Tag: sysadmin (Page 2 of 5)

Using rsync to backup a ZFS file system to a remote Synology Diskstation

30 October 2014 / LCK / 1 Comment

Some time ago I moved from using LVM to using ZFS on my home server. This meant I also had to change the backup script I used to make backups on a remote Synology Diskstation. Below is the updated script. I also updated it such that it now needs a single command line argument: the hostname of the Diskstation to backup to (because I now have two Diskstations at different locations). If you want to run this script from cron you should set up key-based SSH login (see also here and here).

#!/bin/bash
#
# This script makes a backup of my home dirs to a Synology DiskStation at
# another location. I use ZFS for my /home, so I make a snapshot first and
# backup from there.
#
# This script requires that the first command line argument is the
# host name of the remote backup server (the Synology NAS). It also
# assumes that the location of the backups is the same on each
# remote backup server.
#
# Time-stamp: <2014-10-27 11:35:39 (L.C. Karssen)>
# This script it licensed under the GNU GPLv3.
 
set -u
 
if [ ${#} -lt 1 ]; then
    echo -n "ERROR: Please specify a host name as first command" 1>&2
    echo " line option" 1>&2
    exit -1
fi
 
###############################
# Some settings
###############################
# Options for the remote (Synology) backup destination
DESTHOST=$1
DESTUSER=root
DESTPATH=/volume1/Backups/
DEST=${DESTUSER}@${DESTHOST}:${DESTPATH}
 
# Options for the client (the data to be backed up)
# ZFS options
ZFS_POOL=storage
ZFS_DATASET=home
ZFS_SNAPSHOT=rsync_snapshot
SNAPDIR="/home/.zfs/snapshot/$ZFS_SNAPSHOT"
 
# Backup source path. Don't forget to have trailing / otherwise
# rsync's --delete option won't work
SRC=${SNAPDIR}/
 
# rsync options
OPTIONS="--delete -azvhHSP --numeric-ids --stats"
OPTIONS="$OPTIONS --timeout=60 --delete-excluded"
OPTIONS="$OPTIONS --skip-compress=gz/jpg/mp[34]/7z/bz2/ace/avi/deb/gpg/iso/jpeg/lz/lzma/lzo/mov/ogg/png/rar/CR2/JPG/MOV"
EXCLUSIONS="--exclude lost+found --exclude .thumbnails --exclude .gvfs"
EXCLUSIONS="$EXCLUSIONS --exclude .cache --exclude Cache"
EXCLUSIONS="$EXCLUSIONS --exclude .local/share/Trash"
EXCLUSIONS="$EXCLUSIONS --exclude home/lennart/tmp/Downloads/*.iso"
EXCLUSIONS="$EXCLUSIONS --exclude home/lennart/.recycle"
EXCLUSIONS="$EXCLUSIONS --exclude _dev_dvb_adapter0_Philips_TDA10023_DVB*"
 
 
 
###############################
# The real work
###############################
 
# Create the ZFS snapshot
if [ -d $SNAPDIR ]; then
    # If the directory exists, another backup process may be running
    echo "Directory $SNAPDIR already exists! Is another backup still running?"
    exit -1
else
    # Let's make snapshots
    zfs snapshot $ZFS_POOL/$ZFS_DATASET@$ZFS_SNAPSHOT
fi
 
 
# Do the actual backup
rsync -e 'ssh' $OPTIONS $EXCLUSIONS $SRC $DEST
 
# Remove the ZFS snapshot
if [ -d $SNAPDIR ]; then
    zfs destroy $ZFS_POOL/$ZFS_DATASET@$ZFS_SNAPSHOT
else
    echo "$SNAPDIR does not exist!" 1>&2
    exit 2
fi
 
exit 0

#!/bin/bash # # This script makes a backup of my home dirs to a Synology DiskStation at # another location. I use ZFS for my /home, so I make a snapshot first and # backup from there. # # This script requires that the first command line argument is the # host name of the remote backup server (the Synology NAS). It also # assumes that the location of the backups is the same on each # remote backup server. # # Time-stamp: <2014-10-27 11:35:39 (L.C. Karssen)> # This script it licensed under the GNU GPLv3. set -u if [ ${#} -lt 1 ]; then echo -n "ERROR: Please specify a host name as first command" 1>&2 echo " line option" 1>&2 exit -1 fi ############################### # Some settings ############################### # Options for the remote (Synology) backup destination DESTHOST=$1 DESTUSER=root DESTPATH=/volume1/Backups/ DEST=${DESTUSER}@${DESTHOST}:${DESTPATH} # Options for the client (the data to be backed up) # ZFS options ZFS_POOL=storage ZFS_DATASET=home ZFS_SNAPSHOT=rsync_snapshot SNAPDIR="/home/.zfs/snapshot/$ZFS_SNAPSHOT" # Backup source path. Don't forget to have trailing / otherwise # rsync's --delete option won't work SRC=${SNAPDIR}/ # rsync options OPTIONS="--delete -azvhHSP --numeric-ids --stats" OPTIONS="$OPTIONS --timeout=60 --delete-excluded" OPTIONS="$OPTIONS --skip-compress=gz/jpg/mp[34]/7z/bz2/ace/avi/deb/gpg/iso/jpeg/lz/lzma/lzo/mov/ogg/png/rar/CR2/JPG/MOV" EXCLUSIONS="--exclude lost+found --exclude .thumbnails --exclude .gvfs" EXCLUSIONS="$EXCLUSIONS --exclude .cache --exclude Cache" EXCLUSIONS="$EXCLUSIONS --exclude .local/share/Trash" EXCLUSIONS="$EXCLUSIONS --exclude home/lennart/tmp/Downloads/*.iso" EXCLUSIONS="$EXCLUSIONS --exclude home/lennart/.recycle" EXCLUSIONS="$EXCLUSIONS --exclude _dev_dvb_adapter0_Philips_TDA10023_DVB*" ############################### # The real work ############################### # Create the ZFS snapshot if [ -d $SNAPDIR ]; then # If the directory exists, another backup process may be running echo "Directory $SNAPDIR already exists! Is another backup still running?" exit -1 else # Let's make snapshots zfs snapshot $ZFS_POOL/$ZFS_DATASET@$ZFS_SNAPSHOT fi # Do the actual backup rsync -e 'ssh' $OPTIONS $EXCLUSIONS $SRC $DEST # Remove the ZFS snapshot if [ -d $SNAPDIR ]; then zfs destroy $ZFS_POOL/$ZFS_DATASET@$ZFS_SNAPSHOT else echo "$SNAPDIR does not exist!" 1>&2 exit 2 fi exit 0

Multiple accounts on an SSH server: managing key files

30 October 2014 / LCK / 0 Comments

I’ve got several domains hosted at the same hosting company, and the company provides SSH access for each of them with a different user name, but with the same SSH server address. As I’m using key-based login to the server (see also my post here) I ran into the following problem: How do I set up my SSH config file such that it knows which key to use for which user name?

It turns out that the solution is easy (thanks Kelvin!): if you use the %r variable in the ~/.ssh/config file it contains the user name which you used when logging in. Similarly, the %h contains the host name you used on the command line. So all I needed to do was to create entries like this:

Host ssh.myhoster.com
     IdentityFile ~/.ssh/hosting-%r.key

and make sure that the corresponding key files are named hosting-domain1.key, hosting-domain2.key, etc. and then log in using a command like ssh domain1@ssh.myhoster.com.

SSH with several keys: fix “Too many authentication failures” error

17 September 2014 / LCK / 1 Comment

Yesterday I created an SSH key for a new machine. Today I try to log in to a different machine, one that actually doesn’t use keys, and I got the error mentioned in the title. It turns out SSH offers all available keys by default, so I ran out of login attempts before I noticed it.

The solution is simple: Add

IdentitiesOnly yes

to your ~/.ssh/config file.

A more detailed explanation can be found here.

Enabling external commands in the Nagios web interface

22 August 2014 / LCK / 0 Comments

After an upgrade of one of my Ubuntu server that runs Nagios, I ran into the following error message (again…) when I tried to issue a command from the web interface:

Error: Could not stat() command file â€˜/var/lib/nagios3/rw/nagios.cmdâ€™!

This post by Barry O’Donovan shows very nicely how this problem can/should be fixed in Ubuntu. Much cleaner than chmod/chown-ing the directories myself. Thanks Barry!

Fixing font errors when running qmon on a remote server

11 August 2014 / LCK / 0 Comments

Sun Grid Engine (SGE) is a bath queue system that can be used to distribute computation intensive tasks across one or more servers/CPUs. SGE has a graphical configuration utility called qmon, but when you start it on a remote machine (using SSH), you may end up with errors like this:

Warning: Cannot convert string "-adobe-courier-medium-r-*--14-*-*-*-m-*-*-*" to type FontStruct
Warning: Cannot convert string "-adobe-courier-bold-r-*--14-*-*-*-m-*-*-*" to type FontStruct
Warning: Cannot convert string "-adobe-courier-medium-r-*--12-*-*-*-m-*-*-*" to type FontStruct
X Error of failed request:  BadName (named color or font does not exist)
  Major opcode of failed request:  45 (X_OpenFont)
  Serial number of failed request:  329
  Current serial number in output stream:  340

The warnings are not really a problem, but the error is. It can be solved by running the following on the client (i.e. your local) machine (assuming it runs Debian or Ubuntu):

sudo apt-get install xfonts-75dpi
xset +fp /usr/share/fonts/X11/75dpi
xset fp rehash

Using ‘expect’ to distribute files among users

5 August 2014 / LCK / 0 Comments

I’m currently teaching at the Summmer School in Statistical Omics in Split, Croatia. A great experience!

Because of the computations involved in the project work, we have access to a server. However, since the machine is part of a university cluster, I haven’t been given full root permissions (in fact, I’m only allowed to use sudo to install packages).

Now, the problem I had to solve was that I needed to distribute a certain file (.Renviron) to each student’s home directory. Normally I’d use sudo to do that, but the admin hadn’t allowed me to use cp via sudo. Furtunately, I had a list of user names and passwords for the students (because I had to distribute those), so I thought I’d use su - to change to each student’s account and copy the file, something along the lines of

echo PASSWORD | su -

and then loop over each account. Unfortunately, while testing the script I found out it wouldn’t work since su complained:

su: must be run from a terminal

Then I remembered the expect tool, which executes commands based on what it ‘sees’ on the command line. In this case I wanted it to enter the password at su‘s prompt. This is the expect script I came up with, it accepts two command line arguments, the user name and the password:

#!/usr/bin/expect -f
 
set user [lindex $argv 0]
set pass [lindex $argv 1]
 
spawn su - $user
expect "Password: "
send "$pass\r"
expect "$ "
send "cp -i /common/WORK/school/lennart/.Renviron .\r"
expect "$ "
send "ls -l .Renviron\r"
expect "$ "
send "exit\r"

The script was wrapped in the Bash script that I had already written:

#!/bin/bash
#
# This script is used to copy files from this directory to the
# home directories of the users listed in $USERFILE.
 
USERFILE=accounts.txt
SRCFILE=/common/WORK/school/lennart/.Renviron
 
while read user passw; do
    ./copy_file_to_users.expect $user $passw
done < $USERFILE

Changing the default mode of the Emacs scratch buffer

28 July 2014 / LCK / 0 Comments

After starting Emacs you end up in the *scratch* buffer (assuming you’ve disabled the startup message in your .emacs file). The *scratch* can be used for writing down notes and some Lisp experiments (since it uses the Emacs Lisp major mode by default).

Now, I’m not very much of a Lisp programmer, but I do use Org-mode a lot. Consequently, I found myself changing the buffer’s major mode to org-mode regularly. And Emacs wouldn’t be Emacs if you couldn’t change this to a default. So, thanks to Bozhidar Batsov over at Emacs Redux, I’ve added the following lines to my Emacs configuration file:

;; Set the default mode of the scratch buffer to Org
(setq initial-major-mode 'org-mode)
;; and change the message accordingly
(setq initial-scratch-message "\
# This buffer is for notes you don't want to save. You can use
# org-mode markup (and all Org's goodness) to organise the notes.
# If you want to create a file, visit that file with C-x C-f,
# then enter the text in that file's own buffer.
 
")

Using SSH for WordPress updates via the web interface

24 April 2014 / LCK / 0 Comments

Note to self: if you want to be able to upgrade WordPress via the web interface using SSH, you need to have the libssh2-php package installed on Debian/Ubuntu Linux.

Don’t forget to restart Apache after installing the package. Reload the WordPress admin pages and you’ll see the SSH option added.

Fixing problems after giving your Samba server a new IP address

14 March 2014 / LCK / 1 Comment

While moving my DHCP server to a Raspberry Pi I also changed some of the IPs handed out to my (virtual) servers. This lead to problems when I logged into Windows (which is tied to my Samba domain), Windows complained that my roaming profile wasn’t completely synced and browsing network shares didn’t work, copying from (mounted) network shares didn’t work, etc.

In the Samba log files I noticed some references to the old IP address (192.168.10.23), e.g.:

[2014/03/13 16:22:23,  0] nmbd/nmbd_become_dmb.c:237(become_domain_master_query_success)
  become_domain_master_query_success:
  There is already a domain master browser at IP 192.168.10.23 for workgroup SENW registered on subnet UNICAST_SUBNET.

and

  [2014/03/13 16:20:07,  0] nmbd/nmbd_browsesync.c:248(domain_master_node_status_fail)
  domain_master_node_status_fail:
  Doing a node status request to the domain master browser
  for workgroup SENW at IP 192.168.10.23 failed.
  Cannot sync browser lists.

Even after restarting smbd and nmbd, and checking my smb.conf thoroughly, these kept showing up.

It turns out (thanks a lot Matt Godbolt) that nmbd keeps caches in two files (paths as they are on my Ubuntu 12.04 server):

/var/cache/samba/browse.dat
/var/lib/samba/wins.dat

Simply stop nmbd, delete them, restart nmbd and you’re happy.

Slackware on the Raspberry Pi

14 March 2014 / LCK / 1 Comment

I took some time this week to migrate my DNs and DCHP server from an Ubuntu virtual machine to my Raspberry Pi. I wanted to do this because these two servers are so essential to regular network functioning. Before this change whenever my server was down (for whatever reason) any machine connected to the LAN would stop having a working internet connection. Moreover, since I never got the VM to boot correctly on autostart I had to manually start it every time the server came back up again.
Conclusion: not ideal and pissed of family members ;-).

Since I had my Raspberry Pi lying around and, apart from a few toy projects, hadn’t used it for anything, I decided to use it for this task: low power requirements and hardware that was more than up to the task.

The question was which distribution to use. I could have gone for Raspbian (Debian for the Raspberry Pi), which would have blended well with my otherwise Ubuntu-minded network. However, partly for nostalgic reasons, partly make sure I don’t get too tied to one distribution, I decided to try and install Slackware, the distribution I used for my first steps in Linux Land.

I followed most of the steps from the fatdog.eu tutorial (see link below) to get everything running. It’s a very well written, extensive tutorial. Things where I followed my own judgement/experience were the fact that I didn’t use a USB stick to download the Slackware packages on (I used an NFS share on my server) and the package selection. With a relatively simple selection I now have about 2GB of disk usage.

Only one thing left to migrate to the Pi now: my LDAP server. Unfortunately it’s been several years since I configured OpenLDAP (on Ubuntu) and Slackware doesn’t include the OpenLDAP server by default. So this will be something for a rainy day…