Re: [CentOS] backup question

2008-06-23 Thread Theo Band [GreenPeak] 

Gergely Buday wrote:

Dear CentOs users,

I have a centos server with nothing important at the moment, but I
would like to install some web-based project management tool (trac for
the curious) that would contain important data. And, as my network is
growing the configuration of the server is becoming complex. I would
like to have a proper backup so that I can restore the whole system
easily, should any problem occur. What do you recommend?

I'm not an expert on this, so my first idea is that I could do a per
application backup and create a tar file of the /etc. The latter
especially could be too naive. And, a push-the-button method that
handles all in once, not depending on the app number would be much
better.

Another thing: how I could do this to be safe across a centos upgrade?

  

I use dump (and restore). It works nice for ext3 file systems.
First you do a full dump (level 0) then you do an incremental dump (1 or 
higher):


dumplevel=0
or for incremental
dumplevel=1

# To use ssh to connect to the remote host
export RSH=ssh

# then dump
dump -${dumplevel} -u -z -f remote_host:/sda1_dump /dev/sda1

You have to fill in your device and filename of course

See man dump/restore

Cheers,
Theo

--
GreenPeak Technologies

Phone :  +31 30 711 5622 Catharijnesingel 30
Fax   :  +31 30 262 1159 3511 GB Utrecht
E-mail:  [EMAIL PROTECTED] The Netherlands
Skype :  Theo.Band-greenpeakhttp://www.greenpeak.com

CONFIDENTIALITY: this message, including possible attachment(s),
constitutes confidential GreenPeak information, intended for the use of
above named addressee(s) only; any other use or disclosure to anyone
other than addressee(s), is prohibited. Chamber of Commerce
NL-3210.56.42.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mdadm on reboot

2008-06-16 Thread Theo Band [GreenPeak] 

drew einhorn wrote:

Hi,

I'm in the process of trying mdadm for the first time

I've been trying stuff out of tutorials, etc.

At this point I know how to create stripes, and mirrors.

My stripe is automatically restarting on reboot,
but the degraded mirror isn't.

Did you create  /etc/mdadm.conf ?

echo DEVICE /dev/sd*  /etc/mdadm.conf
mdadm --brief --examine /dev/sd*  /etc/mdadm.conf

Check the raid with
cat /proc/mdstat

It tells you which devices are part of the array.

Finally put the raid flag on the partitions. I'm not sure whether it's 
really needed, I just do it:

parted /dev/sda
set 1 raid
set 2 raid
print
1  0.031101.975  primary   ext3boot, raid
2101.975 194474.355  primary   raid
quit

Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to move my MBR

2008-05-23 Thread Theo Band [GreenPeak] 

Scott Moseman wrote:

I removed an ATA drive (/home) for a new SATA and my system would not
boot.  I'm guessing that it put the MBR on that drive instead of the
drive that holds the / partition.  What's the best way confirm where
the MBR resides and, after I verify that's my problem, how I can move
(or make a copy) onto a different drive?
  
The BIOS determines which disk (the first) will be chosen to boot from. 
Sometimes hitting F12 or some other key gives you a menu to choose from. 
I have seen occasions were the bios was confused on what the default 
first disk was. Removing the last disk, booting, adding the disk would 
than help.


To make a plain bootsector copy:
dd if=/dev/sda of=/dev/sdb bs=512 count=1

But that the fist step of the boot loader. Next it will try to load the 
grub menu etc. from some disk (need not be the same disk, but mostly 
this disk contains a small (100MB) partition that holds these files and 
the kernel and ramdisk images. After boot this partition is normally 
mounted under /boot (for easy maintenance). So just copying the boot 
sector gives you only a grub prompt and then it stops.


So try boot with a rescues disk (or LiveCD) so that you can study your 
disks.


To install grub after booting from a resuce CD, you can use:

grub
root (hd0,1)   # press tab for command completion
setup (hd0)


With all these examples you need to verify of course which 
disks/partition (sda/sdb etc) you need to choose.
One way to search is to enter grub and use the find command with command 
completion:


Probing devices to guess BIOS drives. This may take a long time.
   GNU GRUB  version 0.95  (640K lower / 3072K upper memory)

[ Minimal BASH-like line editing is supported.  For the first word, TAB
  lists possible command completions.  Anywhere else TAB lists the possible
  completions of a device/filename.]

grub find (hdTAB
Possible disks are:  hd0 hd1 hd2 hd3

grub find (hd0,(TAB
Possible partitions are:
  Partition num: 0,  Filesystem type is ext2fs, partition type 0x83
  Partition num: 1,  Filesystem type unknown, partition type 0xfd

grub find (hd0,0)/TAB
Possible files are: lost+found vmlinuz-2.6.21-1.3194.fc7 grub 
System.map-2.6.21-1.3194.fc7 config-2.6.21-1
.3194.fc7 initrd-2.6.21-1.3194.fc7.img config-2.6.9-55.0.6.ELsmp 
initrd-2.6.9-55.0.6.ELsmp.img System.map-2
.6.9-55.0.6.ELsmp vmlinuz-2.6.9-55.0.6.ELsmp 
initrd-2.6.9-55.0.6.ELsmp.img_vg_new initrd-2.6.9-55.0.6.ELsmp

.img_noraid

grub find (hd0,0)/


Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] NFS subdirectory on client is out of sync

2008-05-14 Thread Theo Band [GreenPeak] 
Today a user asked me whether a file on one host can be different on 
another host. I was busy composing an answer to tell that the /home 
space on all clients are mounted using NFS from the file server. Any 
host will therefor see the same file. The user pointed me to his file 
and I copied this file from the client and compared this with the file 
on the file server. To my surprise it turned out that he was right, the 
files were different. I created a new file in this directory and it was 
not created on the file server. I renamed the file, and that was only 
seen on this single client. How can this happen?


My setup
file server (arend)
CentOS release 4.6
# grep /home /etc/exports
/home*(rw,sync,no_subtree_check)

On the clients (also CentOS release 4.6) I mount /home with these options:
arend:/home /homenfs 
proto=tcp,nfsvers=3,bg,defaults0 0


To debug I created (su stbo) on the client small test files (touch test) 
in each directory all the way to the user /home dir. It turns out that 
one subdirectory and everything below was not synchronized to the 
server. I could create files, move them, but it was just as if I was 
working on a local disk. Other users did not experience any problem on 
this machine so it was only one sub-directory (and everything below).


I checked the syslog both on the client and on the server, but no 
messages of interest.



[EMAIL PROTECTED] ~]# stat 
/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd

 File: `/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd'
 Size: 53214   Blocks: 112IO Block: 4096   regular file
Device: fd01h/64769dInode: 6614395 Links: 1
Access: (0664/-rw-rw-r--)  Uid: (  635/stbo)   Gid: (  635/stbo)
Access: 2008-05-14 12:46:34.0 +0200
Modify: 2008-05-14 10:08:07.0 +0200
Change: 2008-05-14 10:08:07.0 +0200

I renamed the filename on the client and did stat there as well. The 
modify time shows this file is indeed older as the user mentioned.
[EMAIL PROTECTED] /root]$stat 
/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd_theo_test
 File: 
`/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd_theo_test'

 Size: 53214   Blocks: 112IO Block: 32768  regular file
Device: 14h/20d Inode: 6583089 Links: 1
Access: (0664/-rw-rw-r--)  Uid: (  635/stbo)   Gid: (  635/stbo)
Access: 2008-05-14 12:47:07.0 +0200
Modify: 2008-04-09 13:09:23.0 +0200
Change: 2008-05-14 12:24:24.0 +0200

After rebooting everything is normal again:
[EMAIL PROTECTED] ~]# stat 
/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd

 File: `/home/stbo/workarea/toekan/design/dig/vhdl/fpga/fpga_top.vhd'
 Size: 53214   Blocks: 112IO Block: 32768  regular file
Device: 14h/20d Inode: 6614395 Links: 1
Access: (0664/-rw-rw-r--)  Uid: (  635/stbo)   Gid: (  635/stbo)
Access: 2008-05-14 12:46:34.0 +0200
Modify: 2008-05-14 10:08:07.0 +0200
Change: 2008-05-14 10:08:07.0 +0200


Any clue what could have gone wrong? Since I trust on a working NFS, I 
like to understand what could have gone wrong. Any suggestions are welcome.



Thanks,
Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Securing SSH

2008-03-25 Thread Theo Band [GreenPeak] 

Tim Alberts wrote:
So I setup ssh on a server so I could do some work from home and I 
think the second I opened it every sorry monkey from around the world 
has been trying every account name imaginable to get into the system.


What's a good way to deal with this?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


You could consider to disallow password access.
Use only public key authentication. The attacks will remain, but can 
never succeed. (The scripts are not smart so they keep trying for hours 
sometimes)


sshd_config:
PasswordAuthentication no

Now create a public/private ssh keypair and put the public key in 
~/.ssh/authorized_keys on the remote machine.


# local machine*
ssh-keygen -t dsa*

*scp** ~/.ssh/id_dsa.pub  remote_host:.ssh/authorized_keys

*# remote host*
**chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
*

To be really save, only allow access from a limited number of IP addresses:

**

cat ~/.ssh/authorized_keys
from=123.345.133.123,home.com,work.com ssh-dss 
B3NzaC1kc3MAsnipAqNY= [EMAIL PROTECTED]


Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dump on remote filesystems?

2008-01-29 Thread Theo Band [GreenPeak] 

Scott Ehrlich wrote:
I have a couple C5 systems I want to back up.  My plan is to, one way 
or another, back them up to a C5 machine in my office.  I have samba 
installed on the systems to back up, the machines are mounted on the 
system in my office, and a tape library hanging of the system in my 
office.


I was hoping to perform a simple /sbin/dump of the remote systems.  I 
put together a script for another successful backup I have going on a 
system with local filesystems.  But for remote filesystems, I get 
errors of File Cannot Be Accessed (//remote_system/subdir) which does 
exist as an smb mounted filesystem.


I'd use NFS, but I would like a bit more control and some level of 
encryption for the user authentication and data being transferred.


If a direct dump of remote smb filesystems isn't possible, I may opt 
to have each system perform their own local dumps, then run a script 
locally on the tape-connected machine to dump those local dumps, or 
copy the dumps locally then dump them to tape.


If nothing else works, I can always install Windows XP and use Windows 
backup program, but I'd really like to try and get this going under 
Linux before going that route.


Thanks for insights.

Scott
What you could do is to dump from the remote machine to the main backup 
machine. For this to work I work with ssh keys (no password needed).
The example assumes the backup is started from the remote host. But in 
principle it can also be initiated from the backup server using ssh.


SRC_SERVER=this_hostname
BAK_SERVER=backup_server
DATE=$(date +%Y%m%d)
dumplevel=0
export RSH=ssh

ssh $BAK_SERVER mkdir -p /backup/${SRC_SERVER}/${DATE}_${dumplevel}
# file needs to exist
backup_file=/backup/somefile
ssh $BAK_SERVER touch ${backup_file}
dump -${dumplevel} -u -z -f $BAK_SERVER:${backup_file} 
/dev/VolGroup00/VolGroup00




Theo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos