everythin related to my debian systems
I do own three network cards with a RTL 8139 chipset and finally managed to get them work with my installation by simply adding a new file:
/etc/modprobe.d/8139too.config
alias eth1 8139too
alias eth2 8139too
The interface eth0 is reserved for the internal network card of the board.
In order to backup my systems I have choosen rsnapshot because it stores all files as normal files on the hard disk using links between different backup dates to reduce the file size of the complete backup. This enables me to check directly in the file system for old files. Normally I do not restore a complete backup but use to check for specific files only.
To simplify things further on I found a description to use rsync on the client machines and a server certificate, so that no interaction with the client is needed. The server may connect using his certificate and start a local rsync server on the client which handles the backup itself. And now to the steps required to setup the system on the client:
CLIENT
First we need rsync installed:
aptitude install rsync
then we need to create a special backup user:
useradd backupuser -c "Backup" -m -u 4210
Within the home folder of the new user we need to store the server certificate as .ssh/authorized_keys
mkdir .ssh
scp
Now we need a special script which starts the rsync programm on the client listening for incoming requests:
scp
Finally some tweaking for the permissions:
chown backupuser:backupuser
chmod 755
We also need to allow the new user to execute rsync, so we adjust sudo for this by editing /etc/sudoers:
Defaults:backupuser !requiretty
Defaults:backupuser !visiblepw
backupuser ALL:NOPASSWD: /usr/bin/rsync
Thats it!
I also wrote a simple script to show a list of available rsnapshot config files stored on the backup server and start the backup for this script meaning backing up a specific system.
Here are the relevant scripts:
First the wrapper script which simply logs the current date and starts rsync using the command line options from rsnapshot remote config:
#!/bin/sh
/usr/bin/logger "BACKUP: Start backup at `/bin/date` ";
/usr/bin/sudo /usr/bin/rsync "$@";
/usr/bin/logger "BACKUP: Backup finalized at `/bin/date` ";
And here is the console script to start the backup:
#!/bin/sh
#
DIALOG="/usr/bin/dialog"
RSNAPSHOT="/usr/bin/rsnapshot"
CONFIGDIR="
BACKUPDIR="
CONFIGFILES=""
##### Check if Backupdisk is connected and correctly mounted ################
check_for_backup_dir() {
if [ ! -e $BACKUPDIR/ps2 ]
then
if [ $# -ne 0 ]
then
$DIALOG --clear --title "rsnapshot config" --msgbox "The backup disk is not connected to the machine!" 10 52
else
echo "The backup disk is not connected to the machine!"
fi
exit
fi
}
##### main ######
# choose dialog interface or command line parameter
if [ $# -ne 0 ]
then
if [ $# -gt 1 ]
then
echo "Usage: backup.sh or backup.sh
echo " too many arguments on command line"
exit
fi
check_for_backup_dir
# command parameter available so no dialog interface used
if [ ! -e $CONFIGDIR/$1 ]
then
echo "No config file for system $1"
exit
else
COMMAND="$RSNAPSHOT -q -c $CONFIGDIR/$1 weekly"
$COMMAND
fi
else
check_for_backup_dir dialog
# no parameter available on command line so using dialog for choosing configuration
for file in $CONFIGDIR/*
do # create one variable including all available configs
CONFIGFILES="$CONFIGFILES $file ! "
done
TEMPFILE=`tempfile 2>/dev/null` || TEMPFILE=/tmp/test$$
trap "rm -f $TEMPFILE" 0 1 2 5 15
$DIALOG --clear --title "rsnapshot config" --menu "Choose rsnapshot configuration:" 18 50 10 $CONFIGFILES 2> $TEMPFILE
RUECKGABE=$?
case $RUECKGABE in
0)
AUSWAHL=`cat $TEMPFILE`
COMMAND="$RSNAPSHOT -q -c $AUSWAHL weekly" ### execute backup command
$COMMAND
;;
1)
echo "Backup canceled!"
;;
255)
echo "ESC pressed!"
;;
esac
trap "rm -f $TEMPFILE" 0 1 2 5 15
fi
# clean up and exit after all work is done
exit
The rsnapshot config files always look like the original ones delivered with rsnapshot except for the ssh section which starts the remote wrapper script shown above:
#################################################
# rsnapshot.conf - rsnapshot configuration file #
#################################################
# #
# PLEASE BE AWARE OF THE FOLLOWING RULES: #
# #
# This file requires tabs between elements #
# #
# Directories require a trailing slash: #
# right: /home/ #
# wrong: /home #
# #
#################################################
#
#######################
# CONFIG FILE VERSION #
#######################
config_version 1.2
###########################
# SNAPSHOT ROOT DIRECTORY #
###########################
# All snapshots will be stored under this root directory. # If no_create_root is enabled, rsnapshot will not automatically create the ################################# # LINUX USERS: Be sure to uncomment "cmd_cp". This gives you extra features. # uncomment this to use the rm program instead of the built-in perl routine. # rsync must be enabled for anything to work. # Uncomment this to enable remote ssh backups over rsync. # Comment this out to disable syslog support. # Uncomment this to specify a path to "du" for disk usage checks. ######################################### # The interval names (hourly, daily, ...) are just names and have no influence interval weekly 5 ############################################ # If your version of rsync supports --link-dest, consider enable this. # Verbose level, 1 through 5. # Same as "verbose" above, but controls the amount of data sent to the # If you enable this, data will be written to the file you specify. The # The include and exclude parameters, if enabled, simply get passed directly exclude /dev # The include_file and exclude_file parameters, if enabled, simply get # Default rsync args. All rsync commands have at least these options set. # ssh has no args passed by default, but you can specify some here. # Default arguments for the "du" program (for disk space reporting). # If this is enabled, rsync won't span filesystem partitions within a # If enabled, rsnapshot will write a lockfile to prevent two instances ############################### # LOCALHOST SERVER The a dedicated user is required which I will call backupserver: For this user we need to create a certificate for ssh: Follow the instructions and do not give a password because we would need to showup this password all the times taking a backup. I also add the following to /etc/screenrc which gives me a normal bash in debian when using screen: Just for my own insufficiency: Use the correct ownership and rights for the backup folder in order to allow the backupserver user to write the backup in the folder and always use this user when performing backups. Do not use the root user for that because it will destroy the rights structure in the backup folder and does not function with the certificate created earlier.
snapshot_root
# snapshot_root directory. This is particularly useful if you are backing
# up to removable media, such as a FireWire drive.
#
no_create_root 1
# EXTERNAL PROGRAM DEPENDENCIES #
#################################
# EVERYONE ELSE: Leave "cmd_cp" commented out for compatibility.
#
# See the README file or the man page for more details.
#
cmd_cp /bin/cp
cmd_rm /bin/rm
cmd_rsync /usr/bin/rsync
cmd_ssh /usr/bin/ssh
cmd_logger /usr/bin/logger
cmd_du /usr/bin/du
# BACKUP INTERVALS #
# Must be unique and in ascending order #
# i.e. hourly, daily, weekly, etc. #
#########################################
# on the length of the interval. The numbers set the number of snapshots to
# keep for each interval (hourly.0, hourly.1, ...).
# The length of the interval is set by the time between two executions of
# rsnapshot
# Feel free to adapt the names, and the sample cron file under /etc/cron.d/rsnapshot
# to your needs. The only requirement is that the intervals must be listed
# in ascending order. To activate just uncomment the entries.
# GLOBAL OPTIONS #
# All are optional, with sensible defaults #
############################################
# This is the best way to support special files (FIFOs, etc) cross-platform.
# The default is 0 (off).
# In Debian GNU cp is available which is superior to link_dest, so it should be
# commented out (disabled).
#
#link_dest 0
# 1 Quiet Print fatal errors only
# 2 Default Print errors and warnings only
# 3 Verbose Show equivalent shell commands being executed
# 4 Extra Verbose Show extra verbose information
# 5 Debug mode More than you care to know
#
verbose 2
# logfile, if one is being used. The default is 3.
loglevel 3
# amount of data written is controlled by the "loglevel" parameter.
logfile
# to rsync. If you have multiple include/exclude patterns, put each one on a
# seperate line. Please look up the --include and --exclude options in the
# rsync man page for more details.
#
exclude /lost+found
exclude /media
exclude /mnt
exclude /proc
exclude /run
exclude /sys
exclude /tmp
# passed directly to rsync. Please look up the --include-from and
# --exclude-from options in the rsync man page for more details.
#
#include_file /path/to/include/file
#exclude_file /path/to/exclude/file
#
rsync_long_args -v --numeric-ids --relative -ev --rsync-path=/home/backupuser/rsync-wrapper.sh
#
ssh_args -i
# The GNU version of "du" is preferred. See the man page for more details.
#
du_args -csh
# backup point. This essentially passes the -x option to rsync.
# The default is 0 (off).
#
#one_fs 0
# from running simultaneously (and messing up the snapshot_root).
# If you enable this, make sure the lockfile directory is not world
# writable. Otherwise anyone can prevent the program from running.
#
lockfile /path-to-pid-file
### BACKUP POINTS / SCRIPTS ###
###############################
backup
We have already seen the backup script that I use to keep an overview on all my systems and choosing a specific system to backup. For this to run of course we need rsnapshot, rsync and dialog.aptitude install rsync rsnapshot dialoguseradd backupserver -c "Backup user on server" -m ssh-keygen
Now we are able to spread the public part of the certificate to all client machines and we are done.
Finally I installed screen and used that as the default shell for the backupserver user in order to close – detache – the current connection to my headless backup server while the backup is running in back.aptitude install screenshell /bin/bash
To use one of my servers as a development platform I have choosen VNC through a SSH tunnel to access a graphical user interface. The GUI is necessary in order to play around with eclipse and android development and VNC is used as it should reduce the network traffic to its bare minimum keeping my slow internet connection available for other services as well.
I will start with vnc4server as it seems to be available in the standard debian repos, so a:
aptitude install vnc4server
should do the trick. To get a display to connect to the next step is:
vnc4server -geometry 1024x768 -depth 24
which will create the display with the specified geometry. You will be prompted for a password afterwards which will be used for the remote connection. To get the new server running just type:
vnc4server
and thats it. The server will be stopped by:
vnc4server -kill :1
The corresponding viewer part will be installed by:
aptitude install xvnc4viewer
and you will be able to access the server by issuing:
xvnc4viewer
To have a graphical UI available I start with xfce on the remote machine in the first step to see if it suffices.
On the server side the desktop will be started by including the following command in /etc/vnc/xstartup:
startxfce4
whereas on the client side you should issue the following commend once you are connected to the server through a vnc client viewer:
xfdesktop
To enable remote printing on a print server first setup the server with the correct printer drivers. In my case I had to install foo2zjs package in order to get my printer running. My network printer was than configured using the cups webinterface as socket://:9100 which is quiet specific for my HP printer.
The remote printing must be configured using the following entries in cupsd.conf:
Listen ip of printserver:631
BrowseOrder Deny,Allow
BrowseAllow From local net/255.255.255.0
Order deny,allow
Deny From All
Allow From localnet /255.255.255.0
on the client side please add the following directive to cupsd.conf:
BrowsePoll ip of printserver :631
In newer versions of cups the directive must be placed in cups-browsed.conf. The directive itself remains the same.
Do not forget to start both servers in order to get the new directives working. On the client machine the remote printers should be available in the webinterface as newly added printers ready for jobs.
In newer versions do not forget to restart the cups-browsed service also.
Here is a config for apache to enable reverse proxy access to a pyload webinterface I found on the net:
ServerSignature off
RedirectMatch ^/(.*)$ https://pyload…/$1
Options FollowSymLinks
AllowOverride None
ErrorLog /var/log/apache/pyload_error.log
LogLevel emerg
CustomLog /var/log/apache/pyload_error.log combined
After the installation of anyterm on my sheeva I am now working on the integration of One Time Passwords to enable fullaccess to my network even from a compromised workstation in an internet cafe.
I decided to go with OPIE – One-time Passwords In Everything which is using the S/KEY system (http://www.inner.net/opie). The installation is as easy as:
aptitude install opie-server opie-client
after that the pam module for SSH must be adjusted:
/etc/pam.d/sshd
auth sufficient pam_unix.so auth sufficient pam_opie.so auth required pam_deny.so
must be in whereas:
@include common-auth
must be out.
Initialisation is done via:
opiepasswd -c
which gives you back the first password and seed. You need to give a passphrase for the actual account before the command completes.
With the command opiekey the sequence number and the passphrase you can also get the apropriate password or with the option -n <number> a list of usable
passwords for printing.
I recently installed the stock nvidia graphics driver on my debian lenny machine by using the nvidia original driver from their support page. Just installing the kernel sources and the driver shell script and executing it lead me to a running nvidia dual head system.
http://wiki.debian.org/NvidiaGraphicsDrivers