Saturday, December 15, 2012

VM ESXI BACKUP - LFTP

Need to backup your VM's off of your ESXi Machine? Today I decided to back them up to my USB drive. I tried to use rsync but rsync isn't on ESXi. So then i thought about LFTP. LFTP has a mirror function, and is a good alternative to rsync.

I run Ubuntu on my desktop so all i had to do was install lftp.
sudo apt-get install lftp
You will also have to enable ssh access to your ESXi Server. You can do that in the vSphere Client.

Once you have ssh enabled, you are ready to backup your vm's. You will need to power down the vm you are backing up to make this work.
Replace "password" with your esxi root password. You will also need to change the IP and the dirctory you are backing up.

In the following example:
192.168.10.10 = my esxi server
/vmfs/volumes/4edb0892-122a7778-ffc0-001a4b524ffe/endor = path of my vm on esxi
/mnt/backup/vm = my USB drive mounted on my Ubuntu Desktop Machine.
lftp -u 'root,password' sftp://192.168.10.10 -e "set ftp:ssl-protect-data true; set ftp:ssl-force true; mirror /vmfs/volumes/4edb0892-122a7778-ffc0-001a4b524ffe/endor /mnt/backup/vm"

Wednesday, December 12, 2012

PF_RING: tcpdump on a slave interface

I am running snort with a PF_RING enabled DAQ on CentOS using the default TNAPI drivers. I have my interfaces bonded together and snort is sniffing the bond interface. One goofy thing I noticed is when PF_RING is loaded, I cannot tcpdump on the the slave interfaces in the bond. Dumping on the bond interface works fine. For example, if eth1 and eth2 are slave interfaces in bond0 and PF_RING is enabled the following tcpdump command returns no results.
tcpdump -i eth1
If I disable PF_RING (rmmod pfring), the same tcpdump command works; which points to PF_RING as the cause of the behavior. This has been bugging the crap out of me for months.

Now here is the strange part. Recently I stumbled across something on accident because I fat fingered the tcpdump command. If I add a colon to the end of the interface name tcpdump works!
Example:
tcpdump -i eth1:
Even stranger, if I add a colon and any number it also works.
Example:
tcpdump -i eth1:7
I am perfectly fine with this behavior because it solves my original issue, but I am curious why? I have searched the hell out of google and have found nothing. I am curious if any else has experienced the same behavior.

Sunday, December 9, 2012

Crash Plan - Headless Ubuntu Server - Unity

CrashPlan is a "cloud" backup service, and one of the few that have linux clients. It is designed as a GUI client. I run a headless Ubuntu 12.04 server, and my desktop is also Ubuntu 12.04 with the Unity Desktop.

I am going to show you how to create a custom launcher that defaults to connecting to your Ubuntu Server from your Ubuntu Desktop Computer using ssh tunneling. I recommend that you use SSH keys. You can find a tutorial here: http://paulkeck.com/ssh/

First thing first. You need to download the client on your ubuntu server. I did it out of my home directory. I just did a wget, you could just download it with your browser and upload it to your server.
panaman@deathstar:~$ wget -d http://download.crashplan.com/installs/linux/install/CrashPlan/CrashPlan_3.4.1_Linux.tgz
Now you need to untar it and run the install (I just answered everything with defaults).
panaman@deathstar:~$ tar -zxvf CrashPlan_3.4.1_Linux.tgz; sudo CrashPlan_install/install.sh
After its done installing you will notice its running as a service.
panaman@deathstar:~/CrashPlan-install$ service crashplan status
CrashPlan Engine (pid 11960) is running.
Now you need to install it on your Ubuntu Desktop PC.
You can follow the exact same steps as above.

After you have the client installed on your Ubuntu Desktop you need to edit a config file for your client to listen on.
panaman@anakin:~$ sudo vi /usr/local/crashplan/conf/ui.properties
Make the File look just like the one below:
#Fri Dec 09 09:50:22 CST 2005
#serviceHost=localhost
servicePort=4200
#pollerPeriod=1000  # 1 second
#connectRetryDelay=10000  # 10 seconds
#connectRetryAttempts=3
#showWelcome=true

#font.small=
#font.default=
#font.title=
#font.message.header=
#font.message.body=
#font.tab=
Now you need to make a little shell script on your Ubuntu Desktop PC that will open your ssh tunnel and CrashPlan. You can call it what ever you want and put it where ever you want. I called mine deathstar_crashplan and placed it in my home directory. Mainly because my Ubuntu Server's name is "Deathstar".
panaman@anakin:~$ vi /home/panaman/deathstar_crashplan
Paste the following in your script and replace "deathstar" with the name or IP address of your Ubuntu server.
#!/bin/bash
gnome-terminal --disable-factory --sm-client-disable -x ssh -L 4200:localhost:4243 panaman@deathstar &
/usr/local/crashplan/bin/CrashPlanDesktop;
exit
Make your script executable.
panaman@anakin:~$ chmod 700 ~/deathstar_crashplan
Now you need to edit your CrashPlan Icon. Just right click it and click properties.
You are going to need to change the Command path to point to the shell script you created.
I also Changed the Name of mine to "CrashPlan Deathstar"

Now you are complete, you should be able to launch your Crashplan GUI thats connected to your Ubuntu Server and start adding folders on your server to backup.

Saturday, December 8, 2012

Finally a new look!

I have been meaning to do something pretty with my blogger site for some time. I spent a good 30 minutes redesigning TP.

Puppet Custom Fact - Host Interface

I've found this simple custom fact extremely useful. It basically does a netstat -rn and grabs the default interface that has the gateway. I've tested it on FreeBSD, Redhat, and Ubuntu, it probably works on other platforms.

To install this module on your puppet master
mkdir -p /etc/puppet/modules/hostint/lib/facter
Copy the following code and place it in the file "/etc/puppet/modules/hostint/lib/facter/hostint.rb"
require 'facter'
Facter.add(:hostint) do
  confine :kernel => %w{FreeBSD}
  setcode do
    Facter::Util::Resolution.exec("netstat -f inet -rn | awk '$1==\"default\" { print $6 }'")
  end
end

Facter.add(:hostint) do
  confine :kernel => %w{Linux}
  setcode do
    Facter::Util::Resolution.exec("netstat -rn | awk '$1==\"0.0.0.0\" { print $8 }'")
  end
end
Ensure you have pluginsync enabled in your nodes puppet.conf
pluginsync = true
Now you are free to use this fact name in any module/manifest
<%= hostint %>
You can also download the module on the puppet forge http://forge.puppetlabs.com/panaman/hostint/0.0.1
Or install it straight from your puppet master
puppet module install panaman-hostint

Puppet Agent Cron Script

Running your puppet agent in cron is one way to avoid having to run it as a service. I don't do it on all my puppet nodes, but I do it on a few of them.

Below is my puppetagentrun.bash script that I use on linux. (Tested on CentOS and Ubuntu)
<% if kernel == 'Linux' -%>
#!/bin/bash
puppetmaster="yourpuppetserver"
# Open Source Puppet
statedir="/var/lib/puppet/state"
# Puppet Enterprise
# statedir="/var/opt/lib/pe-puppet/state"
run="puppet agent --server $puppetmaster --onetime --ignorecache --no-daemonize --no-usecacheonfailure --no-splay"
if [ -f $statedir/puppetdlock ]; then
  if test `find $statedir/puppetdlock -mmin +100`; then
    rm $statedir/puppetdlock;
  fi
fi
value=$RANDOM
while [ $value -gt 300 ] ; do
  value=$RANDOM
done
sleep $value
$run
exit
<% end -%>
Some portions you may want to change
Replace "yourpuppetserver" with your puppet masters hostname
puppetmaster="yourpuppetserver"
Change the path of your state dir as needed
# Open Source Puppet
statedir="/var/lib/puppet/state"
# Puppet Enterprise
# statedir="/var/opt/lib/pe-puppet/state"
This area checks to see if the puppet agent some how locked it self up for a long period of time. I currently have it set for 100 minutes, but feel free to change that time to anything you want.
if test `find $statedir/puppetdlock -mmin +100`; then
The last thing is a random sleep value of 5 minutes so the puppet agents don't stomp the server all at the same time. Feel free to adjust this to anything you want.
while [ $value -gt 300 ] ; do
I am using ruby templating to ensure that the kernel is linux or it doesn't get any of this code. You can remove the template variables to make it a file resource. The way it sits, you will have to save it as a "puppetmodulename/templates/puppetagentrun.bash.erb"