I read a lot about MySQL backups using LVM Snapshots on Linux, WAFL Snapshots on NetApp and more recently ZFS Snapshots. But did you know you can do the same under FreeBSD?

FreeBSD has had snapshot capability since around 2001 allowing administrators to take a frozen image of a filesystem at a given instant in time with minimal impact on the server / filesystem. So how does this help with MySQL Backups?

If like me you have loads of space on your database volume and often find yourself making frequent risky modifications to your databases, a snapshot can save you loads of time and headaches by creating a point in time marker that you can fallback on if needed.

Snapshots provide the following benefits:

1. Efficient - Only as blocks in the active filesystem are modified and written to new locations on disk does the snapshot begin to consume extra space.
2. Fast - It takes about 30 seconds to create a snapshot of an 8Gb filesystem. Of that time 25 seconds is spent in preparation; filesystem activity is only suspended for the final 5 seconds of that period.
3. Reliable - FreeBSD ensures that no disk write activity can take place during the setup of the snapshot (typically less than a second). The result is a consistent replica.

If you are running MySQL on FreeBSD, snapshots can certainly help improve your backup strategy. So how do you get started?
Well if you head over to the Wiki you’ll find a detailed guide to creating your first snapshot, but before you click that link there is another new FreeBSD feature that you may not be aware of - Security Event Auditing.

Protecting your data requires more than just regular backups and the security auditing feature in FreeBSD 6.2+ can help assist with the logging of activity on your MySQL server.

Based on Sun’s published Basic Security Module (BSM), the de facto industry standard for auditing, FreeBSD Security Event Auditing provides reliable, fine-grained, and configurable logging of a variety of security-relevant system events, including logins, configuration changes, and file and network access. These log records can be invaluable for live system monitoring, intrusion detection, and postmortem analysis.

At the moment the stable release of FreeBSD will require a Kernel compile to enable audit capability, but future releases should have audit enabled in the generic kernel. You never know by the time FreeBSD 7.0 is available I may have figured out a way to audit MySQL logins using auditd.

If your feeling brave you can download the latest monthly snapshot of the upcoming FreeBSD 7.0 release and put auditing to the test.

Right - I’m off to get a working NetUnit jar ready for the end of the week - I hope

I had one of those lightbulb moments the other day while pondering a problem I recently encountered relating to firewall changes.
The problem came to light the morning after some firewall rules had been modified, nothing new there I hear you say.
Of course at the time everything looked to be working, that is from the perspective of the few people that were actually working that late in the night. It was only when the morning came and the rest of the business started to come online that the problems were apparent. It didn’t take long to fix the problem but it got me thinking, how could we prevent this in future?

I have been spending some time looking at Unit testing recently and began to wonder if there were any testing tools or frameworks that could be used to prevent this kind of problem in future. Unit testing for software is pretty much standard practice nowadays and works well during the development phase, but once the application is in situ how can you test the operation from a networking perspective?. Web testing tools are great for validating web application functionality and I’m pretty sure there are loads of other test frameworks out there, but are they easy to use? I wanted a way to describe and validate the problem before and after the work was undertaken, and so NetUnit was born…

NetUnit aims to be simple to use, something I could give to a non-techie and have them run a Test Suite to validate connectivity or application functionality. NetUnit mimics Apache Ant in its operation and design, in fact I was going to write some Ant tasks at first but kept thinking of new ways to extend the tool in future.

The Test Suite used to describe the Tests to perform is a simple XML file. NetUnit parses this file and outputs the result of each test along the way - simple huh!.

Another benefit of this tool that immediately sprung to mind was the ability to take a Test Suite file and generate documentation for your applications external network interface or firewall policies. In fact the ideas don’t stop there and I have quite a list of features that could be implemented in future. Time permitting as always….