Difference between revisions of "OPS335 Archiving Lab"

From CDOT Wiki
Jump to: navigation, search
(Created page with 'FOCUS: SAMBA PART A: Connecting to a Linux SMB Server (Matrix) from a Windows Client (Windows 7) Power up a Windows 7 system in the lab and login using your LEARN username and …')
 
m (Using syslog to route log files to a remote host)
 
(38 intermediate revisions by 4 users not shown)
Line 1: Line 1:
FOCUS: SAMBA
+
==Automating System Backup==
 +
[[Category:OPS335]][[Category:OPS335 Labs]]
 +
This lab will show you how to set up a Fedora installed system to be used for file backups and introduce you to some tools used in backups.
  
PART A: Connecting to a Linux SMB Server (Matrix) from a Windows Client (Windows 7)
+
{{Admon/important|Prerequistites:|Your Centos machine should have three Fedora 20 virtual machines already installed and updated.<br />Ensure the clocks on all machines are set to the correct date and time.<br />If you have not already done so, remove the iptables rules preventing your host from pinging or SSH'ing your VMs, but leave the other rules intact.}}
Power up a Windows 7 system in the lab and login using your LEARN username and password.
 
You should see an icon of Tux, the Linux penguin, on your desktop. Double-click it to login to your Matrix account. A window of your Matrix home directory should open.
 
Use the mouse to drag and drop files to and from your Matrix account and your Windows 7 lab machine.
 
Once you are satisfied that you can easily move files to/from your Matrix account power off the PC.
 
Set the HD selector switch to boot from your Fedora 13 Linux drive and power on the PC.
 
PART B:  Connecting to a Linux SMB Server (Matrix) from a Linux Client (Fedora 13)
 
  
There are 4 ways that a Linux client can connect to an SMB server. Start by logging into your Fedora 13 system as joker and opening a terminal window.
+
===Using rsync and cron to automate system backup===
The first way is to use the "Places" menu from a Gnome desktop:
+
*Your host machine will be used to backup files from the virtual machines.
Switch to root and ensure you are using the default Fedora 13 firewall.
+
*Login to your host using your learnid and open a terminal window. Then "su -" to root run the following two commands:
As root, ensure Samba is installed. Use these two commands: "yum install samba" and "yum install samba-client"
+
mkdir -p /backup/vm1
NOTE: Fedora encrypts passwords when authenticating SMB connections. Unfortunately Windows clients (here at Seneca) insist on passwords being sent in plain text. For this reason Matrix SMB is set to use plain text passwords. To change Fedora to use plain text passwords switch to root and edit the /etc/samba/smb.conf file and immediately after the [global] section header insert these two lines:
+
rsync -avz 192.168.x.2:/etc/ /backup/vm1
client plaintext auth = yes
+
*Still on the host run this command to verify rsync worked correctly:
client lanman auth = yes
+
ls /backup/vm1
Create a new account on Fedora with the same name as your LEARN acount. Set the password to 'seneca99'.
+
*Notice that when running rsync you had to enter the password for root on vm1. To automate this process so that it will run without requiring a password we'll use an RSA public/private key pair for passwordless authentication. To do this we'll have to generate an RSA public/private key pair on the host. We'll use an openssh command like this:  
Logout of joker and login to Fedora using your LEARN name.
+
  ssh-keygen -t rsa
Now try the following:
+
*when you enter this command just hit ENTER for all the questions. Here's what I got when I ran it on my host
From the "Places" menu at the top of your screen, select "Network"
+
  Generating public/private rsa key pair.
and wait until the network scan completes. Then click on the
+
  Enter file in which to save the key (/root/.ssh/id_rsa):
"Windows Network" and then click the "File" menu and select
+
  Enter passphrase (empty for no passphrase):
"Connect to Server" and input matrix.senecac.on.ca for the server,
+
  Enter same passphrase again:
your username for the ShareName and UserName fields. Then click the
+
  Your identification has been saved in /root/.ssh/id_rsa.
Connect button. You should now be able to browse your Matrix files.
+
  Your public key has been saved in /root/.ssh/id_rsa.pub.
The second way is to use a web browser with support for the SMB protocol such as Konqueror.
+
  The key fingerprint is:
If Konqueror is not installed then install it with the command: 'yum install kdebase'.  
+
  f5:07:8c:aa:b6:08:e0:45:81:ca:d6:88:8c:aa:1a:7b root@host.pcallagh.org
Start Konqueror, the web/file browser, and in the Location edit box enter the following:
+
  The key's randomart image is:
smb://matrix/xxxxxx
+
  +--[ RSA 2048]----+
where
+
  |      o+++      |
xxxxxx is your Matrix username
+
  |    E .ooo..     |
Login to your Matrix account. Konqueror should open a window of your Matrix home directory. Use the mouse to drag and drop files to and from your Matrix account and your Fedora Linux machine.
+
  |    ...o.      |
Close Konqueror.
+
  |      ...o    .|
The third way is to use the "smbclient" command in a terminal window.
+
  |      .S+ +  o.|
At the command prompt enter the following:
+
  |        . = . o .|
smbclient '\\matrix\xxxxxx' -U xxxxxx
+
  |          o +  |
where
+
  |          o +    |
xxxxxx is your Matrix username
+
  |          . .  |
You should get a prompt similar to
+
  +-----------------+
smb: \>
+
*Now you'll need to copy the host's public rsa key over to vm1. Still on the host use this command (be sure you have the /root/.ssh/ directory on vm1 - if you don't then make it first):
Enter the ls command to see a list of your Matrix files.
+
  scp /root/.ssh/id_rsa.pub 192.168.x.2:/root/.ssh/authorized_keys
Enter ? to see a list of smbclient commands.
+
*Now verify that your new authentication method is working. Still on the host try to ssh to vm1 as root. You should be able to login without entering a password. If you were successful then move on to the next step, otherwise repeat steps 3 and 4.
Use the get and put commands (similar to ftp) to move files to and from your Matrix account and your Fedora 13 Linux system.
+
*Install mailx on the host if it's not already installed.
When done enter the quit command.
+
  yum -y install mailx
The fourth way is to use the mount command. THIS PART IS IN RED BECAUSE IT PROBABLY WILL NOT WORK !
+
*Now, still as root on the host, use the command 'crontab -e' to edit root's cron table. Insert the following line:(Instead of the IP Address "192.168.X.2", use the IP address of your vm1)
Use the mount command to mount your matrix home directory. NOTE: This mount command will only work if your kernel was configured to allow mounting CIFS with unencrypted passwords.
+
55 * * * * /usr/bin/rsync -avz 192.168.X.2:/etc/ /backup/vm1
mount -t cifs //matrix/xxxxxx /mnt -o username=xxxxxx
+
*At 55 minutes past the hour rsync should synchronize the /etc/ directory of vm1 to the /backup/vm1/etc/ directory on the host. If this time has passed and you don't want to wait an hour for the next time rsync runs, just edit root's cron table on the host and enter another time for the backup to take place.
where
+
*You should check that /etc/ is being backed up by adding some file (say 'touch /etc/junk' on vm1) to /etc and then see if it was indeed copied to the host.
xxxxxx is your your Matrix username.
+
*After the cron job runs, root on the host should have received an email containing the output of the cron job. Verify this by using the mail command to check root's mail. Note that that mail may take a minute to show up.
If the previous step worked, browse your /mnt directory using cd and ls commands and when done use the umount command to unmount your Matrix home directory.
+
*Finally, edit root's cron table and add another record to backup the /home directory of vm1 to /backup/vm1/home on the host once each week at 2am on Saturday.
PART C: Configuring an SMB Server on Linux
 
Login to Fedora as joker and open a terminal window.
 
Use "su -" to become root.
 
Ensure SAMBA is installed:
 
yum install samba
 
Edit the file /etc/samba/smb.conf, delete all original lines and include the following:
 
        [global]
 
        workgroup = OPS335
 
        server string = "put your real name here without the quotes"
 
        encrypt passwords = yes
 
        smb passwd file = /etc/samba/smbpasswd
 
        hosts allow = 142.204.141.
 
        ; note: the above line will allow access from the Seneca domain in lab T2107
 
  
        [home]
+
===Using syslog to route log files to a remote host===
        comment = "put your real name here without the quotes"
+
*Now we will configure your machines to copy their logs to VM 3.
        path = /home/xxxxxxx
 
        valid users = xxxxxxx
 
        ; remember xxxxxxx is your LEARN/MATRIX account name
 
        public = no
 
        writable = yes
 
        printable = no
 
        create mask = 0765
 
You can comment out all other lines in the file.
 
Create a SAMBA password for user xxxxxxx with the command
 
        smbpasswd -a xxxxxxx
 
Test your configuration with the command
 
        testparm
 
You can now start your SAMBA server
 
        /etc/init.d/smb start
 
or
 
service smb start
 
Test if you have a connection with the command
 
        smbclient -L 142.204.141.yyy -Uxxxxxxx%ppppppp
 
where 142.204.141.yyy is your Fedora Linux IP address
 
and xxxxxxx is your Matrix account name
 
and ppppppp is your SAMBA password
 
If the previous command worked, use another PC (Fedora then Windows) to establish a connection with the SMB server on your Fedora Linux machine. This step is important to ensure your SMB server on Linux is working. NOTE: If your set up looks correct but you can't connect to your SMB server from the outside then you may need to adjust your firewall to allow SMB connections.
 
From another Linux PC, use the mount command to mount your home directory onto /mnt. Step 4 in PART B should help you with this. Record this command as you'll need it for PART D.
 
PART D: Answer the following questions
 
  
What is your full name and 9 digit Seneca student ID?
+
 
In PART C step 9, explain how you connected to your SMB server on Linux from a Windows PC. List exactly what you had to do on the Windows PC to test your Linux server.
+
*Go on your VM 3 and edit /etc/rsyslog.conf and uncomment the following:
What is the purpose of the testparm command?
+
$ModLoad imtcp
What is the purpose of the smbclient command?
+
$InputTCPServerRun 514
What does SMB stand for? CIFS?
+
* Use the firewalld command language to open up tcp port 514 to your internal network only.
What does the text inside square brackets in the smb.conf file mean? (e.g., "[homes]").
+
*Still on VM 3, restart rsyslog.
Explain the meaning of the line "create mask = 0765" in the smb.conf file?
+
 
What does the smbpasswd command do?
+
 
What exact mount command did you use in PART C step 10?
+
*On your vm1 edit /etc/rsyslog.conf and make the following change:
 +
#*.* @@remote-host:514
 +
*to
 +
*.* @@192.168.x.4:514
 +
*where x is the IP of your VM 3.
 +
*Now restart your rsyslog service
 +
 
 +
 
 +
*Now on vm1 use the logger command to verify logging messages are getting through to your Vm 3. Try this command
 +
logger -p user.warn "Hello World"
 +
*Use the command "tail /var/log/messages" on the logging VM to view the results of the previous step.
 +
 
 +
*Make the needed changes to have logging of all machines (including your host) take place on your VM 3.  Note that your VM3 is already logging to itself and does not need further changes.
 +
 
 +
==Completing the Lab==
 +
Upon completion of this lab you should have your host automatically backing up your VM1's /etc and /home directories, and all of your machines should be sending copies of their logs to your VM3.
 +
 
 +
You have now gained experience using tools to make, and to automate, remote backups
 +
 
 +
Exploration questions:
 +
#Show the RSA public key generated on your host. i.e. the file called id_rsa.pub.
 +
#Explain the meaning of the -avz options on the rsync command.
 +
#What were the last two lines of the email sent to root upon completion of the cron job?
 +
#What command could you use to view only the log messages from your host on VM 3?
 +
#What option did you use to limit the iptables rule for port 514 to the local network?

Latest revision as of 09:35, 9 September 2015

Automating System Backup

This lab will show you how to set up a Fedora installed system to be used for file backups and introduce you to some tools used in backups.

Important.png
Prerequistites:
Your Centos machine should have three Fedora 20 virtual machines already installed and updated.
Ensure the clocks on all machines are set to the correct date and time.
If you have not already done so, remove the iptables rules preventing your host from pinging or SSH'ing your VMs, but leave the other rules intact.

Using rsync and cron to automate system backup

  • Your host machine will be used to backup files from the virtual machines.
  • Login to your host using your learnid and open a terminal window. Then "su -" to root run the following two commands:
mkdir -p /backup/vm1
rsync -avz 192.168.x.2:/etc/ /backup/vm1
  • Still on the host run this command to verify rsync worked correctly:
ls /backup/vm1
  • Notice that when running rsync you had to enter the password for root on vm1. To automate this process so that it will run without requiring a password we'll use an RSA public/private key pair for passwordless authentication. To do this we'll have to generate an RSA public/private key pair on the host. We'll use an openssh command like this: 
 ssh-keygen -t rsa
  • when you enter this command just hit ENTER for all the questions. Here's what I got when I ran it on my host
 Generating public/private rsa key pair.
 Enter file in which to save the key (/root/.ssh/id_rsa):
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 Your identification has been saved in /root/.ssh/id_rsa.
 Your public key has been saved in /root/.ssh/id_rsa.pub.
 The key fingerprint is:
 f5:07:8c:aa:b6:08:e0:45:81:ca:d6:88:8c:aa:1a:7b root@host.pcallagh.org
 The key's randomart image is:
 +--[ RSA 2048]----+
 |       o+++      |
 |    E .ooo..     |
 |     ...o.       |
 |       ...o     .|
 |       .S+ +   o.|
 |        . = . o .|
 |           o +   |
 |          o +    |
 |           . .   |
 +-----------------+
  • Now you'll need to copy the host's public rsa key over to vm1. Still on the host use this command (be sure you have the /root/.ssh/ directory on vm1 - if you don't then make it first):
 scp /root/.ssh/id_rsa.pub 192.168.x.2:/root/.ssh/authorized_keys
  • Now verify that your new authentication method is working. Still on the host try to ssh to vm1 as root. You should be able to login without entering a password. If you were successful then move on to the next step, otherwise repeat steps 3 and 4.
  • Install mailx on the host if it's not already installed.
 yum -y install mailx
  • Now, still as root on the host, use the command 'crontab -e' to edit root's cron table. Insert the following line:(Instead of the IP Address "192.168.X.2", use the IP address of your vm1)
55 * * * * /usr/bin/rsync -avz 192.168.X.2:/etc/ /backup/vm1
  • At 55 minutes past the hour rsync should synchronize the /etc/ directory of vm1 to the /backup/vm1/etc/ directory on the host. If this time has passed and you don't want to wait an hour for the next time rsync runs, just edit root's cron table on the host and enter another time for the backup to take place.
  • You should check that /etc/ is being backed up by adding some file (say 'touch /etc/junk' on vm1) to /etc and then see if it was indeed copied to the host.
  • After the cron job runs, root on the host should have received an email containing the output of the cron job. Verify this by using the mail command to check root's mail. Note that that mail may take a minute to show up.
  • Finally, edit root's cron table and add another record to backup the /home directory of vm1 to /backup/vm1/home on the host once each week at 2am on Saturday.

Using syslog to route log files to a remote host

  • Now we will configure your machines to copy their logs to VM 3.


  • Go on your VM 3 and edit /etc/rsyslog.conf and uncomment the following:
$ModLoad imtcp
$InputTCPServerRun 514
  • Use the firewalld command language to open up tcp port 514 to your internal network only.
  • Still on VM 3, restart rsyslog.


  • On your vm1 edit /etc/rsyslog.conf and make the following change:
#*.* @@remote-host:514
  • to
*.* @@192.168.x.4:514
  • where x is the IP of your VM 3.
  • Now restart your rsyslog service


  • Now on vm1 use the logger command to verify logging messages are getting through to your Vm 3. Try this command
logger -p user.warn "Hello World"
  • Use the command "tail /var/log/messages" on the logging VM to view the results of the previous step.
  • Make the needed changes to have logging of all machines (including your host) take place on your VM 3. Note that your VM3 is already logging to itself and does not need further changes.

Completing the Lab

Upon completion of this lab you should have your host automatically backing up your VM1's /etc and /home directories, and all of your machines should be sending copies of their logs to your VM3.

You have now gained experience using tools to make, and to automate, remote backups

Exploration questions:

  1. Show the RSA public key generated on your host. i.e. the file called id_rsa.pub.
  2. Explain the meaning of the -avz options on the rsync command.
  3. What were the last two lines of the email sent to root upon completion of the cron job?
  4. What command could you use to view only the log messages from your host on VM 3?
  5. What option did you use to limit the iptables rule for port 514 to the local network?
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/w/index.php?title=OPS335_Archiving_Lab&oldid=112113"