Things that could happen to your backups

August 16, 2005

In case yesterday's backup horror story didn't scare you enough, here's an incomplete list of things that have been known to go wrong with backups. Are you sure that none of them are happening to your backups right now?

  • the backup program writes corrupted backups.
  • the backup program doesn't capture a usable system state because things keep changing even as it runs (databases are famous for this).
  • the backup program generates incomplete backups, especially when run in incremental mode. For example, many Unix systems have historically had problems backing up renamed files or renamed directories.
  • the backup program is not noticing or complaining enough about disk read errors. (This happened to us. We lost some somewhat valuable historical files.)
  • you're not actually backing up everything important on the machine. (Especially common on Unix systems if you add a filesystem and forget to tell the backup system about it. And again, this has happened to us.)
  • despite having set them up, you're not actually doing backups; a cron job has broken, someone is forgetting to run a necessary command, etc etc. (Lazy people happen a lot.)

  • backup media errors are being ignored.
  • things don't properly notice or handle the backups hitting the end of the media. (Embarrassingly, I once did this too; honestly, I thought that the tape robot automatically advanced to the next tape when it hit end-of-tape...)
  • your tape drive is failing to properly write the tapes.
  • your tape robot and/or backup system is not actually advancing to the next tape, it's just overwriting the same tape over and over without it or you realizing it.
  • your backup system is accidentally overwriting the backup media instead of appending new data to the end of it. (This has been so common that the Amanda backup system refuses to append to tapes to eliminate the possibility of this happening.)
  • your backup tapes are not getting properly rotated. (This is a famous 'lazy people' issue, where the minimum-wage worker you hired hasn't bothered to actually change tapes.)
  • your tape drive has drifted out of proper alignment; while it can read back tapes that it wrote, nothing else can. Woe strikes if (or when) you have to replace it or it gets repaired. (Exabyte tape drives used to be infamous for this.)
  • your tape drive isn't being made any more. If it breaks, can you get another one that can read your backup tapes back?

  • your backup system's index files that tell you what backups are on what tapes are not being backed up.
  • your backup system's index files are being backed up, but you don't know to where without the index files.
  • backups can only be restored by a program running on the same operating system (and architecture) that made them. Don't lose your last machine of that OS + architecture combination!
  • your commercial backup system requires a node-locked license even to restore files. If you lose the backup server, can you easily run the software on another machine?
  • your restore program has bugs, although the backups themselves are fine. (This has happened to us. It's at least somewhat fixable.)

  • your offsite backups aren't.
  • your offsite backups aren't recent enough.

While some of these are very hard to check for, the only way in general to be confidant that they aren't quietly happening to you is to test restoring from your backups periodically. Backups really need an end-to-end test every so often.

(Feel free to add more in comments, of course. Note that I'm pretty much focusing on things that could be quietly going wrong in your (low-level) backup system itself, as opposed to all the additional problems that you can have in a disaster-recovery situation.)

Comments on this page:

From 128.117.8.11 at 2005-08-16 13:06:16:

Can you restore some files, but only up to a filesystem-ending event, so that all files written after that point are unreachable?

Cayman Systems Gatorboxes were (circa 1990) AppleShare->NFS translators used to provide Macs with access to existing NFS systems. They would happily try to write files with names like "Progress Report 8/11/90" to their NFS targets. Sadly, HP/UX 9.03 would accept those names.

The result was that backup were silently failing at the / in the filename. No files in a directory encountered after such a name made it into the backup set. Sadly, most of the interesting-to-users directories had files with such names.

The result was lost project work for an entire year, peripheral involvement in a sexual harassment suit in exchange for renewed funding, and the consequent creation of a new sysadmin instead of a rocket scientist.

One possible lesson is that restore tests from tapes need to test bringing back files from the beginning -and- the end of the tapes, in addition to points in-between.

These are my WanderingThoughts
(About the blog)

GettingAround
Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Twitter: @thatcks

* * *

Atom feeds are available; see the bottom of most pages.

This is a DWiki.
(Help)

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

Search:
Written on 16 August 2005.
(Previous | Next)
Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.
Last modified: Tue Aug 16 00:49:20 2005
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.