Re: [Server-devel] Issue with ds-backup in XS 0.4
On Tue, Nov 11, 2008 at 1:58 PM, Martin Langhoff [EMAIL PROTECTED] wrote: On Tue, Nov 11, 2008 at 12:18 AM, Bill Bogstad [EMAIL PROTECTED] wrote: I was just about to try to upgrade my XS 0.4 to 0.5 dev8 and noticed something odd concerning ds-backup. When I originally installed 0.4, Thanks for the report! As Douglas mentions, you can force a re-registration; however I can't think of any good reason for the upgraded XO to not perform its backups. Is there any evidence of the laptop attempting the backups? Some ideas for debugging: on the XO - look for entries in the cron log On the XO which isn't being backed up: # grep ds-backup.sh /var/log/cron | tail -10 Nov 11 15:30:01 localhost CROND[658]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Nov 11 16:00:01 localhost CROND[816]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Nov 11 16:30:01 localhost CROND[1051]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Nov 11 17:00:02 localhost CROND[1228]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Nov 11 17:30:01 localhost CROND[1421]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Nov 11 18:00:02 localhost CROND[1582]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Nov 11 18:30:01 localhost CROND[1749]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Nov 11 19:00:02 localhost CROND[1909]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Nov 11 19:30:02 localhost CROND[2067]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Nov 11 20:00:01 localhost CROND[2228]: (olpc) CMD ((/usr/bin/ds-backup.sh 21 ) /dev/null) Ample evidence that attempts are being made to backup. - check that /etc/cron.d/ds-backup is in place (you can edit it to get logs of the execution) on the XS - look for entries in the logs that indicate logins via ssh On the XS machine: [EMAIL PROTECTED] ~]# grep Accepted /var/log/secure Nov 9 19:02:45 schoolserver sshd[17206]: Accepted publickey for CSN74800E35 from 10.0.0.22 port 36015 ssh2 Nov 9 19:02:45 schoolserver sshd[17211]: Accepted publickey for CSN74800E35 from 10.0.0.22 port 36016 ssh2 Nov 10 19:08:42 schoolserver sshd[18943]: Accepted publickey for CSN74800E35 from 10.0.0.22 port 47021 ssh2 Nov 10 19:08:42 schoolserver sshd[18948]: Accepted publickey for CSN74800E35 from 10.0.0.22 port 47022 ssh2 Nov 10 23:30:42 schoolserver sshd[19173]: Accepted publickey for root from 10.0.0.8 port 54741 ssh2 That CSN is for the machine that IS being being backed up. [EMAIL PROTECTED] ~]# grep 'closed' /var/log/secure | tail -10 Nov 11 10:13:30 schoolserver sshd[20289]: Connection closed by 10.0.0.24 Nov 11 10:40:44 schoolserver sshd[20312]: Connection closed by 10.0.0.24 Nov 11 11:12:24 schoolserver sshd[20334]: Connection closed by 10.0.0.24 Nov 11 11:47:46 schoolserver sshd[20354]: Connection closed by 10.0.0.24 Nov 11 12:11:03 schoolserver sshd[20397]: Connection closed by 10.0.0.24 Nov 11 12:35:45 schoolserver sshd[20462]: Connection closed by 10.0.0.24 Nov 11 13:14:50 schoolserver sshd[20486]: Connection closed by 10.0.0.24 Nov 11 13:39:57 schoolserver sshd[20504]: Connection closed by 10.0.0.24 Nov 11 14:11:49 schoolserver sshd[20533]: Connection closed by 10.0.0.24 Nov 11 14:44:29 schoolserver sshd[20553]: Connection closed by 10.0.0.24 That IP address is the one assigned by my DHCP server to the XO that isn't getting backed up. I'm not using the schoolserver to do DHCP. My DHCP server has the MAC address of my XO's hardwired to always give the same IP address to a particular machine. So these entries are always from the 'bad' XO. This would indicate to me that attempts are reaching the XS, but are failing. - check for permissions/ownership issues in the homedir The files they have in common appear to have the appropriate ownership/Unix permissions. (I didn't check ACLs.) The failing XO home directory has NONE of the datastore entries. Not the timestamped ones, nor the -current or -latest entries. Could this be it? I'll do some more looking around and wait for your response before I manually create those entries. Bill Bogstad ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Issue with ds-backup in XS 0.4
Okay, I've found the problem with the XO that was failing to backup and it may imply some issues with older XO releases... Instead of enabling logging for the cron entry, I copied the ds-backup.sh script and modified it to not delay and to run /usr/bin/ds-backup.py explicitly. ds-backup.py output error messages from ssh complaining about bad permissions on the ssh key files. Here are the permissions on the failing machine: [EMAIL PROTECTED] default]$ ls -l ~olpc/.sugar/default/owner* -rwxr-xr-x 1 olpc olpc 668 2007-12-26 03:01 /home/olpc/.sugar/default/owner.key -rwxr-xr-x 1 olpc olpc 590 2007-12-26 03:01 /home/olpc/.sugar/default/owner.key.pub And here's the working machine: -bash-3.2# ls -l ~olpc/.sugar/default/owner* -rw--- 1 olpc olpc 668 2008-10-15 00:07 /home/olpc/.sugar/default/owner.key -rw-r--r-- 1 olpc olpc 590 2008-10-15 00:07 /home/olpc/.sugar/default/owner.key.pub The failing machine shows overly permissive permissions on the key files. In particular, ds-backup.py generated the following message when it failed: __main__.TransferError: ('rsync error code 12, message:', @@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@\r\nPermissions 0755 for '/home/olpc/.sugar/default/owner.key' are too open.\r\nIt is recommended that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nbad permissions: ignore key: /home/olpc/.sugar/default/owner.key\r\nPermission denied (publickey).\r\nrsync: connection unexpectedly closed (0 bytes received so far) [sender]\nrsync error: error in rsync protocol data stream (code 12) at io.c(635) [sender=3.0.3]\n) I believe that ssh has long had checks which disallow use of key files which are world readable. If anyone could read your private key file then they could attempt to brute force your passphrase. In this case, I don't think the private key file even has a passphrase which makes it even worse. SSH is unaware of the OLPC's single user environment. I changed the permission on the key files to match those of the machine that works and was able successfully complete a backup to my XS schoolserver. The open question is how did the keyfiles get those permissions on the bad machine? You'll note that the mod time of the file is around Christmas 2007. The XO in question was a gift to my daughter and it's entirely plausible that is when it was first turned on and setup. I'm not 100% sure that the machine wasn't reflashed, but based on the date I doubt it. This would seem to indicate that somehow the permissions were set wrong from the moment the keys were generated. I have a third G1G1 which is still running the 703 build (my other daughter's machine). I just checked and the permissions on her key files are also bad. The modtime is within a couple of minutes of the other bad machine. This would strongly incline me to believe that the permissions problem was something in the original G1G1 XO install image. On the other hand, I just checked trac and there have been issues in the past with olpc-update changing permissions in ways that ssh didn't like. A survey of large number of XOs in the field and/or test installs/updates using old XO images might be a good idea. If there is a latent bug in many deployed machines which causes backups to fail, it would be a good idea to know. I'm not inclined to sacrifice my XO installs (particularly not my daughter's machines), but could certainly work with people at 1CC on this. I might even be able to stop by to help with the test installs... Bill Bogstad ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] xs-otp: one time passwords for the XS
On Sun, Oct 26, 2008 at 12:01 PM, Martin Langhoff [EMAIL PROTECTED] wrote: On Sun, Oct 26, 2008 at 4:52 PM, Michael Stone [EMAIL PROTECTED] wrote: Physical security is not our problem... (at least yet). Still sure that you want the XS to be involved in the theft-deterrence protocol? :) ... but I'm not aware of any scheme *without* something like bitfrost that has a reasonable cost-benefit (or complexity-benefit) ratio. Here's a crazy implementation idea for adding pre-boot security code to ANY standard PC platform. Build a basic PCI hardware 'device' card with little more then ROM. When a standard BIOS detects device card ROM, it executes it before even attempting to boot the computer. Glue these cards into a slot in any computer on which you want special pre-boot security... Note: I have no idea what ROM services are available to device ROMs. For example, can a device ROM call into the BIOS to do disk IO at this point in the boot process? Is there anything that such a card could usefully do with nothing more then its code. What if you add a small amount of battery backed CMOS and an onboard clock chip to the card? Bill Bogstad ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Weird timestamps on XS 0.4 user backup directories.
So I've got an XS 0.4 system running and I have an XO running 8.2 registered with the server and automated backups seem to be happening fine. If I log onto the server and look at the XOs backup directory I see the following: [EMAIL PROTECTED] CSN74800E35]# pwd /library/users/CSN74800E35 [EMAIL PROTECTED] CSN74800E35]# ls -l total 44 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-14 20:00 datastore-2008-10-20_17:31 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-14 20:00 datastore-2008-10-21_00:15 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-14 20:00 datastore-2008-10-22_00:16 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-14 20:00 datastore-2008-10-23_00:17 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-14 20:00 datastore-2008-10-25_18:36 drwxr-xr-x 3 CSN74800E35 CSN74800E35 4096 2008-10-14 20:00 datastore-current lrwxrwxrwx 1 CSN74800E35 CSN74800E35 53 2008-10-25 14:36 datastore-latest - /library/users/CSN74800E35/datastore-2008-10-25_18:36 [EMAIL PROTECTED] CSN74800E35]# ls -lc total 44 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-20 13:31 datastore-2008-10-20_17:31 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-20 20:15 datastore-2008-10-21_00:15 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-21 20:16 datastore-2008-10-22_00:16 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-22 20:17 datastore-2008-10-23_00:17 drwxr-xr-x+ 3 CSN74800E35 CSN74800E35 4096 2008-10-25 14:36 datastore-2008-10-25_18:36 drwxr-xr-x 3 CSN74800E35 CSN74800E35 4096 2008-10-20 13:31 datastore-current lrwxrwxrwx 1 CSN74800E35 CSN74800E35 53 2008-10-25 14:36 datastore-latest - /library/users/CSN74800E35/datastore-2008-10-25_18:36 You'll notice that each of the datastore backup directories have exactly the same modification timestamp (2008-10-14 20:00). The change time stamps on the other hand are consistent with the names. Is there a reason for this? Why that particular date/time for the mod time? Bill Bogstad ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Weird timestamps on XS 0.4 user backup directories.
On Sat, Oct 25, 2008 at 6:18 PM, Douglas Bagnall [EMAIL PROTECTED] wrote: The backup directories are created with cp -al, where the -a (for archive) recursively preserves modes, links and dates. I'm pretty sure the main intention was to keep modes and links, and dates are just an artifact. If it is causing problems you could argue for a change. Not an operational problem, just a bit of user confusion. I've now skimmed the python/shell/cron/incron code/configs and see how the everything more or less fits together now. Although, I've never seen setfacl actually used before now... Thanks again, Bill ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] help with small/first world XS deployment issues requested
There are a number of XO deployments possible in the Boston metro area sometime next spring. My understanding is that OLPC does NOT want to run these deployments, but is interested in having them happen so there are deployments local to the Cambridge office for test purposes. As a result, the local XO users group (OLPC_Boston) has been asked to help out. As my background is in system administration, I offered to look into possible XS server deployments at the same time. Even though I've been on server-devel since June; I'm still not sure to what extent an XS would be useful in these circumstances. As I see it, at this point an XS provides: 1. XO backup service (ds-backup) 2. Activation service? (probably not needed since XOs will be G1G1) 3. Support for 20 networked XOs (ejabberd?) 4. Moodle server (not clear what this means in terms of funcionallity) Is that correct? Is much going to change by January? For a deployment of say 20-30 XOs in one location, does it even make sense to have an XS? Another issue is that reusing available resources (pre-existing wired/wireless hardware, dhcp/dns/web proxy/filtering services) would be very helpful. Even if pre-existing services are inferior to what an XS might provide, for political reasons in a small deployment, it is probably better fit into a framework with which local IT personnel are comfortable. Unfortunately, my impression is that the current XS images are somewhat brittle in terms of assuming they control all of the networking services and as well as requiring specific IP numbering of various interfaces, control of DNS/DHCP/NAT routing/etc. I understand the need to provide turn-key software for locations where there isn't anyone who understands networking. However, I find myself in the situation where even though I know about netmasks, DNS A records, etc.; I have no idea how much of the higher level infrastructure on the XS requires leaving things as they are. For example, can I have an XS with a single Ethernet interface? I think I saw something in a config file somewhere that suggested this (doing DHCP on the Internet facing interface), but I can't find any mention of this anywhere on the wiki. What if I want DHCP/DNS to be handled by something other then the XS, but do what the other services? Given the rapid pace of development, it's hard to tell from the wiki pages what works/used to work/was never implemented/is an idea for the future/etc. I apologize if the above is confused/confusing. Unfortunately, that's the way I feel at this point. I've got this big ball of string I'm trying to untangle and I have no idea where to start. Any suggestions how to get a handle on this would be greatly appreciated. Thanks, Bill Bogstad ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] physical security issue
On Tue, Oct 7, 2008 at 11:24 PM, Walter Bender [EMAIL PROTECTED] wrote: One idealet (not worthy of being called an idea): What if the server were a laptop that the teacher could take with him/her? Pros: The school need not be secure. Cons: Price, and of course, laptops can be stolen. But it does put the server in the hands of a presumably trusted individual in the community. One obvious problem is what happens if that teacher doesn't come to work today. In any school with more then one teacher, this would seem to be a potential problem. Bill Bogstad ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel