The Lazy Admin Blog

Home  /  cPanel • JetBackup  /  Jetbackup :: Better safe then sorry

Jetbackup :: Better safe then sorry

January 20, 2019 cPanel, JetBackup Leave a Comment

JetBackup version 4+ introduced a fancy new filtering system. You can filter your backup job to do almost anything letting you squeeze the most out of your backup job.
While having so many filter options can be powerful, sometimes you don’t always take everything under consideration and things could get slipped through the cracks.

Let’s take a very common backup job scenario –

  • A daily job with 14 retention
  • Filter: Do not backup suspended accounts (we wanted to keep the job fast & efficient so we skip suspended accounts)

Furthermore, orphan backups are set to be saved to 12 months (better safe than sorry !)

This should keep us safe for at least 1 year with the clients that left us (and became orphan accounts inside JetBackup’s system – Orphan backups are account backup files that are not associated with an active account).

Most of us also using WHMCS for billing automation, so let’s review the automation settings over there –

Enable Suspension – Yes
Suspend Days – 45
Termination Days – 180

These are very generous settings, we will suspend accounts only after 45 days of overdue payments, and will terminate the accounts after 180 (!) of days.

CALL TO ACTION: Invoice is overdue, Account is suspended – what happens behind the scenes?

Our “Do not backup suspended accounts” filter will take action, and since the account is excluded – the system will start cleaning up any created snapshot for this account –  After 14 days we will lose all of our daily snaps!

REMINDER: Account has not been terminated yet, as we are giving 180 days before termination.

By the time WHMCS will terminate the account, all the snaps are cleared, so no more usable snaps to keep as “orphan backups”.

cPanel’s hooks system to the rescue!

To solve this very unique scenario, we decided that we want to keep at least one full backup for an account that was suspended.
To do so, we will use cPanel’s internal hook system to notify JetBackup whenever an account is suspended / unsuspended.
Once an account is suspended, we will try to find the latest full backup of that account and will lock it for 360 days using the “manageBackup” API Call
Using the same concept, once an account is unsuspended – we will release our lock.

This will allow keeping at least one full backup for an account that was either suspended or terminated, and also if & when a user decides to come back – our next backup job for this user will be incremental to the snap we saved.

LET’S DO IT

The following is not officially supported by JetBackup, and there is no “out of the box” solution. Your actual implementation and use will likely vary from the example provided. Since we do not know your specific server setup, proceed at your own risk. We assume that you are using cPanel/WHM v76 and JetBackup 4+

The first step will be to create bash script that cPanel’s hooks will call to. The bash script will take action against JetBackup’s hooks.

Create bash file, and give executable permissions –

touch /root/lock_unlock_acct.sh
chmod +x /root/lock_unlock_acct.sh

Paste the following code inside –

#!/bin/bash
STAGE=$1
LOCK_PERIOD=360
LOCK_REASON="locked-by-hook"
 
ACCT=$( cat /dev/stdin  | grep -oE '"args":{[^}]*"user":"[^"]+"' | sed "s#^.*\"user\":\"\([^\"]\+\)\"#\1#g" )
#ACCT=$( cat /dev/stdin )
 
if [ -z "$ACCT" ]; then
        exit 1
fi
 
if [ $STAGE = "suspend" ]; then
        #GET LATEST SNAP ID
        ID=$( /usr/bin/jetapi backup -F listBackups -D "accounts[]=$ACCT&type=127&limit=1&sort[created]=-1" | grep -E '^\s*_id' | awk '{print $2}' )
 
        if [ -n "$ID" ]; then
                #LOCK SNAP BY ID
                 /usr/bin/jetapi backup -F manageBackup  -D "_id=$ID&notes=$LOCK_REASON&locked=1&lock_ttl=$LOCK_PERIOD"
        fi
fi 
 
if [ $STAGE = "unsuspend" ]; then
        #GET LOCKED SNAPE BY THE LOCK REASON AND THE ACCOUNT NAME 
        ID=$( /usr/bin/jetapi backup -F listBackups -D "type=127&accounts[]=$ACCT" | grep "notes: $LOCK_REASON" -B 15 | grep -E '^\s*_id' | awk '{print $2}' )
 
        if [ -n "$ID" ]; then
                #UNLOCK SNAP
                 /usr/bin/jetapi backup -F manageBackup  -D "_id=$ID&notes=&locked=0"
        fi
fi

NOTE: You can change the amount of days at the 3rd line under (LOCK_PERIOD), the default is 360

Next, we just need to register our bash script inside cPanel’s hook system. Note that there are two registrations – one for suspending action, and one for unsuspend action.

/usr/local/cpanel/bin/manage_hooks add script "/root/lock_unlock_acct.sh suspend" --manual 1 --category Whostmgr --event Accounts::suspendacct --stage post
/usr/local/cpanel/bin/manage_hooks add script "/root/lock_unlock_acct.sh unsuspend" --manual 1 --category Whostmgr --event Accounts::unsuspendacct --stage post

Let’s try our hook with suspended account –

[root@server01 ~]# /scripts/suspendacct virtuema
Changing Shell to /bin/false...Done
 
[ ... ]
 
info [suspendacct]    script: /root/lock_unlock_acct.sh suspend
info [suspendacct]  response: success: 1
message: Backup updated successfully
system:
  version: 4.0.9
  tier: EDGE
  drMode: 
  agreement: 
  licenseIssue: 
data:
  _id: 5c427cb68620a84c595109d8
  snap_id: 5a372d978620a874a93dba53
  name: virtuema
  type: 127
  params: 
  path: jetbackup_1_1_59afa6518620a809052620f3/virtuema/snap.2019-01-19.012614
  size: 0
  notes: locked-by-hook
  flag: 1
  flag_name: Incremental
  created: 2019-01-19T01:26:14+00:00
  engine: JetBackup
  engine_val: 1
  locked: 1
  lock_ttl: 2020-01-15T13:51:37+00:00
  hidden: 
  encrypted: 
  require_encryption_key: 
  snapshot: 
  safety: 
  destination: rsync03
  location: Remote
  queue: 
    restore: 
    download: 
  download: 
  account: virtuema

To verify, we can list this account’s backups  from JetBackup’s WHM GUI and see that the backup is locked with our note (“locked-by-hook”)

unsuspending the account will reverse the action –

[root@israel01 ~]# /scripts/unsuspendacct virtuema
Unsuspending outgoing email....Done
 
[ ... ]
 
info [unsuspendacct]    script: /root/lock_unlock_acct.sh unsuspend
info [unsuspendacct]  response: success: 1
message: Backup updated successfully
system:
  version: 4.0.9
  tier: EDGE
  drMode: 
  agreement: 
  licenseIssue: 
data:
  _id: 5c427cb68620a84c595109d8
  snap_id: 5a372d978620a874a93dba53
  name: virtuema
  type: 127
  params: 
  path: jetbackup_1_1_59afa6518620a809052620f3/virtuema/snap.2019-01-19.012614
  size: 0
  notes: 
  flag: 1
  flag_name: Incremental
  created: 2019-01-19T01:26:14+00:00
  engine: JetBackup
  engine_val: 1
  locked: 
  lock_ttl: 
  hidden: 
  encrypted: 
  require_encryption_key: 
  snapshot: 
  safety: 
  destination: rsync03
  location: Remote
  queue: 
    restore: 
    download: 
  download: 
  account: virtuema

Thank you for reading ! ?

For more information about JetBackup API, please see https://docs.jetbackup.com

Tags: backup, cPanel, JetBackup
Previous Article
Next Article

Related Posts

  • Convert JetBackup to cPanel structure

    Convert JetBackup to cPanel structure

    October 6, 2022
  • Enable TLS 1.1/1.0 on cPanel servers

    Enable TLS 1.1/1.0 on cPanel servers

    September 30, 2022
  • Building your own private cloud with XenServer

    April 20, 2021

Leave a Reply

Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search Our Blog

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Filter by Categories
Apache
CentOS
CloudLinux
cPanel
Emails
ESXI
iSCSI
JetBackup
Linux
Litespeed
MySQL
NGINX
Oracle
Reduxio
Security
SSL
Uncategorized
VMware
Wordpress
XEN

Tags

apache aspx backup bash CentOS cloudlinux cPanel CXS Emails freetds google htaccess IMAP InnoDB iscsi JetBackup Libmodsecurity litespeed modsec modsecurity mssql MySQL netapp nginx odbc Oracle php php.ini phpselector rsync ssh ssmtp systemd threads VMFS WHM Wordpress xenserver

Popular Posts

  • Convert JetBackup to cPanel structure October 6, 2022
  • How To Install & Configure a Galera Cluster with MariaDB on Centos 7 February 6, 2018
  • Allow a cPanel server to run a VHOST from multiple IP addresses April 3, 2018
  • rsync without prompting for password October 10, 2022

Recent Posts

  • Understanding Why More Threads Can Sometimes Slow Down Performance October 9, 2024
  • Set up a new systemd service May 18, 2024
  • Bash Arrays November 7, 2023
  • rsync without prompting for password October 10, 2022

Recent Comments

  • Sven on rsync without prompting for password
  • TheLazyAdmin on rsync without prompting for password
  • Sven on rsync without prompting for password
  • TheLazyAdmin on Convert JetBackup to cPanel structure
  • Chris on Convert JetBackup to cPanel structure
Privacy Policy • Contact