/init.d/hcp start
force command.
Script Parameters
None
Precautions
None
6.8.4.2 Stopping the eBackup Process
Script Function
Used to stop the eBackup process
Script Path
Any path
Script Users
The script is executed by the root account.
Execution Method
~> service hcp stop or /etc/init.d/hcp stop
Script Parameters
None
Precautions
None
6.8.4.3 Viewing the eBackup Process
Script Function
Used to view the eBackup process
Script Path
Any path
Script User
The script is executed by the root account.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 260
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Execution Method
~> service hcp status or /etc/init.d/hcp status
● If the status of each microservice is running, the microservice is running
properly.
● If the microservice status is isn't running, the microservice is running
abnormally.
● If the microservice status is building, the microservice is being built.
The command output is as follows:
[root@eBackup ~]# service hcp status
Checking for Huawei eBackup Service
gaussdb is running
BackupNode is running
hcplogrotate is running
dsware_agent is running
ebk_backup is running
ebk_restore is running
ebk_delete is running
ebk_copy is running
ebk_vmware is running
ebk_accelerator is running
ebk_mgr is running
ebk_fsbackup is running
ebk_jobmanager is running
HCPProcessMonitor is running
OmmHaMonitor is running
Script Parameters
None
Precautions
None
6.8.4.4 Restarting the eBackup Process
Script Function
Used to restart the eBackup process
Script Path
Any path
Script Users
The script is executed by the root account.
Execution Method
~> service hcp restart or /etc/init.d/hcp restart
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 261
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Script Parameters
None
Precautions
None
6.8.5 HA
6.8.5.1 Stopping the HA Process and HA Monitoring Process
Script Function
Used to stop the HA process and HA monitoring process
Script Path
/opt/huawei-data-protection/ebackup/ha/module/hacom/script
Script Users
The script is executed by the root account.
Execution Method
~> sh stop_ha.sh
Script Parameters
None
Precautions
None
6.8.5.2 Starting the HA Process and HA Monitoring Process
Script Function
Used to start the HA process and HA monitoring process
Script Path
/opt/huawei-data-protection/ebackup/ha/module/hacom/script
Script Users
The script is executed by the root account.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 262
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Execution Method
~> sh start_ha.sh
Script Parameters
None
Precautions
None
6.8.5.3 Stopping the HA Process
Script Function
Used to stop the HA process
Script Path
/opt/huawei-data-protection/ebackup/ha/module/hacom/script
Script Users
The script is executed by the root account.
Execution Method
~> sh stop_ha_process.sh
Script Parameters
None
Precautions
After the HA process is stopped, the HA monitoring program will detect and
restart it after a while.
6.8.5.4 Querying the HA Active/Standby State
Script Function
Used to query the HA active/standby state
Script Path
/opt/huawei-data-protection/ebackup/ha/module/hacom/script
Script Users
The script is executed by the root account.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 263
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Execution Method
~> sh status_ha.sh
Script Parameters
None
Precautions
None
6.8.5.5 Clearing HA Configuration Information
Script Function
Used to clear HA configuration information of a standby backup server that you
want to forcibly remove
Script Path
/opt/huawei-data-protection/ebackup/bin
Script Users
The script is executed by the root account.
Execution Method
~> sh ha_tool.sh clear
Script Parameters
clear: clears HA configuration information.
Precautions
None
6.8.5.6 Monitoring Data Synchronization Between Active and Standby Gauss
Databases
Script Function
Used to monitor data synchronization between active and standby GaussDB
Script Path
/opt/huawei-data-protection/ebackup/bin
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 264
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Script User
The script is executed by the root account.
Execution Method
~> sh db_sync_monitor.sh Parameter
Script Parameters
Parameter Description
check_progress Checks and updates the synchronization status of
active and standby databases. The check result is
saved in /opt/huawei-data-protection/ebackup/
conf/db_sync.conf.
check_status Checks data synchronization status of active and
standby databases. If the current node is an active
one, synchronization time can be queried. If the
current node is a standby one, synchronization
progress can be queried.
reset_status Clears synchronization status of active and
standby databases in /opt/huawei-data-
protection/ebackup/conf/db_sync.conf.
get_status Queries the last active/standby state and online
time of databases.
check_syncAndTime_status After running the script, run the echo $?
command and check the returned value. 0
indicates that the synchronization between the
active and standby databases is successful. 1
indicates that the synchronization between the
active and standby databases fails.
Precautions
None
6.8.6 Others
6.8.6.1 Using Backup Database Files to Restore a Database
Script Function
Used to restore a database by employing backup database files
Script Path
/opt/huawei-data-protection/ebackup/bin
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 265
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Script Users
The script is executed by the root account.
Execution Method
~> sh hcp_admindb_restore.sh
Parameter Description
None
Precautions
None
6.8.6.2 Restoring a Database by Importing backups
Script Function
Used to restore a database by importing backups in a storage unit to the database
Script Path
Any path
Script Users
The script is executed by the root account.
Execution Method
~> service hcp recover or /etc/init.d/hcp recover
Parameter Description
None
Precautions
None
6.8.6.3 Backup and Restoration Script of Huawei Distributed Block Storage
Script Function
When a backup or restoration job fails when the production storage is Huawei
distributed block storage, you can use this script to query and delete differential
bitmap volumes as prompted.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 266
OceanStor BCManager
eBackup User Guide 6 System Maintenance
NOTE
The system compares two snapshots and generates incremental bitmap information.
Volumes that store the differential bitmap information are differential bitmap volumes.
Script Path
/opt/huawei-data-protection/ebackup/vbstool
Script User
The script is executed by the root account.
Execution Method
~> sh vrmVBSTool.sh --parameter name
Parameter Description
Parameter Description
help Queries the help information.
version Queries the DSware version.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 267
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description
op ● createBitmapVolume: creates a differential bitmap volume.
Run the sh vrmVBSTool.sh --op"createBitmapVolume" --
dsaIp IP address of the Huawei distributed block storage
agent --snapNameFrom Name of the start snapshot --
snapNameTo Name of the end snapshot --dswareFloatIP
Floating IP address of the Huawei distributed block storage
management node --volName Volume name --poolId Storage
pool ID command.
● deleteVolume: deletes a volume.
Run the sh vrmVBSTool.sh --op "deleteVolume" --dsaIp IP
address of the Huawei distributed block storage agent --
dswareFloatIP Floating IP address of the Huawei distributed
block storage management node --volName Volume name
command.
● queryAllBitmapVolume: queries all differential bitmap
volumes.
Run the sh vrmVBSTool.sh --op "queryAllBitmapVolume" --
dsaIp IP address of the Huawei distributed block storage
agent --dswareFloatIP Floating IP address of the Huawei
distributed block storage management node --poolId Storage
pool ID command.
● queryBitmapVolume: queries a single differential bitmap
volume.
Run the sh vrmVBSTool.sh --op "queryBitmapVolume" --
dsaIp IP address of the Huawei distributed block storage
agent --dswareFloatIP Floating IP address of the Huawei
distributed block storage management node --volName
Volume name --poolId Storage pool ID command.
NOTE
Obtain the IP address of the Huawei distributed block storage agent,
name of the start snapshot, name of the end snapshot, floating IP
address of the Huawei distributed block storage management node, and
volume name from the alarm information. Use commas (,) to separate IP
addresses of Huawei distributed block storage agents. The default storage
pool ID is 0.
6.8.6.4 Auxiliary Scripts of iptables
Script Function
Configures firewall rules for eBackup servers.
Script Path
/opt/huawei-data-protection/ebackup/bin
Script User
The script is executed by the root account.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 268
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Execution Method
~> sh iptablesHelper.sh parameter name
Parameter Description
Parameter Description
init Clears iptables rules.
Network adapters can be accessed using SSH and
ICMP only. For details, see steps 2 to 4 and 8 in
Procedure of Configuring Firewalls to
Implement Network Plane Isolation and
Establish a Port Whitelist in the eBackup
Security Hardening Guide.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 269
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description
accept/drop Adds iptables rules.
sh iptablesHelper.sh accept/drop <plane name>
<source IP address> <target IP address>
● <plane name>: The value can be
HCPManagementPlane (backup management
plane), ProtectedEnvironmentManagement-
Plane (production management plane), or
StoragePlane (storage plane).
● <source IP address>: external network segment
or IP address for accessing the eBackup server.
● <target IP address>: network segment or IP
address of the eBackup server. (The network
segment is recommended.)
NOTE
Ensure that <plane name> matches <target IP address>.
Otherwise, the ports are enabled incorrectly, affecting
functions and incurring security risks.
NOTE
● Examples about the use of the script:
● If you need to add the network of the maintenance
terminal where the browser resides to the firewall
rule of the eBackup server, run the sh
iptablesHelper.sh accept HCPManagementPlane IP
address (network segment) of the maintenance
terminal where the browser resides IP address
(network segment) of the eBackup backup
management plane command.
● If you need to add the Huawei distributed block
storage management plane network to the firewall
rule of the eBackup server, run the sh
iptablesHelper.sh accept ProtectedEnvironmentMa-
nagementPlane Huawei distributed block storage
management plane IP address (network segment)
eBackup production management plane IP address
(network segment) command.
● If you need to add multi-networks of storage plane
to the firewall rule of the eBackup server, run sh
iptablesHelper.sh accept StoragePlane storage
plane IP address (network segment) you need to add
existing storage plane IP address (network segment)
of eBackup command.
● Script execution explanation: run the following
iptables command based on the <source IP address>,
<target IP address>, and port enabled on <plane
name>: iptables -I INPUT -s <source IP address> -d
<target IP address> -p tcp --dport <port on the
plane> -j ACCEPT/DROP. For details about the ports
that need to be opened on the plane for eBackup to
run, see the eBackup communication matrix and
Huawei distributed block storage communication
matrix. Save the iptables rules in the /etc/sysconfig/
iptables file so that the rules take effect after
system reboot.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 270
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description
delete Deletes iptables rules.
sh iptablesHelper.sh delete <plane name> <source
IP address> <target IP address>
● <plane name>: The value can be
HCPManagementPlane (backup management
plane), ProtectedEnvironmentManagement-
Plane (production management plane), or
StoragePlane (storage plane).
● <source IP address>: external network segment
or IP address for accessing the eBackup server.
● <target IP address>: network segment or IP
address of the eBackup server. (The network
segment is recommended.)
NOTE
Ensure that <plane name> matches <target IP address>.
Otherwise, the rules are deleted incorrectly, affecting
functions and incurring security risks.
NOTE
Script execution explanation: iptables -D INPUT -s
<source IP address> -d <target IP address> -p tcp --
dport <port on the plane> -j ACCEPT/DROP. The same
rule will be deleted. For details about the ports that
need to be opened on the plane for eBackup to run, see
the eBackup communication matrix and Huawei
distributed block storage communication matrix. Save
the iptables rules in the /etc/sysconfig/iptables file so
that the rules take effect after system reboot.
6.8.6.5 Using the Inspection Tool to View Desired Information
Script Function
Used to view desired information by employing the inspection tool
Script Path
/opt/huawei-data-protection/ebackup/bin
Script Users
The script is executed by the hcp account.
Execution Method
~> ./inspect.py parameter name
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 271
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description
Parameter Description
storageunit Queries the usage of a storage unit.
storagepool Queries the usage of a storage pool.
repository Queries the usage of a repository.
alarm Queries the status of an alarm.
server Queries the status of a node in a cluster.
cpu Queries the CPU usage of each node in a cluster.
mem Queries the memory usage of each node in a
cluster.
root_partition Queries the root partition usage of each node in a
cluster.
Precautions
The script can only be executed on the backup server. After the script is executed,
the inspection information about all servers is displayed.
6.8.6.6 Enabling CLI
Script Function
Used to enable CLI
Script Path
/opt/huawei-data-protection/ebackup/cli
Script Users
The script is executed by the hcp account.
Execution Method
~> sh hcpcli.sh user port
Parameter Description
Parameter Description
user User name for login, mandatory
port Port for login, optional (The default value is
2222.)
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 272
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Precautions
None
6.8.6.7 Managing open-iscsi
Script Function
Used to manage open-iscsi
Script Path
Any path
Script Users
The script is executed by the root account.
Execution Method
~> service open-iscsi parameter name
Parameter Description
Parameter Description
start Starts the open-iscsi service.
stop Stops the open-iscsi service.
restart Restarts the open-iscsi service.
status Queries the status of the open-iscsi service.
reload Reloads the open-iscsi service.
Precautions
None
6.8.6.8 Enabling the Log Collection Tool
Script Function
Used to enable the log collection tool
Script Path
/opt/huawei-data-protection/ebackup/bin
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 273
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Script User
The script is executed by the hcp account.
Execution Method
~> sudo ./make_report.py from_tools
Parameter Description
Parameter Description
from_tools OceanStor Toolkit remotely invokes the log
collection tool.
Precautions
This script can be remotely invoked by Smartkit only. If the customer does not
have Smartkit onsite, run this script manually to collect logs. After the command
is manually executed, a file named HCP_Report_Timestamp.tar is generated in
the /opt/huawei-data-protection/ebackup/tmp directory (Run the tar xvf
command to decompress the file). You need to manually delete the file.
6.8.6.9 S3 Connection Check Tool
Script Function
On the backup server, this script is used to check whether the connection between
eBackup and S3 is set up successfully.
Script Path
/opt/huawei-data-protection/ebackup/sbin
Script Users
The script is executed by the root account.
Execution Method
1. Run OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
2. Run export LD_LIBRARY_PATH=/opt/huawei-data-protection/ebackup/
libs:/lib64.
3. Run ./uds_plug-in TestBucket <domain_name or ip_address> <bucket_name>
<access_key> <secret_access_key>.
4. Run export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 274
OceanStor BCManager
eBackup User Guide 6 System Maintenance
Parameter Description
Parameter Description
domain_name or IP address or domain name of the S3 service
ip_address plane
bucket_name Bucket name of the S3
access_key AK
secret_access_key SK
Precautions
● The connection is successful if the following information is displayed.
Test bucket success.
● The connection fails if the following information is displayed. Check the
connection and locate the causes (wrong authentication information,
disconnected network and so on).
Test bucket failed, error message: xx
6.8.6.10 Deleting Residual Differential Bitmap Volumes After Data Backup
Script Function
Deletes residual differential bitmap volumes after data backup.
Script Path
/opt/huawei-data-protection/ebackup/sbin
Script User
The script is executed by the root account.
Execution Method
1. Log in to the active backup server as user root.
2. Run the TMOUT=0 command to prevent the system from exiting due to
timeout.
NOTE
After you run the preceding command, the system keeps running even when no
operation is performed, resulting in security risks. For security purposes, you are
advised to run the exit command to exit the system after completing your operations.
3. Run the cd /opt/huawei-data-protection/ebackup/sbin command to go to
directory /opt/huawei-data-protection/ebackup/sbin.
4. Run the sh deleteBitmapVolumes.sh query <Huawei distributed block
storage FloatIP> [PoolID] command to query residual differential bitmap
volumes.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 275
OceanStor BCManager
eBackup User Guide 6 System Maintenance
If the following command output is displayed, querying residual differential
bitmap volumes is successful:
Query bitmap volume infomatin success.
5. Run the sh deleteBitmapVolumes.sh delete <Huawei distributed block
storage FloatIP> command to delete residual differential bitmap volumes.
Please enter the backup management plane IP address of an eBackup node:
6. Input the management plane IP address of a backup server, and press Enter.
Enter the password of user hcp:
7. Input the password of user hcp of the backup server, and press Enter.
Enter the password of user root:
8. Input the password of user root of the backup server, and press Enter.
Do you want to enter the backup management plane IP address of another eBackup node?(y/n)
(default:y)
9. Check whether you have input the preceding information of the backup server
interconnected with the Huawei distributed block storage system.
You must input information of all backup servers interconnected with the
Huawei distributed block storage system. Otherwise, whether residual
differential bitmap volumes are in use cannot be correctly determined, and
residual differential bitmap volumes may be mistakenly deleted.
– If you have not input information of all backup servers, perform the
following operations:
10. Input y, and press Enter.
The following command output is displayed:
Please enter the backup management plane IP address of an eBackup node:
11. Repeat 6 to 8 to input information of other backup servers.
After the eBackup server information is entered, the following information is
displayed:
Do you want to enter the backup management plane IP address of another
eBackup node?(y/n)(default:y)
12. Input n, and press Enter.
The following command output is displayed:
Total Nodes: 2 10.142.28.158 10.142.28.159 Do you want to enter the backup
management plane IP address of another eBackup node?(y/n)(default:y)
– If you have input information of all backup servers, input n, and press
Enter.
The following command output is displayed:
Total Nodes: 3
10.142.28.155
10.142.28.157
10.142.28.156
Do you want to enter the backup management plane IP address of another eBackup node?(y/n)
(default:y)
13. Check whether you have input information of all backup servers
interconnected with the Huawei distributed block storage system again.
If you have input information of all backup servers, input n, and press Enter.
If the following command output is displayed, residual differential bitmap
volumes are deleted:
Delete bitmap volume complete.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 276
OceanStor BCManager
eBackup User Guide 6 System Maintenance
14. Run the ls -d /opt/huawei-data-protection/ebackup/tmp/
deleteBitmapVolume command to check whether the /opt/huawei-data-
protection/ebackup/tmp/deleteBitmapVolume directory exists.
If the directory exists, run the rm -rf /opt/huawei-data-protection/
ebackup/tmp/deleteBitmapVolume command to delete the directory.
Parameter Description
Parameter Description
Huawei Specifies the floating IP address of Huawei distributed
distributed block block storage (mandatory).
storage FloatIP
PoolID Storage resource pool ID (optional). The value ranges from
0 to 128 (0 by default).
Precautions
None
6.8.6.11 Deleting Residual Snapshots After Data Backup
Script Function
Deletes residual snapshots after backup.
Script Path
/opt/huawei-data-protection/ebackup/sbin
Script User
The script is executed by the root account.
Execution Method
1. Log in to the active backup server as user root.
2. Run the TMOUT=0 command to prevent the system from exiting due to
timeout.
NOTE
After you run the preceding command, the system keeps running even when no
operation is performed, resulting in security risks. For security purposes, you are
advised to run the exit command to exit the system after completing your operations.
3. Run the mkdir /opt/huawei-data-protection/ebackup/tmp/
deleteSnapshots command to create directory /opt/huawei-data-
protection/ebackup/tmp/deleteSnapshots.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 277
OceanStor BCManager
eBackup User Guide 6 System Maintenance
4. Run the cp /opt/huawei-data-protection/ebackup/sbin/
deleteSnapshots.py /opt/huawei-data-protection/ebackup/tmp/
deleteSnapshots command to copy script deleteSnapshots.py.
5. Run the cd /opt/huawei-data-protection/ebackup/tmp/deleteSnapshots
command to go to directory /opt/huawei-data-protection/ebackup/tmp/
deleteSnapshots.
6. Run the mkdir -p /opt/huawei-data-protection/ebackup/tmp/logs/
command to create the /logs directory.
7. Run the python2.7 deleteSnapshots.py query <evnironment ip> [protected
object UUID] command to query snapshot information.
For protected object UUID, query the UUID on the Protected Environment
page of eBackup GUI.
Enter the name and password of the FusionCompute interface interconnection
user and enter the GaussDB database password as prompted.
If the following information is displayed, querying snapshots is successful:
Query snapshot info success
8. Run the python2.7 deleteSnapshots.py delete <evnironment ip>
[protected object UUID] command to delete residual snapshots.
Enter the name and password of the FusionCompute interface interconnection
user and enter the GaussDB database password as prompted.
If the following information is displayed, deleting snapshots is successful:
Delete snapshot completed
9. Run the rm -rf /opt/huawei-data-protection/ebackup/tmp/
deleteSnapshots command to delete the created temporary directory.
Parameter Description
Parameter Description
evnironment ip IP address of FusionCompute (mandatory)
protected object VM UUID (optional)
UUID
Precautions
● FusionCompute can only be connected to one eBackup system. Otherwise,
whether snapshots are in use cannot be correctly determined, and snapshots
may be mistakenly deleted.
● You can only delete residual snapshots one day after they have been created.
● Storage units used by an eBackup system cannot be S3 and all of the storage
units can be accessed. Otherwise, deleting residual snapshots will fail.
6.8.6.12 Deleting Residual Backup Data
Script Function
Clears residual data after the backup plans are deleted.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 278
OceanStor BCManager
eBackup User Guide 6 System Maintenance
This script is applicable when storage units added on an eBackup node are only
used by the eBackup node. If the storage units are also used by other eBackup
nodes, running the script may delete backup data still needed in the environment.
Therefore, run the script cautiously.
Script Path
/opt/huawei-data-protection/ebackup/sbin
Script User
The script is executed by the root account.
Execution Method
1. Log in to the active backup server as user root.
2. Run the TMOUT=0 command to prevent the system from exiting due to
timeout.
NOTE
After you run the preceding command, the system keeps running even when no
operation is performed, resulting in security risks. For security purposes, you are
advised to run the exit command to exit the system after completing your operations.
3. Run the cd /opt/huawei-data-protection/ebackup/sbin command to go to
directory /opt/huawei-data-protection/ebackup/sbin.
4. Run the sh deleteResData.sh command to delete residual data in backups.
If information similar to the following is displayed, select the database
account and enter its password as prompted. The default password is
Huawei@CLOUD8!.
You are advised to select 3. If you enter incorrect passwords for the first two
accounts consecutively, services will be affected after the accounts are locked.
The users you can use to connect to db:
1. eBkDbAdmin
2. eBkDbUser
3. GaussDB
Please choose the user's number that you want to use to connect to db:
Perform operations as prompted.
If no error message is returned, residual data is deleted successfully.
Parameter Description
None
Precautions
None
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 279
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
7 Troubleshooting
This chapter describes the troubleshooting process, information collection
methods, and some troubleshooting cases of eBackup.
7.1 Troubleshooting Process
7.2 Information Collection
7.3 Troubleshooting Cases
7.1 Troubleshooting Process
This section introduces general troubleshooting process and describes the eBackup
troubleshooting process.
Table 7-1 provides steps for rectifying faults of eBackup.
Table 7-1 Steps for rectifying faults of eBackup
Step Operation Description
Step 1 Record the System messages (such as error codes and job details)
system that are displayed after a fault occurs can be used to
messages locate and rectify the fault.
when faults
occurred.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 280
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step Operation Description
Step 2 Record what Ask yourself the following questions:
you were ● What is the environment?
doing when For example, if the current backup system has a
faults backup server as well as backup proxies, on which
occurred. the operation is performed, the backup server or
backup proxies?
● What operation is performed?
For example, the rescan-scsi-bus.sh command is
executed to scan for newly mapped LUNs.
● What method is used to perform the operation?
For example, some operations can be performed on
the GUI of eBackup, while some operations can be
performed on the CLI or based on scripts.
● Has this operation been performed before? What is
the difference?
Step 3 Record all If no system messages are displayed, you can collect
information. alarms and logs. For details, see 7.2 Information
Collection.
Step 4 Rectify the After the fault is located, rectify the fault by following
fault. instructions in:
● System messages
● Alarms
● Logs
● 7.3 Troubleshooting Cases
Step 5 Contact If you cannot rectify the fault by following instructions
technical in the preceding information, summarize fault
support information and contact technical support engineers.
engineers.
7.2 Information Collection
After faults occur on eBackup, you can use system messages such as error codes
to rectify faults. If no system message is displayed when a fault occurs, or a fault
cannot be rectified after you take measures by following the instructions in the
system message, you can collect alarms, events, and logs in eBackup to locate and
rectify the fault.
7.2.1 Collecting System Messages and Alarm Information
After faults occur, handle them as instructed in system messages and alarm
information.
● eBackup provides details about all jobs. Causes for the failure of most jobs are
available in job details. You can locate root causes based on job details and
then take troubleshooting measures.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 281
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
● eBackup provides comprehensive error code information, including error
causes and recommended actions. You can handle errors based on error
codes.
7.2.2 Collecting Log Information
You can periodically export log data for checking and analysis to get accurate
information about the backup server.
Prerequisites
● You have obtained a SmartKit installation package of V200R007C00RC10 or a
later version. This section uses V200R007C00RC10 as an example. The
package name is SmartKit_V2R7C00RC10.zip. Obtain the installation
package as follows:
– For enterprise users: Click here.
– For carrier users: Click here.
● You have obtained the OceanStor BCManager
8.1.0_eBackup_Service_Euler_arm64.zip (for Euler, Arm architecture), or
OceanStor BCManager 8.1.0_eBackup_Service_Euler_x86_64.zip (for Euler,
x86 architecture) software package.
Obtain the software packages as follows:
– For enterprise users: Click here.
– For carrier users: Click here.
NOTE
● During the inspection, obtain the software package that is compatible with the
eBackup server. Otherwise, the inspection result will be incorrect. For example, you
cannot use the X86 software package to inspect the TaiShan server.
● The software package name changes with the actual software version, software
package must be the actual version in use.
● The eBackup server is normal.
● You have obtained the backup management plane IP address of the eBackup
and hcp account password. The initial password of user hcp is
PXU9@ctuNov17!. Change the password regularly for security purposes.
NOTE
To prevent the software package from being maliciously tampered with during transmission
or storage, download the corresponding digital signature file for integrity verification while
downloading the software package.
After the software package is downloaded from Huawei Support website, verify its PGP
digital signature by referring to OpenPGP Signature Verification Guide. If the verification
fails, do not use the software package, and contact Huawei technical support.
Before the software package is used for installation or upgrade, its digital signature also
needs to be verified by referring to the OpenPGP Signature Verification Guide to ensure
that the software package is not tampered with. To obtain this document, visit the
following link:
For carrier users, log in to http://support.huawei.com/carrier/digitalSignatureAction.
For enterprise users, log in to https://support.huawei.com/enterprise/en/tool/pgp-verify-
TL1000000054.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 282
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Context
Run logs of eBackup will be compressed and dumped. You can view the retention
policy of run logs in file /opt/huawei-data-protection/ebackup/conf/
hcplogrotate.conf on any eBackup server. Details are as follows:
● maxage indicates the retention period of compressed log files (unit: day).
● rotate indicates the number of retained compressed log files.
● size indicates the specified size of each log file. When a log file reaches the
value of size (unit: MB), the log file will be compressed and dumped.
Procedure
Step 1 Decompress OceanStor BCManager 8.1.0_eBackup_Service_Euler_arm64.zip or
OceanStor BCManager 8.1.0_eBackup_Service_Euler_x86_64.zip in the
maintenance terminal.
After the decompression, you obtain the following two files:
● OceanStor-eBackup-xxx-Collect.zip
● OceanStor-eBackup-xxx-Inspect.zip
Step 2 Install and log in to SmartKit.
NOTE
The operation of SmartKit may vary between different versions.
Step 3 After you log in to SmartKit, if a message is displayed asking you to upgrade tools,
click Upgrade.
Step 4 On the home page, open Function Management.
Step 5 Click Import to import the OceanStor-eBackup-xxx-Collect.zip information
collection tool package.
If the following information is displayed, rename the OceanStor-eBackup-xxx-
Collect.zip information collection tool package and import it again.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 283
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 6 In the Verification and Installation window, select Information Collection, and
click Install.
Step 7 After the import is successful, Import succeeded message is displayed. Click OK.
Step 8 Select Storage and click Storage Information Collection.
Step 9 On the Storage Information Collection page, click Information Collection.
Step 10 Click Add Device.
Step 11 Configure basic login information.
1. Enter the management plane physical IP address of the eBackup server.
NOTE
If you need to collect information about multiple eBackup nodes, fill in the
configuration page multiple times.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 284
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
2. If passwords are not used to log in to the eBackup server, click Customize
Authentication. In the dialog box that is displayed, select an authentication
mode, and click OK.
Step 12 Click Next.
Step 13 Configure authentication information.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 285
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
● Username and password authentication
Enter your username and password and click Finish.
Default account: hcp. Default password: PXU9@ctuNov17!.
● Publickey authentication
Set Username to hcp, select a key file, enter the key password, and then click
Finish.
For details about how to obtain the key file and key password, see 6.5
Logging In to eBackup Server Using Public Key Authentication.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 286
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
If the following dialog box is displayed, click OK.
If the following dialog box is displayed, click OK.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 287
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 14 Select the added device and click Collect.
Step 15 After information is collected, click Open Directory and view the collected logs.
----End
7.3 Troubleshooting Cases
This section describes how to handle issues that may occur during installation,
configuration, and maintenance of eBackup.
7.3.1 Installation and Uninstallation
7.3.1.1 The Uninstallation Task Lasts for a Long Period After the uninstall.sh
Command Is Executed
Symptom
The uninstall.sh command is executed to uninstall eBackup. The uninstallation
task lasts for a long period.
Possible Causes
The storage mounted to the eBackup server is inaccessible.
Procedure
Step 1 Run the reboot command to restart the eBackup server OS.
Step 2 Go to the /opt/huawei-data-protection/ebackup/bin directory and run the sh
uninstall.sh command to uninstall eBackup.
Step 3 If the problem is not resolved, contact Huawei technical support.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 288
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
7.3.1.2 The Newly Added Backup Proxy Cannot Be Viewed on the Backup
Server Page
Symptom
After the backup proxy is configured, the newly added backup proxy cannot be
viewed by choosing Monitor > Server on the backup server page.
Possible Causes
The public key file between the backup server and the backup proxy is not paired.
As a result, the communication between the backup proxy and backup server fails.
Procedure
Step 1 Use PuTTY to log in to the backup proxy.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the cd /opt/huawei-data-protection/ebackup/conf/cert/ command.
Step 4 Run the cat BackupNode.pub command to open the BackupNode.pub file and
record the content of the file.
Step 5 Log in to the backup server using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 6 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 7 Run the cd /opt/huawei-data-protection/ebackup/cli/ command.
Step 8 Run the sh hcpcli.sh admin command and enter the password of user admin as
prompted.
The default password is PXU9@ctuNov17!, which is the same as the password of
user admin for logging in to the eBackup GUI.
Step 9 Enter management in CLI mode.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 289
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 10 Enter add public_key <pubkey> to add the content of the BackupNode.pub file
of the backup proxy recorded in Step 4.
Step 11 Run the exit command.
Step 12 Run the setting command.
Step 13 Run the show server_public_key command to check the public key of the backup
server and copy the key.
Step 14 Use PuTTY to log in to the backup proxy.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 15 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 16 Run the cd eBackup software package decompression path command to go to the
directory where the eBackup software package is decompressed.
Step 17 Run the service hcp stop command to stop the service.
Step 18 Run the sh ebackup_utilities.sh config command to reconfigure the backup
proxy. In the step of adding the public key of the backup server, enter the copied
public key in Step 13 and press Enter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 290
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 19 Log in to the backup server GUI and choose Monitor > Server. The new proxy is
added.
----End
7.3.2 Login
7.3.2.1 The eBackup GUI Displays a Message Indicating "System Is in
Restricted Mode" When I Log In to eBackup
Symptom
The eBackup GUI displays a message indicating "system is in restricted mode"
when I log in to eBackup.
Possible Causes
The database is abnormal, or the database memory is insufficient.
Procedure
Step 1 Possible cause 1: The database is abnormal, or the database memory is
insufficient.
1. Log in to the eBackup server using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
2. Run the su root command and enter the password of user root to switch to
user root.
The default password of user root is Cloud12#$.
3. Run TMOUT=0 to prevent system timeout.
NOTE
After you run this command, the system continues to run even when no operation is
performed, posing a risk. For security purposes, you are advised to run exit to exit the
system after completing your operations.
4. Run df -h /opt to check whether the remaining capacity of the storage where
the database file resides is insufficient. If the capacity usage is higher than
96%, the remaining capacity is insufficient.
– If yes, run rm File name or rm -rf Folder name to delete unneeded files
or folders other than eBackup software.
– If no, go to Step 1.5.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 291
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
5. Run free -m to check whether the available memory capacity is insufficient. If
the available memory capacity is smaller than 1 GB, the capacity is
insufficient.
– If yes, terminate unneeded processes to release capacities.
– If no, go to Step 1.6.
6. Log in to eBackup again.
7. If the problem persists, contact technical support engineers.
----End
7.3.3 Backup
7.3.3.1 A Backup Job May Be in the In progress State and Cannot Be
Interrupted If the Network of an NFS Storage Unit Is Constantly or
Intermittently Interrupted During Backup
Symptom
A backup job may be in the In progress state and cannot be interrupted if the
network of an NFS storage unit is constantly or intermittently interrupted during
backup.
On a backup proxy, run the ps aux|grep BackupNode command. Some processes
whose names are BackupNode are in D status.
Possible Causes
Data is written into the storage unit. Wait for the system response. If the network
of the NFS storage unit is constantly or intermittently interrupted, the entire
network will be interrupted. As a result, the backup job enters the In progress
status and cannot be interrupted.
Procedure
Step 1 Run the reboot command to restart the backup proxy operating system.
● If the operating system is restarted successfully, no further action is required.
● If the operating system fails to be restarted, go to Step 2.
Step 2 Run the following two commands one by one to restart the backup proxy
operating system.
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger
NOTE
If the backup proxy operating system can be restarted normally, the problem is solved.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 292
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
7.3.3.2 A Backup Job May Be in the In progress State for a Long Time If
Networks of Production Storage Are Constantly or Intermittently
Interrupted During Backup
Symptom
A backup job may be in the In progress state for a long time and the backup
progress remains unchanged if networks of production storage are constantly or
intermittently interrupted during backup.
Possible Causes
When data is read from storage devices, if the networks of the production storage
are constantly or intermittently interrupted, read operations enter the waiting
state. As a result, the backup job is in the In progress state for a long time.
Procedure
Step 1 Use PuTTY to log in to the backup proxy that runs the backup task.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent the system from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, posing security risks. For security purposes, you are advised to run
the exit command to exit the system after completing your operations.
Step 4 Run the ping Storage service IP address command to check the network
connectivity.
● If the network is interrupted constantly or intermittently:
Check and reconnect networks between backup storage and eBackup hosts.
NOTE
After network connections become normal, execute the backup jobs again. If backup
jobs are not restored, go to Step 5.
● If the network connections are normal:
Contact technical support engineers.
Step 5 After the network connections are restored by performing the preceding
operations, if backup jobs are not restored, run the reboot command to restart the
operating system of the backup proxy. If the operating system fails to be restarted,
run the following command to forcibly restart it.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 293
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
NOTICE
Restarting the operating system of the backup proxy interrupts services. If HA is
configured and the active node is restarted, an HA active/standby switchover will
be triggered. Services may be interrupted for a maximum of 2 minutes.
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger
----End
7.3.3.3 A VM Fails to Be Backed Up and a VM Snapshot Fails to Be Created
on the Task Details Page
Symptom
A VM fails to be backed up and a VM snapshot fails to be created on the task
details page.
Possible Causes
● Tools of the VM are not installed. You need to install Tools.
The job details are as follows:
● After the CPU or memory configuration of a VM is modified and the VM is
not restarted, the VM on FusionCompute is not restarted. Otherwise, the
snapshot fails to be created.
The task details are as follows:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 294
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
● Failed to create a snapshot because the FusionCompute system is abnormal.
The job details are as follows:
● Failed to create a snapshot because the remaining storage capacity of the VM
is insufficient and the number of snapshots in the system has reached the
upper limit.
The job details are as follows:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 295
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Procedure
Step 1 Possible cause 1: Tools are not installed on the VM.
1. Use a browser to log in to the FusionCompute page.
2. Click the VM and view the Tools status of the VM on the Summary page.
3. If Tools on the VM is in the Not Running state, Tools is not installed on the
VM. Install Tools on the VM by referring to Installing Tools in
FusionCompute 8.1.0 Product Documentation.
4. Perform the backup job again.
Step 2 Possible cause 2: The VM is not restarted after its CPU or memory configuration is
modified.
1. Use a browser to log in to the FusionCompute page.
2. Click the VM and restart the VM on the VM page. Before the restart, ensure
that no service is running on the VM.
3. After the restart is complete, perform the backup job again.
Step 3 Possible cause 3: Failed to create a snapshot because the FusionCompute system is
abnormal.
1. On eBackup GUI, find the name of the protected object corresponding to the
failed job.
2. Use a browser to log in to the FusionCompute page.
3. Locate the VM that fails to be backed up.
4. Forcibly restart the VM and perform the backup job again.
Step 4 Possible cause 4: Failed to create a snapshot because the remaining storage
capacity of the VM is insufficient and the number of snapshots in the system has
reached the upper limit.
1. On eBackup GUI, find the name of the protected object corresponding to the
failed job.
2. Log in to the VM using PuTTY.
3. Delete unnecessary data from the VM to release storage space.
4. Search for the residual snapshot to be deleted.
a. On eBackup GUI, choose > Job.
b. Click Advanced in the upper right corner of the page and filter backup
jobs by protected object name and failed backup plan name.
c. In the backup job list, find the earliest backup job that is successfully
executed while snapshot deletion fails in the task details and record the
snapshot name displayed in the job details.
d. Search for all backup jobs that meet the search criteria in time sequence
from the backup job found in Step 4.4.c (backup job that is successfully
executed while snapshot deletion fails in the job details), and record the
snapshot name in the job details.
5. Use a browser to log in to the FusionCompute page.
6. Locate the VM that fails to be backed up and delete all snapshots recorded in
Step 4.4.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 296
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
7. Forcibly restart the VM and perform the backup job again.
----End
7.3.3.4 VM Backup Fails and the Disk Description Fails to Be Obtained in the
Task Details on the GUI
Symptom
The VM fails to be backed up on eBackup. The task details on the GUI show that
the disk description fails to be obtained.
Possible Cause
You have modified the disk attributes, added disks, or deleted disks at the VM
production site (FusionCompute), or performed a disk restore job on eBackup.
Procedure
Step 1 Log in to the eBackup GUI as user admin.
Step 2 On the navigation bar, choose Protected Environment > FusionSphere.
Step 3 Click on the right of the protected environment to scan the protected
environment again.
Step 4 Click OK. Wait until the scanning is complete.
Step 5 Perform the backup job again.
----End
7.3.3.5 Disks of VMs Cannot Be Selected When You Create or Modify a
Protected Set on eBackup
Symptom
Disks of VMs cannot be selected when you create or modify a protected set on
eBackup.
Possible Causes
● The disk does not support backup. If the disk type is Shared or Non-shared
and the disk mode is Independent & persistent or Independent &
nonpersistent, backup is not supported.
● Disk properties have been modified or disks are added or deleted.
Procedure
Step 1 Possible cause 1: The disk does not support backup.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 297
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
1. Log in to the FusionCompute GUI as user admin.
2. In the navigation tree, click VM and Template.
3. Click VM.
4. Locate the VM where the disk resides and click the VM name.
5. Choose Hardware > Disks to check whether the disk is a shared disk.
– If yes, the disk does not support backup. No further action is required.
– If no, click Modify Disk to view the disk mode.
● If the disk mode is Independent & persistent or Independent &
nonpersistent, the disk does not support backup. No further action is
required.
● If the disk mode is Dependent, go to Step 2.
Step 2 Possible cause 2: After you modify disk properties, add disks, or delete disks on the
VM production end (FusionCompute), the VM disk cannot be selected when you
create or modify a protected set.
1. Log in to the eBackup GUI as user admin.
2. On the navigation bar, choose Protected Environment > FusionSphere.
3. Click on the right of the protected environment to scan the protected
environment again.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 298
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
4. Click OK. Wait until the scanning is complete.
5. On the navigation bar, choose Backup > Protected Set. Move the mouse
pointer to the protected set that you want to modify and click in the
button area on the right, or click the protected set that you want to modify
and click in the preview area on the right. Modify the disk of the protected
set where the VM is located.
6. Perform the backup job again.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 299
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
7.3.3.6 What Should I Do If an Internal Error Is Reported After a Disk Fails to
Be Opened, Read, Or Closed During Backup?
Symptom
An internal error is displayed in the job details of eBackup after a disk fails to be
opened, read, or closed during backup.
Possible Causes
1. The production management plane of eBackup fails to communicate with
CNA.
2. Multiple network adapters of eBackup are configured on the same network
segment.
3. After the IP address of eBackup is changed, the sh ebackup_utilities.sh
config command is not executed.
Fault Diagnosis
1. Check whether the production management plane of eBackup is connected to
the CNA network plane.
a. Check the production management plane IP address.
i. Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
ii. Run the following command to go to the conf directory:
cd /opt/huawei-data-protection/ebackup/conf
iii. Run the following command to query the production management
plane IP address of eBackup:
grep ProtectedEnvironmentManagementPlane privateconf.ini
The following command output is displayed:
[hcp@eBackup conf]$ grep ProtectedEnvironmentManagementPlane privateconf.ini
ProtectedEnvironmentManagementPlane=192.168.131.10|28:6e:d4:89:f0:3f
b. Check the IP address of CNA.
Refer to 7.2.2 Collecting Log Information to find logs of the backup job
and search for keyword Connect To. You can find the IP address of CNA
that fails to be connected. For details, see the following figure.
c. Run the following command to check whether the production
management plane is connected to CNA:
ping -I <IP address of the production management plane> <IP address of
CNA>
For example, the IP address of the production management plane is
192.168.100.101, and the IP address of CNA is 192.168.72.56. You can run
the following command to test the connection.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 300
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
ping -I 192.168.100.101 192.168.72.56
2. Check whether multiple network adapters of eBackup are configured on the
same network segment.
3. Check whether the sh ebackup_utilities.sh config command is executed after
the IP address of eBackup is changed.
Procedure
Step 1 Possible cause 1: The production management plane of eBackup fails to
communicate with CNA.
Refer to 1.a to check whether the IP of the ProtectedEnvironmentStoragePlane
is the IP when planning.
If the configuration is incorrect, run the sh ebackup_utilities.sh config command
to reconfigure it. If the configuration is correct, check the network.
NOTE
Before running the sh ebackup_utilities.sh config command, you need to run the service
hcp stop command to stop the eBackup service.
Step 2 Possible cause 2: Multiple network adapters of eBackup are configured on the
same network segment.
● Solution 1: Configure the network adapters to different network segments.
● Solution 2: Retain only one network adapter on the network segment. Disable
other network adapters.
a. Run the following command to disable the network adapter:
ifdown the name of the network adapter to be disabled
b. Run the sh ebackup_utilities.sh config command to combine planes
corresponding to network adapters with that of the retained network
adapter.
NOTE
Before running the sh ebackup_utilities.sh config command, you need to run
the service hcp stop command to stop the eBackup service.
c. If the network adapters used by the storage plane are disabled, manually
unmount the storage unit. Wait for five minutes till the storage unit is
mounted by eBackup, and perform service operations such as backup and
restore.
Run the mount command.
eBackup:/opt/huawei-data-protection/ebackup/conf # mount
/dev/xvda2 on / type ext3 (rw,errors=panic)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,mode=1777)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
securityfs on /sys/kernel/security type securityfs (rw)
configfs on /sys/kernel/config type configfs (rw)
gvfs-fuse-daemon on /root/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev)
/dev/sr0 on /media/SLES-11-SP3-DVD-x86_6407031 type iso9660 (ro,nosuid,nodev,uid=0)
192.168.10.61:/ltw_NAS02 on /opt/huawei-data-protection/ebackup/bricks/9b6cba36-
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 301
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
f8e4-4acd-86e7-5d9537fd945c type nfs
(rw,retry=1,retrans=20,soft,nolock,timeo=60,addr=192.168.10.61)
192.168.10.61:/ltw_NAS02 on /opt/huawei-data-protection/ebackup/db_bak type nfs
(rw,retry=1,retrans=20,soft,nolock,timeo=60,addr=192.168.10.61)
none on /var/lib/ntp/proc type proc (ro,nosuid,nodev)
The path under /opt/huawei-data-protection/ebackup/bricks is used as
the record of the mount point, indicating the storage unit.
Run the umount Mounting directory command to unmount the directory.
eBackup:/opt/huawei-data-protection/ebackup/conf # umount /opt/huawei-data-protection/
ebackup/bricks/9b6cba36-f8e4-4acd-86e7-5d9537fd945c
For example, if the first and second network adapters are in the same
network segment, the first network adapter is used as the backup
management plane, and the second network adapter is used as the
production management plane, disable the second network adapter and
run the sh ebackup_utilities.sh config command to configure the
backup management plane and production management plane to the
first network adapter.
NOTICE
For security purposes, you must isolate the following three groups of
planes:
▪ Backup management plane and production management plane
▪ Internal communication plane
▪ Storage plane
Step 3 Possible cause 3: After the IP address of eBackup is changed, the sh
ebackup_utilities.sh config command is not executed.
For details, see 9.4 Reconfigure eBackup Servers after Changing the IP Address.
----End
7.3.4 Restore
7.3.4.1 xfs File System in FusionSphere VMs Failed to Be Mounted
Symptom
When a disk (xfs file system) is repetitively recovered to a FusionSphere VM that
has mounted multiple disks (xfs file system), xfs file systems failed to be mounted.
Possible Causes
The superblock of an xfs file system stores a unique UUID about the file system. If
a VM has mounted multiple disks (xfs file system), multiple same UUIDs exist on
the VM, causing the file system mounting to fail.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 302
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Fault Diagnosis
When mounting xfs file systems, use parameters without UUID control or
reallocate a new UUID to ensure uniqueness of the UUIDs.
Procedure
Step 1 Log in to the VM that failed to mount xfs file systems.
Step 2 Troubleshoot the problem in either of the following ways:
● Use a parameter without UUID when mounting an XFS file system: Run
mount -o nouuid /dev/** /**.
● Reallocate a new UUID: Run xfs_admin -U generate /dev/**.
NOTE
● The ** is the wildcard of the system disk.
● Because setting a parameter without UUID requires you to execute the command every
time, you are advised to reallocate a new UUID.
----End
7.3.4.2 After a Restore Job Is Successfully Executed, Restored Non-system
Disks Are Not Displayed on the Virtual Machine Running Windows 7
Symptom
After a restore job is successfully executed, restored non-system disks are not
displayed on the virtual machine running windows 7.
Possible Causes
Restricted by Windows 7.
Procedure
Step 1 On the desktop of the Windows 7 operating system, right-click the Computer
icon.
Step 2 Choose Manage from the shortcut menu.
The Computer Management window is displayed.
Step 3 In the left navigation tree, choose Storage > Disk Management.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 303
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 4 Right-click a restored disk and choose Online from the shortcut menu.
NOTE
A disk in the Offline state is a restored disk.
In the Disk Management area, the restored disks are displayed.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 304
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
----End
7.3.4.3 Linux VM Network Adapters Are in Disorder When Data Is Restored
From a VM Or System Disks to a New VM
Symptom
After data is restored from a FusionSphere virtual machine (VM) or system disks
to a new VM, Linux VM network adapters are in disorder. IP addresses
disappeared.
Possible Causes
The configuration information for network adapters conflict in the Linux operating
system.
NOTE
When data is restored from a FusionSphere VM or system disks to a new VM, the IP address
and domain name on system disks are not modified. Instead, they are to be modified by the
customer.
The following uses Euler OS 2.9 as an example.
Procedure
Step 1 Log in to a VM using VNC. Run the following command to delete a rule file whose
name contains persistent and net from the network rule directory. If the file does
not exist, go to Step 2.
rm /etc/udev/rules.d/XX-persistent-net.rules //XX varies with environments
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 305
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 2 Run the following command to restart the VM.
reboot
Step 3 Log in to the VM again using VNC and run the following command to view
network configuration of the VM.
ifconfig -a
Step 4 Run the following command to check whether the XX-persistent-net.rules file
exists in the etc/udev/rules.d/ directory:
ls /etc/udev/rules.d/
● If no, go to Step 5.
● If yes, go to Step 6.
Step 5 Run the following command to generate the XX-persistent-net.rules file:
export INTERFACE="enp4s0"
export MATCHADDR="28:6e:d4:89:63:74"
/lib/udev/write_net_rules
NOTE
● In the first command, the double quotation marks (" ") indicate the network adapter
name in the network adapter configuration information queried in Step 3.
● In the second command, the double quotation marks (" ") indicate the physical address
of the network adapter.
● When you run the third command for the first time, an error message may be displayed,
indicating that the file does not exist. Ignore the error message.
Repeat the preceding operations until the configuration information about all
network adapters queried in Step 3 is written into the XX-persistent-net.rules
file. Run the cat /etc/udev/rules.d/XX-persistent-net.rules command to verify
that the file content is correct.
Step 6 Run the following command to check whether the network adapter name in the
ifcfg-XXX network adapter configuration file is the same as that in the network
configuration information queried in Step 3.
ls /etc/sysconfig/network-script/
NOTE
The path of the network adapter configuration file varies according to the actual situation.
XXX in ifcfg-XXX is the name of each network adapter.
● If yes, go to Step 11.
● If no, go to Step 7.
Step 7 Run the following command to use the VI editor to open the rule file whose name
contains persistent and net in the network directory.
vi /etc/udev/rules.d/XX-persistent-net.rules //XX varies with environments.
Step 8 Press i to enter the editing mode.
Step 9 In the XX-persistent-net.rules file, change the disordered network adapter names
to be the same as those in the network adapter configuration file.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 306
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 10 Press Esc, enter :wq, and press Enter to save the modification.
Step 11 Run the following command to open each network adapter configuration file in
the /etc/sysconfig/network-script/ directory:
vi /etc/sysconfig/network-script/ifcfg-XXX
NOTE
The path of the network adapter configuration file varies according to the actual situation.
XXX in ifcfg-XXX is the name of each network adapter.
Step 12 Press i to enter the editing mode.
Step 13 Set the IP address in the network adapter configuration file again.
NOTE
Ensure that the IP address to be configured is not used by other VMs or network adapters.
Otherwise, the configuration may fail.
Step 14 Press Esc, enter :wq, and press Enter to save the modification.
Step 15 Repeat Step 11 to Step 14 to ensure that the IP addresses in all network adapter
configuration files are correct.
Step 16 Run the following command to restart the VM.
reboot
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 307
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
7.3.4.4 Residual Disk Cannot Be Automatically Detached from the Target VM
After a File-Level Restore Task Fails
Symptom
After the file-level restore task fails, the disk remains on the target VM. The
eBackup clearing task fails to detach the disk. However, the task of disk detach
failure is displayed in the task list of FusionCompute.
Possible Causes
VIRTIO disks cannot be detached online after an exception occurs.
Procedure
Step 1 Log in to the FusionCompute management page.
Step 2 Locate the target VM and choose More > Power > Forcibly Stop to stop the VM.
Step 3 After the VM is shut down, choose Configuration > Disk. The disk management
page is displayed.
Step 4 Locate the disk whose name starts with HCP-FLR, and choose More > Detach to
detach the disk.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 308
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 5 Click Start to start the VM.
Step 6 The clearing task of eBackup automatically clears the residual disks and
datastores of the file-level restore task.
----End
7.3.5 Application
7.3.5.1 When a User Runs the rescan-scsi-bus.sh Command to Scan for the
New Mapped LUNs, the Task Keeps Running for a Long Time
Symptom
If an eBackup server is added to a Huawei distributed block storage cluster and
the system has new mapped LUNs, the task keeps running for a long time and
cannot stop when you run the rescan-scsi-bus.sh command to scan for the new
mapped LUNs.
Possible Causes
The Huawei distributed block storage agent version does not match the Huawei
distributed block storage version. As a result, the LUN scanning function on the
eBackup server is abnormal.
Procedure
Step 1 Restart the operating system of the eBackup server.
Step 2 For details about how to add the eBackup server to a Huawei distributed block
storage cluster again, see 3.4.1 Adding an eBackup Server to a Huawei
Distributed Block Storage Cluster (Applicable to Huawei Distributed Block
Storage 8.1.0/8.1.1).
----End
7.3.5.2 The eBackup Service Stops When the Capacity Usage of the /opt
Partition on the Backup Server Exceeds 96%
Symptom
The eBackup service stops when the capacity usage of the /opt partition on the
backup server exceeds 96%, and you cannot log in to eBackup.
Possible Causes
The capacity usage of the /opt partition is insufficient.
Procedure
Step 1 Log in to the backup server using PuTTY.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 309
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run su root and enter the password of the root account to switch to the root
account.
The default password of user root is Cloud12#$.
Step 3 Run TMOUT=0 to prevent the system from exiting due to timeout.
Step 4 Run df -h /opt to check the remaining space of /opt. When the capacity usage
exceeds 96%, run rm File name or rm -rf Folder name to delete unneeded files
or folders other than the eBackup software.
Step 5 Run the service hcp start command to start the eBackup service.
Step 6 Log in to eBackup again.
----End
7.3.5.3 A Standby Node Fails to Be Removed When the HA Function Is Being
Used and the Standby Node Is in the Irrecoverable Inaccessible State
Symptom
A standby node fails to be removed on the GUI when the HA function is being
used and the standby node is in the irrecoverable Inaccessible state.
Possible Causes
● An error occurs on the network between the active and standby nodes.
● A process on the active or standby node is faulty.
Procedure
Step 1 Log in to the standby node using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of account root to switch to
account root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent the system from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run when no operation is
performed, posing a security risk. For security purposes, you are advised to run exit to exit
the system after completing your operations.
Step 4 Run the service hcp status command to check whether the eBackup service is
normal.
● If yes => Go to Step 5
● If no => Uninstall eBackup software. For details, see section 6.8.2.1
Uninstalling the eBackup Software.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 310
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 5 Clear HA configuration information. For details, see 6.8.5.5 Clearing HA
Configuration Information.
Step 6 Log in to the active node using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 7 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 8 Run the TMOUT=0 command to prevent the system from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run when no operation is
performed, posing a security risk. For security purposes, you are advised to run exit to exit
the system after completing your operations.
Step 9 Clear HA configuration information. For details, see 6.8.5.5 Clearing HA
Configuration Information.
Step 10 Stop the HA process. For details, see 6.8.5.3 Stopping the HA Process.
Step 11 Wait several minutes, and check whether the standby node has been removed on
the GUI. If the fault persists, contact technical support engineers.
----End
7.3.5.4 In an HA Scenario, After Command sh status_ha.sh Is Executed on
Both Active and Standby Nodes, the Command Output Indicates Abnormal
GaussDB Resources
Symptom
In an HA scenario, after command sh status_ha.sh is executed on both active and
standby nodes, the command output indicates abnormal GaussDB resources. For
details about the command, see 6.8.5.4 Querying the HA Active/Standby State.
Normal command output:
If the command output is not similar to that in the red rectangle in the preceding
figure, the resources are abnormal. The following figure is an example.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 311
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Possible Causes
Synchronization between active and standby databases is abnormal.
NOTICE
The following operations may result in loss of some data.
Procedure
Step 1 Log in to either of the active and standby nodes using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of account root to switch to
account root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run when no operation is
performed, posing a security risk. For security purposes, you are advised to run exit to exit
the system after completing your operations.
Step 4 Run the cd /opt/huawei-data-protection/ebackup/bin command to go to the
path saving the command for monitoring data synchronization between active
and standby GaussDB databases.
Step 5 Run the sh db_sync_monitor.sh get_status command, and record the command
output.
DB last online role : Primary
DB last online time : 2016-04-14 16:38:31
Step 6 Log in to the other node using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 7 Run the su root command and enter the password of account root to switch to
account root.
The default password of user root is Cloud12#$.
Step 8 Run the TMOUT=0 command to prevent PuTTY from exiting due to timeout.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 312
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
NOTE
After you run the preceding command, the system continues to run when no operation is
performed, posing a security risk. For security purposes, you are advised to run exit to exit
the system after completing your operations.
Step 9 Run the cd /opt/huawei-data-protection/ebackup/bin command to go to the
path saving the command for monitoring data synchronization between active
and standby GaussDB databases.
Step 10 Run the sh db_sync_monitor.sh get_status command, and record the command
output.
DB last online role : Standby
DB last online time : 2016-04-14 16:38:31
Step 11 Compare the preceding recorded command outputs to determine the active node.
● Choose the node whose DB last online role is Primary as the active node.
● If values of DB last online role for the two nodes both are Primary, choose
the node whose DB last online time is later as the active node.
Step 12 On the active node, run the service hcp restart force command to forcibly restart
the hcp process.
Step 13 Log in to the GUI and check whether node status is normal. For details, see 9.1
Logging In to the eBackup GUI and 6.1.4 Managing an eBackup Server. If the
fault persists, contact technical support engineers.
----End
7.3.5.5 In an HA Scenario, the Active and Standby Nodes Are Correctly
Configured. However, Services on the Active Node Fail to Be Started
Symptom
1. In a high availability (HA) scenario, services on the active node fail to be
started. The following command output is displayed after the service hcp
start command is executed on the active node:
eBackup: /opt/huawei-data-protection/ebackup/conf #service hcp start
Starting Huawei eBackup Service
This is primary node, but syncronized status is not correct.Restore the environment by seeing related
fault cases in the corresponding product documentation.
2. After the service hcp start command is executed on the standby node,
services on the standby node are started properly. About 2 minutes later, the
standby node becomes the active node because the original active node fails
to be started. The service hcp status command is executed again to check
the eBackup process. The command output indicates that AdminNode is not
running. As a result, the system login fails.
eBackup: /home #service hcp start
Starting Huawei eBackup Service
eBackup: /home #service hcp status
Checking for Huawei eBackup Service
gaussdb is running
AdminNode isn't running.
BackupNode is running
hcplogrotate is running
apache/iBase is running
dsware_agent is running
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 313
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
HCPProcessMonitor is running
OmmHaMonitor is running
Possible Causes
Services on the active node, standby node, and backup proxies are stopped or an
unexpected power outage occurs. Services on all nodes are restarted after more
than 10 minutes or when the time difference between the original system time
and modified system time is more than 10 minutes. As a result, the services on the
active node fail to be started.
Procedure
Step 1 Log in to the backup server using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of account root to switch to
account root.
The default password of user root is Cloud12#$.
Step 3 Run TMOUT=0 to prevent the system from exiting due to timeout.
NOTE
After you run this command, the system continues to run when no operation is performed,
posing a risk. For security, run exit to exit the system after completing your operations.
Step 4 Run the sh /opt/huawei-data-protection/ebackup/bin/db_sync_monitor.sh
get_status command on both nodes to determine the active node.
● If the role of one node is Primary, and that of the other node is Standby, the
node whose role is Primary is the active node.
● If roles of both nodes are Primary, the node that goes online later is the
active node.
Step 5 On the original active node, run the service hcp start force command to forcibly
start services.
----End
7.3.5.6 Backup Proxies Fail to Be Registered on the Backup Server Because
Public and Private Key Information Has Changed After eBackup Is
Reconfigured
Symptom
The backup server and backup proxies are deployed on different nodes. After
disaster recovery is performed for the backup server or backup proxies are
incorrectly configured, the backup proxies cannot be registered on the backup
server.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 314
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Possible Causes
Public and private key information has changed after eBackup is reconfigured.
Procedure
Step 1 Log in to the backup proxy using PuTTY.
Default account: hcp; default password: PXU9@ctuNov17!
Step 2 Run the su root command and enter the password of account root to switch to
account root.
The default password of the root account is Cloud12#$.
Step 3 Run the cat /opt/huawei-data-protection/ebackup/conf/cert/BackupNode.pub
command to obtain the public key of the backup proxy.
Step 4 Use the hcp account to log in to the backup server through SSH (the default
password is PXU9@ctuNov17!).
Step 5 Run the cd /opt/huawei-data-protection/ebackup/cli/ command to go to
the /opt/huawei-data-protection/ebackup/cli/ directory.
Step 6 Run the sh hcpcli.sh admin command and enter the password.
The default password is PXU9@ctuNov17!, which is the same as the password of
user admin for logging in to the eBackup GUI.
Step 7 Run the management command to enter the management view.
Step 8 Run the add public_key public_key command to add the public key of the backup
proxy to the backup server. In the preceding command, public_key is the obtained
public key of the backup proxy. The public key consists of 40 characters.
Step 9 Run the service hcp restart command to restart the eBackup process.
----End
7.3.5.7 The License Becomes Unavailable After HA Is Enabled and an Active/
Standby Switchover Is Performed
Symptom
The license becomes unavailable after HA is enabled and an active/standby
switchover is performed.
Possible Causes
After the switchover, the ESNs of the current active node do not exist in the license
file.
Procedure
Apply for a new license or change the ESN of the license (including the ESNs of
the active and standby nodes) and import the new license.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 315
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
For details, see OceanStor BCManager 8.1.0 eBackup License Application
Guide.
7.3.5.8 Backups Are Lost After the HA Function Is Enabled and an Active/
Standby Switchover Is Performed
Symptom
Backups are lost when the HA function is enabled and an active/standby
switchover is performed after the services on the standby node are stopped.
Possible Causes
After the switchover, database information is not synchronized.
Procedure
Step 1 Log in to the backup server using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of account root to switch to
account root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, posing security risks. For security purposes, you are advised to run
the exit command to exit the system after completing your operations.
Step 4 Run the cd /opt/huawei-data-protection/ebackup/cli command to go to
the /opt/huawei-data-protection/ebackup/cli directory.
Step 5 Run the sh hcpcli.sh admin command to log in to the CLI.
The default password is PXU9@ctuNov17!, which is the same as the password of
user admin for logging in to the eBackup GUI.
Step 6 Run the management command to enter the management view.
Step 7 Retrieve lost backups.
1. Query protected_object_id. Run the show protected_environment command
to query the ID of the protected environment whose backups are lost.
The following shows the command output.
2. Run the show protected_environment details=verbose ID=ID of the
protected environment command to query the ID of the protected object.
Obtain ID of the protected environment from Step 7.1.
Example:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 316
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
show protected_environment details=verbose ID=1
The following shows the command output.
3. Run the retrieve backup_image protected_object_id command to retrieve lost
backups.
Obtain protected_object_id from Step 7.2.
The following shows a command output example:
retrieve backup_image d2477874-97b9-5578-bb3c-8dfded73a32a
Command send successfully.
You can query the job progress on eBackup.
4. Log in to eBackup backup management system.
5. On the navigation bar, choose > Job.
6. Check the progress of the backup retrieval job. After the job is complete, the
following page is displayed.
On the navigation bar, choose > All Backups, and check whether the backups
are retrieved.
If no, perform Step 8.
Step 8 Restore storage units to retrieve lost backups.
----End
7.3.5.9 Failed to Delete backups
Symptom
After storage space is used up, backups fail to be deleted. In job details, message
"Failed to delete information of backup from database" is displayed.
Possible Causes
Space of storage units is used up.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 317
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Procedure
Step 1 Deactivate backup plans associated with faulty storage units.
1. Log in to eBackup backup management system.
2. On the navigation bar, choose > Backup Plan.
3. Click the backup plan associated with a faulty storage unit, and click the
drop-down arrow of Active in the preview area on the right to deactivate the
backup plan.
Step 2 Log in to the backup server using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 3 Run the su root command and enter the password of account root to switch to
account root.
The default password of user root is Cloud12#$.
Step 4 Run the TMOUT=0 command to prevent PuTTY from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, posing security risks. For security purposes, you are advised to run
the exit command to exit the system after completing your operations.
Step 5 Run the df -h command to query the mount point of the storage unit.
Example:
Step 6 Run the cd /opt/huawei-data-protection/ebackup/bricks/Mount point of the
storage unit command to go to the mount point of the storage unit.
Example:
cd /opt/huawei-data-protection/ebackup/bricks/94500ea0-8273–
4015-9f07-3e75bf16e9ea
Step 7 Run the du -sk DummyFileForDisasteryRecovery.tmp command to check
whether the size of file DummyFileForDisasteryRecovery.tmp is 100 MB.
Example:
Step 8 Run the > DummyFileForDisasteryRecovery.tmp command to clear content of
file DummyFileForDisasteryRecovery.tmp.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 318
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 9 Wait for 10 seconds, and run the du -sk DummyFileForDisasteryRecovery.tmp
command again.
Ensure that the file size is less than 10 MB, as shown in the following figure.
Step 10 The system will perform the delivered backup deletion job and backup expiration
job associated with the faulty storage unit within two hours, and the jobs will be
successfully executed.
Alternatively, you can delete backups on eBackup.
Step 11 Run the df -h command, and check whether the released storage unit space
exceeds 200 MB.
● If the released space exceeds 200 MB, go to Step 12.
● Otherwise, repeat Step 10.
Step 12 Restore file DummyFileForDisasteryRecovery.tmp.
1. Run the rm DummyFileForDisasteryRecovery.tmp command.
2. Wait while the system performs the restore job.
3. After six minutes, run the du -sk DummyFileForDisasteryRecovery.tmp
command to check whether the file is re-generated and the file size is 100
MB.
Step 13 Activate the backup plan associated with the faulty storage unit.
For details about activation operations, see Step 1.
----End
7.3.6 Maintenance
7.3.6.1 Large Time Difference Between the NTP Server and Backup Server
Symptom
There is a large time difference between the NTP server and backup server, and
the eBackup interface displays an alarm.
Possible Causes
If the network between the NTP server and backup server is disconnected or the
time of the NTP server is modified, there may be a time difference between the
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 319
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
NTP server and backup server. When the time difference is greater than 1 minute,
the eBackup interface displays an alarm.
The backup server attempts to synchronize time with the NTP server. If the time
difference is large, a large time change occurs on the backup server after time
synchronization. As a result, backup jobs are not executed as planned.
NOTE
If the impact is little according to your assessment, you may take no actions. Otherwise,
perform the following steps to resolve the problem. After you perform the following steps,
the eBackup service will restart, and the eBackup system cannot provide services externally
for a few seconds.
Procedure
Step 1 Log in to the eBackup system as the user admin.
Step 2 On the navigation bar, choose > System Time & Zone.
Step 3 Enter the local IP address of the backup server (127.0.0.1) in the NTP Server text
box, and click OK.
Step 4 In the Warning dialog box, click OK.
Step 5 Log in to the eBackup system again as the user admin.
Step 6 On the navigation bar, choose > System Time & Zone.
Step 7 Enter the IP address of the NTP server in the NTP Server text box, and click OK.
Step 8 In the Warning dialog box, click OK.
----End
7.3.6.2 The NTP Service of a Backup Proxy Is Abnormal, the Time of the
Backup Proxy Fails to Be Synchronized with that of the Backup Server, and
No Alarm Is Generated
Symptom
The time of a backup proxy is not synchronized with that of the backup server,
and no alarm is generated.
Possible Causes
A row starting with server in file /etc/ntp.conf does not exist. As a result, NTP
server configurations fail to be updated.
Procedure
Step 1 Log in to the backup proxy whose NTP service is abnormal using PuTTY.
Default account: hcp. Default password: PXU9@ctuNov17!.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 320
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
Step 2 Run the su root command and enter the password of account root to switch to
account root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent the system from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, posing security risks. For security purposes, you are advised to run
the exit command to exit the system after completing your operations.
Step 4 Run the cat /etc/ntp.conf | grep "^server*" command, and check whether any
command output is returned:
● If any command output is returned, contact Huawei technical support.
● Otherwise, go to Step 5.
Step 5 Log in to eBackup using the admin account.
Step 6 In the navigation tree, choose > Server.
Step 7 Query the IP address of the internal communication plane of the backup server.
● HA scenario:
Query the IP address of the internal communication plane of the backup
server whose role is Primary.
● Non-HA scenario:
Query the IP address of the internal communication plane of the backup
server.
Step 8 Run the echo "server IP address prefer minpoll 4 maxpoll 5" >> /etc/ntp.conf
command to add an NTP server.
IP address is obtained in Step 7.
Step 9 Run the following commands in sequence to make the settings effective:
cd /etc/init.d
hwclock --systohc > /dev/null 2>&1
service ntp restart > /dev/null 2>&1
chkconfig ntp 3 > /dev/null 2>&1
chkconfig ntp 5 > /dev/null 2>&1
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 321
OceanStor BCManager
eBackup User Guide 7 Troubleshooting
chkconfig ntp on > /dev/null 2>&1
cd -
Step 10 Run the service ntp status command, and check whether the command output
contains the internal communication IP address of the backup server:
● If the internal communication IP address is returned, this issue is resolved.
Example:
● Otherwise, contact Huawei technical support.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 322
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
8 Disaster Recovery
If the eBackup backup management system encounters an error, you can perform
disaster recovery to recover the eBackup backup management system and
applications. During initial system installation and configuration, backup of
management data is configured. Backup management data is used for system
restoration upon disasters.
8.1 Recovery Process
8.2 Collect Information
8.3 Installing a Backup Server
8.4 Configuring a Backup Server
8.5 Configuring Management Data Backup Storage
8.6 Restoring System Management Data and Storage Units
8.7 Restoring a Backup Proxy
8.1 Recovery Process
Perform disaster recovery when eBackup VMs or physical servers are faulty, or
when only the eBackup software is faulty, or only the management data is faulty.
NOTICE
● If the HA function is enabled, you need to remove the standby backup server
from the system before disaster recovery. Then perform disaster recovery by
following disaster recovery process. After the disaster recovery, add the
removed standby backup server to the system again.
● For details about how to remove and add a standby backup server, see step 5
in 6.1.4 Managing an eBackup Server.
● If a backup proxy fails to be registered with the backup server after disaster
recovery, rectify the fault as instructed in 7.3.5.6 Backup Proxies Fail to Be
Registered on the Backup Server Because Public and Private Key
Information Has Changed After eBackup Is Reconfigured.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 323
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
● Perform the following operations when eBackup VMs or physical servers are
faulty, or when only the eBackup software is faulty:
Figure 8-1 shows the eBackup disaster recovery process. For details about
disaster recovery for backup proxies, see 8.7 Restoring a Backup Proxy.
Figure 8-1 Disaster recovery flowchart
NOTE
After disaster recovery is complete, all passwords in the system are restored to the default
passwords. For security purposes, you are advised to change them as soon as possible.
● Perform 8.6 Restoring System Management Data and Storage Units when
eBackup VMs, physical servers, and eBackup software are normal and only
management data is faulty.
8.2 Collect Information
Before implementing disaster recovery, you need to collect internal
communication plane IP address of the backup server.
Prerequisites
● At least one normal backup proxy exists.
● You have obtained the backup management plane IP address of the backup
server and the password of user root. The default password is Cloud12#$.
● You have obtained the login password of the hcp account, the default
password of the hcp account is PXU9@ctuNov17!.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 324
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
NOTE
If no normal backup proxy exists, you can ignore this chapter.
Procedure
Step 1 Collect internal communication plane IP address of the backup server.
The collected information is used to configure the backup server. The IP address of
the internal communication plane of the backup server must be same as that
before the failure occurs.
1. Log in to one normal backup proxy.
2. Run cd /opt/huawei-data-protection/ebackup/conf/.
3. View the CurrentLeaderIP information in the hcpconf.ini configuration file
(saved in/opt/huawei-data-protection/eBackup/conf/) to obtain the IP
address of the internal communication plane of the backup server.
----End
8.3 Installing a Backup Server
During disaster recovery, you need to reinstall the backup server, that is, you need
to reinstall the eBackup software. If a virtual machine (VM) is faulty, reconfigure
the VM. After the VM is reconfigured, the eBackup software is automatically
installed. If a physical server is faulty, prepare the physical server and install the
eBackup software on it. The eBackup software needs to be reinstalled only when
the eBackup software is faulty.
NOTICE
After the eBackup software is reinstalled, the system account passwords are
restored to default ones. To enhance system security, you are advised to change
passwords of the accounts described in OceanStor BCManager 8.1.0 eBackup
Account List (Virtualization).
Procedure
Step 1 Prepare for the installation.
For details, see 2.2 Preparing for Installation.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 325
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
NOTICE
● If the original server is used, the network adapter corresponding to the backup
management plane IP address must be the same as that used before disasters.
Otherwise, you need to change the license ESN after disaster recovery.
● The IP addresses of the internal communication plane of the backup server
before and after disaster recovery must be the same. You can log in to any
backup proxy, view CurrentLeaderIP in configuration file hcpconf.ini in
path /opt/huawei-data-protection/ebackup/conf/ to obtain the IP address of
the internal communication plane of the backup server.
Step 2 Install eBackup.
● Only eBackup is faulty.
a. Uninstall eBackup.
For details, see 2.9 Uninstalling eBackup.
b. Install eBackup.
For details, see 2.3 Installing eBackup.
● The server is faulty.
Prepare a new server and install eBackup.
For details, see 2.3 Installing eBackup.
Step 3 When the production storage is Huawei distributed block storage, add the
eBackup server to the Huawei distributed block storage cluster.
For details, see 3.4.1 Adding an eBackup Server to a Huawei Distributed Block
Storage Cluster (Applicable to Huawei Distributed Block Storage 8.1.0/8.1.1).
----End
8.4 Configuring a Backup Server
After the backup server is installed, you need to reconfigure the backup server to
restore the backup server to the normal state.
For details, see 2.4.1 Configuring a Backup Server.
NOTICE
● If the network adapter associated with the ESN fails or is changed, you need to
change the ESN by following instructions in 2.7 Importing a License.
● The IP addresses of the internal communication plane of the backup server
before and after the disaster recovery must be the same.
8.5 Configuring Management Data Backup Storage
After the backup server is reconfigured, configure the same management data
backup storage as that before the disaster.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 326
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
For details, see 2.5 Configuring Management Data Backup Storage.
NOTICE
● Backup storage used during disaster recovery must be the same as that used
during initial installation and configuration before disasters.
● If you choose S3 storage as the backup storage of system management data,
the backup storage and the S3 bucket name before and after the disaster
recovery must be the same.
8.6 Restoring System Management Data and Storage
Units
8.6.1 NFS
This section describes how to restore the eBackup management data and storage
units when the eBackup management data is lost or damaged and the backup
storage type of the management data is NFS.
Prerequisites
● New management data backup storage has been configured. Ensure that the
management data backup storage paths before and after restore are the
same and the identifiers are different. For details, see 2.5.1 NFS.
● Under path /opt/huawei-data-protection/ebackup/db_bak/Region-AZ-POD,
check whether configuration file storage_units.csv required for fault recovery
exists. Region-AZ-POD indicates eBackup identifier of the management data
backup. If the configuration file does not exist, contact Huawei technical
support.
● A cross-platform remote access tool, such as PuTTY, has been obtained.
● Backup and restore services of tenant data have been stopped (during
disaster recovery, the system automatically stops the eBackup process).
● If the HA function is configured, you need to remove the standby node from
the HA relationship before fault recovery. After the fault recovery is complete,
add the standby node to the HA relationship. Perform the following steps to
remove the standby node from the HA relationship:
a. Log in to the backup server GUI using a browser.
b. On the navigation bar, choose > Server.
c. Click HA Management and select Remove HA Members from the
shortcut menu.
Context
● The file name of the backup data is [Backup data type][Backup type]
[Service name][Year][Month][Day][Hour][Minute][Second][Backup
period][No.].db. Backup data type can be F (full backup). Backup type can
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 327
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
be AT (automatic) or MT (manual). Service name is fixed as EBACKUP.
Backup period can be H(hour), D (daily), W (weekly), M (monthly), Y
(yearly), or X (manual). Example: FATEBACKUP20160128000125Y001.db.
● If backup system management data exists, only data generated between the
backup point in time and the recovery point in time is lost.
● After a disaster recovery task is executed, the system may automatically
generates data records starting with Recover on the eBackup GUI (choosing
Backup > Backup Policy, Backup > Backup Plan or Backup Storage >
Repository to view the data records). These data records are necessary for
disaster recovery and are automatically generated by the system. After the
backup and restore, you are advised to delete the backup plans starting with
Recover on the eBackup GUI. When you delete the backup plans, the
associated backups are deleted to release the storage space. In addition, you
need to delete backup policies and repository starting with Recover on
eBackup.
● During the operation, you need to enter the database password. If you enter
the password incorrectly for three times, the system will automatically exit
from recovery program. In this case, perform this operation again.
● When you restore the system management data or a storage unit, ensure that
versions of the backup data and system are consistent. Run the showsys
command to view the current system version.
NOTICE
Do not restore the system management data or storage units across versions.
Otherwise, the management data or storage units cannot be restored.
Procedure
Preparing data
Step 1 Use PuTTY to log in to the backup server.
The default user name is hcp. The default password is PXU9@ctuNov17!.
Step 2 Run the following command, and enter the password of user root to switch to
user root.
The default password of root account is Cloud12#$.
su root
Step 3 Run the following command to prevent the system from exiting due to timeout.
TMOUT=0
NOTE
After you run this command, the system continues to run when no operation is performed,
resulting in a risk. For security purposes, you are advised to run the exit command to exit
the system after completing your operations.
Step 4 Run the following command to go to the save path of the restoration script.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 328
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
cd /opt/huawei-data-protection/ebackup/bin
Step 5 Run the following command to restore the backup management data to the
running management data.
sh hcp_admindb_restore.sh
The following command output is displayed:
NOTE
Only main command outputs are displayed in the following operation procedures.
WARNING: Restore DB will stop eBackup service, are you sure to continue?(y/n)
Step 6 Enter y and press Enter.
The following command output is displayed:
[1] /opt/huawei-data-protection/ebackup/db_bak/eBackup03
[2] /opt/huawei-data-protection/ebackup/db_bak/eBackup01
[3] /opt/huawei-data-protection/ebackup/db_bak/eBackup02
Please select the sub-folder that saves backup data of management data of the eBackup you want to
restore:
Step 7 Enter the number before the subdirectory that stores the backup data of the
eBackup system management data before the fault occurs, and press Enter.
For example, if you choose subdirectory /opt/huawei-data-protection/ebackup/
db_bak/eBackup03 to store eBackup system management data, enter 1.
eBackup03 is the value of identifier set when the eBackup management data
backup storage is configured.
The following command output is displayed:
Backup Name Version
[1] FATEBACKUP20180128000125Y001.db xx
[2] FATEBACKUP20180129000125Y002.db xx
[3] FATEBACKUP20180130000125Y003.db xx
[4] FATEBACKUP20180130000127Y004.db xx
please select a backup file from the list above:
Performing a restore
Step 8 Select the backup file whose version is consistent with the version of the eBackup
backup management system, and press Enter. For details, see the backup file
naming rules in Context and the value of Version in the preceding command
output.
For example, select FATEBACKUP20160128000125Y001.db and enter 1.
● If the versions are inconsistent, the following information is returned. You
need to select backup data whose version is consistent with that of the
eBackup backup management system.
The system version don't match.
please select a backup file from the list above:
● The command output is as follows:
select backup name:FATEBACKUP20160128000125Y001.db
Checking data...
Backup data...Correct.
BackFileName is:1352B2A8F5934D8DA1356A22A5671DA3.tar.gz
BackFileName is:4AD4744C8775498AAD1389174EC14512.tar.gz
BackFileName is:C8F86F3249A047F188D81779E3685545.tar.gz
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 329
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
BackFileName is:D1D9A2EF865D41A184EF6F2A250F9E55.tar.gz
Shutting down Huawei eBackup Service
service hcp stop:completed done
This operation will drop the db, are you sure you want to continue?(y/n)
Step 9 Enter y and press Enter.
The following command output is displayed during the execution:
Please enter ADMINDB database password for user eBkDbAdmin:
Step 10 Enter the password of database account admin, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
admindb data.
NOTE
Enter the user password within 90 seconds to prevent system timeout.
The following operations must be completed within 90 seconds to prevent system timeout.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter LICENSEDB database password for user eBkDbAdmin:
Step 11 Enter the password of database account license, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
licensedb data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter ALARMDB database password for user eBkDbAdmin:
Step 12 Enter the password of database account alarm, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore alarmdb
data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter IAMDB database password for user eBkDbAdmin:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 330
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
Step 13 Enter the password of database account IAM, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore iamdb
data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter GOVERNANCEDB database password for user eBkDbAdmin:
Step 14 Perform the following steps based on the role of the eBackup server:
Step 15 If the management role is the backup server, perform the following steps:
Enter the password of database account governance, and press Enter. The default
password is Huawei@CLOUD8!. The system begins to restore governancedb data.
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Clean SERVICEINSTANCELIST in db.
Success.
Operation finished.
start restore datamoverdb
Please enter DATAMOVERDB database password for user eBkDbAdmin:
Step 16 If the management role is the backup server, enter the password of database
account datamover, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
datamoverdb data.
If the following command output is displayed, management data is restored
successfully.
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Restore DB success.
Starting Huawei eBackup Service
The service is starting, please wait for a moment...
serivce hcp start:completed
done
The ebk_governance agent of OceanStor BCManager eBackup was started successfully.
The ebk_license agent of OceanStor BCManager eBackup was started successfully.
The ebk_alarm agent of OceanStor BCManager eBackup was started successfully.
The ebk_iam agent of OceanStor BCManager eBackup was started successfully.
Step 17 Restore a storage unit.
1. Run the following command to save $LD_LIBRARY_PATH.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 331
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
2. Run the following command to copy the storage_units.csv file before the
fault to the new identifier after the fault occurs. Region-AZ-POD indicates the
backup data identifier of the eBackup system management data before the
fault occurs, and Region-AZ-POD02 indicates the backup data identifier of the
eBackup system management data created during fault recovery.
cp /opt/huawei-data-protection/ebackup/db_bak/Region-AZ-POD/
storage_units.csv /opt/huawei-data-protection/ebackup/db_bak/Region-
AZ-POD02
3. Run the following command to go to the path where configuration file
storage_units.csv resides. Region-AZ-POD02 indicates the backup data
identifier of the eBackup system management data created during fault
recovery.
cd /opt/huawei-data-protection/ebackup/db_bak/Region-AZ-POD02
4. Run the following command to restore a storage unit in the configuration file.
service hcp recover /opt/huawei-data-protection/ebackup/db_bak/Region-
AZ-POD02/storage_units.csv
The following command output is displayed:
WARNING: Recovery will stop services. Are you sure you want to continue?(y/n):
NOTE
If the storage_units.csv configuration file cannot be accessed, run the chown
hcpprocess:hcpmgr storage_units.csv command to change the owner of the file
storage_units.csv to hcpprocess:hcpmgr.
5. Enter y and press Enter.
The system starts restoring the storage unit. If the following command output
is displayed, the storage unit is successfully restored.
Backup Server metadata was recovered
please restart eBackup
6. Run the following command to restart eBackup services.
service hcp restart
7. Run the following command to delete the copied storage_units.csv file.
rm storage_units.csv
8. Run the following command to restore $LD_LIBRARY_PATH:
export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH
Step 18 After performing the preceding steps, wait for about 5 minutes and log in to the
eBackup GUI. Click Backup Storage > Storage Unit. If Accessibility Status of the
storage unit is All accessible, the restore is successful.
If the restore fails, contact technical support engineers.
Step 19 If backup proxies exist in the backup management system, power on the servers
where the backup proxies reside to ensure the normal running of eBackup
services.
Log in to the eBackup GUI, choose > Server, and check the status of backup
workflow servers or backup proxies. Ensure that the values of Accessibility Status
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 332
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
and Register Status for all backup workflow servers or backup proxies are
accessible and registered respectively.
----End
Follow-up Procedure
NOTE
After disaster recovery, replace the SSL certificate for communication between the active
and standby eBackup GaussDB nodes and the SSL certificate for communication between
the active and standby nodes of the eBackup OMMHA.
For details, see sections 6.4.2.6 Replacing the SSL Certificate of eBackup GaussDB for
Communication Between the Active and Standby Backup Servers and 6.4.2.4 Replacing
the SSL Certificate of eBackup OMMHA for Communication Between the Active and
Standby Backup Servers.
● If backup system management data fails to be restored in the first time,
perform the disaster recovery operations again.
● After disaster recovery, change the license ESN under either of the following
conditions:
– A VM template has been re-imported.
● After disaster recovery, if the original license cannot be used, obtain an ESN
again, obtain a new license through the ESN, and import the new license.
For details, see OceanStor BCManager 8.0.6 eBackup License Application
Guide.
● If the backup management plane floating IP addresses of the backup server
before and after the disaster are different, you need to reconfigure the
eBackup driver.
● If the backup server and backup proxy are deployed on different nodes, the
backup proxy may fail to be accessed after only the backup server is
recovered.
If a backup workflow server or backup proxy fails to be accessed, perform the
following operations:
a. Use PuTTY to log in to the backup server as user hcp.
b. Run the following command and enter the password of user root to
switch to user root.
The default password of user root is Cloud12#$.
su root
c. Run the following command to obtain the public key of the backup
server:
cat /opt/huawei-data-protection/ebackup/conf/cert/AdminNode.pub
d. Use PuTTY to log in to a backup proxy as user hcp.
e. Run the following command and enter the password of user root to
switch to user root.
The default password of user root is Cloud12#$.
su root
f. Run the following command to open the public key file:
vi /opt/huawei-data-protection/ebackup/conf/cert/AdminNode.pub
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 333
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
g. Delete the content in the file and write the public key of the backup
server obtained from c to the file.
h. Log in to the backup server node again and run the following command
to restart the eBackup process:
service hcp restart
8.6.2 S3
This section describes how to restore the eBackup management data and storage
units when the eBackup management data is lost or damaged and the backup
storage type of the management data is S3.
Prerequisites
● New management data backup storage has been configured. Ensure that the
management data backup storage paths before and after restore are the
same and the identifiers are different. For details, see 2.5.2 S3.
● Under S3 storage path /DBBakSubDir/ebackup/Region-AZ-POD, check
whether configuration file storage_units.csv required for fault recovery exists.
DBBakSubDir indicates the bucket of S3 storage, Region-AZ-POD indicates
the eBackup identifier of the management data backup. If the configuration
file does not exist, contact Huawei technical support.
● A cross-platform remote access tool, such as PuTTY, has been obtained.
● Backup and restore services of tenant data have been stopped (during
disaster recovery, the system automatically stops the eBackup process).
● If the HA function is configured, you need to remove the standby node from
the HA relationship before a disaster recovery. After the disaster recovery is
complete, add the standby node to the HA relationship. Perform the following
steps to remove the standby node from the HA relationship:
a. Log in to the backup server GUI using a browser.
b. On the navigation bar, choose > Server.
c. Click HA Management and select Remove HA Members from the
shortcut menu.
Context
● The file name of the backup data is [Backup data type][Backup type]
[Service name][Year][Month][Day][Hour][Minute][Second][Backup
period][No.].db. Backup data type can be F (full backup). Backup type can
be AT (automatic) or MT (manual). Service name is fixed as EBACKUP.
Backup period can be H(hour), D (daily), W (weekly), M (monthly), Y
(yearly), or X (manual). Example: FATEBACKUP20160128000125Y001.db.
● If backup system management data exists, only data generated between the
backup point in time and the recovery point in time is lost.
● After a disaster recovery task is executed, the system may automatically
generates data records starting with Recover on the eBackup GUI (choosing
Backup > Backup Policy, Backup > Backup Plan or Backup Storage >
Repository to view the data records). These data records are necessary for
disaster recovery and are automatically generated by the system. After the
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 334
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
backup and restore, you are advised to delete the backup plans starting with
Recover on the eBackup GUI. When you delete the backup plans, the
associated backups are deleted to release the storage space. In addition, you
need to delete backup policies and repository starting with Recover on
eBackup.
● During the operation, you need to enter the database password. If you enter
the password incorrectly for three times, the system will automatically exit
from recovery program. In this case, perform this operation again.
● When you restore the system management data or a storage unit, ensure that
versions of the backup data and system are consistent. Run the showsys
command to view the current system version.
NOTICE
Do not restore the system management data or storage units across versions.
Otherwise, the management data or storage units cannot be restored.
Procedure
Preparing data
Step 1 Use PuTTY to log in to the backup server as user hcp.
The default user name is hcp. The default password is PXU9@ctuNov17!.
Step 2 Run the following command, and enter the password of user root to switch to
user root.
The default password of root account is Cloud12#$.
su root
Step 3 Run the following command to prevent the system from exiting due to timeout.
TMOUT=0
NOTE
After you run this command, the system continues to run when no operation is performed,
resulting in a risk. For security purposes, you are advised to run the exit command to exit
the system after completing your operations.
Step 4 Run the following command to go to the save path of the restoration script.
cd /opt/huawei-data-protection/ebackup/bin
Step 5 Run the following command to restore the backup management data to the
running management data.
sh hcp_admindb_restore.sh
The following command output is displayed:
NOTE
Only main command outputs are displayed in the following operation procedures.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 335
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
WARNING: Restore DB will stop eBackup service, are you sure to continue?(y/n)
Step 6 Enter y and press Enter.
The following command output is displayed:
[1] eBackup03
[2] eBackup01
[3] eBackup02
Please select backupset directory:
Step 7 Enter the number before the subdirectory that stores the backup data of the
eBackup system management data before the fault occurs, and press Enter.
For example, if you choose subdirectory eBackup03 to store eBackup system
management data, enter 1.
eBackup03 is the value of identifier set when the eBackup management data
backup storage is configured.
The following command output is displayed:
Backup Name Version
[1] FATEBACKUP20160128000125Y001.db xx
[2] FATEBACKUP20160129000125Y002.db xx
[3] FATEBACKUP20160130000125Y003.db xx
[4] FATEBACKUP20160130000127Y004.db xx
please select a backup file from the list above:
Performing a restore
Step 8 Select the backup data that is consistent with the eBackup backup management
system version, and press Enter. For details, see Context.
For example, select FATEBACKUP20160128000125Y001.db and enter 1.
● If the versions are inconsistent, the following information is returned. You
need to select backup data whose version is consistent with that of the
eBackup backup management system.
The system version don't match.
please select a backup file from the list above:
● The command output is as follows:
select backup name:FATEBACKUP20160128000125Y001.db
Checking data...
Backup data...Correct.
BackFileName is:1352B2A8F5934D8DA1356A22A5671DA3.tar.gz
BackFileName is:4AD4744C8775498AAD1389174EC14512.tar.gz
BackFileName is:C8F86F3249A047F188D81779E3685545.tar.gz
BackFileName is:D1D9A2EF865D41A184EF6F2A250F9E55.tar.gz
Shutting down Huawei eBackup Service
service hcp stop:completed done
This operation will drop the db, are you sure you want to continue?(y/n)
Step 9 Enter y and press Enter.
The following command output is displayed during the execution:
Please enter ADMINDB database password for user eBkDbAdmin:
Step 10 Enter the password of database account admin, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
admindb data.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 336
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
NOTE
Enter the user password within 90 seconds to prevent system timeout.
The following operations must be completed within 90 seconds to prevent system timeout.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter LICENSEDB database password for user eBkDbAdmin:
Step 11 Enter the password of database account license, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
licensedb data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter ALARMDB database password for user eBkDbAdmin:
Step 12 Enter the password of database account alarm, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore alarmdb
data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter IAMDB database password for user eBkDbAdmin:
Step 13 Enter the password of database account IAM, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore iamdb
data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter GOVERNANCEDB database password for user eBkDbAdmin:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 337
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
Step 14 Perform the following steps based on the role of the eBackup server:
Step 15 If the management role is the backup server, perform the following steps:
Enter the password of database account governance, and press Enter. The default
password is Huawei@CLOUD8!. The system begins to restore governancedb data.
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Clean SERVICEINSTANCELIST in db.
Success.
Operation finished.
start restore datamoverdb
Please enter DATAMOVERDB database password for user eBkDbAdmin:
Step 16 If the management role is the backup server, enter the password of database
account datamover, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
datamoverdb data.
If the following command output is displayed, management data is restored
successfully.
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Restore DB success.
Starting Huawei eBackup Service
The service is starting, please wait for a moment...
serivce hcp start:completed
done
The ebk_governance agent of OceanStor BCManager eBackup was started successfully.
The ebk_license agent of OceanStor BCManager eBackup was started successfully.
The ebk_alarm agent of OceanStor BCManager eBackup was started successfully.
The ebk_iam agent of OceanStor BCManager eBackup was started successfully.
Step 17 Restore a storage unit.
1. Run the following command to save $LD_LIBRARY_PATH.
OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
2. Run the following commands to configure environmental variables.
export LD_LIBRARY_PATH=/opt/huawei-data-protection/ebackup/libs/:/
lib64/
export G_HCP_ROOT=/opt/huawei-data-protection/ebackup
export LD_LIBRARY_PATH=${G_HCP_ROOT}/libs:${LD_LIBRARY_PATH}:$
{G_HCP_ROOT}/db/lib:/lib64
export ODBCINI=${G_HCP_ROOT}/conf/odbc.ini
export ODBCSYSINI=${G_HCP_ROOT}/conf
3. Run the following command to go to the save path of uds_plug-in.
cd /opt/huawei-data-protection/ebackup/sbin/
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 338
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
4. Run the following command to download the storage_units.csv file before
fault recovery from the S3 storage to the local eBackup server:
./uds_plug-in DownloadFile ebackup/Region-AZ-POD/
storage_units.csv /opt/huawei-data-protection/ebackup/db_bak/Region-
AZ-POD02
NOTE
In the command, Region-AZ-POD indicates backup data identifier of eBackup system
management data before the fault occurs, and Region-AZ-POD02 indicates backup
data identifier of the eBackup system management data created when the fault
occurs. /opt/huawei-data-protection/ebackup/db_bak/Region-AZ-POD02 indicates the
local absolute path on the eBackup server storing file storage_units.csv.
5. Run the following command to go to the save path of storage_units.csv.
cd /opt/huawei-data-protection/ebackup/db_bak/Region-AZ-POD02
6. Run the following command to enable the hcp account to read and write the
storage_units.csv configuration files.
chown hcpprocess:hcpmgr storage_units.csv
chmod 640 storage_units.csv
7. Run the following command to restore a storage unit in the configuration file.
service hcp recover /opt/huawei-data-protection/ebackup/db_bak/Region-
AZ-POD02/storage_units.csv
The following command output is displayed:
WARNING: Recovery will stop service, are you sure you want to continue?(y/n):
8. Enter y and press Enter.
The system starts restoring the storage unit. If the following command output
is displayed, the storage unit is successfully restored.
Backup Server metadata was recovered
please restart eBackup
9. Run the following command to restart eBackup services.
service hcp restart
10. Run the following command to delete the downloaded storage_units.csv file.
rm storage_units.csv
11. Run the following command to restore $OLD_LD_LIBRARY_PATH.
export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH
Step 18 After performing the preceding steps, wait for about 5 minutes and log in to the
eBackup GUI. Click Backup Storage > Storage Unit. If Accessibility Status of the
storage unit is All accessible, the restore is successful.
If the restore fails, contact technical support engineers.
Step 19 If backup proxies exist in the backup management system, power on the servers
where the backup proxies reside to ensure the normal running of eBackup
services.
Log in to the eBackup GUI, choose > Server, and check the status of backup
proxies. Ensure that the values of Accessibility Status and Register Status for all
backup proxies are accessible and registered respectively.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 339
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
Follow-up Procedure
NOTE
After disaster recovery, replace the SSL certificate for communication between the active
and standby eBackup GaussDB nodes and the SSL certificate for communication between
the active and standby nodes of the eBackup OMMHA.
For details, see sections 6.4.2.6 Replacing the SSL Certificate of eBackup GaussDB for
Communication Between the Active and Standby Backup Servers and 6.4.2.4 Replacing
the SSL Certificate of eBackup OMMHA for Communication Between the Active and
Standby Backup Servers.
● If backup system management data fails to be restored in the first time,
perform the disaster recovery operations again.
● After disaster recovery, change the license ESN under either of the following
conditions:
– A VM template has been re-imported.
● After disaster recovery, if the original license cannot be used, obtain an ESN
again, obtain a new license through the ESN, and import the new license.
For details, see OceanStor BCManager 8.0.6 eBackup License Application
Guide.
● If the backup management plane floating IP addresses of the backup server
before and after the disaster are different, you need to reconfigure the
eBackup driver.
● If the backup server and backup proxy are deployed on different nodes, the
backup proxy may fail to be accessed after only the backup server is
recovered.
If a backup workflow server or backup proxy fails to be accessed, perform the
following operations:
a. Use PuTTY to log in to the backup server as user hcp.
b. Run the following command and enter the password of user root to
switch to user root.
The default password of user root is Cloud12#$.
su root
c. Run the following command to obtain the public key of the backup
server:
cat /opt/huawei-data-protection/ebackup/conf/cert/AdminNode.pub
d. Use PuTTY to log in to a backup proxy as user hcp.
e. Run the following command and enter the password of user root to
switch to user root.
The default password of user root is Cloud12#$.
su root
f. Run the following command to open the public key file:
vi /opt/huawei-data-protection/ebackup/conf/cert/AdminNode.pub
g. Delete the content in the file and write the public key of the backup
server obtained from c to the file.
h. Log in to the backup server node again and run the following command
to restart the eBackup process:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 340
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
service hcp restart
8.6.3 FTP
This section describes how to restore the eBackup management data and storage
units when the eBackup management data is lost or damaged and the backup
storage type of the management data is FTP.
Prerequisites
● New management data backup storage has been configured. Ensure that the
management data backup storage paths before and after restore are the
same and the identifiers are different. For details, see 2.5.3 FTP.
● Under FTP storage path /DBBakSubDir/Region-AZ-POD, check whether
configuration file storage_units.csv for fault recovery exists. DBBakSubDir
indicates the directory of the backup storage on the FTP server, and Region-
AZ-POD indicates the identifier of the backup data of the eBackup
management data. If the configuration file does not exist, contact Huawei
technical support.
● A cross-platform remote access tool, such as PuTTY, has been obtained.
● Backup and restore services of tenant data have been stopped (during
disaster recovery, the system automatically stops the eBackup process).
● If the HA function is configured, you need to remove the standby node from
the HA relationship before a disaster recovery. After the disaster recovery is
complete, add the standby node to the HA relationship. Perform the following
steps to remove the standby node from the HA relationship:
a. Log in to the backup server GUI using a browser.
b. On the navigation bar, choose > Server.
c. Click HA Management and select Remove HA Members from the
shortcut menu.
Context
● The file name of the backup data is [Backup data type][Backup type]
[Service name][Year][Month][Day][Hour][Minute][Second][Backup
period][No.].db. Backup data type can be F (full backup). Backup type can
be AT (automatic) or MT (manual). Service name is fixed as EBACKUP.
Backup period can be H(hour), D (daily), W (weekly), M (monthly), Y
(yearly), or X (manual). Example: FATEBACKUP20160128000125Y001.db.
● If backup system management data exists, only data generated between the
backup point in time and the recovery point in time is lost.
● After a disaster recovery task is executed, the system may automatically
generates data records starting with Recover on the eBackup GUI (choosing
Backup > Backup Policy, Backup > Backup Plan or Backup Storage >
Repository to view the data records). These data records are necessary for
disaster recovery and are automatically generated by the system. After the
backup and restore, you are advised to delete the backup plans starting with
Recover on the eBackup GUI. When you delete the backup plans, the
associated backups are deleted to release the storage space. In addition, you
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 341
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
need to delete backup policies and repository starting with Recover on
eBackup.
● During the operation, you need to enter the database password. If you enter
the password incorrectly for three times, the system will automatically exit
from recovery program. In this case, perform this operation again.
● When you restore the system management data or a storage unit, ensure that
versions of the backup data and system are consistent. Run the showsys
command to view the current system version.
NOTICE
Do not restore the system management data or storage units across versions.
Otherwise, the management data or storage units cannot be restored.
Procedure
Preparing data
Step 1 Use PuTTY to log in to the backup server as user hcp.
The default user name is hcp. The default password is PXU9@ctuNov17!.
Step 2 Run the following command, and enter the password of user root to switch to
user root.
The default password of root account is Cloud12#$.
su root
Step 3 Run the following command to prevent the system from exiting due to timeout.
TMOUT=0
NOTE
After you run this command, the system continues to run when no operation is performed,
resulting in a risk. For security purposes, you are advised to run the exit command to exit
the system after completing your operations.
Step 4 Run the following command to go to the save path of the restoration script.
cd /opt/huawei-data-protection/ebackup/bin
Step 5 Run the following command to restore the backup management data to the
running management data.
sh hcp_admindb_restore.sh
The following command output is displayed:
NOTE
Only main command outputs are displayed in the following operation procedures.
WARNING: Restore DB will stop eBackup service, are you sure to continue?(y/n)
Step 6 Enter y and press Enter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 342
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
The following command output is displayed:
[1] /opt/huawei-data-protection/ebackup/db_bak/eBackup03
[2] /opt/huawei-data-protection/ebackup/db_bak/eBackup01
[3] /opt/huawei-data-protection/ebackup/db_bak/eBackup02
Please select the sub-folder that saves backup data of management data of the eBackup you want to
restore:
Step 7 Enter the number before the subdirectory that stores the backup data of the
eBackup system management data before the fault occurs, and press Enter.
For example, if you choose subdirectory /opt/huawei-data-protection/ebackup/
db_bak/eBackup03 to store eBackup system management data, enter 1.
eBackup03 is the value of identifier set when the eBackup management data
backup storage is configured.
The following command output is displayed:
Backup Name Version
[1] FATEBACKUP20180128000125Y001.db xx
[2] FATEBACKUP20180129000125Y002.db xx
[3] FATEBACKUP20180130000125Y003.db xx
[4] FATEBACKUP20180130000127Y004.db xx
please select a backup file from the list above:
Performing a restore
Step 8 Select the backup file whose version is consistent with the version of the eBackup
backup management system, and press Enter. For details, see the backup file
naming rules in Context and the value of Version in the preceding command
output.
For example, select FATEBACKUP20160128000125Y001.db and enter 1.
● If the versions are inconsistent, the following information is returned. You
need to select backup data whose version is consistent with that of the
eBackup backup management system.
The system version don't match.
please select a backup file from the list above:
● The command output is as follows:
select backup name:FATEBACKUP20160128000125Y001.db
Checking data...
Backup data...Correct.
BackFileName is:1352B2A8F5934D8DA1356A22A5671DA3.tar.gz
BackFileName is:4AD4744C8775498AAD1389174EC14512.tar.gz
BackFileName is:C8F86F3249A047F188D81779E3685545.tar.gz
BackFileName is:D1D9A2EF865D41A184EF6F2A250F9E55.tar.gz
Shutting down Huawei eBackup Service
service hcp stop:completed done
This operation will drop the db, are you sure you want to continue?(y/n)
Step 9 Enter y and press Enter.
The following command output is displayed during the execution:
Please enter ADMINDB database password for user eBkDbAdmin:
Step 10 Enter the password of database account admin, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
admindb data.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 343
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
NOTE
Enter the user password within 90 seconds to prevent system timeout.
The following operations must be completed within 90 seconds to prevent system timeout.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter LICENSEDB database password for user eBkDbAdmin:
Step 11 Enter the password of database account license, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
licensedb data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter ALARMDB database password for user eBkDbAdmin:
Step 12 Enter the password of database account alarm, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore alarmdb
data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter IAMDB database password for user eBkDbAdmin:
Step 13 Enter the password of database account IAM, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore iamdb
data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter GOVERNANCEDB database password for user eBkDbAdmin:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 344
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
Step 14 Perform the following steps based on the role of the eBackup server:
Step 15 If the management role is the backup server, perform the following steps:
Enter the password of database account governance, and press Enter. The default
password is Huawei@CLOUD8!. The system begins to restore governancedb data.
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Clean SERVICEINSTANCELIST in db.
Success.
Operation finished.
start restore datamoverdb
Please enter DATAMOVERDB database password for user eBkDbAdmin:
Step 16 If the management role is the backup server, enter the password of database
account datamover, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
datamoverdb data.
If the following command output is displayed, management data is restored
successfully.
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Restore DB success.
Starting Huawei eBackup Service
The service is starting, please wait for a moment...
serivce hcp start:completed
done
The ebk_governance agent of OceanStor BCManager eBackup was started successfully.
The ebk_license agent of OceanStor BCManager eBackup was started successfully.
The ebk_alarm agent of OceanStor BCManager eBackup was started successfully.
The ebk_iam agent of OceanStor BCManager eBackup was started successfully.
Step 17 Restore a storage unit.
1. Run the following command to save $LD_LIBRARY_PATH.
OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
2. Run the following commands to configure environmental variables.
export LD_LIBRARY_PATH=/opt/huawei-data-protection/ebackup/libs/:/
lib64/
export G_HCP_ROOT=/opt/huawei-data-protection/ebackup
export LD_LIBRARY_PATH=${G_HCP_ROOT}/libs:${LD_LIBRARY_PATH}:$
{G_HCP_ROOT}/db/lib:/lib64
export ODBCINI=${G_HCP_ROOT}/conf/odbc.ini
export ODBCSYSINI=${G_HCP_ROOT}/conf
3. Run the following command to go to the save path of SecurityTool.
cd /opt/huawei-data-protection/ebackup/sbin/
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 345
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
4. Run the following command to download file storage_units.csv from the FTP
storage to a local path on the backup server:
./SecurityTool DownloadFile /Region-AZ-POD/storage_units.csv /opt/
huawei-data-protection/ebackup/db_bak/Region-AZ-POD02
NOTE
In the command, Region-AZ-POD indicates backup data identifier of eBackup system
management data before the fault occurs, and Region-AZ-POD02 indicates backup
data identifier of the eBackup system management data created when the fault
occurs. /opt/huawei-data-protection/ebackup/db_bak/Region-AZ-POD02 indicates the
local absolute path on the eBackup server storing file storage_units.csv.
5. Run the following command to go to the save path of storage_units.csv.
cd /opt/huawei-data-protection/ebackup/db_bak/Region-AZ-POD02
6. Run the following command to enable the hcp account to read and write the
storage_units.csv configuration files.
chown hcpprocess:hcpmgr storage_units.csv
chmod 640 storage_units.csv
7. Run the following command to restore a storage unit in the configuration file.
service hcp recover /opt/huawei-data-protection/ebackup/db_bak/Region-
AZ-POD02/storage_units.csv
The following command output is displayed:
WARNING: Recovery will stop services. Are you sure you want to continue?(y/n):
8. Enter y and press Enter.
The system starts restoring the storage unit. If the following command output
is displayed, the storage unit is successfully restored.
Backup Server metadata was recovered
please restart eBackup
9. Run the following command to restart eBackup services.
service hcp restart
10. Run the following command to delete the downloaded storage_units.csv file.
rm storage_units.csv
11. Run the following command to restore $OLD_LD_LIBRARY_PATH.
export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH
Step 18 After performing the preceding steps, wait for about 5 minutes and log in to the
eBackup GUI. Click Backup Storage > Storage Unit. If Accessibility Status of the
storage unit is All accessible, the restore is successful.
If the restore fails, contact technical support engineers.
Step 19 If backup proxies exist in the backup management system, power on the servers
where the backup proxies reside to ensure the normal running of eBackup
services.
Log in to the eBackup GUI, choose > Server, and check the status of backup
proxies. Ensure that the values of Accessibility Status and Register Status for all
backup proxies are accessible and registered respectively.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 346
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
Follow-up Procedure
NOTE
After disaster recovery, replace the SSL certificate for communication between the active
and standby eBackup GaussDB nodes and the SSL certificate for communication between
the active and standby nodes of the eBackup OMMHA.
For details, see sections 6.4.2.6 Replacing the SSL Certificate of eBackup GaussDB for
Communication Between the Active and Standby Backup Servers and 6.4.2.4 Replacing
the SSL Certificate of eBackup OMMHA for Communication Between the Active and
Standby Backup Servers.
● If backup system management data fails to be restored in the first time,
perform the disaster recovery operations again.
● After disaster recovery, change the license ESN under either of the following
conditions:
– A VM template has been re-imported.
● After disaster recovery, if the original license cannot be used, obtain an ESN
again, obtain a new license through the ESN, and import the new license.
For details, see OceanStor BCManager 8.0.6 eBackup License Application
Guide.
● If the backup management plane floating IP addresses of the backup server
before and after the disaster are different, you need to reconfigure the
eBackup driver.
● If the backup server and backup proxy are deployed on different nodes, the
backup proxy may fail to be accessed after only the backup server is
recovered.
If a backup workflow server or backup proxy fails to be accessed, perform the
following operations:
a. Use PuTTY to log in to the backup server as user hcp.
b. Run the following command and enter the password of user root to
switch to user root.
The default password of user root is Cloud12#$.
su root
c. Run the following command to obtain the public key of the backup
server:
cat /opt/huawei-data-protection/ebackup/conf/cert/AdminNode.pub
d. Use PuTTY to log in to a backup proxy as user hcp.
e. Run the following command and enter the password of user root to
switch to user root.
The default password of user root is Cloud12#$.
su root
f. Run the following command to open the public key file:
vi /opt/huawei-data-protection/ebackup/conf/cert/AdminNode.pub
g. Delete the content in the file and write the public key of the backup
server obtained from c to the file.
h. Log in to the backup server node again and run the following command
to restart the eBackup process:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 347
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
service hcp restart
8.6.4 SFTP
This section describes how to restore the eBackup management data and storage
units when the eBackup management data is lost or damaged and the backup
storage type of the management data is SFTP.
Prerequisites
● New management data backup storage has been configured. Ensure that the
management data backup storage paths before and after restore are the
same and the identifiers are different. For details, see 2.5.4 SFTP.
● A cross-platform remote access tool, such as PuTTY, has been obtained.
● Backup and restore services of tenant data have been stopped (during
disaster recovery, the system automatically stops the eBackup process).
● If the HA function is configured, you need to remove the standby node from
the HA relationship before a disaster recovery. After the disaster recovery is
complete, add the standby node to the HA relationship. Perform the following
steps to remove the standby node from the HA relationship:
a. On the navigation bar, choose > Server.
b. Log in to the backup server GUI using a browser.
c. Click HA Management and select Remove HA Members from the
shortcut menu.
Context
● The file name of the backup data is [Backup data type][Backup type]
[Service name][Year][Month][Day][Hour][Minute][Second][Backup
period][No.].db. Backup data type can be F (full backup). Backup type can
be AT (automatic) or MT (manual). Service name is fixed as EBACKUP.
Backup period can be H(hour), D (daily), W (weekly), M (monthly), Y
(yearly), or X (manual). Example: FATEBACKUP20160128000125Y001.db.
● If backup system management data exists, only data generated between the
backup point in time and the recovery point in time is lost.
● After a disaster recovery task is executed, the system may automatically
generates data records starting with Recover on the eBackup GUI (choosing
Backup > Backup Policy, Backup > Backup Plan or Backup Storage >
Repository to view the data records). These data records are necessary for
disaster recovery and are automatically generated by the system. After the
backup and restore, you are advised to delete the backup plans starting with
Recover on the eBackup GUI. When you delete the backup plans, the
associated backups are deleted to release the storage space. In addition, you
need to delete backup policies and repository starting with Recover on
eBackup.
● During the operation, you need to enter the database password. If you enter
the password incorrectly for three times, the system will automatically exit
from recovery program. In this case, perform this operation again.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 348
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
● When you restore the system management data or a storage unit, ensure that
versions of the backup data and system are consistent. Run the showsys
command to view the current system version.
NOTICE
Do not restore the system management data or storage units across versions.
Otherwise, the management data or storage units cannot be restored.
Procedure
Preparing data
Step 1 Use PuTTY to log in to the backup server as user hcp.
The default user name is hcp. The default password is PXU9@ctuNov17!.
Step 2 Run the following command, and enter the password of user root to switch to
user root.
The default password of root account is Cloud12#$.
su root
Step 3 Run the following command to prevent the system from exiting due to timeout.
TMOUT=0
NOTE
After you run this command, the system continues to run when no operation is performed,
resulting in a risk. For security purposes, you are advised to run the exit command to exit
the system after completing your operations.
Step 4 Run the following command to go to the save path of the restoration script.
cd /opt/huawei-data-protection/ebackup/bin
Step 5 Run the following command to restore the backup management data to the
running management data.
sh hcp_admindb_restore.sh
The following command output is displayed:
NOTE
Only main command outputs are displayed in the following operation procedures.
WARNING: Restore DB will stop eBackup service, are you sure to continue?(y/n)
Step 6 Enter y and press Enter.
The following command output is displayed:
[1] /opt/huawei-data-protection/ebackup/db_bak/
[2] /opt/huawei-data-protection/ebackup/db_bak/192.168.1.6_ebackup_server_bak
[3] /opt/huawei-data-protection/ebackup/db_bak/
Please select the sub-folder that saves backup data of management data of the eBackup you want to
restore:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 349
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
Step 7 Enter the number before the subdirectory that stores the backup data of the
eBackup system management data before the fault occurs, and press Enter.
The management data of the backup server is stored in
192.168.1.6_ebackup_server_bak.
For example, if you choose /opt/huawei-data-protection/ebackup/db_bak/
192.168.1.6_ebackup_server_bak to store eBackup system management data,
enter 3.
The following command output is displayed:
dir=/opt/huawei-data-protection/ebackup/db_bak/192.168.1.6_ebackup_server_bak
Backup Name Version
[1] FATEBACKUP20190222100603H001.db xx
[2] FATEBACKUP20190221170603H001.db xx
[3] FMTEBACKUP20190220152354X001.db xx
[4] FMTEBACKUP20190220151015X001.db xx
[5] FMTEBACKUP20190220144019X001.db xx
[6] FMTEBACKUP20190220142833X001.db xx
[7] FMTEBACKUP20190219180512X001.db xx
[8] FMTEBACKUP20190219163551X001.db xx
[9] FATEBACKUP20190219095103Y001.db xx
[10] FMTEBACKUP20190219094530X001.db xx
please select a backup file from the list above:
Performing a restore
Step 8 Select the backup file whose version is consistent with the version of the eBackup
backup management system, and press Enter. For details, see the backup file
naming rules in Context and the value of Version in the preceding command
output.
For example, select FATEBACKUP20190222100603H001.db and enter 1.
● If the versions are inconsistent, the following information is returned. You
need to select backup data whose version is consistent with that of the
eBackup backup management system.
The system version don't match.
please select a backup file from the list above:
● The command output is as follows:
select backup name:FATEBACKUP20190222100603H001.db
Checking data...
Backup data...Correct.
BackFileName is:DISRCVE421A714E8104AF8A37671DD045D7E92.tar.gz
BackFileName is:DISRCVDB80B43650B24DCB85004D117C619C86.tar.gz
BackFileName is:DISRCVB62185BC7E6B408684F337A1265B0C05.tar.gz
BackFileName is:DISRCVB755BBEC329F4522B1F31A5FE214F1BC.tar.gz
Shutting down Huawei eBackup Service
Shutting down CRON daemon done
Starting CRON daemon done
service hcp stop:completed done
This operation will drop the db, are you sure you want to continue?(y/n)
Step 9 Enter y and press Enter.
The following command output is displayed during the execution:
Please enter ADMINDB database password for user eBkDbAdmin:
Step 10 Enter the password of database account admin, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
admindb data.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 350
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
NOTE
Enter the user password within 90 seconds to prevent system timeout.
The following operations must be completed within 90 seconds to prevent system timeout.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter LICENSEDB database password for user eBkDbAdmin:
Step 11 Enter the password of database account license, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
licensedb data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter ALARMDB database password for user eBkDbAdmin:
Step 12 Enter the password of database account alarm, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore alarmdb
data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter IAMDB database password for user eBkDbAdmin:
Step 13 Enter the password of database account IAM, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore iamdb
data.
The following command output is displayed:
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Please enter GOVERNANCEDB database password for user eBkDbAdmin:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 351
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
Step 14 Perform the following steps based on the role of the eBackup server:
Step 15 If the management role is the backup server, perform the following steps:
Enter the password of database account governance, and press Enter. The default
password is Huawei@CLOUD8!. The system begins to restore governancedb data.
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Clean SERVICEINSTANCELIST in db.
Success.
Operation finished.
start restore datamoverdb
Please enter DATAMOVERDB database password for user eBkDbAdmin:
Step 16 If the management role is the backup server, enter the password of database
account datamover, and press Enter.
The default password is Huawei@CLOUD8!. The system begins to restore
datamoverdb data.
If the following command output is displayed, management data is restored
successfully.
Checking database...Success.
Creating database...Success.
Restoring database...Success.
Dropping database...
Success.
Rename database...Success.
Grant privileges to dbuser...Success.
Operation finished.
Restore DB success.
Starting Huawei eBackup Service
The service is starting, please wait for a moment...
serivce hcp start:completed
done
The ebk_governance agent of OceanStor BCManager eBackup was started successfully.
The ebk_license agent of OceanStor BCManager eBackup was started successfully.
The ebk_alarm agent of OceanStor BCManager eBackup was started successfully.
The ebk_iam agent of OceanStor BCManager eBackup was started successfully.
Step 17 Restore a storage unit.
1. Run the following command to save $LD_LIBRARY_PATH.
OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
2. Run the following commands to configure environmental variables.
export LD_LIBRARY_PATH=/opt/huawei-data-protection/ebackup/libs/:/
lib64/
export G_HCP_ROOT=/opt/huawei-data-protection/ebackup
export LD_LIBRARY_PATH=${G_HCP_ROOT}/libs:${LD_LIBRARY_PATH}:$
{G_HCP_ROOT}/db/lib:/lib64
export ODBCINI=${G_HCP_ROOT}/conf/odbc.ini
export ODBCSYSINI=${G_HCP_ROOT}/conf
3. Run the following command to go to the save path of SecurityTool.
cd /opt/huawei-data-protection/ebackup/sbin/
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 352
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
4. Run the following command to download file storage_units.csv from the
SFTP storage to a local path on the backup server:
./SecurityTool DownloadSFTPFile /eBackupServerIP_ebackup_server_bak/
storage_units.csv /opt/huawei-data-protection/ebackup/db_bak/
eBackupServerIP_ebackup_server_bak/
NOTE
In the command, /eBackupServerIP_ebackup_server_bak/storage_units.csv Indicates
the save path of the storage_units.csv file before the fault occurs. /opt/huawei-data-
protection/ebackup/db_bak/eBackupServerIP_ebackup_server_bak/ indicates the
local directory where the storage_units.csv file is saved when the fault is rectified.
5. Run the following command to go to the save path of storage_units.csv.
cd /opt/huawei-data-protection/ebackup/db_bak/
eBackupServerIP_ebackup_server_bak
6. Run the following command to enable the hcp account to read and write the
storage_units.csv configuration files.
chown hcpprocess:hcpmgr storage_units.csv
chmod 640 storage_units.csv
7. Run the following command to restore a storage unit in the configuration file.
service hcp recover /opt/huawei-data-protection/ebackup/db_bak/
eBackupServerIP_ebackup_server_bak/storage_units.csv
The following command output is displayed:
WARNING: Recovery will stop services. Are you sure you want to continue?(y/n):
8. Enter y and press Enter.
The system starts restoring the storage unit. If the following command output
is displayed, the storage unit is successfully restored.
Backup Server metadata was recovered
please restart eBackup
9. Run the following command to restart eBackup services.
service hcp restart
10. Run the following command to delete the downloaded storage_units.csv file.
rm storage_units.csv
11. Run the following command to restore $OLD_LD_LIBRARY_PATH.
export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH
Step 18 After performing the preceding steps, wait for about 5 minutes and log in to the
eBackup GUI. Click Backup Storage > Storage Unit. If Accessibility Status of the
storage unit is All accessible, the restore is successful.
If the restore fails, contact technical support engineers.
Step 19 If backup proxies exist in the backup management system, power on the servers
where the backup proxies reside to ensure the normal running of eBackup
services.
Log in to the eBackup GUI, choose > Server, and check the status of backup
proxies. Ensure that the values of Accessibility Status and Register Status for all
backup proxies are accessible and registered respectively.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 353
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
Follow-up Procedure
NOTE
After disaster recovery, replace the SSL certificate for communication between the active
and standby eBackup GaussDB nodes and the SSL certificate for communication between
the active and standby nodes of the eBackup OMMHA.
For details, see sections 6.4.2.6 Replacing the SSL Certificate of eBackup GaussDB for
Communication Between the Active and Standby Backup Servers and 6.4.2.4 Replacing
the SSL Certificate of eBackup OMMHA for Communication Between the Active and
Standby Backup Servers.
● If backup system management data fails to be restored in the first time,
perform the disaster recovery operations again.
● After disaster recovery, change the license ESN under either of the following
conditions:
– A VM template has been re-imported.
● After disaster recovery, if the original license cannot be used, obtain an ESN
again, obtain a new license through the ESN, and import the new license.
For details, see OceanStor BCManager 8.0.6 eBackup License Application
Guide.
● If the backup management plane floating IP addresses of the backup server
before and after the disaster are different, you need to reconfigure the
eBackup driver.
● If the backup server and backup proxy are deployed on different nodes, the
backup proxy may fail to be accessed after only the backup server is
recovered.
If a backup workflow server or backup proxy fails to be accessed, perform the
following operations:
a. Use PuTTY to log in to the backup server as user hcp.
b. Run the following command and enter the password of user root to
switch to user root.
The default password of user root is Cloud12#$.
su root
c. Run the following command to obtain the public key of the backup
server:
cat /opt/huawei-data-protection/ebackup/conf/cert/AdminNode.pub
d. Use PuTTY to log in to a backup proxy as user hcp.
e. Run the following command and enter the password of user root to
switch to user root.
The default password of user root is Cloud12#$.
su root
f. Run the following command to open the public key file:
vi /opt/huawei-data-protection/ebackup/conf/cert/AdminNode.pub
g. Delete the content in the file and write the public key of the backup
server obtained from c to the file.
h. Log in to the backup server node again and run the following command
to restart the eBackup process:
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 354
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
service hcp restart
8.7 Restoring a Backup Proxy
If a backup proxy is faulty, deploy the related VM or physical machine again and
install the eBackup software. The eBackup software needs to be reinstalled only
when the eBackup software is faulty.
Procedure
● When a backup proxy is faulty, perform the following operations:
a. Prepare for the installation.
For details, see 2.2 Preparing for Installation.
b. Use a browser to log in to the eBackup management system as user
admin.
c. Deregister the backup proxy. For details, see 6.1.4 Managing an eBackup
Server.
d. Installing the eBackup software.
▪ For template-based deployment
Use a template to reinstall the eBackup software. For details, see
2.3.1 Installing eBackup Using a Template.
▪ For software package-based deployment
Prepare a new physical server, and use a software package to install
the eBackup software on the physical server. For details, see 2.3.2
Installing eBackup Using a Software Package.
e. Configure the backup proxy.
For details, see 2.4.2 (Optional) Configuring a Backup Proxy.
● When only the eBackup software is faulty, perform the following operations:
a. Prepare for the installation.
For details, see 2.2 Preparing for Installation.
b. Use PuTTY to log in to the backup proxy.
Default account: hcp. Default password: PXU9@ctuNov17!.
c. Run the su root command and enter the password of user root to switch
to user root.
The default password of user root is Cloud12#$.
d. Run the TMOUT=0 command to prevent system timeout.
NOTE
After you run the preceding command, the system continues to run even when
no operation is performed, resulting in security risks. For security purposes, you
are advised to run the exit command to exit the system after completing your
operations.
e. Run the cd Directory storing the eBackup installation package command
to go to the directory where the initial configuration script resides.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 355
OceanStor BCManager
eBackup User Guide 8 Disaster Recovery
f. Run the service hcp stop command to stop the eBackup services.
g. Uninstall the eBackup software.
For details, see 2.9 Uninstalling eBackup.
h. Install the eBackup software.
For details, see 2.3.2 Installing eBackup Using a Software Package.
i. Configure the backup proxy.
For details, see 2.4.2 (Optional) Configuring a Backup Proxy.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 356
OceanStor BCManager
eBackup User Guide 9 Common Operations
9 Common Operations
This chapter introduces common operations related to the eBackup.
9.1 Logging In to the eBackup GUI
9.2 Creating a FusionCompute Interconnection Account
9.3 Configuring Routes in Huawei Distributed Block Storage Scenarios
9.4 Reconfigure eBackup Servers after Changing the IP Address
9.5 Adding the IP Address of a DNS Server
9.6 Modifying Configurations of Mismatched Certificate Alarms
9.7 Changing the MAC Address of an eBackup VM
9.8 Configuring Network Adapter Binding
9.9 Configuring an iSCSI Initiator on the eBackup Server
9.10 Configuring CHAP Authentication Information on the eBackup Server
9.11 Installing the OS
9.1 Logging In to the eBackup GUI
This section explains how to log in to the eBackup backup management system.
Procedure
Step 1 Run a web browser on your maintenance terminal.
NOTE
The optimal resolution is 1280 x 768.
This section uses Internet Explorer 11 as an example.
Step 2 In the address bar of the browser, enter https://xxx.xxx.xxx.xxx:port.
xxx.xxx.xxx.xxx indicates the management plane IP address of the backup server.
port indicates the port number, and the default port number is 8088. Alternatively,
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 357
OceanStor BCManager
eBackup User Guide 9 Common Operations
in the address bar of the browser, enter the management plane IP address of the
backup server, and press Enter.
Step 3 Configure a browser.
Step 4 Select a language and enter your user name and password.
● eBackup displays contents in your selected language.
● The default user name is admin and the default password is
PXU9@ctuNov17!.
If it is your first login, change the password as prompted.
● If you want to log in to eBackup as a Lightweight Directory Access Protocol
(LDAP) user, perform the following steps:
a. Configure LDAP server information in the system configuration file. For
details about the configuration, see 6.4.5 Configuring LDAPS.
b. After the configuration, you can log in to eBackup.
▪ You can use the LDAP user account created on the LDAP server to
log in to eBackup. (In such a scenario, eBackup automatically creates
a user whose role is regular user in the system.)
▪ You can first use a super administrator account to log in to eBackup.
In the navigation tree, choose > Account > Users. Click Create
to create an LDAP user. The password of the LDAP user cannot
exceed 256 characters. After the user is created, log in to the system
as the user.
Step 5 Click Login.
NOTE
If the login page displays System Is in Restricted Mode, see 7.3.2.1 The eBackup GUI
Displays a Message Indicating "System Is in Restricted Mode" When I Log In to
eBackup.
----End
9.2 Creating a FusionCompute Interconnection Account
Before adding the FusionSphere protected environment to the eBackup backup
management system, you need to create an account for interconnecting with the
eBackup backup management system on FusionCompute.
For details about how to create an interconnection account, see Creating a User
in FusionCompute 8.1.0 Product Documentation. This section uses
FusionCompute 8.1.0 as an example. For other FusionSphere versions, see the
product documentation of the corresponding version.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 358
OceanStor BCManager
eBackup User Guide 9 Common Operations
NOTE
● Select different Creating a User sections based on the permission management mode
(common mode and permission separation mode) of FusionCompute.
● When creating an interconnection account in common mode, set the following key
parameters:
● Set User Type to Interface interconnection.
● Set Role to administrator.
● Set Max. Concurrent Logins to Not limited.
● When creating an interconnection account in rights separation mode, set the following
key parameters:
● Set User Type to Interface interconnection.
● Set Max. Concurrent Logins to Not limited.
● Set User Type to System administrator.
● Set Role to sysadmin.
9.3 Configuring Routes in Huawei Distributed Block
Storage Scenarios
When the production storage type of the FusionSphere VM to be backed up is
Huawei distributed block storage which is in the same network plane but on a
different network with eBackup servers, you need to configure routes to make the
networks of Huawei distributed block storage and eBackup servers interwork with
each other. This section describes how to configure routes in one storage plane.
Prerequisites
● You have completed the network planning and installed eBackup.
● The Huawei distributed block storage agent is not installed.
● The following operation is performed based on this scenario: Only one
eBackup server is deployed in the eBackup system (If multiple eBackup
servers are deployed, configure routes for all the servers); the storage of the
VM to be backed up distributes on one Huawei distributed block storage
cluster.
● You have obtained the network addresses of the storage plane for Huawei
distributed block storage cluster, for example, 192.168.1.0/24.
● You have obtained the login password of user root of the eBackup server.
Change the password as soon as possible and log in to the server using the
new password. For password changing method, see 6.4.1.5 Changing the
Password of the root Account.
● If you have configured a network port name for the storage IP address of
Huawei distributed block storage, you need to change the network adapter
name of the storage plane of the eBackup server accordingly. If you have
configured only an IP address range for the storage IP address of Huawei
distributed block storage, such change is unnecessary. For details about the
configuration, log in to the Huawei distributed block storage management
node as user dsware, run cd /opt/dsware/client/bin to enter /opt/dsware/
client/bin. Run sh dswareTool.sh --op querySysPara -n sys_network_mark
(You need to enter the user name cmdadmin and the password, and the
default password is cmdHuawei@123).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 359
OceanStor BCManager
eBackup User Guide 9 Common Operations
NOTE
All nodes in the Huawei distributed block storage cluster include other compute nodes that
use Huawei distributed block storage.
Procedure
Step 1 Log in to the eBackup server.
Step 2 Run the TMOUT=0 command to prevent the user from logging out due to
timeout.
NOTE
After the preceding command is executed, the system remains running even when no
operation is performed, posing security risks. For security purposes, run the exit command
to exit the system after you finish performing operations.
Step 3 Add persistent routes.
1. Run the ifconfig command to identify the network adapter (such as eth2)
corresponding to the eBackup storage plane.
eth2 Link encap:Ethernet HWaddr 2A:BE:D4:88:99:01
inet addr:192.168.31.190 Bcast:192.168.31.255 Mask:255.255.255.0
…
2. Run the following command to open the configuration file.
vi /etc/sysconfig/network-scripts/route-ethxx
ethxx indicates the NIC name of the eBackup storage plane.
3. Press i to edit the configuration file, configure the network segment, subnet
mask, and gateway of the storage plane of Huawei distributed block storage
in sequence, save the configuration, and exit the file.
4. Run the service network restart command to restart the network for the
routes to take effect.
NOTE
– Before restarting the network, evaluate the possible impacts on ongoing services
on the server. Shut down some services before the restart if necessary.
– If you log in to the eBackup server remotely using a cross-platform remote access
tool, you will log out automatically after the restart. If this happens, log in to the
server again.
5. Run the route command to check the route information.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 192.168.31.1 255.255.255.0 UG 0 0 0 eth2
6. After routes are configured, configure firewalls so that only authorized
networks, IP addresses or ports in the storage plane can access the storage
network of the eBackup server. Configure the firewalls, refer to 6.8.6.4
Auxiliary Scripts of iptables.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 360
OceanStor BCManager
eBackup User Guide 9 Common Operations
9.4 Reconfigure eBackup Servers after Changing the IP
Address
To ensure the eBackup software run normally, you need to reconfigure eBackup
servers after you change the IP address of eBackup servers.
Prerequisites
● If you want to change the IP address of a backup server, ensure that no tasks
are running and the Accessibility Status of all backup server and backup
proxies are Accessible, Register Status of all backup server and backup
proxies are Registered. If you want to change the IP address of a backup
proxy, ensure that no associated tasks are running and the Accessibility
Status of the backup proxy is Accessible, Register Status of the backup
proxy is Registered. For details about how to check tasks associated with
backup proxies, refer to 6.1.1 Managing a Job. For details about the status of
the eBackup servers, refer to 6.1.4 Managing an eBackup Server.
● You have obtained the login password of user root of the eBackup server.
Change the password as soon as possible and log in to the server using the
new password. For password changing method, see 6.4.1.5 Changing the
Password of the root Account.
● You need to configure the route and the iptables rules if the new IP address
and the old IP address are not in the same network segment. When changing
the management plane IP address, you need to modify the route, add the
new iptables rules and delete the old iptables rules. When changing the
internal communication plane IP address, you need to modify the route, and
delete the old iptables rules. When changing the storage plane IP address, you
need to modify the route, add new iptables rules, and delete the old iptables
rules, unmount all storage units and associate them with the backup storage
again. For all the three situations above, you need to delete the rules within
one network segment when deleting the old iptables rules. Configure iptables
rules. For details, see 6.8.6.4 Auxiliary Scripts of iptables.
● If the HA function has been configured and an eBackup server needs to be
reconfigured, perform the following operations:
a. Remove an HA member.
If the HA function is enabled and the standby node is in irrecoverable
inaccessible state, see 7.3.5.3 A Standby Node Fails to Be Removed
When the HA Function Is Being Used and the Standby Node Is in the
Irrecoverable Inaccessible State.
i. Log in to the eBackup backup management system.
ii. On the navigation bar, choose > Server.
iii. Optional: In the upper right corner, set the search criteria and click
to search for the corresponding server.
iv. Click the drop-down arrow of HA Management and choose Delete
HA member from the shortcut menu that is displayed.
b. Reconfigure the eBackup server by following instructions in this chapter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 361
OceanStor BCManager
eBackup User Guide 9 Common Operations
c. Optional: Set HA parameters if you want to configure eBackup as an HA
system.
NOTE
eBackup can be configured as an HA system only when there are at least two eBackup
servers in the system, that is, there is at least one independent backup proxy server.
For details, see 2.6 (Optional) Configuring HA.
Procedure
Step 1 If the production storage is Huawei distributed block storage, perform the
following operations before changing the management plane IP addresses or
production storage plane IP addresses of the backup server and backup proxy:
NOTE
FusionStorage 8.0.1 is used as an example. Obtain the document of the corresponding
version based on the site requirements.
● Before changing the management plane IP addresses of the backup server
and backup proxy, log in to the FusionStorage Manager node to change the
eBackup management IP address.
FusionStorage 8.0.1 is used as an example. Obtain the document of the
corresponding version based on the site requirements.
a. Use PuTTY to log in to the FusionStorage Manager node using the
management plane floating IP address.
The default user name is dsware, and the default password is IaaS@OS-
CLOUD9!.
b. Modify the management plane IP address of the eBackup server.
For details, see Changing the FusionStorage Management IP Address
in FusionStorage 8.0.1 Block Storage Product Documentation.
● Before changing the production storage plane IP address of the backup server
and backup proxy, delete VBS on the FusionStorage Manager page and delete
the backup server and backup proxy from the FusionStorage cluster.
FusionStorage 8.0.1 is used as an example. Obtain the document of the
corresponding version based on the site requirements.
a. Use a browser to log in to the FusionStorage Manager web client.
b. On the top menu bar, choose Services > Block Service > VBS.
c. Select the VBS of the eBackup server whose IP address is to be changed
and click Delete VBS.
d. Delete the backup server and backup proxy from the FusionStorage
cluster.
For details, see Removing a Node in the FusionStorage 8.0.1 Block
Storage Scaling Guide.
● Before changing the management plane IP addresses and production storage
plane IP addresses of the backup server and backup proxy, delete the backup
server and backup proxy from the FusionStorage cluster and uninstall the
FusionStorage block storage.
FusionStorage 8.0.1 is used as an example. Obtain the document of the
corresponding version based on the site requirements.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 362
OceanStor BCManager
eBackup User Guide 9 Common Operations
a. Delete the backup server and backup proxy from the FusionStorage
cluster.
For details, see Removing a Node in the FusionStorage 8.0.1 Block
Storage Scaling Guide.
b. Log in to the eBackup server whose IP address needs to be changed to
uninstall FusionStorage block storage.
For details, see Uninstalling FusionStorage Block Storage in the
FusionStorage 8.0.1 Block Storage Product Documentation.
Step 2 If the production storage is Huawei distributed block storage, perform the
following operations before changing the management plane IP addresses or
production storage plane IP addresses of the backup server and backup proxy:
NOTE
OceanStor Pacific 9950 8.1.0 is used as an example. Obtain the document of the
corresponding version based on the site requirements.
● Before changing the management plane IP addresses of the backup server
and backup proxy, log in to the distributed storage management node to
change the eBackup management IP address.
a. Use PuTTY to log in to the distributed storage management node
through the floating IP address of the management plane.
Account: dsware
b. Modify the management plane IP address of the eBackup server.
For details, see Changing the Management IP Address of Distributed
Storage in the OceanStor Pacific Series 8.1.0 Product Documentation
(Huawei Engineers).
● Before changing the production storage plane IP address of the backup server
and backup proxy, delete VBS and delete the backup server and backup proxy
from the Huawei distributed block storage cluster.
a. Use a browser to log in to DeviceManager.
b. On the top navigation bar, choose Resources > Access > VBS.
c. Select VBS of the eBackup server whose IP address is to be changed and
delete it.
d. Delete the backup server and backup proxy from the Huawei distributed
block storage cluster.
For details, see Removing a Node from a Cluster in the OceanStor
Pacific Series 8.1.0 Capacity Expansion and Reduction Guide.
● Before changing the management plane IP addresses and production storage
plane IP addresses of the backup server and backup proxy, delete the backup
server and backup proxy from the Huawei distributed block storage cluster
and uninstall the Huawei distributed block storage.
a. Delete the backup server and backup proxy from the Huawei distributed
block storage cluster.
For details, see Removing a Node from a Cluster in the OceanStor
Pacific Series 8.1.0 Capacity Expansion and Reduction Guide.
b. Log in to the eBackup server whose IP address needs to be changed and
uninstall Huawei distributed block storage.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 363
OceanStor BCManager
eBackup User Guide 9 Common Operations
For details, see Uninstalling OceanStor Pacific Series Software in the
OceanStor Pacific Series 8.1.0 Product Documentation (Huawei
Engineers).
Step 3 Log in to eBackup backup management system.
Step 4 If you want to change the IP address of a backup server, unregister all the backup
proxies. If you want to change the IP address of a backup proxy, unregister the
backup proxy. For details, see 6.1.4 Managing an eBackup Server.
Step 5 Log in to the eBackup server.
Step 6 Run the TMOUT=0 command to prevent the user from logging out due to
timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 7 Run cd PathOfBackupSoftwarePackage to go to the initial configuration script
folder.
Step 8 Run service hcp stop to stop the eBackup services.
● When changing the IP address of the backup server, you need to run this
command on all eBackup servers.
● When changing the IP address of the backup proxy, you need to run this
command on the server whose IP address is changed.
Step 9 Change the IP address.
This step uses changing the IP address of the eBackup management plane as an
example. In this example, the network port configuration file corresponding to the
management plane IP address is ifcfg-bond0. Use the same method to change
the IP addresses of other planes.
1. Run the following command to switch to the network-scripts directory:
cd /etc/sysconfig/network-scripts
2. Change an eBackup IP address.
a. Run the following command to edit the configuration file:
vi Network port configuration file name
b. Press i to enter editing mode.
c. Modify the following parameter:
▪ Change the value of IPADDR to the new eBackup management
plane IP address.
▪ Change the value of NETMASK to the subnet mask of the eBackup
management plane IP address.
▪ Change the value of GATEWAY to the eBackup management plane
gateway.
d. Press Esc to exit editing mode. Enter :wq! and press Enter to save the
settings.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 364
OceanStor BCManager
eBackup User Guide 9 Common Operations
3. Modify the configuration file of the SSH service.
Skip this step if you want to change the IP address of the eBackup backup
storage plane or production storage plane.
a. Run the following command to edit the configuration file:
vi /etc/ssh/sshd_config
b. Press i to enter editing mode.
c. Set ListenAddress to the new eBackup management plane IP address.
d. Press Esc to exit editing mode. Enter :wq! and press Enter to save the
settings.
4. Run the following command to restart the SSHD service:
service sshd restart
Skip this step if you want to change the IP address of the eBackup backup
storage plane or production storage plane.
NOTE
If Job for sshd.service failed because the control process exited with error code.
See "systemctl status sshd.service" and "journalctl -xe" for details., is displayed,
ignore it. This does not affect the restart of the SSHD service.
5. Run the following command to restart the network service.
service network restart
Step 10 If you want to change the IP address of a backup server, umount the shared disks.
If you want to change the IP address of a backup proxy, go to Step 13.
1. Run mount to check the shared disks on the server. For example, the
following information is displayed.
/dev/sda2 on / type ext3 (rw,acl,user_xattr)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,mode=1777)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
securityfs on /sys/kernel/security type securityfs (rw)
configfs on /sys/kernel/config type configfs (rw)
ocfs2_dlmfs on /dlm type ocfs2_dlmfs (rw)
192.168.142.5:/nfs_database_94 on /opt/huawei-data-protection/ebackup/db_bak type nfs
(rw,retry=1,retrans=20,soft,nolock,timeo=60,addr=192.168.142.5)
none on /var/lib/ntp/proc type proc (ro,nosuid,nodev)
192.168.142.6:/NFS_94 on /opt/huawei-data-protection/ebackup/bricks/d94784aa-d51b-48cb-
b762-3c9c6c3c7814 type nfs (rw,retry=1,retrans=20,soft,nolock,timeo=60,addr=192.168.142.6)
/dev/sdb on /opt/huawei-data-protection/ebackup/bricks/bc5c5d05-868d-440e-97f8-3dc06b7e35e2
type ocfs2 (rw,_netdev,localalloc=2048,noacl,novdilock,heartbeat=local)
2. Run umount /opt/huawei-data-protection/ebackup/db_bak to umount the
shared disk in /opt/huawei-data-protection/ebackup/db_bak.
3. Optional: Unmount all the shared disks whose types are ocfs2 in /opt/
huawei-data-protection/ebackup/bricks. For example, run umount /opt/
huawei-data-protection/ebackup/bricks/
bc5c5d05-868d-440e-97f8-3dc06b7e35e2.
Step 11 Reconfigure the backup server.
For details, see 2.4.1 Configuring a Backup Server.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 365
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 12 Optional: You need to unregister the backup proxies whose Accessibility Status is
Inaccessible, Register Status is Registered when you change the internal
communication plane IP address of the backup server. For details, refer to 6.1.4
Managing an eBackup Server.
Step 13 Reconfigure the backup proxy.
For details, see 2.4.2 (Optional) Configuring a Backup Proxy.
----End
9.5 Adding the IP Address of a DNS Server
This section describes how to add the IP address of a DNS server on the eBackup
server.
Procedure
Step 1 Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to disable user logout upon system timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 4 Run the vi /etc/resolv.conf command to add the IP address of a DNS server.
Press Esc to exit the editing mode. Type :wq, and press Enter.
----End
9.6 Modifying Configurations of Mismatched
Certificate Alarms
If you want to enable or disable mismatched certificate alarms reported when
SMTP servers, protected environments, S3 storage, LDAP servers, FTP servers, and
GaussDB databases are being authenticated, perform operations in this section.
Context
● By default, eBackup generates mismatched certificate alarms. To ensure
security, enabling mismatched certificate alarms is recommended.
● After the certificate alarm function is disabled, existing alarms xxx has no
matching certificate. must be manually cleared.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 366
OceanStor BCManager
eBackup User Guide 9 Common Operations
Procedure
Step 1 Log in to the backup server as user hcp using PuTTY.
If HA has been configured, perform the following operations on the active backup
server.
Step 2 Run the su root command and enter the password of user root to switch to user
root.
The default password of user root is Cloud12#$.
Step 3 Run the TMOUT=0 command to prevent PuTTY from exiting due to session
timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 4 Run the cd /opt/huawei-data-protection/ebackup/conf command to go to the
directory where the configuration file is stored.
Step 5 Run the vi hcpconf.ini command to edit the configuration file.
Step 6 Press i to enter the editing mode.
Step 7 Change the value of configuration item NoMatchCertWarning=.
NoMatchCertWarning=1 indicates that mismatched certificate alarms will be
reported.
NoMatchCertWarning=0 indicates that mismatched certificate alarms are
masked.
Set the configuration item based on site requirements.
Step 8 Press Esc to exit the editing mode and run the :wq! command to save the change
and exit.
Step 9 Change the value of NoMatchCertWarning in the hcpconf.ini configuration file
under directory /opt/huawei-data-protection/ebackup/microservice/
ebk_alarm/conf by referring to Step 4 to Step 8.
----End
9.7 Changing the MAC Address of an eBackup VM
When the MAC address of an eBackup VM conflicts with another VM, you must
change the MAC address of the eBackup VM.
Prerequisites
● You have obtained the user name and password for logging in to the
FusionCompute management console.
● You have obtained the backup management plane IP address of the eBackup
server and the password of user root.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 367
OceanStor BCManager
eBackup User Guide 9 Common Operations
● A cross-platform remote access tool, such as PuTTY, is available.
● No backup, restore, or backup deletion jobs are running on the eBackup VM.
Procedure
Step 1 If HA has been configured, remove the HA relationship first.
1. Log in to the eBackup backup management system using a browser.
Default account: admin. Default password: PXU9@ctuNov17!.
2. In the navigation tree, choose > Server.
3. Select Delete HA Member from the HA Management drop-down list to
delete HA member.
Step 2 Stop eBackup services and query the network plane configuration information of
the eBackup node.
1. Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
2. Run the su root command and enter the password of user root to switch to
user root.
The default password of the root user is Cloud12#$.
3. Run the TMOUT=0 command to prevent PuTTY from exiting due to timeout.
NOTE
After the preceding command is executed, the system remains running even when no
operation is performed, posing security risks. For security purposes, run the exit
command to exit the system after you finish performing operations.
4. Run the service hcp stop command to stop eBackup services.
If any job is running during this time, the job execution may fail.
5. Run the cd /opt/huawei-data-protection/ebackup/conf command to enter
the directory of the configuration file.
6. Run the find *.ini |xargs grep Plane command to query the network plane
configuration information of the eBackup node.
Record the configuration information about all network planes of the
eBackup node.
Step 3 Delete the *-persistent-net.rules configuration file.
1. After logging in to the eBackup server, run the following command to go to
the directory where the configuration file is located.
cd /etc/udev/rules.d
2. Run the following command to delete the *-persistent-net.rules
configuration file.
rm -rf *-persistent-net.rules
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 368
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 4 Stop the eBackup VM.
1. Log in to FusionCompute using a browser.
2. Click , find the VM to be stopped, and click the VM.
3. Click Stop to stop the VM.
If the VM status changes to Stopped, the VM is successfully stopped.
Step 5 Modify the MAC address of the eBackup VM.
1. On the VM page, click Configuration > NIC.
2. In the row of the NIC to be modified, choose More > Modify MAC to change
the MAC address.
3. Click Start to start the VM.
Step 6 Change the IP address of the eBackup server.
1. Use PuTTY to log in to the eBackup server.
Default account: hcp. Default password: PXU9@ctuNov17!.
2. Run the su root command and enter the password of user root to switch to
user root.
The default password of the root user is Cloud12#$.
3. Run the TMOUT=0 command to prevent PuTTY from exiting due to timeout.
NOTE
After the preceding command is executed, the system remains running even when no
operation is performed, posing security risks. For security purposes, run the exit
command to exit the system after you finish performing operations.
4. Run the following command to go to the network adapter configuration file
directory:
cd /etc/sysconfig/network-scripts/
5. Change the IP address of the eBackup server.
a. Run the following command to open and edit the configuration file of
the network adapter whose IP address needs to be changed:
vi NIC configuration file name
b. Press i to enter the editing mode and change the values of IPADDR,
NETMASK, and GATEWAY to the actual ones.
c. Press Esc and enter :wq to save the settings and exit.
6. Run the following command to restart the NIC:
service network restart
Step 7 Reconfigure the eBackup server.
For details, see 2.4 Configuring eBackup Servers.
Step 8 Run the reboot command to restart the operating system.
Step 9 If the HA relationship has been removed, reconfigure HA.
For details, see 2.6 (Optional) Configuring HA.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 369
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 10 Log in to eBackup GUI again and perform backup, restore, and backup deletion
jobs to verify that the functions are normal.
----End
Follow-up Procedure
After the MAC address is changed, the ESN changes. You must change the license
on the ESDP platform.
9.8 Configuring Network Adapter Binding
9.8.1 Configuring Network Adapter Binding (IPv4)
If you want to bind multiple network adapters as a virtual network adapter when
configuring the IP address of the eBackup server and the current network type is
IPv4, perform the following operations:
Procedure
Step 1 Log in to the OS remotely, and run the TMOUT=0 command to prevent the
system from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 2 Run the ip a command to view the network port information of the physical
server:
This section uses network port names eno1, eno2, eno3, eno4, eno5, eno6, eno7,
and eno8 (eno1 and eno2 are management plane network ports, eno3 and eno4
are production storage plane network ports, eno5 and eno6 are backup storage
plane network ports, and eno7 and eno8 are internal communication plane
network ports.) as an example. If a reused network plane exists, skip the
procedure for configuring the corresponding NIC.
Step 3 Run the following commands in sequence to start the network ports:
ifconfig Network port name up
If the following information is displayed in the command output, check whether
the network cable is properly connected.
Step 4 Run the following commands in sequence to view the port status and network
port speed:
ethtool Network port name
Check whether the following information is displayed. If no, check whether the
network cable is properly connected.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 370
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 5 Configure the management plane.
This section uses bond0 as an example to describe how to configure bond0 as the
eBackup management plane and network ports eno1 and eno2 as bond0.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-1.
NOTE
Modify the network port configuration file name based on the site requirements.
Table 9-1 Examples of network port configuration files of the management
plane
Name Content
ifcfg-bond0 DEVICE=bond0
IPADDR=eBackup management plane IP address
NETMASK=eBackup management plane subnet mask
ONBOOT=yes
BOOTPROTO=static
USERCTL=no
TYPE=Bonding
MTU=1500
BONDING_OPTS='mode=1 miimon=100'
BONDING_MASTER=yes
NM_CONTROLLED=no
GATEWAY=eBackup management plane gateway
DEFROUTE='no'
PEERDNS='no'
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 371
OceanStor BCManager
eBackup User Guide 9 Common Operations
Name Content
ifcfg-eno1 DEVICE=eno1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE='no'
ifcfg-eno2 DEVICE=eno2
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE='no'
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 6 Configure the production storage plane.
This section uses bond1 as an example to describe how to configure bond1 as the
eBackup production storage plane and network ports eno3 and eno4 as bond1.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-2.
NOTE
– Modify the configuration file name based on the site requirements.
– If the eBackup server and production storage plane use the FC protocol, you do not
need to set the IPADDR and NETMASK parameters. Delete them.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 372
OceanStor BCManager
eBackup User Guide 9 Common Operations
Table 9-2 Examples of network port configuration files of the production
storage plane
Name Content
ifcfg-bond1 DEVICE=bond1
IPADDR=eBackup production storage plane IP address
NETMASK=eBackup production storage plane subnet mask
ONBOOT=yes
BOOTPROTO=static
USERCTL=no
TYPE=Bonding
MTU=1500
BONDING_OPTS='mode=1 miimon=100'
BONDING_MASTER=yes
NM_CONTROLLED=no
DEFROUTE='no'
PEERDNS='no'
ifcfg-eno3 DEVICE=eno3
BOOTPROTO=none
ONBOOT=yes
MASTER=bond1
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE='no'
ifcfg-eno4 DEVICE=eno4
BOOTPROTO=none
ONBOOT=yes
MASTER=bond1
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE='no'
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 7 Configure the backup storage plane.
This section uses bond2 as an example to describe how to configure bond2 as the
eBackup backup storage plane and network ports eno5 and eno6 as bond2.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-3.
NOTE
Modify the configuration file name based on the site requirements.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 373
OceanStor BCManager
eBackup User Guide 9 Common Operations
Table 9-3 Examples of network port configuration files of the backup storage
plane
Name Content
ifcfg-bond2 DEVICE=bond2
IPADDR=IP address of the eBackup backup storage plane
NETMASK=Subnet mask of the eBackup backup storage plane
ONBOOT=yes
BOOTPROTO=static
USERCTL=no
TYPE=Bonding
MTU=1500
BONDING_OPTS='mode=1 miimon=100'
BONDING_MASTER=yes
NM_CONTROLLED=no
DEFROUTE='no'
PEERDNS='no'
ifcfg-eno5 DEVICE=eno5
BOOTPROTO=none
ONBOOT=yes
MASTER=bond2
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE='no'
ifcfg-eno6 DEVICE=eno6
BOOTPROTO=none
ONBOOT=yes
MASTER=bond2
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE='no'
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 8 Configure the internal communication plane.
In this section, bond3 is configured as the eBackup internal communication plane,
and network ports eno7 and eno8 form bond3.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-4.
NOTE
Modify the network port configuration file name based on the site requirements.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 374
OceanStor BCManager
eBackup User Guide 9 Common Operations
Table 9-4 Example of the network port configuration file of the internal
communication plane
Name Content
ifcfg-bond3 DEVICE=bond3
IPADDR=eBackup internal communication plane IP address
NETMASK=eBackup internal communication plane subnet mask
ONBOOT=yes
BOOTPROTO=static
USERCTL=no
TYPE=Bonding
MTU=1500
BONDING_OPTS='mode=1 miimon=100'
BONDING_MASTER=yes
NM_CONTROLLED=no
DEFROUTE='no'
PEERDNS='no'
ifcfg-eno7 DEVICE=eno7
BOOTPROTO=none
ONBOOT=yes
MASTER=bond3
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE='no'
ifcfg-eno8 DEVICE=eno8
BOOTPROTO=none
ONBOOT=yes
MASTER=bond3
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE='no'
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
----End
9.8.2 Configuring Network Adapter Binding (IPv6)
If you want to bind multiple network adapters as a virtual network adapter when
configuring the IP address of the eBackup server and the current network type is
IPv6, perform the following operations:
Procedure
Step 1 Log in to the OS remotely, and run the TMOUT=0 command to prevent the
system from exiting due to timeout.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 375
OceanStor BCManager
eBackup User Guide 9 Common Operations
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 2 Run the ip a command to view the network port information of the physical
server:
This section uses network port names eno1, eno2, eno3, eno4, eno5, eno6, eno7,
and eno8 (eno1 and eno2 are management plane network ports, eno3 and eno4
are production storage plane network ports, eno5 and eno6 are backup storage
plane network ports, and eno7 and eno8 are internal communication plane
network ports.) as an example. If a reused network plane exists, skip the
procedure for configuring the corresponding NIC.
Step 3 Run the following commands in sequence to start the network ports:
ifconfig Network port name up
If the following information is displayed in the command output, check whether
the network cable is properly connected.
Step 4 Run the following commands in sequence to view the port status and network
port speed:
ethtool Network port name
Check whether the following information is displayed. If no, check whether the
network cable is properly connected.
Step 5 Configure the management plane.
This section uses bond0 as an example to describe how to configure bond0 as the
eBackup management plane and network ports eno1 and eno2 as bond0.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 376
OceanStor BCManager
eBackup User Guide 9 Common Operations
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-5.
NOTE
Modify the configuration file name based on the site requirements.
Table 9-5 Examples of network port configuration files of the management
plane
Name Content
ifcfg-bond0 DEVICE=bond0
IPV6INIT=yes
IPV6ADDR=eBackup management plane IP address/Prefix length
ONBOOT=yes
BOOTPROTO=static
USERCTL=no
TYPE=Bonding
MTU=1500
BONDING_OPTS='mode=1 miimon=100'
BONDING_MASTER=yes
NM_CONTROLLED=no
STARTMODE=onboot
DEFROUTE=yes
PEERDNS=no
ifcfg-eno1 DEVICE=eno1
IPV6INIT=yes
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE=yes
PEERDNS=no
ifcfg-eno2 DEVICE=eno2
IPV6INIT=yes
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE=no
PEERDNS=no
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 377
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 6 Configure the production storage plane.
This section uses bond1 as an example to describe how to configure bond1 as the
eBackup production storage plane and network ports eno3 and eno4 as bond1.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-6.
NOTE
– Modify the configuration file name based on the site requirements.
– If the eBackup server and production storage plane use the FC protocol, you do not
need to set the IPADDR and NETMASK parameters. Delete them.
Table 9-6 Examples of network port configuration files of the production
storage plane
Name Content
ifcfg- DEVICE=bond1
IPV6INIT=yes
bond1 IPV6ADDR=Production storage plane IP address/Prefix length
ONBOOT=yes
BOOTPROTO=static
USERCTL=no
TYPE=Bonding
MTU=1500
BONDING_OPTS='mode=1 miimon=100'
BONDING_MASTER=yes
NM_CONTROLLED=no
STARTMODE=onboot
DEFROUTE=no
PEERDNS=no
ifcfg- DEVICE= eno3
IPV6INIT=yes
eno3 BOOTPROTO=none
ONBOOT=yes
MASTER=bond1
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE=no
PEERDNS=no
ifcfg- DEVICE=eno4
IPV6INIT=yes
eno4 BOOTPROTO=none
ONBOOT=yes
MASTER=bond1
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE=no
PEERDNS=no
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 378
OceanStor BCManager
eBackup User Guide 9 Common Operations
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 7 Configure the backup storage plane.
This section uses bond2 as an example to describe how to configure bond2 as the
eBackup backup storage plane and network ports eno5 and eno6 as bond2.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-7.
NOTE
Modify the configuration file name based on the site requirements.
Table 9-7 Examples of network port configuration files of the backup storage
plane
Name Content
ifcfg-bond2 DEVICE=bond2
IPV6INIT=yes
IPV6ADDR=Backup storage plane IP address/Prefix length
ONBOOT=yes
BOOTPROTO=static
USERCTL=no
TYPE=Bonding
MTU=1500
BONDING_OPTS='mode=1 miimon=100'
BONDING_MASTER=yes
NM_CONTROLLED=no
STARTMODE=onboot
DEFROUTE=no
PEERDNS=no
ifcfg-eno5 DEVICE=eno5
IPV6INIT=yes
BOOTPROTO=none
ONBOOT=yes
MASTER=bond2
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE=no
PEERDNS=no
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 379
OceanStor BCManager
eBackup User Guide 9 Common Operations
Name Content
ifcfg-eno6 DEVICE=eno6
IPV6INIT=yes
BOOTPROTO=none
ONBOOT=yes
MASTER=bond2
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE=no
PEERDNS=no
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 8 Configure the internal communication plane.
In this section, bond3 is configured as the eBackup internal communication plane,
and network ports eno7 and eno8 form bond3.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-8.
NOTE
Modify the configuration file name based on the site requirements.
Table 9-8 Example of the network port configuration file of the internal
communication plane
Name Content
ifcfg-bond3 DEVICE=bond3
IPV6INIT=yes
IPV6ADDR=Internal communication plane IP address/Prefix length
ONBOOT=yes
BOOTPROTO=static
USERCTL=no
TYPE=Bonding
MTU=1500
BONDING_OPTS='mode=1 miimon=100'
BONDING_MASTER=yes
NM_CONTROLLED=no
STARTMODE=onboot
DEFROUTE=no
PEERDNS=no
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 380
OceanStor BCManager
eBackup User Guide 9 Common Operations
Name Content
ifcfg-eno7 DEVICE=eno7
IPV6INIT=yes
BOOTPROTO=none
ONBOOT=yes
MASTER=bond3
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE=no
PEERDNS=no
ifcfg-eno8 DEVICE=eno8
IPV6INIT=yes
BOOTPROTO=none
ONBOOT=yes
MASTER=bond3
SLAVE=yes
USERCTL=no
TYPE=Ethernet
NM_CONTROLLED=no
DEFROUTE=no
PEERDNS=no
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
----End
9.9 Configuring an iSCSI Initiator on the eBackup
Server
If SAN storage is used as backup storage, you need to configure an iSCSI initiator
on the eBackup server.
Prerequisites
● The eBackup server is connected to the storage device using network cables.
● An iSCSI initiator has been installed on the eBackup server.
● A cross-platform remote access tool, such as PuTTY, is available.
● The backup management plane IP address of the eBackup server and the
password of user root have been obtained. You are advised to change the
password regularly for security purposes.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 381
OceanStor BCManager
eBackup User Guide 9 Common Operations
Context
Take the service and management IP addresses of an OceanStor 5600 V3 storage
device 192.168.81.3 and 192.168.81.30 and storage plane IP address of the
eBackup server 192.168.18.40 as an example.
Procedure
Step 1 Use PuTTY to log in to the eBackup server.
● Template deployment environment
a. Log in to the server as user hcp.
b. Run the su root command and enter the password of account root to
switch to account root.
● Software package deployment environment
Log in to the server as user root.
Step 2 Run the TMOUT=0 command to prevent PuTTY from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 3 Configure an IP address for a target and log in to the target.
1. Run the vi /etc/iscsi/initiatorname.iscsi command to change the iSCSI
initiator name.
If the eBackup software is installed using a template, the iSCSI initiator names
of all eBackup servers are the same. You need to change the iSCSI initiator
names only. If eBackup is installed using a software package, you only need to
check the initiator name and do not need to change it.
If information similar to the following is displayed, modify the content
between iqn. and .com.
InitiatorName=iqn.1994-01.com.euleros:node
NOTE
– In scenarios where the initiator has been added to a host of the OceanStor V3
storage system:
During system running, if the name of the initiator has been changed, restart the
iSCSI service, log in to the OceanStor V3 storage system, remove the original
initiator, and add a new initiator.
– In scenarios where the initiator has not been added to any host of the OceanStor
V3 storage system:
During system running, if the name of the initiator has been changed, you must
restart the iSCSI service.
2. Restart the iSCSI service.
– For the SUSE operating system, run the service open-iscsi restart
command.
– For the Euler operating system, run the service iscsid restart command.
3. Run the iscsiadm -m discovery -t st -p 192.168.81.3 command to discover a
target.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 382
OceanStor BCManager
eBackup User Guide 9 Common Operations
NOTE
The IP address of the target is the service IP address of the storage device connected
to the service port of the eBackup server.
4. Run the iscsiadm -m node -p 192.168.81.3 -l command to log in to the
target.
----End
9.10 Configuring CHAP Authentication Information on
the eBackup Server
After CHAP authentication is enabled on the storage system, you need to
configure the CHAP user name and password on the eBackup server to establish a
connection to the storage system.
Context
Run the iscsiadm command to set the CHAP user name and password on the
eBackup server.
Procedure
Step 1 Use PuTTY to log in to the eBackup server.
● Template deployment environment
a. Log in to the server as user hcp.
b. Run the su root command and enter the password of account root to
switch to account root.
● Software package deployment environment
Log in to the server as user root.
Step 2 Run the TMOUT=0 command to prevent PuTTY from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 3 Run the iscsiadm -m session -u command to deregister all links.
Step 4 Configure CHAP authentication parameters.
1. Enable CHAP authentication on the target.
Run the following command to enable CHAP authentication on the target. For
example:
iscsiadm -m node -o update -p 192.168.81.3 -n node.session.auth.authmethod -v CHAP
The IP address of the target is the service IP address of the storage system
connected to the service port of the eBackup server.
In this example, the IP address of the target is 192.168.81.3.
2. Configure the unidirectional CHAP user name and password.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 383
OceanStor BCManager
eBackup User Guide 9 Common Operations
Run the following command to configure the CHAP user name. For example:
iscsiadm -m node -o update -p 192.168.81.3 -n node.session.auth.username -v chaper-1
In this example, the IP address of the target is 192.168.81.3, and the CHAP
user name added for the eBackup server is chaper-1.
Run the following command to configure the CHAP password. For example:
iscsiadm -m node -o update -p 192.168.81.3 -n node.session.auth.password -v 12345678qwer
In this example, the IP address of the target is 192.168.81.3, and the password
of the CHAP user added for the eBackup server is 12345678qwer.
3. Optional: If the storage system (target) supports bidirectional CHAP
authentication, you need to configure the bidirectional CHAP user name and
password so that the iSCSI initiator can authenticate the storage system.
NOTE
The password for bidirectional CHAP authentication must be different from that for
unidirectional CHAP authentication.
Run the following command to configure the CHAP user name. For example:
iscsiadm -m node -o update -p 192.168.81.3 -n node.session.auth.username_in -v chaper-2
In this example, the IP address of the target is 192.168.81.3, and the CHAP user
name added for the eBackup server is chaper-2.
Run the following command to configure the CHAP password. For example:
iscsiadm -m node -o update -p 192.168.81.3 -n node.session.auth.password_in -v 87654321qwer
In this example, the IP address of the target is 192.168.81.3, and the password of
the CHAP user added for the eBackup server is 87654321qwer.
Step 5 Log in to the target again.
Run the following command to log in to the target. For example:
iscsiadm -m node -p 192.168.81.3 -l
In this example, the IP address of the target is 192.168.81.3.
The following output is displayed after a successful login.
Logging in to [iface: default, target: iqn.2006-08.com.huawei:oceanstor:21009c37f48af39a::
20000:192.168.81.3, portal: 192.168.81.3,3260] (multiple)
Login to [iface: default, target: iqn.2006-08.com.huawei:oceanstor:21009c37f48af39a::20000:192.168.81.3,
portal: 192.168.81.3,3260] successful.
----End
9.11 Installing the OS
9.11.1 Software and Hardware Configurations
If eBackup needs to run on physical servers, before starting the installation, you
need to have physical servers ready. Table 9-9 shows the configuration
requirements of a physical server.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 384
OceanStor BCManager
eBackup User Guide 9 Common Operations
Table 9-9 Configuration requirements - eBackup
Project Requirement
Physical server For details, see OceanStor BCManager 8.1.0
compatibility eBackup Compatibility List (Virtualization).
CPU ≥ 8-core*2.0 GHz
Memory ≥ 16 GB
RAID controller card One RAID controller card
For details, see OceanStor BCManager 8.1.0
eBackup Compatibility List (Virtualization).
HBA card One HBA card
If the eBackup server and production storage plane
use the FC protocol, HBA cards are required.
Disk Disk size: ≥ 120 GB
Disk quantity: 2. Every two disks of the same size
form a RAID 1 group.
Number of network ports Plan a network port for each network plane based
on the network planes planned in 2.2.2 Network
Planning.
If you need to configure virtual NICs according to
9.8 Configuring Network Adapter Binding, plan
two network ports for each network plane for
which virtual NICs need to be configured.
IP address requirements Plan an IP address for each network plane based
on the network planes planned in 2.2.2 Network
Planning.
NOTE
If the eBackup server and production storage plane use
the FC protocol, you do not need to configure a static IP
address for communicating with the production storage
plane.
Note: The preceding requirements are basic requirements for deploying
eBackup. These requirements are subject to changes based on your actual
situation.
9.11.2 Installing an OS for a Physical Server
Backup servers and proxies must run on physical servers. Before starting the
installation, you need to have physical servers ready. This section describes how to
install an OS on a 2288H V5 server.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 385
OceanStor BCManager
eBackup User Guide 9 Common Operations
Prerequisites
● Two physical servers are ready as required in 9.11.1 Software and Hardware
Configurations. One server will be used to be deployed as a backup server,
the other as a backup proxy.
● You have obtained the IP address, user name, and password of the iBMC
management network port.
● If RAID has been configured for the disks of the physical server, delete the
RAID to clear the disk partitions of the physical server.
● You have obtained the image file OceanStor_BCManager_EulerOS_X86.iso,
which can be obtained by decompressing OceanStor BCManager
xxx_EulerOS_X86.zip. xxx indicates the eBackup version.
How to obtain:
For enterprise users: Click here.
For carrier users: Click here.
9.11.2.1 Starting the Physical Server
Procedure
Step 1 Log in to the iBMC WebUI.
1. Open a browser. In the address box, type the IP address of the iBMC
management network port and press Enter. The address format is https://IP
address of the iBMC management network port.
2. Set User Name and Password, set Domain to Local iBMC, and click Log In.
The iBMC Web management page is displayed.
Step 2 Choose Remote Console > HTML5 Integrated Remote Console (Shared) to
access the remote control page of the physical server.
Step 3 Click > Forced System Reset to restart the physical server.
Step 4 When you see the following interface during the restart, press F11.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 386
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 5 In the following text box, enter your password and press Enter.
NOTE
The password varies based on server models.
Step 6 After the restart is successful, the following page is displayed.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 387
OceanStor BCManager
eBackup User Guide 9 Common Operations
----End
9.11.2.2 Configuring RAIDs
If RAID has been configured for physical servers, skip this section.
Procedure
Step 1 On the home page, press → and select Device Manager. The Device Manager
page is displayed.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 388
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 2 Press ↓ to select a device in the list for RAID configuration.
Step 3 Press Enter. In the displayed menu, choose Main Menu > Configuration
Management > Clear Configuration to clear the system configuration.
Step 4 Select Confirm, press Enter, and then select Yes, and press Enter to confirm the
clearing operation.
Step 5 Press Esc to return to the configuration management menu and select Create
Virtual Drive.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 389
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 6 On the RAID configuration interface, move the cursor to locate Select RAID Level,
press Enter, and select RAID1.
Step 7 Press ↑ or ↓ to locate Select Drives, press Enter, select two disks of the same size
and type to form RAID 1, and select Apply Changes.
Step 8 Select Save Configuration to save the configuration. Select Confirm, press Enter,
and then select Yes, and press Enter to confirm the saving. Format the disks when
dividing RAID.
NOTICE
The capacity of RAID 1 ranges from 300 GB to 2 TB. Otherwise, the configuration
fails. If the capacity is greater than 2 TB, select Virtual Driver Size in this step to
change the capacity.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 390
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 9 Return to the configuration management menu and select View Drive Group
Properties to view the configured RAID information.
Step 10 Press Esc to return to the home page.
----End
9.11.2.3 Installing the OS
Procedure
Step 1 In the main window, click > to select an image file, and click Connect to
open the image file.
Step 2 Press → to select Boot Manager. The Boot Manager page is displayed.
Step 3 Select the virtual DVD-ROM drive as the boot device and press Enter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 391
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 4 On the following interface, press ↑ or ↓ to select Install EulerOS V2.0SP3 and
then press Enter to start installing the OS.
Step 5 If the physical server has a RAID controller card, perform the following steps to
partition the disk.
1. Select Installation Destination.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 392
OceanStor BCManager
eBackup User Guide 9 Common Operations
2. Select the RAID disk created in 9.11.2.2 Configuring RAIDs, select Custom on
the Storage Configuration page, and click Done.
3. Delete existing partitions from the disk.
If the Unknown partition does not exist in the disk, skip this step.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 393
OceanStor BCManager
eBackup User Guide 9 Common Operations
a. Expand Unknown, select any partition, and click .
b. In the dialog box that is displayed, select Delete all file systems which
are only used by Unknown and click Delete It to delete all partitions on
the disk.
4. Add partitions to the disk.
Add mount points in sequence based on the parameter settings in Table 9-10.
Table 9-10 Partition table
Mount Point Desired Device Type File System
Capacity
/boot 512 MiB Standard ext4
Partition
/boot/efi 1024 MiB Standard EFI System
Partition Partition
/ >= 10 GiB LVM ext4
/usr >= 5 GiB LVM ext4
/home >= 5 GiB LVM ext4
/opt >= 60 GiB LVM ext4
/tmp >= 5 GiB LVM ext4
/var >= 30 GiB LVM ext4
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 394
OceanStor BCManager
eBackup User Guide 9 Common Operations
a. Click .
b. Select /boot from the Mount Point drop-down list box.
c. Enter 512MiB in the Desired Capacity text box.
d. Click Add mount point.
e. Set Device Type and File System in sequence based on the parameter
values in Table 9-10.
f. Repeat the preceding steps to add other mount points.
5. Click Done to go back to the main window.
If the following warning information is displayed, click Done again to ignore
it.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 395
OceanStor BCManager
eBackup User Guide 9 Common Operations
6. Click Accept Changes to return to the main page.
7. Click Begin Installation and wait until the OS installation is complete.
Step 6 After the OS is installed, enter the account and password as prompted and log in
to the system.
The user is root and default password is Cloud12#$.
Step 7 During the OS installation:
● If Warning checking storage configuration is displayed, rectify the fault by
referring to 9.11.3.1 Message Warning checking storage configuration or
Custom partitioning selected Is Displayed.
● If Error checking storage configuration is displayed, rectify the fault by
referring to 9.11.3.2 Message Error checking storage configuration Is
Displayed During the OS Installation.
Step 8 Run the following commands in sequence to disable the SELINUX option and
restart the system. Otherwise, eBackup logs may fail to be dumped.
/usr/bin/sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
reboot
Step 9 Run the following commands in sequence to harden the system.
sed -i '/x \/tmp\/upgrade\//d' /usr/lib/tmpfiles.d/tmp.conf
echo 'x /tmp/upgrade/' >> /usr/lib/tmpfiles.d/tmp.conf
----End
9.11.2.4 Configuring the Network (IPv4)
If the current environment is an IPv4 environment, configure the network by
referring to this section. Otherwise, skip this section.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 396
OceanStor BCManager
eBackup User Guide 9 Common Operations
Prerequisites
● The IP addresses of physical servers have been planned according to 2.2.2
Network Planning.
● You have obtained the mappings between the management plane, production
storage plane, backup storage plane, and internal communication plane and
the internal network ports of the system.
Procedure
Step 1 Log in to the OS remotely on iBMC, and run the TMOUT=0 command to prevent
the system from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 2 Run the ip a command to view the network port information of the physical
server.
In this section, the network port names are eno1, eno2, eno3, and eno4. eno1 is
the management plane network port, eno2 is the production storage plane
network port, eno3 is the backup storage plane network port, and eno4 is the
internal communication plane network port. If a reused network plane exists, skip
the procedure for configuring the corresponding NIC. If multiple NICs need to be
bound as a virtual NIC, perform the configuration by referring to 9.8 Configuring
Network Adapter Binding. This section describes how to configure a single NIC.
Step 3 Run the following commands in sequence to start the network ports.
ifconfig Network port name up
If the following information is displayed in the command output, check whether
the network cable is properly connected.
Step 4 Run the following commands in sequence to view the port status and network
port speed.
ethtool Network port name
Check whether the following information is displayed. If no, check whether the
network cable is properly connected.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 397
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 5 Configure the management plane.
This section uses network port eno1 as the management network port as an
example.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-11.
NOTE
Modify the network port configuration file name based on the site requirements.
Table 9-11 Examples of network port configuration files of the management
plane
Name Content
ifcfg-eno1 DEVICE=eno1
IPADDR=eBackup management plane IP address
NETMASK=eBackup management plane subnet mask
ONBOOT=yes
BOOTPROTO=static
GATEWAY=eBackup management plane gateway
DEFROUTE='yes'
PEERDNS='no'
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 398
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 6 Configure the production storage plane.
This section uses network port eno2 as the production storage plane network port
as an example.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-12.
NOTE
– Modify the configuration file name based on the site requirements.
– If the eBackup server and production storage plane use the FC protocol, you do not
need to set the IPADDR and NETMASK parameters. Delete them.
Table 9-12 Examples of network port configuration files of the production
storage plane
Name Content
ifcfg-eno2 DEVICE=eno2
IPADDR=eBackup production storage plane IP address
NETMASK=eBackup production storage plane subnet mask
ONBOOT=yes
BOOTPROTO=static
DEFROUTE='no'
PEERDNS='no'
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 7 Configure the backup storage plane.
This section uses network port eno3 as the backup storage plane network port as
an example.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-13.
NOTE
Modify the network port configuration file name based on the site requirements.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 399
OceanStor BCManager
eBackup User Guide 9 Common Operations
Table 9-13 Examples of network port configuration files of the backup
storage plane
Name Content
ifcfg-eno3 DEVICE=eno3
IPADDR=IP address of the eBackup backup storage plane
NETMASK=Subnet mask of the eBackup backup storage plane
ONBOOT=yes
BOOTPROTO=static
DEFROUTE='no'
PEERDNS='no'
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 8 Configure the internal communication plane.
This section uses network port eno4 as the internal communication network port
as an example.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-14.
NOTE
Modify the network port configuration file name based on the site requirements.
Table 9-14 Example of the network port configuration file of the internal
communication plane
Name Content
ifcfg-eno4 DEVICE=eno4
IPADDR=eBackup internal communication plane IP address
NETMASK=eBackup internal communication plane subnet mask
ONBOOT=yes
BOOTPROTO=static
DEFROUTE='no'
PEERDNS='no'
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 400
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 9 Configure remote server login using the root account.
1. Run the following command to open the sshd_config configuration file.
vi /etc/ssh/sshd_config
2. Press i to enter the edit mode, and change the value of parameter
PermitRootLogin to yes.
PermitRootLogin yes
3. Press Esc to exit the edit mode, and run :wq to save the file and exit.
4. Run the following command to restart the sshd service.
service sshd restart
----End
9.11.2.5 Configuring the Network (IPv6)
If the current environment is an IPv6 environment, configure the network by
referring to this section. Otherwise, skip this section.
Prerequisites
● The IP addresses of physical servers have been planned according to 2.2.2
Network Planning.
● You have obtained the mappings between the management plane, production
storage plane, backup storage plane, and internal communication plane and
the internal network ports of the system.
Procedure
Step 1 Log in to the OS remotely on iBMC, and run the TMOUT=0 command to prevent
the system from exiting due to timeout.
NOTE
After you run the preceding command, the system continues to run even when no
operation is performed, resulting in security risks. For security purposes, you are advised to
run the exit command to exit the system after completing your operations.
Step 2 Run the ip a command to view the network port information of the physical
server.
In this section, the network port names are eno1, eno2, eno3, and eno4. eno1 is
the management plane network port, eno2 is the production storage plane
network port, eno3 is the backup storage plane network port, and eno4 is the
internal communication plane network port. If a reused network plane exists, skip
the procedure for configuring the corresponding NIC. If multiple NICs need to be
bound as a virtual NIC, perform the configuration by referring to 9.8 Configuring
Network Adapter Binding. This section describes how to configure a single NIC.
Step 3 Run the following commands in sequence to start the network ports.
ifconfig Network port name up
If the following information is displayed in the command output, check whether
the network cable is properly connected.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 401
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 4 Run the following commands in sequence to view the port status and network
port speed.
ethtool Network port name
Check whether the following information is displayed. If no, check whether the
network cable is properly connected.
Step 5 Configure the management plane.
This section uses network port eno1 as the management plane network port as an
example.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-15.
NOTE
Modify the network port configuration file name based on the site requirements.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 402
OceanStor BCManager
eBackup User Guide 9 Common Operations
Table 9-15 Examples of network port configuration files of the management
plane
Name Content
ifcfg-eno1 DEVICE=eno1
IPV6INIT=yes
IPV6ADDR=eBackup management plane IP address/Prefix length
ONBOOT=yes
BOOTPROTO=static
STARTMODE=onboot
DEFROUTE=yes
PEERDNS=no
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 6 Configure the production storage plane.
This section uses network port eno2 as the production storage plane network port
as an example.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-16.
NOTE
– Modify the configuration file name based on the site requirements.
– If the eBackup server and production storage plane use the FC protocol, you do not
need to set the IPADDR and NETMASK parameters. Delete them.
Table 9-16 Examples of network port configuration files of the production
storage plane
Name Content
ifcfg- DEVICE=eno2
IPV6INIT=yes
eno2 IPV6ADDR=Production storage plane IP address/Prefix length
ONBOOT=yes
BOOTPROTO=static
STARTMODE=onboot
DEFROUTE=no
PEERDNS=no
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 403
OceanStor BCManager
eBackup User Guide 9 Common Operations
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 7 Configure the backup storage plane.
This section uses network port eno3 as the backup storage plane network port as
an example.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-17.
NOTE
Modify the network port configuration file name based on the site requirements.
Table 9-17 Examples of network port configuration files of the backup
storage plane
Name Content
ifcfg-eno3 DEVICE=eno3
IPV6INIT=yes
IPV6ADDR=Backup storage plane IP address/Prefix length
ONBOOT=yes
BOOTPROTO=static
STARTMODE=onboot
DEFROUTE=no
PEERDNS=no
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 8 Configure the internal communication plane.
This section uses network port eno4 as the internal communication plane network
port as an example.
1. Run the cd /etc/sysconfig/network-scripts command to go to the network-
scripts directory.
2. Run the vi Network port configuration file name command to open and
modify the network port information configuration file, as shown in Table
9-18.
NOTE
Modify the network port configuration file name based on the site requirements.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 404
OceanStor BCManager
eBackup User Guide 9 Common Operations
Table 9-18 Example of the network port configuration file of the internal
communication plane
Name Content
ifcfg-eno4 DEVICE=eno4
IPV6INIT=yes
IPV6ADDR=Internal communication plane IP address/Prefix length
ONBOOT=yes
BOOTPROTO=static
STARTMODE=onboot
DEFROUTE=no
PEERDNS=no
3. Press Esc, enter :wq, and press Enter to save the settings and exit.
4. Run the service network restart command to restart the network adapter.
NOTE
If the service network restart command fails to be executed, check whether the
network adapter configuration is correct. If the configuration is incorrect, configure
the correct network adapter data and run the service network restart command
again to restart the network adapter.
Step 9 Configure remote server login using the root account.
1. Run the following command to open the sshd_config configuration file.
vi /etc/ssh/sshd_config
2. Press i to enter the edit mode, and change the value of parameter
PermitRootLogin to yes.
PermitRootLogin yes
3. Press Esc to exit the edit mode, and run :wq to save the file and exit.
4. Run the following command to restart the sshd service.
service sshd restart
----End
9.11.3 Common Problems
9.11.3.1 Message Warning checking storage configuration or Custom
partitioning selected Is Displayed
Symptom
Message Warning checking storage configuration or Custom partitioning
selected is displayed during the OS installation. Such as Figure 9-1, Figure 9-2.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 405
OceanStor BCManager
eBackup User Guide 9 Common Operations
Figure 9-1 Symptom 1
Figure 9-2 Symptom 2
Possible Cause
Historical partitions exist or no /swap partition exists in the target disk where the
OS is installed. You need to confirm whether to overwrite.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 406
OceanStor BCManager
eBackup User Guide 9 Common Operations
Procedure
Step 1 If the error information in Figure 9-1 is displayed, click .
If the error information in Figure 9-2 is displayed, click .
Step 2 Click to confirmthe storage configuration.
Step 3 Click Accept Changes to accept the configuration.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 407
OceanStor BCManager
eBackup User Guide 9 Common Operations
9.11.3.2 Message Error checking storage configuration Is Displayed During
the OS Installation
Symptom
During the OS installation, Error checking storage configuration is displayed.
Possible Causes
The target disk where the OS is to be installed uses the GPT mode to record
information of partitions. The /boot partition cannot be used, and the BIOS Boot
partition needs to be added.
Procedure
Step 1 Click to check the storage configuration.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 408
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 2 Click Click for details.
Step 3 The detailed error information and handling suggestions are displayed. Read the
information carefully and click Close.
If the error details are not the content in the following figure, rectify the fault
according to the handling suggestions in the details.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 409
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 4 Go to the INSTALLATION DESTINATION page and click to confirm the
storage configuration.
Step 5 Click , select biosboot from the drop-down list, and click Add mount point >
to add the partition.
Step 6 After the BIOS Boot partition is added, click .
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 410
OceanStor BCManager
eBackup User Guide 9 Common Operations
Step 7 Click Accept Changes to accept the configuration.
Step 8 Click Begin Installation to start installing the OS.
----End
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 411
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
10 Related Concept Introduction
The chapter describes the basic concepts and principles about backup and restore,
helping you get familiar with backup and restore jobs before configuring them.
10.1 Backup
10.2 Restore
10.3 Backup Storage
10.4 Protected Environments Supported by eBackup
10.5 Protected Set
10.6 Backup Policies
10.7 Backup Plan
10.8 Backups
10.9 Common Concepts
10.1 Backup
This section describes backup-related basic terms such as snapshot and changed
block tracking (CBT), backup principles, deduplication and compression principles.
Basic Terms
Table 10-1 describes some backup-related basic terms.
Table 10-1 Basic terms
Term Description
Snapshot A snapshot is a point-in-time copy of source data. It can be quickly
generated and occupies a small storage footprint. Creating a
snapshot is like taking a picture. The picture can record the status of
the object for which you took a picture at a certain point in time.
Snapshots can be used to back up and restore protected objects.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 412
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Term Description
CBT Changed Block Tracking (CBT) is an incremental backup technology
for VMs. It uses bitmaps to track and record the data blocks
changed since last backup. The production end achieves the backup
function using CBT.
Snapshot Two snapshots are compared and data differences of the two
comparis snapshots are displayed in the format of volume addresses. In
on incremental backup mode, only differential data is backed up.
Full ● For virtual disks, all data on the virtual disks is backed up.
backup ● For VMs, all disk data and VM configuration information are
backed up no matter when data was changed or backed up last
time.
No matter when data was changed or backed up last time, all data
is backed up. Full backup provides the most complete backup
protection. However, full backup takes a long time and occupies
large space.
Incremen ● For disks, the data changed since last full or incremental backup
tal for disks is backed up.
backup ● For VMs, the disk data and VM configuration information
changed since last full or incremental backup for VMs is backed
up.
The amount of incremental backup data is small and the backup
time is short.
Backup Principles
eBackup backup management system supports backup of VMs in the
FusionSphere environments. Table 10-2 lists application scenarios of different
backup modes.
Table 10-2 Application scenarios of different backup modes
Backup Application Scenario
Mode
CBT FusionSphere (storage type: virtualization storage)
NOTE
CBT is automatically enabled during backup.
Snapsho FusionSphere (Huawei distributed block storage)
t
compari
son
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 413
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
NOTE
At the production end, when the storage type is virtualized storage, eBackup backup
management system can use CBT to back up VMs. When the VM storage type is Huawei
distributed block storage, eBackup backup management system can only use snapshot
compare to back up VMs.
Backup principle (using CBT to back up disks)
1. Initial backup (full backup)
eBackup backup management system starts the initial full backup job for
disks to back up all data on the disks.
2. Subsequent backup (incremental backup)
eBackup backup management system starts an incremental backup job for
disks. Use CBT to obtain the data changed since the full backup and
incremental backup from the disks and back up the changed data.
Backup principle (using snapshot compare to back up disks)
1. Initial backup (full backup)
eBackup backup management system starts the initial full backup job for
disks to back up all data on the disks.
2. Subsequent backup (incremental backup)
eBackup backup management system starts an incremental backup job for
disks. Compare the two snapshots created for disks at the production end to
obtain the data changed since the full and incremental backup from the disks
and back up the changed data.
Table 10-3 compares the two backup modes. You can choose a proper backup
mode based on the storage type of the VMs.
Table 10-3 Backup mode comparison
Bac Description
kup
Mo
de
CBT Snapshots are not reserved at the production end and do not occupy too
much storage space as a result. Using the CBT backup mode, eBackup
backup management system obtains changed data faster than using the
snapshot backup mode.
Sna Snapshots are reserved at the production end and occupy a large storage
psh space as a result. Using the snapshot backup mode, eBackup backup
ot management system obtains changed data slower than using the CBT
com backup mode.
pari
son
Deduplication
Deduplication is a data compression technology that searches for duplicate data,
saves only one copy of the data, and uses pointers that point to the unique copy
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 414
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
to replace the duplicate copies. eBackup backup management system uses
deduplication to minimize the occupation of back-end storage space and address
the increasing demand for storage capacity. Figure 10-1 shows the deduplication
working process. The systems checks for duplicate data blocks and uses
deduplication to delete redundant data blocks (The data in the dotted box implies
the duplicate data).
Figure 10-1 Deduplication principle
Compression
Data compression aims to reduce the storage space occupied by redundant data
and improve data transmission and processing efficiency. eBackup uses the LZ4
compression algorithm defines the size of the scanning window as M bytes and
the scanning moving size as N bytes. The M-byte data is used as the scanning
window for matching. After the duplicate data is found, the data is compressed.
N-byte data is removed for scanning each time.
10.2 Restore
This section describes restore-related terms such as backup, CBT, and restore
principles.
Basic Terms
Table 10-4 describes some discovery-related basic terms.
Table 10-4 Basic Terms
Term Description
backup A backup is the backup data generated by a backup plan in one
backup job according to a backup policy. Each backup is marked
creation time. Users can select a backup to restore data according to
timestamp.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 415
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Term Description
CBT Changed Block Tracking (CBT) is an incremental backup technology
for VMs. It uses bitmaps to track and record the data blocks
changed since last backup. The production end achieves the backup
function using CBT.
If the data of a VM is damaged or lost and needs to be recovered,
CBT is used to identify data changes between the recovery point in
time and backup point in time. Only the data changes are recovered,
achieving incremental recovery.
Snapshot Two snapshots are compared and data differences of the two
comparis snapshots are displayed in the format of volume addresses. In
on incremental restore mode, the snapshot corresponding to a copy
used for restoration is compared with the target volume to be
restored, and only differential data is restored.
Full ● For disks, all disk backup data to which a backup corresponds is
restore restored.
● For VMs, all disk backup data and VM configuration information
to which a backup corresponds is restored.
It takes a longer time to restore a larger amount of data.
Incremen ● For disks, disk data changed between the backup point in time
tal and restore execution point in time is restored
restore ● For VMs, disk data changed between the backup point in time
and restore execution point in time and all VM configuration
information is restored.
NOTE
If snapshots exist, the system executes incremental restore. If snapshots do
not exist, the system executes full restore.
It takes a shorter time to restore a smaller amount of data.
Restore Principles
When FusionSphere and VMware VM data or data of LUNs in storage devices
needs to be restored, eBackup backup management system provides restore data
according to the backup that was created at a point in time specified by a user.
eBackup backup management system supports full restore and incremental
restore. For details about restore modes, see the background information in 4.1
Restoring FusionSphere VMs.
Users can specify any point-in-time backup saved in eBackup backup management
system to restore data. Restoring disk M is used as an example to illustrate the
principles of the two restore modes:
Full restore
When eBackup backup management system starts a restore job for disk M, if the
original disk on the target VM exists with capacity and location unchanged, obtain
all the backup data from the backup and write it onto disk M; if the original disk
on the target VM does not exist, create new disk M1 on the production end based
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 416
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
on the metadata of disk M in the backup, obtain all the backup data from the
backup and write it onto disk M1, and mount disk M1 to the target VM.
Incremental restore
eBackup backup management system starts a restore job for disk M and uses CBT
to obtain the data changed between the restore execution point in time of disk M
and the backup point in time of the backup. After receiving the changed data
from the backup, the system writes it to disk M at the production end.
10.3 Backup Storage
This section describes the definition and logical structure of backup storage to
help you understand how back-end storage space transparency is achieved in
eBackup backup management system.
Definition
As a global concept, backup storage refers to the back-end storage space for use
by eBackup backup management system, which consists of storage units, storage
pools, and repositories.
● Storage unit
A storage unit is the basic storage unit for backup data.
● Storage pool
A storage pool consists of one storage unit. A single storage pool forms an
abstraction layer to realize physical isolation. That is, the failure of one
storage pool does not affect the backup of other storage pools.
● Repository
A repository is a storage space divided from a storage pool. Storage
repositories are logically isolated from each other. A repository stores the
backups generated after a protected set is backed up. Repositories provide
storage space for backup and data source for recovery.
Logical Structure
Figure 10-2 shows the internal logical structure of backup storage.
1. After back-end storage devices map the storage space to backup server and
backup proxies, eBackup backup management system creates storage units
based on the storage space for use in data backup.
2. eBackup backup management system allocates the created storage units to
storage pools. Storage pools are physically isolated, that is, the failure of one
storage pool does not affect the backup of other storage pools.
3. Based on storage pools, eBackup backup management system creates one or
more repositories for storing backup data. If a protected object belongs to
only one backup plan, all its backups are stored in one repository instead of
spanning different repositories. If a protected object belongs to more than
one backup plan, its backups can be stored in different repositories.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 417
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Figure 10-2 Logical structure of backup storage
Supported Back-End Storage Types
Backup data of all protected objects at the production end is saved in backup
storage, which is created from physical storage devices. The data must be shared
by the backup server and backup proxies.
For details, refer to Specification.
10.4 Protected Environments Supported by eBackup
This section introduces the information about protected environments supported
by eBackup backup management system, types of protected environments, and
their interaction with eBackup backup management system.
Key Components of a FusionSphere Protected Environment
FusionSphere deploys virtualization software on servers to virtualize hardware
resources so that one physical server functions as multiple servers. FusionSphere
contains key modules such as Virtual Resource Manager (VRM), Compute Node
Agent (CNA), and production storage modules. Table 10-5 lists the key
components and modules.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 418
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Table 10-5 FusionSphere key components and modules
Component Description
FusionComput Provided by Huawei, FusionCompute virtualizes hardware
e resources and provides VM services. In addition, it manages
virtualized resources, service resources, and user resources in a
centralized manner.
VRM The VRM is the management interface of FusionCompute and
responsible for scheduling virtual resources in a virtual system.
The VRM manages VMs, CNAs, and production storage
modules in the system.
CNA CNAs are deployed on physical servers and manage local VMs
and corresponding virtual volumes.
Production The following two types of production storage are supported
storage in VM backup:
● Huawei distributed block storage
● Virtualized storage (including SAN, NAS, and local disks)
10.5 Protected Set
This section introduces the definition, functions, and relationship with other
modules of a protected set to help you understand it.
Definition
A protected set defines backup objects, which can be one or more protected
objects. You can assign or exclude disks for all or specified VMs.
Functions
After a protected set is created, you can apply a backup policy for all backup
objects in a protected set to shorten the backup duration and improve backup
efficiency.
Relationship with Other Modules
Protected objects in the protected environment are divided into one or multiple
protected sets. These protected sets back up the protected objects based on
specific backup policies. Backup data is stored in repositories. One backup plan
contains one backup policy, one protected set, and one repository. Figure 10-3
shows the relationship among them.
NOTE
A protected set, backup policy, and repository can all be used by multiple backup plans.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 419
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Figure 10-3 Relationship between a protected set and other modules
10.6 Backup Policies
This section introduces how to plan a backup policy from the scheduling plan,
retry policy, and backup retention policy.
Scheduling Plan
After creating backup plans, users can manually start backup jobs at anytime
based on site requirements. However, as the number of backup jobs increases, it
becomes more and more difficult to manually track and execute backup jobs in
real time. eBackup backup management system provides a backup policy to
automatically schedule backup jobs. Besides, users can set retry policies to execute
failed backup jobs again. Note that retry policies are restricted by retry windows
and retry times.
The value can be Periodic or One time. When Schedule is set to Periodic, you
need to set scheduling plans for incremental backup. You can determine whether
to enable periodic full backup based on site requirements.
NOTE
If incremental backup and full backup are set to be executed at the same point in time, the
system will execute full backup first.
Table 10-6 describes the scheduling plan settings.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 420
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Table 10-6 Scheduling plan settings
Type Description Configuration Rule
Weeks in Backup jobs are executed weekly The more frequently data is
a Month or in a specific week. backed up, the more thoroughly
data is protected; however, the
Days in a Backup jobs are not executed on backup time is also longer,
Week specific days. It is used together requiring a longer backup time
with Weeks in a Month. For and occupying larger space.
example, execute backup jobs on Choose a schedule based on
Wednesday and Sunday in the data importance and service
first week of each month. volume. Adopt a high backup
Excluded Execute backup jobs not in those frequency for important data.
Days in a specific days.
Month
Execution A specific point in time. The
Time system automatically executes
backup jobs at the point in time.
You can set one or more points
in time. The system performs
backup jobs in time sequence.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 421
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Type Description Configuration Rule
Execution A specific execution period. The
Period system executes a backup job
many times at a certain interval
within a specific period of time.
You can set one or more
execution periods.
● A new backup job is started
only after an ongoing backup
job is completed.
● After a VM is added to a
protected set that is
associated with a backup plan
within a specific period of
time, the system will start a
backup job for the VM when
the specific period of time is
exceeded even though an
ongoing backup job is not
completed.
● If the specific period of time is
exceeded, an ongoing backup
job can continue but the
backup job in Pending state
will not be processed.
One time Backup jobs to which a specific The backup policy execution
backup policy is set are executed time must be later than the
only once. The backup policy current system time.
execution time needs to be set.
The parameter is valid only to
full backup. This parameter is
available only when Schedule is
set to One time.
Backup Retention Policy
Defines the retention and the number of the backups generated by a protected
object. Three types of Retention are available: Table 10-7 describes the backup
retention plan policies.
Table 10-7 Backup retention policies
Type Description Configuration Rule
Permane Backups are retained ● Total number of retained
nt permanently. backups
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 422
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Type Description Configuration Rule
By backups are retained based on – The value of total number
backup quantity. You can set the of retained backups ranges
quantity following parameters: from 1 to 100, and the
● Total number of retained default value is 90.
backups – The value of the number
It refers to the total number of retained backups in a
of retained backups that are year ranges from 0 to 999,
generated by a protected and the default value is 10.
object. Once the number of – The value of the number
generated backups exceeds of retained backups in a
the value, the system month ranges from 0 to
automatically deletes the 999, and the default value
earliest generated backups is 10.
(and the backups are not in – The value of the number
the range of Number of of retained backups in a
retained backups in a year/ week ranges from 0 to
month/week/day). 9999, and the default
● Number of backups retained value is 10.
per year/month/week/day – The value of the number
Number of backups retained of retained backups in a
per year/month/week/day day ranges from 0 to
from the current time. If the 99999, and the default
number of generated backup value is 10.
copies exceeds the specified
● Retained for a period
value, the system
automatically deletes the – The value of the retention
earliest backup copy. period for years ranges
from 1 to 25, and the
default value is 1.
– The value of the retention
period for months ranges
from 1 to 300, and the
default value is 1.
– The value of the retention
period for weeks ranges
from 1 to 1300, and the
default value is 1.
– The value of the retention
period for days ranges
from 1 to 9125, and the
default value is 1.
If backups are retained
permanently, they can be used
to restore data at any time.
However, space occupied by
backups cannot be reused. If the
space provided by repository is
used up by backups, the system
will not generate new backups.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 423
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Type Description Configuration Rule
By time backups are retained based on When determining the number
time. You can set the following of retained backups and the
parameters: retention period, consider the
● Retained for a period following:
Backups generated according ● Data importance and disaster
to a backup policy will be recovery requirements. If data
retained for xx years, months, of the latest month must be
weeks, or days. Once the retained, you are advised to
retention period is exceeded, set the retention period to at
the system automatically least one month.
deletes expired backups. ● Available space of repository.
● Retained until a specific day If the available space of
Backups generated according repository is sufficient, you
to a backup policy will be are advised to retain multiple
retained to a specific point in copies of important backups
time. Once the point in time or retain those backups for a
is exceeded, the system long time.
automatically deletes expired
backups.
Backup Data Verification and Distribution
A backup policy can specify whether to create verification data for a backup job to
verify the integrity and consistency of backup data, and whether to implement
deduplication and compression of the backup data. Table 10-8 describes backup
data verification and distribution.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 424
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Table 10-8 Backup data verification and distribution
Paramet Description Configuration Rule
er
Create After this option is selected, This function will affect backup
Verificati the system creates verification performance. If you have
on Data data for backup data. The demanding requirements on
verification data will be used to integrity and consistency of
verify the integrity and backup data and have no
consistency of the backup data. requirements on backup
If this option is not selected, performance, you are advised to
the system verifies only the enable this option to ensure data
consistency of the metadata of availability after data restore.
the backup data.
NOTE
Backup data is the real data of
users. Backup metadata is the
additional information about
location of data blocks and
number of disks.
Data Format of backup data saved If there is a large amount of
Layout on the backup storage. The duplicate backup data (for
value can be: example, a monthly report is
● Dedupe generated based on the last
Deduplication is a data monthly report), you are advised
compression technology to use deduplication. In some
that searches for duplicate special scenarios (such as
data, saves only one copy of structured databases, ZIP files, and
the data, and uses pointers streaming media files), you are
that point to the unique not advised to use deduplication
copy to replace the because there is not much
duplicate copies. eBackup duplicate backup data. Using
backup management deduplication depends on actual
system uses deduplication scenarios and specific needs.
to minimize the occupation NOTE
of storage space and If Dedupe and Compress are not
used, backup data is stored in the
address the increasing
original format.
demand for storage
capacity.
● Compress
Compressing backup data
effectively helps save
storage space.
If Dedupe and Compress are
used at the same, the system
performs deduplication prior to
performing compression.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 425
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Retry Policy
A retry policy defines the number of retries and retry time window after a backup
job fails. The retry time window specifies the maximum time duration allowed for
the backup job to retry since its failure. The retry function can be enabled or
disabled based on site requirements. If the retry function is disabled, failed backup
jobs will not be performed again.
For example, backup job A is performed at 9:00. At 9:10, backup job A fails. In the
retry plan, the number of retries is set to 3 and the retry window is set to one
hour. By default, the system performs a failed backup job five minutes after the
backup job execution failure. Therefore, backup job A is performed again between
9:15 and 10:10.
● If backup job A still fails after three retries within the specified period or the
three retries cannot be completed within the specified period, the system will
not perform backup job A again.
● If backup job A successes within the specified period, the system will not
perform backup job A again.
10.7 Backup Plan
This section introduces backup plans from definition, functions, and relationship
with other modules.
Definition
Backup plans logically define backup boundaries. Backup plan consists of backup
policy, protected set, and repository. One backup plan is associated with one
backup policy, one protected set, and one repository only.
Function
Backup plans schedule backup jobs based on policies and store backups of
protected sets to repository.
Relationship with Other Modules
Protected objects in the protected environment are divided into one or multiple
protected sets. These protected sets back up the protected objects based on
specific backup policies. Backup data is stored in repositories. One backup plan
contains one backup policy, one protected set, and one repository. Figure 10-4
shows the relationship among them.
NOTE
One backup policy, protected set, and repository can apply to multiple backup plans.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 426
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
Figure 10-4 Relationship between a backup plan and other modules
10.8 Backups
This section defines backups and explains their functions and relationship with
other modules.
Definition
A backup is backup data generated after a backup plan performs a backup job
based on a backup policy. Each backup is marked generation time. You can select
necessary backups to restore data according to timestamps.
The backup of an entire VM is named after the generation time of the backup.
The backup of a disk is named in the format of BUS number of the disk+Slot
number of the disk.
Functions
Verified backups are used to restore lost or damaged data at the production end.
Relationship with Other Modules
In a backup plan, backups generated by one backup object form a Backup chain
in time sequence. All backups in a backup chain are generated based on a same
backup policy and stored in a same repository. If the backup object is lost or
damaged, you can use verified backups generated at specific points in time to
restore data.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 427
OceanStor BCManager
eBackup User Guide 10 Related Concept Introduction
10.9 Common Concepts
This section describes concepts commonly used in eBackup.
Table 10-9 describes common concepts.
Table 10-9 Common concepts
Concept Description
Management data Indicates eBackup database data and configuration data.
Management data Indicates storage devices saving backup database data
backup storage and configuration data.
eBackup server Indicates servers running eBackup. An eBackup server
consists of a backup server and backup proxies.
● Backup server: Schedules and monitors backup and
restore jobs, manages backup storage and production
systems, and receives and responds to user requests.
In addition, a backup server provides the functions of
a backup proxy.
● Backup proxy: Receives backup and restore jobs from
the backup server and executes the jobs by interacting
with production systems and backup storage.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 428
OceanStor BCManager
eBackup User Guide 11 FAQ
11 FAQ
11.1 In What Configuration Modes Can Disks Not Be Restored by eBackup in LAN-
free Mode
11.2 Do VMs Created on FusionCompute Need to Be Restarted After Their CPUs
and Memory Are Adjusted
11.3 What Disk Modes are Not Supported by eBackup
11.4 Can Management Data Backup Storage and Backup Storage Storing User VM
Data Use One Shared Directory
11.5 No Backup Is Generated for VMs on FusionCompute
11.6 What Is the Impact of Removing an eBackup Server When the Production
Storage Is Huawei Distributed Block Storage
11.1 In What Configuration Modes Can Disks Not Be
Restored by eBackup in LAN-free Mode
Question
In what configuration modes can disks not be restored by eBackup in LAN-Free
mode?
Answer
eBackup cannot restore the disks whose configuration modes are Thin
provisioning and Thick provisioning lazy zeroed in LAN-Free mode.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 429
OceanStor BCManager
eBackup User Guide 11 FAQ
11.2 Do VMs Created on FusionCompute Need to Be
Restarted After Their CPUs and Memory Are Adjusted
Question
Do VMs created on FusionCompute need to be restarted after their CPUs and
memory are adjusted?
Answer
VMs created on FusionCompute need to be restarted after their CPUs and memory
are adjusted. Otherwise, backup may fail. Restarting VMs will interrupt services of
the VMs. You are advised to perform this operation when the service traffic is low.
11.3 What Disk Modes are Not Supported by eBackup
Question
What disk modes are not supported by eBackup?
Answer
Disk modes Independent & persistent and Independent & nonpersistent are
not supported by eBackup. Disk mode Dependent is supported.
11.4 Can Management Data Backup Storage and
Backup Storage Storing User VM Data Use One Shared
Directory
Question
Can backup storage of management data and backup storage for storing user VM
data use the same NAS shared directory
Answer
Backup storage of management data and backup storage for storing user VM data
cannot use the same NAS shared directory or bucket. Otherwise, the backup task
may fail.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 430
OceanStor BCManager
eBackup User Guide 11 FAQ
11.5 No Backup Is Generated for VMs on
FusionCompute
Question
Why is no backup generated for VMs on FusionCompute?
Answer
eBackup does not support the backup of shared disks of VMs on FusionCompute.
If only shared disks exist on the VM, no backup job will be generated.
11.6 What Is the Impact of Removing an eBackup
Server When the Production Storage Is Huawei
Distributed Block Storage
Question
What is the impact of removing an eBackup server when the production storage is
Huawei distributed block storage?
Answer
When the production storage is Huawei distributed block storage, an exception
may occur in the Huawei distributed block storage cluster after the eBackup server
is removed. Therefore, before removing the eBackup server, delete the eBackup
server from the Huawei distributed block storage cluster. For details, see
Removing a Node in the Capacity Expansion and Reduction Guide of Huawei
distributed block storage.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 431
OceanStor BCManager
eBackup User Guide A Glossary
A Glossary
A
AK See access key ID (AK).
API See application programming interface (API).
ASII American Standard Code for Information Interchange
access key ID (AK) An ID that confirms the identity of a user accessing the
object-based storage system. One access key ID belongs to
only one user, but one user can have multiple access key
IDs. The object-based storage system recognizes the users
accessing the system by their access key IDs.
security Security prevents computer systems and data from being
damaged and lost. Computer security is mainly ensured by
preventing access by unauthorized users to systems,
especially for systems that can be accessed by multiple
users or through communication lines.
application An application programming interface is a particular set of
programming rules and specifications that are used for communication
interface (API) between software programs.
B
B/S Browser/Server
BIOS See basic input/output system (BIOS).
whitelist A list or register of items that, for one reason or another,
are being provided a particular privilege, service, mobility,
access, or recognition.
protected object An object that is under DR protection. It can be a
database, VM, or storage LUN.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 432
OceanStor BCManager
eBackup User Guide A Glossary
protected set A set of backup objects. A protected set can be one or
multiple machines or the rest of disks excluding the
selected ones.
basic input/output Firmware stored on the computer motherboard that
system (BIOS) contains basic input/output control programs, power-on
self-test (POST) programs, bootstraps, and system setting
information. The BIOS provides hardware setting and
control functions for the computer.
backup proxy A server that runs the backup software, receives backup
and recovery jobs from a backup server, and executing the
jobs by interacting with the production system and backup
storage.
backup server A server that runs the backup software, schedules and
monitors backup and recovery jobs, manages backup
storage and production system, and receives and responds
to user requests. A backup server also provides the
functions of a backup proxy.
backup plan A plan that logically defines the scope of a backup,
including a protected set, a backup policy, and a
repository. A backup plan schedules backup jobs in
accordance with the backup policy, and stores the backups
of the protected set in the repository.
backup chain A collection of backups. In a backup plan, the backups of
a backup object form a backup chain in order of
generation time.
backup task A process of backing up data based on backup policies.
backup Backup data generated after a backup job is executed for
a backup object. A backup contains all the data necessary
for recovering the backup object.
northbound user A user account that the network management system
(NMS) uses for login to the EMS server.
C
CHAP See Challenge Handshake Authentication Protocol
(CHAP).
CLI command-line interface
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 433
OceanStor BCManager
eBackup User Guide A Glossary
Challenge A method to periodically verify the identity of the peer
Handshake using a 3-way handshake. During the establishment of a
Authentication link, the authenticator sends a "challenge" message to the
Protocol (CHAP) peer. The peer responds with a value calculated using a
"one-way hash" function. The authenticator checks the
response against its own calculation of the expected hash
value. If the values match, the authentication is
acknowledged. CHAP provides protection against replay
attacks.
storage type Storage resources are classified into different types based
on their attributes. For example, storage resources can be
classified into magnetic medium and solid state disks
(SSDs) in terms of the storage medium, and into common
I/O, high I/O, and ultra-high I/O storage resources in
terms of the I/O level.
D
DHCP See dynamic host configuration protocol (DHCP).
DNS See domain name server (DNS).
domain name A functional entity in the TCP/IP network. With
server (DNS) deployment of the DNS, subscribers can access related
servers using corresponding domain names. In the TCP/IP
network, a domain name maps an IP address. Domain
names are easier to remember but servers in the network
communicate with each other using IP addresses.
Therefore the DNS is used to convert domain names to
corresponding IP addresses.
multipathing A storage access mechanism. The multipathing provides
more than one physical path to access network storage
devices, the capabilities of error tolerance, I/O flow load
balance, I/O scheduling strategy with less granularity, and
high availability and performance for the network storage
system.
dynamic host A client-server networking protocol. A DHCP server
configuration provides configuration parameters specific to the DHCP
protocol (DHCP) client host requesting information the host requires to
participate on the Internet network. DHCP also provides a
mechanism for allocating IP addresses to hosts.
F
FC See Fibre Channel (FC).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 434
OceanStor BCManager
eBackup User Guide A Glossary
FIP See floating IP address (FIP).
FLR See File-Level Restore (FLR).
Fibre Channel (FC) A high-speed transport technology used to build SANs. FC
is primarily used for transporting SCSI traffic from servers
to disk arrays, but it can also be used on networks
carrying ATM and IP traffic. FC supports single-mode and
multi-mode fiber connections, and can run on twisted-
pair copper wires and coaxial cables. FC provides both
connection-oriented and connectionless services.
file-level restore A method for recovering specified files in a disk instead of
(FLR) recovering the entire disk, in the disk-level data protection
field.
firewall A combination of components set between different
networks or network security domains. The firewall
monitors, restricts, and changes the data traffic across the
firewall to shield the internal information, structure, and
running status from external network users, ensuring
network security.
reverse proxy A proxy server receives a connection request from the
Internet, forwards the request to a server on the internal
network, and sends back the result from the server to the
client that initiates the connection request on the
Internet. The proxy server externally functions as a server,
and this process is called reverse proxy.
floating IP address An IP address used by a two-node cluster to communicate
(FIP) with external systems. The active and standby nodes have
an IP address each. For example, the active node uses IP
address 1, and the standby node uses IP address 2. During
communication with an external client, another IP
address (for example, IP address 3) is used. IP address 3 is
bound to the NIC of the active node (the active node has
two IP addresses 1 and 3). The external client
communicates with the active node which has IP address
3. The standby node has only IP address 2 and does not
provide services externally. When an active/standby
switchover occurs, IP address 3 is released from the
original active node and bound to the NIC of the new
active node (original standby node). That is why the IP
address is called a floating IP address.
load balancing Distribution of activities across two or more servers or
components to avoid overloading any one with too many
requests or too much traffic.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 435
OceanStor BCManager
eBackup User Guide A Glossary
G
GE Gigabit Ethernet
alarm A message reported when a fault is detected by a device
or by the network system during the device polling
process. Each alarm corresponds to a clearing alarm. After
a clearing alarm is received, the corresponding alarm is
cleared.
alarm dump A process of transferring the alarms stored in the system
memory to other external devices.
cutover A process of migrating the data of an application system
to another application system, which then provides
services.
root certificate An unsigned public key certificate or a self-signed
certificate that identifies the Root Certificate Authority
(CA). A root certificate is part of a public key
infrastructure scheme.
administrator A user who has authority to access all EMLCore product
management domains. This user has access to the entire
network and all management functions.
fault A failure to operate correctly. A fault does not include
failures caused by preventative maintenance, insufficient
external resources, or intentional settings.
HTTPS See Hypertext Transfer Protocol Secure (HTTPS).
Hypertext Transfer An HTTP protocol that runs on top of transport layer
Protocol Secure security (TLS) and Secure Sockets Layer (SSL) for secured
(HTTPS) transactions. It is used to establish a reliable channel for
encrypted communication and secure identification of a
network web server.
restore task A process of reading data from a backup set and writing
it onto where you want to restore the data.
I
I/O Input/Output
ICMP See Internet Control Message Protocol (ICMP).
IP SAN See Internet Protocol Storage Area Network (IP SAN).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 436
OceanStor BCManager
eBackup User Guide A Glossary
IP address A 32-bit (four-byte) binary number that uniquely
identifies a host (a computer) on a computer network
that uses the Internet Protocol for communication, which
enables transmitting data in form of packet. An IP
address consists of four decimal numbers, which are
separated by dots (.), for example, 192.168.1.1. The first
one to three bytes of an IP address indicate the network
to which the host is connected and the remaining bits
indicate the host.
IPv6 See Internet Protocol version 6 (IPv6).
IaaS See infrastructure as a service (IaaS).
Internet Control A network layer protocol that provides message control
Message Protocol and error reporting between a host server and an Internet
(ICMP) gateway.
Internet Protocol A storage area network based on TCP/IP and SCSI-3.
Storage Area
Network (IP SAN)
Internet Protocol An update version of IPv4, which is designed by the
version 6 (IPv6) Internet Engineering Task Force (IETF) and is also called
IP Next Generation (IPng). It is a new version of the
Internet Protocol. The difference between IPv6 and IPv4 is
that an IPv4 address has 32 bits while an IPv6 address
has 128 bits.
infrastructure as a Infrastructure as a service (IaaS) enables consumers to
service (IaaS) use processing, storage, network, and various basic
computing resources to deploy and execute various
software such as operating systems or applications
without purchasing hardware devices such as servers and
networks. Customers cannot manage or control
underlying infrastructure. However, they can control
operating systems, storage devices, and deployed
applications. Sometimes, they can control specific
network elements, such as the host firewall, to a certain
extent.
J
encryption A function for converting data for the purpose of hiding
information and preventing unauthorized use.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 437
OceanStor BCManager
eBackup User Guide A Glossary
cluster A computer technology that integrates a set of loosely
connected servers to work together so that in many
respects they can be viewed as a single system. A cluster
is used to improve system stability, reliability, data
processing capability, or service capability. For example, a
cluster can reduce single point of failures (SPOFs), share
storage resources, provide load balancing, or improve
system performance.
volume snapshot A volume that represents a duplicate of the original
volume taken at the time the copy begins.
K
clone 1. An independent VM that has the same resource
configuration, operating system, and application system
as the source VM but does not share any resources with
the source VM. It can be used and modified
independently. 2. A snapshot technology. The source data
is completely copied to generate a data duplicate;
therefore the duplicate needs the storage space as the
same size as the source data. In the VIS system, it is also
called third-mirror break-off snapshot.
L
LAN See local area network (LAN).
license file The license file is an authorization for the capacity,
functions, and validity period of the installed software.
The license file is a .dat or an .xml file that is generated
using the special encryption tool according to the
contract, and is delivered electronically. The customer
(for example, carrier) needs to load the license on the
device or software before the functions supported by the
license are applicable.
link status The running status of a link, which can be Up, Down,
backup, or unknown.
local area network A network formed by the computers and workstations
(LAN) within the coverage of a few square kilometers or within
a single building, featuring high speed and low error
rate. Current LANs are generally based on switched
Ethernet or Wi-Fi technology and run at 1,000 Mbit/s
(that is, 1 Gbit/s).
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 438
OceanStor BCManager
eBackup User Guide A Glossary
route A path that network traffic takes from its source to its
destination. Routes can change dynamically.
M
MD5 See message digest algorithm 5 (MD5).
message digest A hash function that is used in a variety of security
algorithm 5 (MD5) applications to check message integrity. MD5 processes a
variable-length message into a fixed-length output of
128 bits. It breaks up an input message into 512-bit
blocks (sixteen 32-bit little-endian integers). After a
series of processing, the output consists of four 32-bit
words, which are then cascaded into a 128-bit hash
number.
N
NFS See network file server (NFS).
network file server A distributed file system that allows remote file access
(NFS) across a network through the NFS protocol.
P
POD See point of delivery (POD).
configuration To set the basic parameters of an operation object.
Config Service A basic service provided by the IT PaaS platform for
providing the application configuration capabilities,
including centralized local configuration file
management and running status configuration
management. It supports the following for applications:
importing configuration models customized in
compliance with the configuration service specifications,
displaying configuration on the portal, changing
configuration, and sending configuration change
notifications.
point of delivery A minimum service unit in a data center, which is a
(POD) resource collection consisting of switches, firewalls, load
balancers, and servers. The resources collaborate to
provide network services or applications.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 439
OceanStor BCManager
eBackup User Guide A Glossary
R
RAM See random access memory (RAM).
RESTful RESTful is a software architecture style rather than a
standard. It provides a set of software design guidelines
and constraints for designing software for interaction
between clients and servers. RESTful software is simpler
and more hierarchical, and facilitates the
implementation of the cache mechanism.
random access Semiconductor-based memory that can be read and
memory (RAM) written by the CPU or other hardware devices. The
storage locations can be accessed in any order.
S
SFTP See Secure File Transfer Protocol (SFTP).
SMTP See Simple Mail Transfer Protocol (SMTP).
SSH See Secure Shell (SSH).
Secure File Transfer A network protocol designed to provide secure file
Protocol (SFTP) transfer over SSH.
Secure Shell (SSH) A standard network protocol that allows users to
establish a secure channel between a local computer
and a remote computer. When a user remotely logs in
to an insecure network, the SSH feature provides secure
information protection and powerful authentication
functions to protect the network against attacks such as
IP address spoofing and simple password interception.
Simple Mail Transfer The TCP/IP protocol which facilitates the transfer of
Protocol (SMTP) electronic-mail messages, specifies how two systems are
to interact, and the format of messages used to control
the transfer of electronic mail.
power on To start up a computer; to begin a cold boot procedure;
to turn on the power
uplink In an access network, the direction that is far from the
subscriber end of the link.
data backup A method of copying key data to the backup storage
area to prevent data loss in case the original storage
area is damaged or a failure occurs.
data restoration A method for retrieving data that is lost due to damage
or misoperations.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 440
OceanStor BCManager
eBackup User Guide A Glossary
digital signature A message signed with a sender's private key that can
be verified by anyone who has access to the sender's
public key. Digital signature gives the receiver the
reason to believe the message was sent by the claimed
sender. A proper implementation of digital signature is
computing a message digest for the message sent from
the sender to the receiver, and then signing the message
digest. The result is called digital signature and is sent
to the receiver together with the original message.
T
TLS Transport Layer Security
V
VBS See Volume Backup Service (VBS).
VNC virtual network controller
Volume Backup Volume Backup Service (VBS) allows a disk to be
Service (VBS) backed up and restored at specific time points. You can
use VBS to roll back a disk to a state when a backup
was created, or create a disk or image and restore data
on it using a backup, thereby preventing data loss.
W
WAN wide area network
network segment Part of a network on which all message traffic is
common to all nodes; that is, a message broadcast
from one node on the segment is received by all other
nodes on the segment.
gateway A device that connects two network segments using
different protocols. It is used to translate and convert
the data in the two network segments using different
protocols.
gateway IP address The IP address of a gateway. A gateway is a node that
forwards packets between networks. Packets are sent
to the gateway IP address when the destination
network address resides in a different network to the
sender.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 441
OceanStor BCManager
eBackup User Guide A Glossary
file share Data is converted among NFS, SMB, and HTTPS,
enabling the file transmission function.
X
system security policy A security policy for the system administrator to access
the system, including the password policy, login policy,
and session timeout.
power off An operation that switches off devices during upgrade
or expansion.
virtualization Virtualization is a technology that virtualizes a
computer into multiple logic computers. Multiple logic
computers can work on a computer. The operating
systems running on these logic computers can be
different, and the applications running on these
operating systems work independently. Therefore, the
working efficiency of the computer is significantly
improved. Software virtualization redefines IT resources
to implement dynamic allocation, flexible scheduling,
and cross-domain sharing of IT resources. This
improves IT resource usage, enables IT resources to
become social infrastructure, and serves flexible
application requirements in various industries.
virtual machine A VM file image that specifies VM compositions and
image basic configurations and can be used to create a VM. A
VM image contains an operating system, applications,
VM configurations (such as VM operating system,
disks, CPU kernel quantity, and network adapters) for
defining the entire set of virtual hardware, and other
software required for service running.
Y
Ethernet A LAN technology that uses the carrier sense multiple
access with collision detection (CSMA/CD) media
access control method. The speed of an Ethernet
interface can be 10 Mbit/s, 100 Mbit/s, 1000 Mbit/s, or
10000 Mbit/s. The Ethernet network is highly reliable
and easy to maintain.
remote notification A function with which remote maintenance personnel
are informed of alarms through Emails or short
messages.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 442
OceanStor BCManager
eBackup User Guide A Glossary
metadata Data that provides information about other data.
Metadata describes the source, size, format, or other
characteristics of data. In the data field, metadata
helps to explain the content of a data warehouse.
cloud-based backup A function that backs up data from a storage array to
a cloud.
carrier An organization that has telecom network resources
and can provide communication service.
threshold A limitation on an amount, scale, or level. Changes will
occur when a threshold is reached.
Z
certificate A certificate, also known as the digital certificate,
associates the user identity information with the public
key. The certificate is issued by a third-party
organization and authenticates the identities of
communication parties.
automatic backup A periodic operation of storing data by the system.
subnet A type of smaller networks that form a larger network
according to a rule, for example, according to different
districts. This facilitates the management of the large
network. In a topology view, these smaller networks
are called subnets.
subnet mask The technique used by the IP protocol to determine
which network segment packets are destined for. The
subnet mask is a binary pattern that is stored in the
device and is matched with the IP address.
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 443
OceanStor BCManager
eBackup User Guide B Abbreviation
B Abbreviation
CA Certificate Authority
CBT Change Block Tracing
CLI Command-Line Interface
CPU Central Processing Unit
CSRF Cross-Site Request Forgery
FC Fiber Channel
GE Gigabit Ethernet
GUI Graphical User Interface
HEC Huawei Enterprise Cloud
HTTP Hypertext Transfer Protocol
IE Internet Explorer
IP Internet Protocol
iSCSI Internet Small Computer Systems Interface
LAN Local Area Network
NAS Network-attached Storage
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 444
OceanStor BCManager
eBackup User Guide B Abbreviation
NFS Network File System
OS Operating System
PC Personal Computer
RDM RAM Device Mapping
REST Representational State Transfer
SAN Storage Area Network
SAS Serial Attached SCSI
SCSI Small Computer System Interface
SQL Structured Query Language
SSL Secure Socket Layer
VIMS Virtual Image Management System
Issue 03 (2022-05-25) Copyright © Huawei Technologies Co., Ltd. 445
You might also like
- OceanStor Dorado 6.1.6 DeviceManager Demo Operation GuideNo ratings yetOceanStor Dorado 6.1.6 DeviceManager Demo Operation Guide21 pages
- OceanStor Dorado 6.1.x Basic Storage Service Configuration Guide For BlockNo ratings yetOceanStor Dorado 6.1.x Basic Storage Service Configuration Guide For Block288 pages
- Compatibility List For Huawei FusionSphere v3.6 enNo ratings yetCompatibility List For Huawei FusionSphere v3.6 en58 pages
- FusionSphere6.5.0 Installation and ConfigurationNo ratings yetFusionSphere6.5.0 Installation and Configuration41 pages
- Huawei EulerOS V2.0 Administrators Guide 05No ratings yetHuawei EulerOS V2.0 Administrators Guide 05164 pages
- Huawei Server Best Practice With VMware ESXi System 01No ratings yetHuawei Server Best Practice With VMware ESXi System 0117 pages
- FusionCompute V100R005C00 Network VirtualizationNo ratings yetFusionCompute V100R005C00 Network Virtualization66 pages
- FusionCompute V100R005C10 Product Description 01No ratings yetFusionCompute V100R005C10 Product Description 0161 pages
- Huawei FusionSphere 5.1 Brochure (Server Virtualization)No ratings yetHuawei FusionSphere 5.1 Brochure (Server Virtualization)2 pages
- Huawei FusionSphere 6.5.0 Technical White Paper (Server Virtualization)No ratings yetHuawei FusionSphere 6.5.0 Technical White Paper (Server Virtualization)26 pages
- FusionServer Tools V2R2 ServiceCD 2.0 User Guide 20No ratings yetFusionServer Tools V2R2 ServiceCD 2.0 User Guide 20220 pages
- Huawei FusionCloud Desktop Solution Overview Presentation (For Financial)No ratings yetHuawei FusionCloud Desktop Solution Overview Presentation (For Financial)55 pages
- Huawei FusionSphere 5.1 Technical White Paper On OpenStack Cascading Technology (Cloud Data Center)No ratings yetHuawei FusionSphere 5.1 Technical White Paper On OpenStack Cascading Technology (Cloud Data Center)15 pages
- FusionSphere PCS 6.5.1.1 Operation Guide (HCS Xen To KVM) 01No ratings yetFusionSphere PCS 6.5.1.1 Operation Guide (HCS Xen To KVM) 01142 pages
- 【202201】Huawei ICT Academy Course CatalogNo ratings yet【202201】Huawei ICT Academy Course Catalog18 pages
- 16 FusionSphare OpenStack OM Services OperationNo ratings yet16 FusionSphare OpenStack OM Services Operation37 pages
- Huawei FusionSphere 5.1 Technical White Paper On OpenStack Integrating FusionCompute (Cloud Data Center)No ratings yetHuawei FusionSphere 5.1 Technical White Paper On OpenStack Integrating FusionCompute (Cloud Data Center)16 pages
- IMaster NCE Product Documentation (Project Deployment & System Maintenance, Arm) - 03C - 04No ratings yetIMaster NCE Product Documentation (Project Deployment & System Maintenance, Arm) - 03C - 041,596 pages
- CloudEngine 8800&7800&6800&5800 V200R002C50SPC800 Upgrade Guide100% (1)CloudEngine 8800&7800&6800&5800 V200R002C50SPC800 Upgrade Guide85 pages
- iSTAR UltraLT ConfigGd 8200 1335 02 E0 enNo ratings yetiSTAR UltraLT ConfigGd 8200 1335 02 E0 en59 pages
- Huaweicloudgeneralintroduction Forpartner 220915045549 C6eb9a57No ratings yetHuaweicloudgeneralintroduction Forpartner 220915045549 C6eb9a5728 pages
- FusionCompute V100R005C00 Computing VirtualizationNo ratings yetFusionCompute V100R005C00 Computing Virtualization55 pages
- Huawei OceanStor 9000 Technical PresentationNo ratings yetHuawei OceanStor 9000 Technical Presentation57 pages
- 106-Huawei OceanStor V3 Entry-Level Storage Pre-Sales Training V2.23No ratings yet106-Huawei OceanStor V3 Entry-Level Storage Pre-Sales Training V2.2332 pages
- Huawei OceanStor 5300 5500 5600 and 5800 V5 Mid-Range Hybrid Flash Storage Systems Technical White PaperNo ratings yetHuawei OceanStor 5300 5500 5600 and 5800 V5 Mid-Range Hybrid Flash Storage Systems Technical White Paper69 pages
- OceanStor S2600T&S5500T&S5600T&S5800T&S6800T Storage System V200R001 Command Reference 06No ratings yetOceanStor S2600T&S5500T&S5600T&S5800T&S6800T Storage System V200R001 Command Reference 06487 pages
- HC13081 - 01 Cloud Computing Planning DesignNo ratings yetHC13081 - 01 Cloud Computing Planning Design71 pages
- CL02 FusionCompute Product IntroductionNo ratings yetCL02 FusionCompute Product Introduction41 pages
- HUAWEI ESight Network Brief Product BrochureNo ratings yetHUAWEI ESight Network Brief Product Brochure4 pages
- Samsung Magician 8 0 0 Installation GuideNo ratings yetSamsung Magician 8 0 0 Installation Guide15 pages
- Oceanstor Dorado 5000V6: Hands-On / Transferência de ConhecimentoNo ratings yetOceanstor Dorado 5000V6: Hands-On / Transferência de Conhecimento617 pages
- 4 - HCPA-Data Center Facility - UniSTAR SCTeDesigner Training For Data CenterNo ratings yet4 - HCPA-Data Center Facility - UniSTAR SCTeDesigner Training For Data Center52 pages
- HCIA-Cloud Service V3.0 Version DescriptionNo ratings yetHCIA-Cloud Service V3.0 Version Description3 pages
- 00-Huawei Cloud Stack Solution BasicsV1.0No ratings yet00-Huawei Cloud Stack Solution BasicsV1.030 pages
- 01-HUAWEI Storage Product Sales Specialist Training V5.5No ratings yet01-HUAWEI Storage Product Sales Specialist Training V5.556 pages
- Huawei FusionSphere Virtualization Suite 6.3.1 Product DescriptionNo ratings yetHuawei FusionSphere Virtualization Suite 6.3.1 Product Description96 pages
- HCSP-Presales-Storage V3.0 Training MaterialNo ratings yetHCSP-Presales-Storage V3.0 Training Material471 pages
- Huawei Fusionserver Rh2288h v3 Rack Server BrochureNo ratings yetHuawei Fusionserver Rh2288h v3 Rack Server Brochure2 pages
- CloudEngine 9800, 8800, 6800, 5800 V200R022C00 Upgrade GuideNo ratings yetCloudEngine 9800, 8800, 6800, 5800 V200R022C00 Upgrade Guide100 pages
- FusionSphere V100R003C00 Quick Installation and Configuration Guide 01 PDF100% (1)FusionSphere V100R003C00 Quick Installation and Configuration Guide 01 PDF33 pages
- HCIA-Big Data V2.0 Lab Guide For Big Data Engineers - Revision 4No ratings yetHCIA-Big Data V2.0 Lab Guide For Big Data Engineers - Revision 4131 pages
- Imaster NCE V100R023C00 CORBA NBI Developer Guide (Alarm) 05No ratings yetImaster NCE V100R023C00 CORBA NBI Developer Guide (Alarm) 05115 pages
- Huawei OceanStor S2200T&S2600T&S5500T&S5600T&S5800T&S6800 Storage System Product DescriptionNo ratings yetHuawei OceanStor S2200T&S2600T&S5500T&S5600T&S5800T&S6800 Storage System Product Description79 pages
- Huawei OceanStor 9000 Pre-Sales TrainingNo ratings yetHuawei OceanStor 9000 Pre-Sales Training62 pages
- Dorado V6 Series 6.1.x Basic Storage Service Configuration Guide For FileNo ratings yetDorado V6 Series 6.1.x Basic Storage Service Configuration Guide For File685 pages
- OceanStor Dorado 6.1.x CloudBackup Feature GuideNo ratings yetOceanStor Dorado 6.1.x CloudBackup Feature Guide120 pages
- Evolution of Information and Commnunications Technology100% (1)Evolution of Information and Commnunications Technology33 pages
- Guidelines For Developing A Nios II HAL Device DriverNo ratings yetGuidelines For Developing A Nios II HAL Device Driver36 pages
- Lab Journal: Computer Programming (2+1 Credit Hours)No ratings yetLab Journal: Computer Programming (2+1 Credit Hours)13 pages
- Parallel & Distributed Computing ExercisesNo ratings yetParallel & Distributed Computing Exercises3 pages
- ReleaseNotes-Leica MissionPro-12 11 0 en PDFNo ratings yetReleaseNotes-Leica MissionPro-12 11 0 en PDF7 pages
- Tensorflow Lite For Microcontrollers: Deploy Machine Learning Models On Tiny DevicesNo ratings yetTensorflow Lite For Microcontrollers: Deploy Machine Learning Models On Tiny Devices25 pages
- What Is Java? Define Five Features of Java?No ratings yetWhat Is Java? Define Five Features of Java?83 pages
- CXL Type 3 Memory Device Software GuideNo ratings yetCXL Type 3 Memory Device Software Guide128 pages
- Installing Wilcom EmbroideryStudio On A MacNo ratings yetInstalling Wilcom EmbroideryStudio On A Mac8 pages
- Ledcenterm Software Operation Manual: C-PowerNo ratings yetLedcenterm Software Operation Manual: C-Power44 pages
- Microprocessors and Its Applications Short AnswersNo ratings yetMicroprocessors and Its Applications Short Answers15 pages
- SmileMakers Canada - PRD - W2 - Report - 2023-07-15 - 17-25-36No ratings yetSmileMakers Canada - PRD - W2 - Report - 2023-07-15 - 17-25-363 pages
