[root@lxc] lxc-create -nwebserver -t fedora [root@lxc] lxc-start -nwebserver -d [root@lxc] lxc-attach -nwebserver -- yum update [root@lxc] lxc-attach -nwebserver -- yum install tomcat maven git -y [root@lxc] lxc-attach -nwebserver -- systemctl start tomcat [root@lxc] lxc-attach -nwebserver -- systemctl enable tomcat [root@lxc] lxc-attach -nwebserver -- git clone https://git.epfl.ch/repo/lxc-python.git /root/mybackup-repo [root@lxc] lxc-attach -nwebserver -- mvn package -f=/root/mybackup-repo/webapp/mybackup/pom.xml [root@lxc] lxc-attach -nwebserver -- cp /root/mybackup-repo/webapp/mybackup/target/myBackup.war /usr/share/tomcat/webapps [root@lxc] ./lxcworker/lxctests.py addRedirectToContainer 8080 10.0.0.92 webserver tcp
Done ! You cann acces the server on the private IP (10.0.0.92) or public IP (128.178.209.165)
128.178.209.165 => quatrava.mybackup.epfl.ch
We need this in order to manipulate /etc/hosts file and other..
wget https://github.com/hercules-team/python-augeas/archive/master.zip python3 setup.py build python3 setup.py install yum install augeas-libs
Clone the container, start it and link the public ip samba ports to the container ip samba ports
[root@lxc]# ./lxctests.py cloneAndStartContainer mybackup.golden.10_10_2014 mybackup-2 [root@lxc]# ./lxctests.py addRedirectToContainer 137 10.0.0.92 mybackup-2 tcp [root@lxc]# ./lxctests.py addRedirectToContainer 137 10.0.0.92 mybackub-2 udp [root@lxc]# ./lxctests.py addRedirectToContainer 138 10.0.0.92 mybackup-2 tcp [root@lxc]# ./lxctests.py addRedirectToContainer 138 10.0.0.92 mybackup-2 udp [root@lxc]# ./lxctests.py addRedirectToContainer 139 10.0.0.92 mybackup-2 tcp [root@lxc]# ./lxctests.py addRedirectToContainer 139 10.0.0.92 mybackup-2 udp [root@lxc]# lxc-attach -n mybackup-2 [root@mybackup /]#
- /etc/samba/smb.conf (add or modify)
security = user #passdb backend = tdbsam passdb backend = ldapsam:ldap://scoldap.epfl.ch ldap suffix = o=epfl,c=ch ldap admin dn = cn=samba-mybackup,ou=services,o=epfl,c=ch ldap ssl = no
Add the ldap password to samba:
[root@mybackup]# smbpasswd -w <password> Setting stored password for "cn=samba-mybackup,ou=services,o=epfl,c=ch" in secrets.tdb
[root@mybackup]# systemctl restart smb nmb oct. 10 09:55:45 mybackup-2 systemd[1]: Starting Samba SMB Daemon... oct. 10 09:55:45 mybackup-2 systemd[1]: smb.service: Supervising process 720 which is not our child. We'll most likely not notice when it exits. oct. 10 09:55:45 mybackup-2 smbd[720]: [2014/10/10 09:55:45.274373, 0] ../source3/passdb/pdb_ldap.c:6529(pdb_ldapsam_init_common) oct. 10 09:55:45 mybackup-2 smbd[720]: pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. oct. 10 09:55:45 mybackup-2 smbd[720]: [2014/10/10 09:55:45.274525, 0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) oct. 10 09:55:45 mybackup-2 smbd[720]: pdb backend ldapsam:ldap://scoldap.epfl.ch did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) oct. 10 09:55:45 mybackup-2 systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE oct. 10 09:55:45 mybackup-2 systemd[1]: Failed to start Samba SMB Daemon. oct. 10 09:55:45 mybackup-2 systemd[1]: Unit smb.service entered failed state.
It’s a fail. Apparently, Samba cannot hook to the traditional LDAP authentication mecanism and needs an LDAP with the samba schema:
I should talk to Claude..
Added worker and producer scripts which allows to communicate with the servers containing the containers. Only one command implemented..more to come !
Scripts:
- lxcworker.py - runs on server and waits for commands
- Launch with
nohup python3 lxcworker.py &
- Launch with
- lxcproducer.py - allows to send the command to thje servers and wait for response
- Launch with:
python3 lxcproducer.py lxc.server.* getcontainers
- Launch with:
Predrag has added some python scripts for:
- manipulation of iptables (DNAT routing from public IP to private container IP)
- clone and start the container
- add users
- etc..
This is my first python code, so forgive my camel-case ..
In order to use the scripts you should install python3-iptables from here:
yum install python3-devel -y unzip python3.zip cd python-iptables-python3 python3 setup.py build python3 setup.py install
You need also:
yum install python3-lxc
You should also install pika for python3. Don’t remember from where I have got it, probably from here.
Scripts:
- lxcproc.py - contains all the procedures
- lxctests.py - contains the frontend to the procedures
[root@lxc]# ./lxctests.py please specify a command from : listRulesOnDPort [port] deleteRulesOnDPort [port] addRedirect [port sourceIP destinationIP] addRedirectToContainer [port sourceIP containerName] deleteRulesForSourceIP [ip] deleteRulesForDestIP [ip] cloneAndStartContainer [source_name new_name] getContainerIP [container_name] printContainers addUserToContainer [username container_name] listRealUsersInContainer [container_name] deleteRedirectToContainer [containerName]
Example:
[root@lxc]# ./lxctests.py listRulesOnDPort 548 DNAT from: 10.0.0.92/255.255.255.255:548 redirect to 192.168.58.38:548 [root@lxc lxcworker]# ./lxctests.py printContainers { "containers": [ { "centos-1": { "name": "centos-1", "state": "STOPPED" } }, { "fedora-1": { "name": "fedora-1", "state": "STOPPED" } }, { "mybackup-1": { "IPv4": "192.168.58.38", "IpForwards": [ { "dest": "192.168.58.38", "port": "548", "source": "10.0.0.92" } ], "MAC": "00:16:3e:9f:a3:09", "name": "mybackup-1", "state": "RUNNING" } }, { "mybackup.golden.24_09_2014": { "name": "mybackup.golden.24_09_2014", "state": "STOPPED" } }, { "titi": { "name": "titi", "state": "STOPPED" } }, { "titi2": { "name": "titi2", "state": "STOPPED" } } ], "hostIP": "10.0.0.92", "hostname": "lxc.novalocal" }
Predrag has installed dnsmasq as the DNS resolver:
- /etc/dnsmasq-dns.conf
port=53 resolv-file=/etc/resolv.dnsmasq.conf interface=eth0 no-dhcp-interface=eth0 domain=mybackup.epfl.ch bind-interfaces addn-hosts=/etc/hosts
- /etc/resolv.dnsmasq.conf
search epfl.ch novalocal nameserver 128.178.15.7 nameserver 128.178.15.8
- /etc/hosts
128.178.209.165 quatrava.mybackup.epfl.ch 128.178.209.165 pviceic.mybackup.epfl.ch
[root@dns]# dnsmasq --conf-file=/etc/dnsmasq-dns.conf
Predrag has configured pam_ldap for netatalk + gaspar authentication. It works with this build for fc20. I have built this RPM with the instructions from here. Don’t forget to
sudo yum install nss-pam-ldapd -y
You shoud also edit the following files:
- /etc/nsswitch.conf - add or modify the following lines
passwd: files ldap shadow: files ldap group: files ldap
- /etc/pam.d/netatalk
auth required pam_ldap.so try_first_pass account required pam_ldap.so try_first_pass session required pam_permit.so
- /etc/afp.conf
; ; Netatalk 3.x configuration file ; [Global] ; Global server settings admin auth user = root uam list = uams_dhx_pam.so uams_dhx2_pam.so ; LDAP config ldap server = scoldap.epfl.ch ldap auth method = none ldap userbase = ou=users,o=epfl,c=ch ldap userscope = one ldap groupbase = ou=groups,o=epfl,c=ch ldap groupscope = one ldap uuid attr = uniqueIdentifier ldap uuid string = xxxxxx ldap name attr = uid ldap group attr = cn [Homes] basedir regex = /home time machine = yes
Predrag has configured a simple Linux container ( fedora 20) with samba and netatalk runing:
- The home directory is mounted directly in the container (/home) from a virtual machine over the NFSv3
- Home directory samba-user is used for samba and afp-user is used for afp
- Samba access : smb://[email protected]
- Samba pwd: JGHRlVgXcdg
- AFP acces: afp://[email protected]
- AFP pwd: predrag
Predrag set up Samba and BURP servers in a LXC container, ready to be copied cookie-cutter style.
Samba access: 128.178.1.235, user samba-user, password predrag BURP access: 128.178.1.235, user dominique, password abcdefgh
Dominique configured his Mac (OSX 10.9.4, French) to back up to the sample Docker container. Reference documentation: on InsanelyMac, on LifeHacker (since getting the script is a pain on both, I attached it below)
- Need to create a “sparse bundle” first:
NAME=`scutil --get ComputerName`; hdiutil create -size ${SIZE}G -fs HFS+J -type SPARSEBUNDLE -volname 'Time Machine Backups' "${NAME}.sparsebundle"
- This only succeeds on the local disk; doing that directly on the Samba share fails with “operation not supported” (and hdutil deletes the directory it created before exiting).
- Setting up the UUID in a plist file as per the script seems to have no effect whatsoever (doesn’t change the fact that sudo tmutil setdestination is required, see below)
- Then, copy the sparse bundle to Samba:
mv "$NAME".sparsebundle /Volumes/samba-user/
- Setting TMShowUnsupportedNetworkVolumes as per the LifeHacker article, seems to no longer have any effect. What does work is to mount the newly created sparsebundle (double-click it in the Finder), then:
sudo tmutil setdestination /Volumes/Time\ Machine\ Backups/
- Once this is done, Time Machine remembers all it needs to know and is smart enough to mount the SMB share, then the sparsebundle, upon attempting to start a backup. (You can even see the spinning arrows next to the mounted sparsebundle in the Finder).
Notes for later:
- Despite Predrag’s fear on the topic it looks like netatalk does support Time Machine. We should give that a try.
#!/bin/bash
# A bash script to create a time machine disk image suitable for
# backups with OS X 10.6 (Snow Leopard)
# This script probably only works for me, so try it at your own peril!
# Use, distribute, and modify as you see fit but leave this header intact.
# (R) sunkid - September 5, 2009
usage ()
{
echo ${errmsg}"\n"
echo "makeImage.sh"
echo " usage: makeImage.sh size [directory]"
echo " Create a disk image with a max storage size of <size> and copy it"
echo " to your backup volume (if specified)"
}
# test if we have two arguments on the command line
if [ $# -lt 1 ]
then
usage
exit
fi
# see if there are two arguments and we can write to the directory
if [ $# == 2 ]
then
if [ ! -d $2 ]
then
errmsg=${2}": No such directory"
usage
exit
fi
if [ ! -w $2 ]
then
errmsg="Cannot write to "${2}
usage
exit
fi
fi
SIZE=$1
DIR=$2
NAME=`scutil --get ComputerName`;
UUID=`system_profiler | grep 'Hardware UUID' | awk '{print $3}'`
# get busy
echo -n "Generating disk image ${NAME}.sparsebundle with size ${SIZE}GB ... "
hdiutil create -size ${SIZE}G -fs HFS+J -type SPARSEBUNDLE \
-volname 'Time Machine Backups' "${NAME}.sparsebundle" >> /dev/null 2>&1
echo "done!"
echo -n "Generating property list file with uuid $UUID ... "
PLIST=$(cat <<EOFPLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.backupd.HostUUID</key>
<string>$UUID</string>
</dict>
</plist>
EOFPLIST)
echo $PLIST > "${NAME}.sparsebundle"/com.apple.TimeMachine.MachineID.plist
echo "done!"
if [ $# == 2 ]
then
echo -n "Copying ${NAME}.sparsebundle to $DIR ... "
cp -pfr "${NAME}.sparsebundle" $DIR/"${NAME}.sparsebundle"
echo "done"
fi
echo "Finished! Happy backups!"