Recettes informatiques


26.02.18

16:59 Permalink Migration from BackupPC 3 (Debian package) to BackupPC 4 (Standalone Installation)

Categories: Systeme, Debian

As Debian v9 does not provide anymore packages for BackupPC, I describes in this post how to migrate a BackupPC v3 (BPC3) installed from Debian packages (Debian v8) to a BackupPC v4 (BPC4) from tarball and to respect most of the Debian file hierarchy.

Define directories to store BackupPC files and configuration files

Shell

ROOT=/usr/local/share/backuppc4
ETC=/etc/backuppc4
LOG=/var/log/backuppc4
RUN=/var/run/backuppc4

Copy configurations files from BPC3 before migration

Shell

cp -/etc/backuppc $ETC
chown backuppc:backuppc -R $ETC

Stop old BPC service

Shell

service backuppc stop

Install BPC 4 files

Shell

perl ./configure.pl --batch \
        --install-dir $ROOT \
        --cgi-dir     $ROOT/cgi-bin \
        --html-dir    $ROOT/image \
        --data-dir /var/lib/backuppc/ \
        --hostname $(hostname) \
        --html-dir-url /backuppc4/image

Modifiy service to access correct configuration file directory

Shell

sed -"s,/etc/BackupPC,$ETC," \
    -"s/var/log/BackupPC/,$LOG," \
    -"s/var/run/BackupPC/,$RUN," $ROOT/lib/BackupPC/Lib.pm

Create web files

Shell

mkdir $ROOT/www/
cd $ROOT/www/; ln -../image .; }
cat $ROOT/www/index.cgi <<EOF
#!/bin/sh
sudo -u backuppc --- $ROOT/cgi-bin/BackupPC_Admin
EOF
chmod a+x $ROOT/www/index.cgi

Give access to CGI file

Shell

cat > /etc/sudoers.d/backuppc4 <<EOF
# User privilege specification
www-data        ALL=(backuppcNOPASSWDSETENV$ROOT/cgi-bin/BackupPC_Admin
EOF
chmog u-s $ROOT/cgi-bin/BackupPC_Admin

Create Apache configuration file

Shell

cat $ETC/apache.conf <<EOF
Alias /backuppc4 $ROOT/www
 
<Directory $ROOT/www>
        Options ExecCGI FollowSymlinks
        AddHandler cgi-script .cgi
        DirectoryIndex index.cgi
 
        AuthType Basic
        AuthUserFile $ETC/htpasswd
        AuthGroupFile $ETC/htgroup
        AuthName "BackupPC Administrative Interface"
        require valid-user
</Directory>
EOF

Create standard directories to run BPC4

Shell

mkdir $LOGchown backuppc:backuppc $LOG
mkdir $RUNchown backuppc:backuppc $RUN

Add Systemd service

Shell

cp systemd/backuppc.service /etc/systemd/system/backuppc4.service
sed -"s,/var/run/BackupPC/,$RUN," /etc/systemd/system/backuppc4.service
systemctl daemon-reload
systemctl enable backuppc4.service
systemctl start backuppc4.service
Send feedback » Permalink

24.03.17

13:19 Permalink Minimal BC for Mingw

Catégories: Bash

Minimal implementation of BC (basic calculator) in bash using perl for math evaluation.

Shell

function bc () {
  ans=0
  while true; do
    read buf || return
    [ "$buf] || continue
    for p in atan sin exp log cos; do
      buf=${buf//${p:0:1}(/$p(}
    done
    ans=$(perl -"sub atan {atan2(\$_[0],1)};
              print 0 + ${buf//^/**}" 2>/dev/null)
    echo $ans
  done
}
Réagir » Permalien

01.07.16

11:45 Permalink Diskless Debian cluster

Categories: Bash, Debian

For Debian 6 and 7, there's an easy way to create a cluster diskless. Isc-dhp-server an atftpd can be used to serve IP addresses, kernel, initrd and a minimal root disk ready to be loaded in memory.

Script /etc/initscript/hooks/tftp

#  -*- shell-script -*-
# Cluster specific mount sequence

mountroot ()
{

    # configure ethernet
    ipconfig -c dhcp eth0
    ipconfig -c dhcp eth1

    mount -t ramfs /dev/ram0 ${rootmnt}

    # download all tarballs
    for f in $(echo ${tarballs} | sed 's/,/ /g'); do
        log_begin_msg "download $f"
        tftp -b 32764 -g -r $f ${tftpserver}
	log_begin_msg "Extract $f into ${rootmnt}"
	log_end_msg
	tar xzf $f -C ${rootmnt} || exec /bin/sh
	rm -f $f
    done

    # remove files predeced by tilde
    for f in $(find ${rootmnt} -name '~*'); do
        o=$(echo $f | sed 's/\/~/\//')
        [ -f $o ] && rm -rf $o $f
    done

    # execute files predeced by plus
    for f in $(find ${rootmnt} -name '+*'); do
        [ -x $f ] && ./$f
        [ -f $f ] && rm -f $f
    done
}

Generate new initrd image:

update-initramfs -u

Create root.tgz tarball script:

#!/bin/bash

PROGNAME=$(basename $0)
TFTP=/srv/tftp
EXCLUDE=/tmp/$PROGNAME-exclude-$$
IMAGE=$TFTP/root.tgz
TMPLOG=/tmp/$PROGNAME-$$.log
VER=2.0

# help function

function usage () {
    echo "usage: $PROGNAME [-h] [-v]"
    echo "   -h: help message"
    echo "   -v: version message"
    exit $@
}

# formating functions

function title () { echo -e "\033[0;1m$*\033[0;0m"; }
function pass () { echo -e "\033[1;32m$*\033[0;0m"; }
function warn () { echo -e "\033[1;33m$*\033[0;0m"; }
function fail () { echo -e "\033[1;31m$*\033[0;0m"; }
# check command

function check () {
    echo -n "$@: "
    { eval $@; } >&$TMPLOG && pass OK || { fail KO; cat $TMPLOG; ERR=yes; }
    rm -f $TMPLOG
    test ! "$TEST" = yes
}

# argument processing

while [ $# -gt 0 ]; do
    case "$1" in
    -h) usage 0;;
    -v) echo "$PROGNAME: version $VER"; exit;;
    *) echo "unknown argument ($1)"; exit 1;;
    esac
    shift
done

# create exclude list
cat - << EOF > $EXCLUDE
backup
boot
dev/*
etc/udev/rules.d/70-persistent-net.rules
home
lost+found
media/*
proc/*
root/*
run/*
srv/*
sys/*
tmp/*
usr/share/doc
usr/share/i18n
usr/share/info
usr/share/locale
usr/share/man
usr/share/zoneinfo
var/backups/*
var/cache/apt/*
var/cache/debconf/*
var/cache/fontconfig/*
var/cache/man/*
var/lib/apt
var/lib/aptitude
var/lib/dpkg
var/lib/samba/*
var/lock/*
var/log/*
var/run/*
EOF
check test -f $EXCLUDE

# checks
[ -f $IMAGE ] && check rm -f $IMAGE
_OLDPWD=$(pwd)
cd /
check tar czf $IMAGE --exclude-from $EXCLUDE .
cd $_OLDPWD

# clean exclude list
check rm -f $EXCLUDE
exit 0

Typical of a slave.tgz tarball:

-rw-r--r-- 1 mazet users 3515 nov.  13  2014 /etc/chrony/chrony.conf
-rw-r--r-- 1 mazet users  164 nov.  13  2014 /etc/default/atftpd
-rw-r--r-- 1 mazet users 1226 nov.  13  2014 /etc/default/hddtemp
-rw-r--r-- 1 mazet users    0 nov.  13  2014 /etc/default/~isc-dhcp-server
-rw-r--r-- 1 mazet users  799 nov.  13  2014 /etc/default/nfs-common
-rw-r--r-- 1 mazet users  551 nov.  13  2014 /etc/default/ntpdate
-rw-r--r-- 1 mazet users  276 nov.  13  2014 /etc/default/samba
-rw-r--r-- 1 mazet users  428 nov.  13  2014 /etc/default/smartmontools
-rw-r--r-- 1 mazet users  722 nov.  13  2014 /etc/default/snmpd
-rw-r--r-- 1 mazet users 1209 nov.  13  2014 /etc/exports
-rw-r--r-- 1 mazet users 1356 juil. 23  2015 /etc/fstab
-rw-r--r-- 1 mazet users   13 nov.  13  2014 /etc/hostname
-rwxr-xr-x 1 mazet users   73 nov.  13  2014 /etc/+hostname
-rw-r--r-- 1 mazet users 1332 nov.  13  2014 /etc/inetd.conf
-rw-r--r-- 1 mazet users 2012 nov.  13  2014 /etc/inittab
-rw-rw-r-- 1 mazet users 1184 avril  4 14:03 /etc/network/interfaces
-rwxrwxr-x 1 mazet users  439 sept. 21  2015 /etc/rc.local
-rw-r--r-- 1 mazet users    0 nov.  13  2014 /etc/resolv.conf
-rw-r--r-- 1 mazet users 2794 nov.  13  2014 /etc/rsyslog.conf
-rwxr-xr-x 1 mazet users   73 nov.  13  2014 /etc/ssmtp/+ssmtp.conf
-rw-r--r-- 1 mazet users  581 nov.  13  2014 /etc/ssmtp/ssmtp.conf
-rw-r--r-- 1 mazet users    0 déc.   4  2014 /home/.empty
-rw-rw-r-- 1 mazet users    0 mars  23 10:10 /-rec
-rw-r--r-- 1 mazet users  728 nov.  13  2014 /root/.bashrc
-rw-r--r-- 1 mazet users  140 nov.  13  2014 /root/.profile
-rw-r--r-- 1 mazet users  780 nov.  13  2014 /root/.screenrc
-rw-r--r-- 1 mazet users  416 nov.  13  2014 /root/.ssh/authorized_keys
-rw------- 1 mazet users 1679 nov.  13  2014 /root/.ssh/id_rsa
-rw-r--r-- 1 mazet users  416 nov.  13  2014 /root/.ssh/id_rsa.pub
-rw-r--r-- 1 mazet users    1 nov.  13  2014 /root/.vimrc
-rw-r--r-- 1 mazet users    0 nov.  13  2014 /usr/sbin/~winbindd
-rw-rw-r-- 1 mazet users    0 févr. 17  2015 /var/media/prod/.empty
-rw-rw-r-- 1 mazet users    0 févr. 17  2015 /var/media/rec/.empty
Send feedback » Permalink

11:20 Permalink Colorize log file

Categories: Awk

Short script to colorize log file.

Shell

#!/usr/bin/awk -f
 
# split glue line
BEGIN {start=":host[0-9][0-9]: "}
"^..*" start {$0=gensub("^(..*)(" start ")""\\1\n\\2""g")}
/^$/ {getline}
 
# colorize line
/TRACE/ {$0="\033[1;34m" $"\033[0;0m"# blue
/DEBUG/ {$0="\033[1;32m" $"\033[0;0m"# green
/INFO/ {}
/WARN/ {$0="\033[1;33m" $"\033[0;0m"# yellow
/ERROR/ {$0="\033[1;31m" $"\033[0;0m"# red
 
{print}
Send feedback » Permalink

26.03.15

23:18 Permalink Generate certificates with (or without) a certificate authority

Categories: Systeme

I use this script to generate certificates authorized by CACert but the script can be used for self-certificates.

#!/bin/bash

use_cacert_org=1

function title () {
    echo -e '\e[1;1m'$*'\e[0m'
}

function valid () {
    echo -n "* $1: "
    shift
    eval $@ >&/dev/null && echo -e '\e[0;32mSUCCESS\e[0m' || \
        { echo -e '\e[0;31mFAILED\e[0m'; exit; }
}

for file; do

    ## Certificat configuration
    [ -f $file ] || { echo "file '$file' not found"; continue; }
    [[ $file =~ \.cnf ]] || \
        { echo "file '$file' not a certificat configuration"; continue; }
    server=${file/.cnf}
    title  "Certificat configuration: $server"

    ## Key generation
    valid "Key generation" \
        openssl genrsa -out $server.key 2048

    ## Protect server key
    valid "Protect server key" \
        chmod o= $server.key

    ## Certificate request
    valid "Certificate request" \
        openssl req -new -nodes -batch \
            -config $server.cnf -key $server.key -out $server.csr

    if [ $use_cacert_org -eq 0 ]; then
            
        ## Certificate generation
        valid "Certificate generation" \
            openssl req -new -x509 -days 365 -nodes -batch \
                -config $server.cnf -key $server.key -out $server.crt
    else

        title "Connect to cacert.org and generate $server.crt from $server.csr."
        title "Certificate request"
        cat $server.csr
        title "Copy/paste it into 'New server certificat form'"
        title "When you get back the certificat, copy/paste it here (Ctrl-D to end)"
        cat > $server.crt

    fi

    # Check certificate
    valid "Check certificate" \
        openssl x509 -in $server.crt -text -out $server.txt

done

And a configuration template babylon.softndesign.org:

[ req ]
distinguished_name      = req_distinguished_name 
prompt                  = no 
string_mask             = nombstr 
x509_extensions         = server_cert 

[ req_distinguished_name ] 
countryName             = FR
stateOrProvinceName     = IdF 
localityName            = Paris 
organizationName        = Soft'n'Design Inc
organizationalUnitName  = Security
commonName              = babylon.softndesign.org
emailAddress            = webmaster@localhost
  
[ server_cert ] 
basicConstraints        = critical, CA:FALSE
subjectKeyIdentifier    = hash 
keyUsage                = digitalSignature, keyEncipherment 
extendedKeyUsage        = serverAuth, clientAuth 
nsCertType              = server 
nsComment               = Babylon Certificate
Send feedback » Permalink

::

Archives

[Contact] [Se connecter] [S'inscrire »] [Admin]


b2