dss - the dyadic snapshot scheduler
dss [global-options...] [--] [<subcommand> [subcommand-options...]]
dss maintains hardlink-based snapshots of a given directory on a remote or local host using rsync’s link-dest feature. The snapshots are organized so that any snapshot can directly be deployed as an (emergency) replacement for the primary system.
dss is admin friendly: It is easy to configure and needs little attention after the initial setup. In particular, no full, incremental or differential backups need to be configured, and there is no database to maintain. dss is also user-friendly: Assuming the snapshot server allows read-only user access over the network, users can restore accidentically removed files without admin intervention, using their favorite file browser to copy files from the snapshot directory back to the primary system.
dss keeps track of the age and the state of existing snapshots and triggers snapshot creation and removal according to the configuration settings. It tries to maintain a scheme where many recent snapshots and few old snapshots exist, for example 16 snapshots newer than a week, 8 snapshots between one and two weeks old, 4 snapshots between two and three weeks old, and so on.
General
options
-h, --help
print help and exit
--detailed-help
print help, including all details, and exit
-V, --version
print version and exit
-c, --config-file=<path>
use alternative config file (default: ~/.dssrc)
Options may be given at the command line or in the configuration file. As usual, if an option is given both at the command line and in the configuration file, the command line option takes precedence.
However, there is one exception to this rule: The run subcommand re-reads the configuration file when it receives the HUP signal. In this case the options in the config file override any options that were previously given at the command line. This allows changing the configuration of a running dss process by sending SIGHUP.
-l, --loglevel=<level>
set loglevel (0-6)
default: 4
Lower values mean more verbose logging.
-n, --dry-run
only print what would be done
This flag does not make sense for all subcommands. The run subcommand refuses to start if this option was given while the ls subcommand silently ignores the flag.
--source-dir=<dirname>
the remote directory to snapshot
The directory on the remote host from which snapshots are taken. Of course, the user specified as --remote-user must have read access to this directory.
This option is mandatory for the create and run subcommands: It may be given multiple times to specify more than one source directory. However, all source directories must reside on the same server.
--dest-dir=<dirname>
where snapshots are stored
The destination directory on the local host where snapshots will be written. This must be writable by the user who runs dss.
This option is mandatory for all subcommands except kill. Unlike --source-dir, this option may only be given once.
--mountpoint
abort if destination directory is not a mountpoint
This option checks whether a file system is mounted on the directory specified as the argument to --dest-dir. Operation proceeds only if this is the case. Otherwise dss exits unsuccessfully without performing any action. Use this option to prevent snapshot creation if the snapshot file system is not mounted.
This option is silently ignored for subcommands which do not depend on the destination directory.
Controlling
how rsync is run
These options are only relevant to the run and the create
subcommands.
-H, --remote-host=<hostname>
host to take snapshots from
default: localhost
If this option is given and its value differs from the local host, then rsync uses ssh. Make sure there is no password needed for the ssh connection. To achieve that, use public key authentication for ssh and, if needed, set the remote user name by using the --remote-user option.
-U, --remote-user=<username>
Remote user name (default: current user)
Set this if the user that runs dss is different from the user on the remote host.
--checksum=<permille>
run rsync with --checksum occasionally
default: 0
If a file on the backup becomes corrupt in a way that file size and modification time still match the original file, rsync will not consider the file for transfer ("quick check"). Hence the corruption stays on the backup until the file is modified on the source. The --checksum option of rsync disables the quick check and compares the contents of each file, fixing such corruptions. Since computing the checksums adds a significant slowdown due to a lot of disk I/O, the option is not enabled by default.
The argument to the --checksum option of dss is a number between 0 and 1000, inclusively, which determines the probability of adding --checksum to the rsync options each time a snapshot is created. The default value zero means to never add the option. The value 100 will create every tenth snapshot (on average) using checksums, and the value 1000 will always pass --checksum to rsync.
-O, --rsync-option=<option>
further rsync options
This option may be given multiple times. The given argument is passed verbatim to the rsync command. Note that in order to use rsync options that require an argument, you have to specify the option and its argument as separate --rsync-options, like this:
--rsync-option --exclude --rsync-option /proc
Fine tuning
the number of snapshots per time unit
-u, --unit-interval=<days>
the duration of a unit interval
default: 4
Increasing this number instructs dss to create fewer snapshots per time unit while the number of snapshots to keep stays the same.
-n, --num-intervals=<num>
the number of unit intervals
default: 5
Increasing this number by one doubles the total number of snapshots.
Commands to
be run on certain events
All hooks default to "true". That is, the true(1)
utility (which always returns with exit code zero) is
executed if the hook command is not specified.
-r, --pre-create-hook=<command>
executed before a snapshot is created
default: true
This command is executed before dss runs rsync to create a new snapshot. If the command returns with a non-zero exit status, no snapshot will be created and the operation is retried later.
For example, the command could execute a script that checks whether all snapshot-related file systems are mounted.
Another possible application of the pre-create hook is to return non-zero during office hours in order to not slow down the file systems by taking snapshots.
--post-create-hook=<command>
executed after a snapshot has been created
default: true
This is only executed if a snapshot has successfully been created. The full path of the newly created snapshot is passed to the hook as the first argument. The exit code of this hook is ignored.
For instance this hook could count the number of files per user and/or compute disk usage patterns to be stored in a database for further analysis.
--pre-remove-hook=<command>
executed before a snapshot is removed
default: true
The full path to the snapshot which is about to be removed is passed to the command as the first argument. If the command returns with a non-zero exit status, the snapshot is not going to be removed and the operation is retried later.
For example, one could execute a script that checks whether the snapshot to be deleted is currently used by another process, e.g. by a tape-based backup system that runs concurrently to dss.
Another possible application of this is to record disk-usage patterns before and after snapshot removal.
--post-remove-hook=<command>
executed after snapshot removal
default: true
As for the pre-remove hook, the full path of the removed snapshot is passed to the hook as the first argument. The exit code of this hook is ignored.
--exit-hook=<command>
executed before the run command exits
default: true
This hook is only relevant to the run subcommand. It is executed just before dss terminates. The reason for termination is passed as the first argument.
One possible application for this hook is to send email to the system administrator to let her know that no more snapshots are going to be created.
Disk space
monitoring
The options of this section control the aggressiveness of
snapshot removal. That is, they define under which
circumstances existing snapshots are removed. These options
are only relevant to the run and the prune subcommands.
-m, --min-free-mb=<megabytes>
minimal amount of free disk space
default: 100
If disk space on the file system containing the destination directory gets low, the run subcommand suspends the currently running rsync process and starts to remove snapshots in order to free disk space. This option specifies the minimal amount of free disk space. If less than the given number of megabytes is available, snapshots are being deleted. See also the --min_free_percent and the min-free-percent-inodes options below.
A value of zero deactivates this check.
-p, --min-free-percent=<percent>
minimal percentage of free disk space
default: 2
This is like --min-free-mb but the amount of free disk space is specified as a percentage. It is not recommended to set both --min-free-mb and --min-free-percent to zero as this will cause your file system to fill up quickly.
-i, --min-free-percent-inodes=<percent>
minimal percent of free inodes
default: 0
The minimum amount of free inodes on the file system containing the destination dir. If the percentage of free inodes drops below the given value, snapshot removal kicks in like in case of low disk space.
The number of free inodes is determined from the f_ffree field of the statvfs structure. However, some file systems set this field to zero, indicating that the number of inodes is basically unlimited. Moreover it is not possible to reliably detect whether this is the case. Therefore this feature is disabled by default. It’s safe to enable it for ext2/ext3/ext4 file systems on linux though.
A value of zero (the default) deactivates this check.
-k, --keep-redundant
prune by disk space only
By default, redundant and outdated snapshots are removed automatically to keep the number of snapshots in harmony with the configured policy. If this flag is given, dss removes such snapshots only if disk space or number of free inodes becomes low.
--min-complete[=<num>]
minimal number of complete snapshots to keep
default: 1
This option is only relevant if snapshots must be deleted because disk space gets low.
dss refuses to remove old snapshots if there are fewer complete snapshots left than the given number. The default value of one guarantees that at least one complete snapshot is available at all times.
If only <num> complete snapshots are left, and there is not enough disk space available for another snapshot, the program terminates with a "No space left on device" error.
dss supports the subcommands described below. If no subcommand is given, the list of available subcommands is shown and the program terminates successfully without performing any further action.
run - start
creating and pruning snapshots
Usage: run [--daemon] [--logfile=<path>]
[--max-rsync-errors=<count>]
This is the
main mode of operation. Snapshots are created in an endless
loop as needed and pruned automatically. The loop only
terminates on fatal errors or if a terminating signal was
received. See also the --exit-hook option.
-d, --daemon
run as background daemon
If this option is given, the dss command detaches from the console and continues to run in the background. It is not possible to let a daemonized process re-attach to the console by editing the config file and sending SIGHUP. However, log output may be redirected to a different file in this way.
See --logfile.
-l, --logfile=<path>
where to write log output
default: /dev/null
This option is only honored if --daemon is given, in which case log messages go to the given file. Otherwise the option is silently ignored and log output is written to stderr.
--max-rsync-errors=<count>
terminate after this many rsync failures
default: 10
If the rsync process exits with a fatal error, dss restarts the command in the hope that the problem is transient and subsequent rsync runs succeed. After the given number of consecutive rsync error exits, however, dss gives up, executes the exit hook and terminates. Set this to zero if dss should exit immediately on the first rsync error.
The only non-fatal error is when rsync exits with code 24. This indicates a partial transfer due to vanished source files and happens frequently when snapshotting a directory which is concurrently being modified.
create -
execute rsync once to create a new snapshot
Usage: create
This command does not check the amount free disk space. The pre-create and post-create hooks are honored, however.
Specify --dry-run to see the rsync command which is executed to create snapshots.
prune -
remove snapshots
Usage: prune [--disk-space=<mode>]
A snapshot is said to be (a) outdated if its interval number is greater or equal than the specified number of unit intervals, (b) redundant if the interval it belongs to contains more than the configured number of snapshots, and (c) orphaned if it is incomplete and not being created or deleted. All other snapshots are called regular.
Unless --dry-run is given, which just prints the snapshot that would be removed, this subcommand gets rid of non-regular snapshots. At most one snapshot is removed per invocation. If no such snapshot exists and disk space is low, the subcommand also removes regular snapshots, always picking the oldest one.
The subcommand
fails if there is another dss "run" process.
--disk-space=<mode>
act as if free disk space was high/low
values: check, high, low
By default, free disk space is checked and even regular snapshots become candidates for removal if disk space is low. This option overrides the result of the check.
ls - print
the list of all snapshots
Usage: ls
The list contains all existing snapshots, no matter of their state. Incomplete snapshots and snapshots being deleted will also be listed.
kill - send
a signal to a running dss process
Usage: kill [--signal=<signal>] [--wait]
This sends a
signal to the dss process that corresponds to the given
config file. If --dry-run is given, the PID of the dss
process is written to stdout, but no signal is sent.
-s, --signal=<signal>
send the given signal rather than SIGTERM
default: SIGTERM
Like for kill(1), alternate signals may be specified in three ways: as a signal number (e.g., 9), the signal name (e.g., KILL), or the signal name prefixed with "SIG" (e.g., SIGKILL). In the latter two forms, the signal name and the prefix are case insensitive, so "sigkill" works as well.
Sending SIGHUP causes the running dss process to reload its config file.
-w, --wait
wait until the signalled process has terminated
This option is handy for system shutdown scripts which would like to terminate the dss daemon process.
Without --wait the dss process which executes the kill subcommand exits right after the kill(2) system call returns. At this point the signalled process might still be alive (even if SIGKILL was sent). If --wait is given, the process waits until the signalled process has terminated or the timeout expires.
If --wait is not given, the kill subcommand exits successfully if and only if the signal was sent (i.e., if there exists another dss process to receive the signal). With --wait it exits successfully if, additionally, the signalled process has terminated before the timeout expires.
It makes only sense to use the option for signals which terminate dss.
configtest -
run a configuration file syntax test
Usage: configtest
This command checks the command line options and the configuration file for syntactic correctness. It either reports "Syntax Ok" and exits successfully or prints information about the first syntax error detected and terminates with exit code 1.
help - list
available subcommands or print subcommand-specific help
Usage: help [--long] [--] [subcommand]
If the optional
subcommand argument is given, the help text of that
subcommand is shown. Without the argument the available
subcommands are listed instead.
-l, --long
show the long help text of a subcommand
If this option is given, the command also shows the description of the subcommand and the help text of each option, Otherwise only the purpose, the synopsis and the option list of the subcommand is shown. If no subcommand is supplied, the option has no effect.
Suppose you’d like to create snapshots of the existing directory /foo/bar in the directory /baz/qux. Create the config file ~/.dssrc containing the values for the source and the destination directories as follows:
echo
’source-dir "/foo/bar"’ > ~/.dssrc
echo ’dest-dir "/baz/qux"’ >>
~/.dssrc
Then execute the commands
mkdir /baz/qux
dss run
To print the list of all snapshots created so far, run dss ls.
The second example involves a slightly more sophisticated config file. It instructs dss to exclude everything which matches at least one pattern of the given exclude file, prevents rsync from crossing file system boundaries and increases the number of snapshots.
source-dir
"/foo/bar"
dest-dir "/baz/qux"
# exclude files matching patterns in /etc/dss.exclude
rsync-option --exclude-from=/etc/dss.exclude
# don’t cross filesystem boundaries
rsync-option --one-file-system
# maintain 2^6 - 1 = 63 snapshots
num-intervals "6"
The /etc/dss.exclude file could look like this (see rsync(1) for more examples)
- /proc
- /**/tmp/
The age of a snapshot is measured in terms of unit intervals. Given the duration u of a unit interval and the number n of unit intervals to consider, dss tries to keep 2^(n-k-1) snapshots in interval k, where the interval number k counts from zero to n-1, with zero being the most recent unit interval. Snapshots older than n unit intervals are regarded as outdated and are removed. There are 2^n-1 snapshots in total.
For example, with four unit intervals, the 2^4 - 1 = 15 snapshots are distributed as follows.
Note that for this to work out the system must be fast enough to create at least 2^(n-1) snapshots per unit interval because this is the number of snapshots in interval zero.
Written by
Andre Noll
Copyright (C) 2008 - present Andre Noll
License: GPL-2.0
This is free software: you are free to change and
redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Project web
page:
https://people.tuebingen.mpg.de/maan/dss/
Git clone URL:
https://git.tuebingen.mpg.de/dss
Gitweb:
https://git.tuebingen.mpg.de/dss.git
Author’s home page:
https://people.tuebingen.mpg.de/maan/
Report bugs to Andre
Noll
ssh(1), rsync(1)