|
|
Post by mcnattyp on Jun 25, 2008 7:07:21 GMT 7
I'm willing to pay $$$ to help get rsync running between two N2100 units. I have one as a file server and another on the LAN used as a backup to it. I want the two to back each other up every night or so.
|
|
wengi
Full Member
Posts: 102
|
Post by wengi on Jun 26, 2008 13:32:19 GMT 7
Hi, no need to pay  I am running three N2100 at three different locations. They do rsync over VPNs Gimme some time to upload the scripts. wengi |
|
wengi
Full Member
Posts: 102
|
Post by wengi on Jun 26, 2008 13:52:22 GMT 7
Ok. There WAS a howto on this packed in one of the modules. i think it was the old rsync module which doesnt exist anymore... But i still have the scripts Install the ssh and the utils module!!! First step is to generate keys for passwordless login. The following script helps. The original name of the script was "secrsync-keygen.sh" #!/bin/sh
#
# Generate and install public/private ssh key pair
# the key will be hardened to disable port forwarding
#
# Wed Mar 18 2008, Leo Zimmermann
#
# default (ssh) server name or ip address (if not set script will query server name)
#TARGETHOST=thecusgrey
# ---- ---- ---- ---- END OF USER CONFIGURABLE SECTION ---- ---- ---- ----
echo; echo "First, let's generate a new key pair"
echo " (hit enter, we do not want to protect the key by a password)"
ssh-keygen -t rsa -f ~/.ssh/secrsync
# do we have a hostname/ip of the machine running the ssh server?
if [ ! ${TARGETHOST} ]; then
echo -n "hostname or local ip address of ssh server? "; read TARGETHOST
fi
# rename private key to match target hostname
mv ~/.ssh/secrsync ~/.ssh/secrsync-${TARGETHOST}
# create a rsync wrapper script (to be used by the hardened key)
cat >> ./validate-rsync.sh <<EOF
#!/bin/sh
#
date=\`date\`
case "\$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
echo "\$date: rejected command \$SSH_ORIGINAL_COMMAND" >> /root/backup.log
;;
*\;*)
echo "Rejected"
echo "\$date: rejected command \$SSH_ORIGINAL_COMMAND" >> /root/backup.log
;;
rsync*)
echo "\$date: accepted command \$SSH_ORIGINAL_COMMAND" >> /root/backup.log
\$SSH_ORIGINAL_COMMAND
;;
mkdir*)
echo "\$date: accepted command \$SSH_ORIGINAL_COMMAND" >> /root/backup.log
\$SSH_ORIGINAL_COMMAND
;;
test*)
echo "\$date: accepted command \$SSH_ORIGINAL_COMMAND" >> /root/backup.log
\$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
echo "\$date: rejected command \$SSH_ORIGINAL_COMMAND" >> /root/backup.log
;;
esac
EOF
echo; echo "Now, harden public key to only allow rsync"
echo -n "command=\"/raid/module/SSH/sshkeys/validate-rsync.sh\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding " > /tmp/secrsync.pub.edit
cat ~/.ssh/secrsync.pub >> /tmp/secrsync.pub.edit
mv /tmp/secrsync.pub.edit ~/.ssh/secrsync-${TARGETHOST}.pub
echo; echo "Copy rsync wrapper to ${TARGETHOST} (requires root passwd)"
cat ./validate-rsync.sh | ssh root@${TARGETHOST} 'sh -c "cat - >/raid/module/SSH/sshkeys/validate-rsync.sh"; chmod 0755 /raid/module/SSH/sshkeys/validate-rsync.sh'
# get rid of local ./validate-rsync.sh
rm -f ./validate-rsync.sh
echo; echo "Copy hardened public key to ${TARGETHOST} (requires root passwd)"
cat ~/.ssh/secrsync-${TARGETHOST}.pub | ssh root@${TARGETHOST} 'sh -c "cat - >>/raid/module/SSH/sshkeys/authorized_keys2"'
echo; echo "We're done here!"Now the original backup script (called "secrsync-backup.sh") #!/bin/sh
#
# backup using rsync over secured tunnel (ssh)
# uses hardened public ssh key to allow password less backups
#
# Thu Nov 2 2006, Leo Zimmermann
#
# Based on Brice Burgess (bhb@iceburg.net) script rbackup.sh
#
# Directories to backup. Separate with a space. Exclude trailing slash!
RSOURCES="/raid/TEST1 /raid/TEST2"
# IP or FQDN of Remote Machine
RMACHINE=YOURFQDNHERE
# Remote username
RUSER=root
# Location of passphraseless ssh keyfile
RKEY=$HOME/.ssh/secrsync
# This is where your backup(s) will be stored. Exclude trailing slash!
RTARGET="/raid/rsync"
# Your EXCLUDE_FILE tells rsync what NOT to backup. Leave it unchanged, missing or
# empty if you want to backup all files in your SOURCES. If performing a FULL SYSTEM BACKUP,
# ie. Your SOURCES is set to "/", you will need to make use of EXCLUDE_FILE. The file should
# contain directories and filenames, one per line.
#
# An example of a EXCLUDE_FILE would be:
# /proc/
# /tmp/
# /mnt/
# *.SOME_KIND_OF_FILE
EXCLUDE_FILE="/path/to/your/exclude_file.txt"
# specify backup options for rsync
#RSYNCOPTIONS="--recursive --times -pog --links --delete"
RSYNCOPTIONS="--recursive --times -pog --links"
# Comment out to disable talkative mode
VERBOSE="--progress --stats"
# ---- ---- ---- ---- END OF USER CONFIGURABLE SECTION ---- ---- ---- ----
# do we have a IP or FQDN of the Remote Machine?
if [ ! ${RMACHINE} ]; then
echo -n "hostname or local ip address of remote server? "; read RMACHINE
fi
# do we know the backup source(s)?
if [ ! ${RSOURCES} ]; then
echo -n "source directory to be backed up? "; read RSOURCES
fi
# complete keyfile name
RKEY=${RKEY}-${RMACHINE}
if [ ! -f ${RKEY} ]; then
echo "Couldn't find ssh keyfile!"
echo "Exiting..."
exit 2
fi
if ! ssh -i ${RKEY} ${RUSER}@${RMACHINE} "test -x ${RTARGET}"; then
echo "Target directory on remote machine doesn't exist or bad permissions."
echo "Exiting..."
exit 2
fi
echo "Verifying Sources..."
for source in ${RSOURCES}; do
echo "Checking $source..."
if [ ! -x $source ]; then
echo "Error with $source!"
echo "Directory either does not exist, or you do not have proper permissions."
exit 2
fi
done
if [ -f $EXCLUDE_FILE ]; then
EXCLUDE="--exclude-from=${EXCLUDE_FILE}"
fi
echo "Sources verified. Running rsync..."
for source in ${RSOURCES}; do
# Create directories in $RTARGET to mimick source directory hiearchy
if ! ssh -i ${RKEY} ${RUSER}@${RMACHINE} "test -d ${RTARGET}/$source"; then
ssh -i ${RKEY} ${RUSER}@${RMACHINE} "mkdir -p ${RTARGET}/$source"
fi
rsync ${VERBOSE} ${EXCLUDE} ${RSYNCOPTIONS} -e "ssh -i $RKEY" $source/ ${RUSER}@${RMACHINE}:${RTARGET}/$source/
done
exit 0BUT: this may not work because the locations of rsync in the module changed. check for errors... You will need som linux knowhow Maybe someone could put these files and the according help files back into the utils module or did i miss it and it is still there? wengi PS: my script additions will follow. |
|
wengi
Full Member
Posts: 102
|
Post by wengi on Jun 26, 2008 14:00:03 GMT 7
Due to the fact i am using three N2100 syncing i needed a way to start this process for a variable number of units one after the other. this is the main script: #!/bin/sh
#
# Backupscripte auf den anderen Buechsen anstossen.
# Eine nach der Anderen.
# wengi Stand: Maerz 2008
#
hosts="FQDN1 FQDN2"
for activehost in $hosts
do
if { /bin/ping -q -c 1 $activehost > /dev/null ; } then
echo "$activehost ist erreichbar."
if { ssh -i /root/.ssh/id_rsa root@$activehost "test -x /raid/secrsync-backup.sh" ; } then
echo "Script gefunden. Ausfuehrung wird gestartet."
date
ssh -i /root/.ssh/id_rsa root@$activehost "/raid/secrsync-backup.sh"
echo "Fertig"
date
echo
else
echo "Backupscript auf $activehost wurde nicht gefunden."
echo "Es waere eine gute Idee eine Mail zu schicken!"
date
fi
else
echo "$activehost ist NICHT erreichbar."
echo "Es waere eine gute Idee eine Mail zu schicken!"
fi
done
echo "**************************************************************************"
exit 0Sorry for the german comments  The next step of this script is to send an mail if anything went wrong. I still didnt have the time to test this... But as far as i came: use Firmware 2.1.09 or newer (because of changes in the mail config of thecus)!!! Then this worked for me: printf "your text here" | /opt/bin/msmtp --from="MAILADRESS" --host=SMTPSERVER --port=25 --auth="login" --user="USER" -p "PASSWORD" MAILADRESSwengi |
|
wengi
Full Member
Posts: 102
|
Post by wengi on Jun 26, 2008 14:09:33 GMT 7
Maybe someone could put these files and the according help files back into the utils module or did i miss it and it is still there? Shame on me! Its still in the SSH 4.1.00 module!  www.freeside.ch/thecus/index.php?path=n2100/wengi |
|
|
|
Post by mcnattyp on Jun 28, 2008 3:57:34 GMT 7
Whoah thanks Wengi!
I'll try it out this weekend or soon and let you know. If it doesn't work for me, or proves to be too troublesome, can you take some $$$ to set it up for me? I can put the N2100s right on internet with public IPs and no firewalls.
|
|
wengi
Full Member
Posts: 102
|
Post by wengi on Jun 30, 2008 13:35:25 GMT 7
What about asking me if you have problems.
I will help and you will understand how it works.
This is fun! Not to earn money!
And if there will be some trouble in future you will know the setup.
So give it a try and ask here if you don't get it ;D
wengi
TIP: Start with the scripts from the ssh module. Not with mine.
|
|
|
|
Post by mcnattyp on Jul 4, 2008 1:35:57 GMT 7
Thanks again, Wengi. I will keep you posted. I'm just now making manual backups of the two N2100 units. I don't want to screw around unless I have good backups.
|
|
wengi
Full Member
Posts: 102
|
Post by wengi on Jul 4, 2008 13:35:11 GMT 7
I started with creating a dir /raid/rsync and testet several times with fake data.
I did this on three N2100 with ssh untli i was shure it worked.
Then i simply changed the paths in the scripts.
There was no need to make aditional backups.
wengi
|
|
