Pages: 1 3 4 5 6

26.02.18

  04:59:00 pm, by mazet   , 227 words  
Categories: Systeme, Debian

Migration from BackupPC 3 (Debian package) to BackupPC 4 (Standalone Installation)

As Debian v9 does not provide anymore packages for BackupPC, I describes in this post how to migrate a BackupPC v3 (BPC3) installed from Debian packages (Debian v8) to a BackupPC v4 (BPC4) from tarball and to respect most of the Debian file hierarchy.

Define directories to store BackupPC files and configuration files

Shell

ROOT=/usr/local/share/backuppc4
ETC=/etc/backuppc4
LOG=/var/log/backuppc4
RUN=/var/run/backuppc4

Copy configurations files from BPC3 before migration

Shell

cp -/etc/backuppc $ETC
chown backuppc:backuppc -R $ETC

Stop old BPC service

Shell

service backuppc stop

Install BPC 4 files

Shell

perl ./configure.pl --batch \
        --install-dir $ROOT \
        --cgi-dir     $ROOT/cgi-bin \
        --html-dir    $ROOT/image \
        --data-dir /var/lib/backuppc/ \
        --hostname $(hostname) \
        --html-dir-url /backuppc4/image

Modifiy service to access correct configuration file directory

Shell

sed -"s,/etc/BackupPC,$ETC," \
    -"s/var/log/BackupPC/,$LOG," \
    -"s/var/run/BackupPC/,$RUN," $ROOT/lib/BackupPC/Lib.pm

Create web files

Shell

mkdir $ROOT/www/
cd $ROOT/www/; ln -../image .; }
cat $ROOT/www/index.cgi <<EOF
#!/bin/sh
sudo -u backuppc --- $ROOT/cgi-bin/BackupPC_Admin
EOF
chmod a+x $ROOT/www/index.cgi

Give access to CGI file

Shell

cat > /etc/sudoers.d/backuppc4 <<EOF
# User privilege specification
www-data        ALL=(backuppcNOPASSWDSETENV$ROOT/cgi-bin/BackupPC_Admin
EOF
chmog u-s $ROOT/cgi-bin/BackupPC_Admin

Create Apache configuration file

Shell

cat $ETC/apache.conf <<EOF
Alias /backuppc4 $ROOT/www
 
<Directory $ROOT/www>
        Options ExecCGI FollowSymlinks
        AddHandler cgi-script .cgi
        DirectoryIndex index.cgi
 
        AuthType Basic
        AuthUserFile $ETC/htpasswd
        AuthGroupFile $ETC/htgroup
        AuthName "BackupPC Administrative Interface"
        require valid-user
</Directory>
EOF

Create standard directories to run BPC4

Shell

mkdir $LOGchown backuppc:backuppc $LOG
mkdir $RUNchown backuppc:backuppc $RUN

Add Systemd service

Shell

cp systemd/backuppc.service /etc/systemd/system/backuppc4.service
sed -"s,/var/run/BackupPC/,$RUN," /etc/systemd/system/backuppc4.service
systemctl daemon-reload
systemctl enable backuppc4.service
systemctl start backuppc4.service

24.03.17

  13:19:00, par mazet   , 46 mots  
Catégories: Bash

Minimal BC for Mingw

Minimal implementation of BC (basic calculator) in bash using perl for math evaluation.

Shell

function bc () {
  ans=0
  while true; do
    read buf || return
    [ "$buf] || continue
    for p in atan sin exp log cos; do
      buf=${buf//${p:0:1}(/$p(}
    done
    ans=$(perl -"sub atan {atan2(\$_[0],1)};
              print 0 + ${buf//^/**}" 2>/dev/null)
    echo $ans
  done
}

01.07.16

  11:45:00 am, by mazet   , 484 words  
Categories: Bash, Debian

Diskless Debian cluster

For Debian 6 and 7, there's an easy way to create a cluster diskless. Isc-dhp-server an atftpd can be used to serve IP addresses, kernel, initrd and a minimal root disk ready to be loaded in memory.

Script /etc/initscript/hooks/tftp

#  -*- shell-script -*-
# Cluster specific mount sequence


mountroot ()

{


    # configure ethernet
    ipconfig -c dhcp eth0

    ipconfig -c dhcp eth1


    mount -t ramfs /dev/ram0 ${rootmnt}


    # download all tarballs
    for f in $(echo ${tarballs} | sed 's/,/ /g'); do

        log_begin_msg "download $f"
        tftp -b 32764 -g -r $f ${tftpserver}

        log_begin_msg "Extract $f into ${rootmnt}"
        log_end_msg

        tar xzf $f -C ${rootmnt} || exec /bin/sh
        rm -f $f

    done


    # remove files predeced by tilde
    for f in $(find ${rootmnt} -name '~*'); do

        o=$(echo $f | sed 's/\/~/\//')
        [ -f $o ] && rm -rf $o $f

    done


    # execute files predeced by plus
    for f in $(find ${rootmnt} -name '+*'); do

        [ -x $f ] && ./$f
        [ -f $f ] && rm -f $f

    done

}

Generate new initrd image:

update-initramfs -u

Create root.tgz tarball script:

#!/bin/bash


PROGNAME=$(basename $0)
TFTP=/srv/tftp

EXCLUDE=/tmp/$PROGNAME-exclude-$$
IMAGE=$TFTP/root.tgz

TMPLOG=/tmp/$PROGNAME-$$.log
VER=2.0


# help function


function usage () {

    echo "usage: $PROGNAME [-h] [-v]"
    echo "   -h: help message"

    echo "   -v: version message"
    exit $@

}


# formating functions


function title () { echo -e "\033[0;1m$*\033[0;0m"; }
function pass () { echo -e "\033[1;32m$*\033[0;0m"; }

function warn () { echo -e "\033[1;33m$*\033[0;0m"; }
function fail () { echo -e "\033[1;31m$*\033[0;0m"; }

# check command


function check () {
    echo -n "$@: "

    { eval $@; } >&$TMPLOG && pass OK || { fail KO; cat $TMPLOG; ERR=yes; }
    rm -f $TMPLOG

    test ! "$TEST" = yes
}


# argument processing


while [ $# -gt 0 ]; do

    case "$1" in
    -h) usage 0;;

    -v) echo "$PROGNAME: version $VER"; exit;;
    *) echo "unknown argument ($1)"; exit 1;;

    esac
    shift

done


# create exclude list
cat - << EOF > $EXCLUDE

backup
boot

dev/*
etc/udev/rules.d/70-persistent-net.rules

home
lost+found

media/*
proc/*

root/*
run/*

srv/*
sys/*

tmp/*
usr/share/doc

usr/share/i18n
usr/share/info

usr/share/locale
usr/share/man

usr/share/zoneinfo
var/backups/*

var/cache/apt/*
var/cache/debconf/*

var/cache/fontconfig/*
var/cache/man/*

var/lib/apt
var/lib/aptitude

var/lib/dpkg
var/lib/samba/*

var/lock/*
var/log/*

var/run/*
EOF

check test -f $EXCLUDE


# checks
[ -f $IMAGE ] && check rm -f $IMAGE

_OLDPWD=$(pwd)
cd /

check tar czf $IMAGE --exclude-from $EXCLUDE .
cd $_OLDPWD


# clean exclude list

check rm -f $EXCLUDE

exit 0

Typical of a slave.tgz tarball:

-rw-r--r-- 1 mazet users 3515 nov.  13  2014 /etc/chrony/chrony.conf
-rw-r--r-- 1 mazet users  164 nov.  13  2014 /etc/default/atftpd
-rw-r--r-- 1 mazet users 1226 nov.  13  2014 /etc/default/hddtemp
-rw-r--r-- 1 mazet users    0 nov.  13  2014 /etc/default/~isc-dhcp-server
-rw-r--r-- 1 mazet users  799 nov.  13  2014 /etc/default/nfs-common
-rw-r--r-- 1 mazet users  551 nov.  13  2014 /etc/default/ntpdate
-rw-r--r-- 1 mazet users  276 nov.  13  2014 /etc/default/samba
-rw-r--r-- 1 mazet users  428 nov.  13  2014 /etc/default/smartmontools
-rw-r--r-- 1 mazet users  722 nov.  13  2014 /etc/default/snmpd
-rw-r--r-- 1 mazet users 1209 nov.  13  2014 /etc/exports
-rw-r--r-- 1 mazet users 1356 juil. 23  2015 /etc/fstab
-rw-r--r-- 1 mazet users   13 nov.  13  2014 /etc/hostname
-rwxr-xr-x 1 mazet users   73 nov.  13  2014 /etc/+hostname
-rw-r--r-- 1 mazet users 1332 nov.  13  2014 /etc/inetd.conf
-rw-r--r-- 1 mazet users 2012 nov.  13  2014 /etc/inittab
-rw-rw-r-- 1 mazet users 1184 avril  4 14:03 /etc/network/interfaces
-rwxrwxr-x 1 mazet users  439 sept. 21  2015 /etc/rc.local
-rw-r--r-- 1 mazet users    0 nov.  13  2014 /etc/resolv.conf
-rw-r--r-- 1 mazet users 2794 nov.  13  2014 /etc/rsyslog.conf
-rwxr-xr-x 1 mazet users   73 nov.  13  2014 /etc/ssmtp/+ssmtp.conf
-rw-r--r-- 1 mazet users  581 nov.  13  2014 /etc/ssmtp/ssmtp.conf
-rw-r--r-- 1 mazet users    0 déc.   4  2014 /home/.empty
-rw-rw-r-- 1 mazet users    0 mars  23 10:10 /-rec
-rw-r--r-- 1 mazet users  728 nov.  13  2014 /root/.bashrc
-rw-r--r-- 1 mazet users  140 nov.  13  2014 /root/.profile
-rw-r--r-- 1 mazet users  780 nov.  13  2014 /root/.screenrc
-rw-r--r-- 1 mazet users  416 nov.  13  2014 /root/.ssh/authorized_keys
-rw------- 1 mazet users 1679 nov.  13  2014 /root/.ssh/id_rsa
-rw-r--r-- 1 mazet users  416 nov.  13  2014 /root/.ssh/id_rsa.pub
-rw-r--r-- 1 mazet users    1 nov.  13  2014 /root/.vimrc
-rw-r--r-- 1 mazet users    0 nov.  13  2014 /usr/sbin/~winbindd
-rw-rw-r-- 1 mazet users    0 févr. 17  2015 /var/media/prod/.empty
-rw-rw-r-- 1 mazet users    0 févr. 17  2015 /var/media/rec/.empty
  11:20:00 am, by mazet   , 39 words  
Categories: Awk

Colorize log file

Short script to colorize log file.

#!/usr/bin/awk -f


# split glue line
BEGIN {start=":host[0-9][0-9]: "}

"^..*" start {$0=gensub("^(..*)(" start ")", "\\1\n\\2", "g")}
/^$/ {getline}


# colorize line

/TRACE/ {$0="\033[1;34m" $0 "\033[0;0m"} # blue
/DEBUG/ {$0="\033[1;32m" $0 "\033[0;0m"} # green

/INFO/ {}
/WARN/ {$0="\033[1;33m" $0 "\033[0;0m"} # yellow

/ERROR/ {$0="\033[1;31m" $0 "\033[0;0m"} # red


{print}

26.03.15

  11:18:00 pm, by mazet   , 224 words  
Categories: Systeme

Generate certificates with (or without) a certificate authority

I use this script to generate certificates authorized by CACert but the script can be used for self-certificates.

#!/bin/bash


use_cacert_org=1


function title () {
    echo -e '\e[1;1m'$*'\e[0m'

}


function valid () {
    echo -n "* $1: "

    shift
    eval $@ >&/dev/null && echo -e '\e[0;32mSUCCESS\e[0m' || \

        { echo -e '\e[0;31mFAILED\e[0m'; exit; }
}


for file; do


    ## Certificat configuration

    [ -f $file ] || { echo "file '$file' not found"; continue; }
    [[ $file =~ \.cnf ]] || \

        { echo "file '$file' not a certificat configuration"; continue; }
    server=${file/.cnf}

    title  "Certificat configuration: $server"


    ## Key generation
    valid "Key generation" \

        openssl genrsa -out $server.key 2048


    ## Protect server key
    valid "Protect server key" \

        chmod o= $server.key


    ## Certificate request
    valid "Certificate request" \

        openssl req -new -nodes -batch \
            -config $server.cnf -key $server.key -out $server.csr


    if [ $use_cacert_org -eq 0 ]; then

           
        ## Certificate generation

        valid "Certificate generation" \
            openssl req -new -x509 -days 365 -nodes -batch \

                -config $server.cnf -key $server.key -out $server.crt
    else


        title "Connect to cacert.org and generate $server.crt from $server.csr."

        title "Certificate request"
        cat $server.csr

        title "Copy/paste it into 'New server certificat form'"
        title "When you get back the certificat, copy/paste it here (Ctrl-D to end)"

        cat > $server.crt


    fi


    # Check certificate
    valid "Check certificate" \

        openssl x509 -in $server.crt -text -out $server.txt


done

And a configuration template babylon.softndesign.org:

[ req ]
distinguished_name      = req_distinguished_name

prompt                  = no
string_mask             = nombstr

x509_extensions         = server_cert


[ req_distinguished_name ]
countryName             = FR

stateOrProvinceName     = IdF
localityName            = Paris

organizationName        = Soft'n'Design Inc
organizationalUnitName  = Security

commonName              = babylon.softndesign.org
emailAddress            = webmaster@localhost

 
[ server_cert ]

basicConstraints        = critical, CA:FALSE
subjectKeyIdentifier    = hash

keyUsage                = digitalSignature, keyEncipherment
extendedKeyUsage        = serverAuth, clientAuth

nsCertType              = server

nsComment               = Babylon Certificate

1 3 4 5 6