netcmd: Add brief log file of what the backup actually contains
authorTim Beale <>
Thu, 5 Jul 2018 22:35:03 +0000 (10:35 +1200)
committerAndrew Bartlett <>
Tue, 10 Jul 2018 02:42:10 +0000 (04:42 +0200)
There are now several different permutations of backup file that can be
created (i.e. online, rename, with/without secrets). Hopefully the admin
users would organize their backup files sensibly, but it can't hurt to
keep track of what the backup-file actually contains in a simple
human-readable file within the backup tar. E.g. We really don't want
backups with secrets-included and secrets-excluded getting mixed up.

Recording the DC used to make the domain backup may be useful in the
event of a catastrophic failure of the domain, e.g. DC replication may
have been broken for some time prior to the failure.

Recording the samba-tool version string may also be useful if there are
ever any backwards-compatibility issues introduced to the backup files.
The intention is to say we only support restoring a backup with the same
version of samba-tool that actually created the backup, however, it'd be
polite to users to actually record that version somewhere.

Signed-off-by: Tim Beale <>
Reviewed-by: Gary Lockyer <>
Reviewed-by: Andrew Bartlett <>

index a4b276579052712153aaade8ea79ddb919f4962c..1e8ccfaaba9ca1a5e8de5fd76a24e764cccb9fbd 100644 (file)
@@ -110,6 +110,26 @@ def create_backup_tar(logger, tmpdir, backup_filepath):
+def create_log_file(targetdir, lp, backup_type, server, include_secrets,
+                    extra_info=None):
+    # create a summary file about the backup, which will get included in the
+    # tar file. This makes it easy for users to see what the backup involved,
+    # without having to untar the DB and interrogate it
+    f = open(os.path.join(targetdir, "backup.txt"), 'w')
+    try:
+        time_str ='%Y-%b-%d %H:%M:%S')
+        f.write("Backup created %s\n" % time_str)
+        f.write("Using samba-tool version: %s\n" % lp.get('server string'))
+        f.write("Domain %s backup, using DC '%s'\n" % (backup_type, server))
+        f.write("Backup for domain %s (NetBIOS), %s (DNS realm)\n" %
+                (lp.get('workgroup'), lp.get('realm').lower()))
+        f.write("Backup contains domain secrets: %s\n" % str(include_secrets))
+        if extra_info:
+            f.write("%s\n" % extra_info)
+    finally:
+        f.close()
 # Add a backup-specific marker to the DB with info that we'll use during
 # the restore process
 def add_backup_marker(samdb, marker, value):
@@ -234,6 +254,7 @@ class cmd_domain_backup_online(samba.netcmd.Command):
         # Add everything in the tmpdir to the backup tar file
         backup_file = backup_filepath(targetdir, realm, time_str)
+        create_log_file(tmpdir, lp, "online", server, include_secrets)
         create_backup_tar(logger, tmpdir, backup_file)
@@ -672,6 +693,7 @@ class cmd_domain_backup_rename(samba.netcmd.Command):
         # Clone and rename the remote server
         lp = sambaopts.get_loadparm()
+        old_domain = lp.get('workgroup')
         creds = credopts.get_credentials(lp)
         include_secrets = not no_secrets
         ctx = DCCloneAndRenameContext(new_base_dn, new_domain_name,
@@ -728,6 +750,9 @@ class cmd_domain_backup_rename(samba.netcmd.Command):
         # Add everything in the tmpdir to the backup tar file
         backup_file = backup_filepath(targetdir, new_dns_realm, time_str)
+        create_log_file(tmpdir, lp, "rename", server, include_secrets,
+                        "Original domain %s (NetBIOS), %s (DNS realm)" %
+                        (old_domain, old_realm))
         create_backup_tar(logger, tmpdir, backup_file)