Veeam: Don’t let your dog eat your blog –Protecting cPanel multi-tenant using Veeam Agent for Linux and Veeam Cloud Connect

Greetings friends, today I bring you a very interesting blog post for Service Providers, but not limited to these.

Today I bring you a step further, and it’s about taking advantage of the functionality of being able to launch Backups from cPanel users to a Cloud Connect Provider that includes Veeam Agent for Linux 2.0, each backup assigned to its tenant, etc..

As this Blog post has been a little long for me, I leave you the menu so that you can jump to where it is more interesting for you:

1.- Topology and brief explanation of the Infrastructure

As always, I would like to leave you with a diagram of how this Infrastructure and the data flow between cPanel, Veeam Cloud Connect and the tenants will look like:

To make this whole environment work we’ll have to have the following:

  • A cPanel WHM license, and root access to shell. (We could also extra polarize this to a LAMP server with multiple workloads, etc, but it would be more manual)
  • Veeam Agent for Linux 2.0 Server Edition – We will use the Server version as we want to create multitasks, one for each tenant, and of course make use of the pre-freeze and post-shaw scripts that will generate the backup of each tenant.
  • A provider, or Veeam Cloud Connect providers, you can have a look at the list here – https://www.veeam.com/find-a-veeam-cloud-provider.html

Once we have everything ready, we can move on to the next point.

2.- Installing Veeam Agent for Linux 2.0

The installation process is very simple following these steps, as my cPanel runs on CentOS 6.x, I will use the GitHub binary file to download the corresponding version:

Once we have downloaded the file, we will install it in the following way and update the packages:

The process will then ask us if we want to install the two packages and dependencies, which we will say AND, the wizard will also ask us if we want to install the Veeam repository key, we will say AND also, the installation process takes just a few seconds:

We already have Veeam Agent for Linux 2.0 installed, let’s now quickly install the license using CLI too, as simple as running the following command, remember that we need the license from Server for this case of use:

3.- Quick overview of Veeam Agent for Linux 2.0 CLI commands

For this tutorial we are going to configure everything using the Veeam Agent for Linux 2.0 CLI, so we get used to the commands and can later create simple scripts to automate the creation of more copy jobs for other tenants, etc. In the end it is what makes a Service Provider more efficient, to automate tasks like these.

Of all the commands that we have that start with veeam*, we are going to put special emphasis on veeamconfig, that if we launch a help it returns us the following:

As we can see, some of the most basic commands would be the version command and the help command, for example:

If we go to the license that we have used previously we can see the installed license, as well as delete it, etc.:

In my case this is the license:

If we already jump to the other more advanced values, we can see that we have cloud, job, schedule, repository that at the end are the most important, each one of them can be added the -help to know more information, we will see the most important and its help below.

4.- Add the different tenants of Cloud Provider for each tenant

If we remember the diagram in point 1, we want each tenant to have the backup of his cPanel account in his own Veeam Cloud Connect Repository using his own VCC tenant, so we will use the command veeamconfig cloud to create the different tenants, we will start with the help:

Quite simply the command that we will have left will be something similar to this one, that we will have to launch as many times as tenants have, apart from changing the name, URL and credentials of course:

This way we are adding the different Cloud providers that we can use later to create the backup jobs.
If we want to list the Cloud providers, and the tenant user we are using, we can use the following command:

Once we have all the Veeam Cloud Connect, it is interesting to know the name and ID of the Repositories that these providers have assigned to us, for this as simple as a veeamconfig repository list, where we can see for each cloud provider and having the repository assigned to them, remember the name of them:

5.- Creation of the pre-freeze and post-thaw scripts with cPanel Backup

cPanel includes a native utility to perform the complete backup, or incremental if we want, of each cPanel account, this allows us to create a script for each user for the pre-freeze and for the post-thaw, which I have created are quite simple and I have placed them in /backupveeam/, so that would be something like this:

Let’s remember that for each tenant, I have their pre and post scripts, surely with a little good work you can use them in a more advanced way, but let’s see what the pre-freeze content is:

What this command will do is a full backup, SQL, files, cPanel emails from that account, FTP accounts, quotas, etc, and save it to a.tar.gz file located at /backupveeam/tenant001

And this would be the content of the post-thaw that basically is to delete all the backup so as not to consume disk space:

Once we have the files created, don’t forget the execution permission:

Note: In my particular case I had to increase the timeout time of the pre-freeze post-thaw jobs as it was over 10 minutes that Veeam Agent for Linux 2.0 comes by default, for this we will edit the file /etc/veeam/veeam.ini and comment the following and put 6000 seconds, which is 100 minutes:

Then we’ll have to perform the typical reboot of the Veeam Agent for Linux 2.0 services:

And now we can move on to the next point.

6.- Creating and programming the copy jobs of Veeam Agent for Linux 2.0

We already have the Cloud Repositories ready for each tenant, as well as the scripts for cPanel to make a backup before making the snapshot and delete it later to avoid consuming disk, it’s time to create our copy job, the syntax of the copy job is simple, we can always use the -help to help us, for example:

As in our case we want it to be a file-level copy job, we would have something like the following, as you can see I have indicated that the job is a file-level copy, the name of the job to know what it is, the repository where we want to send the backup, restore points, as well as the pre-freeze and post-thaw jobs, finally the directory we want to protect:

It is also quite simple to list the jobs, it is important to remember the ID of the jobs in order to add them to a schedule:

Now that we have the copy job created, we want to program it of course, for that we will use the command veeamconfig schedule:

Basically the command we want is the following, a daily copy, or as often as the tenant requires, with the Backup job ID, and the frequency in days:

Everything is ready and we can move on to the next point, good job! Remember that this step must be executed for each Backup Job to be programmed for each tenant.

7.- Launch the copy jobs of Veeam Agent for Linux 2.0

The copy jobs will of course run automatically on your schedule, in case we want to force the job and see it on the Linux UI, we will run the veeam command and select the job we want to launch:

We will be able to see how the work to be executed begins, and the first thing that is done are the scripts that we have configured previously:

If we do a ps -efa we can see that the cPanel backup is running:

After a few minutes, depending on your bandwidth to the Cloud provider, as well as the size of the cPanel tenants, we will be able to see the result of the copy:

Some points to note, the scripts have worked perfectly, and have taken 13 minutes for this tenant, as well as the total work time, not bad.

In another example of another tenant where the web is smaller, the backup was done in just 2 minutes:

8.- Checking as Service Provider that the Backups have been executed

The Service Provider will be able to verify that each tenant who has sent the backup from Veeam Agent for Linux 2.0 counts as a Server, as it is the license that the Veeam Agent for Linux has:

If the Provider scans the Repository where the Backups are stored, it will be able to find the .vbk file with the cPanel copy inside it. Now that we have everything on the provider side, let’s see how a tenant can view and recover his files.

9.- Access as tenant to the Backup files using Veeam Agent FLR (File-level-recovery)

We already have Backups, we have restore points, we have tenants, we have everything, we will see how to restore these backups, for that we will use Veeam Agent FLR, which allows us to restore in a granular way the files, mounting them in our Linux, or in the Linux of the tenants in case they have lost the original server, or are restoring to a new server.

We will use the veeamconfig point command which gives us multiple options:

The first thing is to know the Backups, with their Ids that we have for each tenant, etc:

We see that we have a Backup Job that we have created before, that belongs to tenant001, let’s see what restore points it has:

Everything is correct, besides not being corrupted or anything, we will proceed to mount this backup in our system, or the tenant from his own Veeam Agent for Linux could do this restore, if we are the ones who restore the backup to the tenant, we can always restore it to your cPanel folder so you can see the file, if it is the tenant can restore for example in tmp

Once the restore point has been mounted, the contents of the backup can be viewed, as simple as making a ls -la to the next folder:

From here the tenant can unzip the file and perform the relevant tasks, or even import it into a new cPanel as the file is.

Interesting links

I have already told you about Veeam Agent for Linux in the past, you can find much more information about installation, etc., here:

I hope you like this post, it’s a pretty interesting use case that I haven’t seen applied out there yet but it sure gives you ideas. A greeting.

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.