Line 5: |
Line 5: |
| | | |
| A restore of a VM can be done by simply copying back all archived files to the original location on the ESXi host. It is also possible to copy the files to a different directory (or to another ESXi server) and add the vmx file to the inventory. | | A restore of a VM can be done by simply copying back all archived files to the original location on the ESXi host. It is also possible to copy the files to a different directory (or to another ESXi server) and add the vmx file to the inventory. |
| + | |
| + | {{Note box|This document is applicable for ESX3i with an USB boot device. It will most likely not work with other type boot devices}} |
| | | |
| {{Warning box|As Affa Version 2 is in a BETA state, errors in design and/or implementation cannot be completely eliminated. Therefore take precautions to avoid negative impacts to your system. In particular do not use it on production systems.}} | | {{Warning box|As Affa Version 2 is in a BETA state, errors in design and/or implementation cannot be completely eliminated. Therefore take precautions to avoid negative impacts to your system. In particular do not use it on production systems.}} |
Line 46: |
Line 48: |
| | | |
| | | |
− | ==== Configuration of the SSH Service on the ESXi Host ==== | + | ==== Configuring SSH and RSYNC on the ESX3i Host ==== |
− | (''Note: ESXI uses Dropbear rather than OpenSSL Server)''
| + | By default the SSH service is disabled and rsync is not installed. ESXi uses Dropbear rather than OpenSSL as the SSH Server. The installed Dropbear Version 0.49 has a bug that causes an incorrect return status of the executed command. Therefore it must be updated to Version 0.51. This version fixes the problem with wrong exit codes. Only with Dropbear Version 0.51 Affa can detect failures of rsync commands. |
| | | |
− | On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word '''unsupported''' to unlock the shell.
| + | To set up ESXi for use with Affa we must: |
| + | * enable SSH service by configuring inetd.conf and restarting the inetd service |
| + | * install rsync (statically linked binary) |
| + | * update Dropbear to version 0.51 |
| + | * create a /root home directory with a .ssh sub directory to store the public keys for password-less login |
| + | * link the .ssh directory to the non-volatile USB device |
| + | * add a command to /etc/rc.local that executes all the steps above at boot time |
| | | |
− | Login with the root password.
| + | The following script does this all: |
| + | <pre> |
| + | # enable ssh service |
| + | sed -e 's/^#\(ssh.*\)/\1/' < /etc/inetd.conf > /etc/inetd.conf.affa |
| + | mv -f /etc/inetd.conf.affa /etc/inetd.conf |
| | | |
− | [[Image:Affa_esxi_service_console.gif]]
| + | # reload inetd configuration |
| + | kill -HUP `ps | grep inetd | sed -e 's/ .*//'` |
| | | |
− | Edit the '/etc/inetd.conf' file using the vi editor. Remove the leading Hash ('#') from this line:
| + | # install Dropbear 0.51 |
− | #ssh stream tcp nowait root /sbin/dropbearmulti dropbear ++min=0,swap,group=shell -i
| + | rm -f /sbin/dropbearmulti; cp -a /bootbank/bexi/dropbearmulti /sbin/dropbearmulti |
− | Save the file.
| + | ln -fs /sbin/dropbearmulti /bin/ssh |
| | | |
− | Find the PID of the inetd process: (1302 in this example)
| + | # install sftp-server (needed for FUSE sshfs mount) |
− | ps | grep inetd
| + | cp -a /bootbank/bexi/sftp-server-static /usr/libexec/sftp-server |
| | | |
− | <tt>1302 1302 busybox inetd</tt>
| + | # install rsync 3.0.4 statically linked |
| + | cp -a /bootbank/bexi/rsync-static /bin/rsync |
| | | |
− | Send HUP signal to force inetd to re-read the configuration
| + | # root home dir for storing public keys |
| + | mkdir -p /bootbank/bexi/root/.ssh |
| + | touch /bootbank/bexi/root/.ssh/authorized_keys |
| + | touch /bootbank/bexi/root/.ssh/known_hosts |
| | | |
− | kill -HUP 1302
| + | # link .ssh dir to non-volatile USB location |
− | Now you can ssh logon.
| + | mkdir -p /root |
| + | ln -fs /bootbank/bexi/root/.ssh /root/ |
| | | |
| + | # set new home dir for user root |
| + | sed -e 's#^\(root:.*\)\(:/:\)\(.*\)#\1:/root:\3#' < /etc/passwd > /etc/passwd.affa |
| + | mv -f /etc/passwd.affa /etc/passwd |
| | | |
− | ==== Update Dropbear SSH server and client ====
| + | # add execution of this script to rc.local |
− | On ESX3i Dropbear Version 0.49 is installed. This version has a bug that causes an incorrect return status of the executed command. Therefore it must be updated to Version 0.51. This version fixes the problem with wrong exit codes. Only with Dropbear Version 0.51 Affa can detect failures of rsync commands.
| + | grep -q "/bootbank/bexi/affa-setup.sh" < /etc/rc.local || echo "/bootbank/bexi/affa-setup.sh" >> /etc/rc.local |
| + | </pre> |
| | | |
− | Remote copy the dropbearmulti binary to the ESXi host into directory /sbin. This overwrites the existing dropbearmulti version 0.49
| + | On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word '''unsupported''' to unlock the shell. |
− | scp dropbearmulti root@<ESXiIP>:/sbin/
| |
− | Then send the HUP signal to the inetd process as described above.
| |
− | ===== How to get dropbearmulti 0.51 binary =====
| |
− | You can either download a compiled binary from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2
| |
| | | |
− | '''or''' you can make it by yourself on a Centos4/SME7.3 box with devel RPMs installed:
| + | Login with the root password. |
− | 1. download <tt>dropbear-0.51.tar.gz</tt> from http://matt.ucc.asn.au/dropbear/
| |
| | | |
− | 2. unpack the tarball
| + | [[Image:Affa_esxi_service_console.gif]] |
− | tar xzf dropbear-0.51.tar.gz
| |
− | cd dropbear-0.51
| |
− | | |
− | 3. edit the file <tt>options.h</tt> and comment out line 40
| |
− | /*#define NON_INETD_MODE*/
| |
− | | |
− | 4. configure and compile
| |
− | ./configure --disable-zlib --disable-openpty
| |
− | make PROGRAMS="dropbear dbclient scp dropbearkey dropbearconvert" MULTI=1 STATIC=0 SCPPROGRESS=1
| |
− | strip dropbearmulti
| |
− | | |
− | ==== Install the rsync program on the ESXi host ====
| |
− | Remote copy the rsync-static binary to the ESXi host into directory /usr/bin.
| |
− | scp rsync-static root@<ESXiIP>:/usr/bin/
| |
− | Create symbolic link to /usr/bin/rsync:
| |
− | ln -fs /usr/bin/rsync-static /usr/bin/rsync
| |
− | | |
− | ===== How to get the statically linked rsync binary =====
| |
− | You can either download a compiled binary from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2
| |
− | | |
− | '''or''' you can make it by yourself on a Centos4/SME7.3 box with devel RPMs installed:
| |
− | | |
− | 1. download the source from http://rsync.samba.org/
| |
− | | |
− | 2. unpack the tarball
| |
− | tar xzf rsync-3.0.4.tar.gz
| |
− | cd rsync-3.0.4
| |
− | 3. build the statically linked binary
| |
− | make CFLAGS="-static" EXEEXT="-static"
| |
− | strip rsync-static
| |
− | | |
− | ==== Configuration of Public Key Login ====
| |
− | SSH logon to the ESXi host and create a new home directory for user root
| |
− | mkdir -p /root/.ssh
| |
− | chmod -R 700 /root
| |
− | | |
− | Edit /etc/passwd using the vi editor and carefully change the line
| |
− | | |
− | root:x:0:0:Administrator:/:/bin/ash
| |
| | | |
− | to
| + | Download the tarball. The tarball contains all binaries and the script. |
| + | cd /bootbank |
| + | wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-01.tgz |
| + | Unpack it |
| + | tar xzf affa-esxi-setup-01.tgz |
| + | rm affa-esxi-setup-01.tgz |
| + | and run the script |
| + | ./bexi/affa-setup.sh |
| | | |
− | root:x:0:0:Administrator:/root:/bin/ash
| + | Now you can ssh login and use rsync. |
| | | |
− | Once you have configured the Affa ESXi job, run on the Affa server:
| |
− | affa --send-key <JOB>
| |
| | | |
| === Setting up an Affa job === | | === Setting up an Affa job === |
Line 159: |
Line 142: |
| | | |
| The name of the snaphot starts with "BEXI-". Do not delete it or revert to it while Affa is running. | | The name of the snaphot starts with "BEXI-". Do not delete it or revert to it while Affa is running. |
| + | |
| + | |
| + | === Addtional Information === |
| + | ===== How to make the Dropbearmulti 0.51 Binary and the statically linked Rsync Binary ===== |
| + | If you want to make the binaries by yourself, run the following on a Centos4/SME7.3 box with devel RPMs installed: |
| + | |
| + | '''Dropbear 0.51''' |
| + | |
| + | 1. download <tt>dropbear-0.51.tar.gz</tt> from http://matt.ucc.asn.au/dropbear/ |
| + | |
| + | 2. unpack the tarball |
| + | tar xzf dropbear-0.51.tar.gz |
| + | cd dropbear-0.51 |
| + | |
| + | 3. edit the file <tt>options.h</tt> and comment out line 40 |
| + | /*#define NON_INETD_MODE*/ |
| + | |
| + | 4. configure and compile |
| + | ./configure --disable-zlib --disable-openpty |
| + | make PROGRAMS="dropbear dbclient scp dropbearkey dropbearconvert" MULTI=1 STATIC=0 SCPPROGRESS=1 |
| + | strip dropbearmulti |
| + | |
| + | |
| + | '''Rsync 3.0.4 statically linked''' |
| + | |
| + | 1. download the source from http://rsync.samba.org/ |
| + | |
| + | 2. unpack the tarball |
| + | tar xzf rsync-3.0.4.tar.gz |
| + | cd rsync-3.0.4 |
| + | 3. build the statically linked binary |
| + | make CFLAGS="-static" EXEEXT="-static" |
| + | strip rsync-static |
| + | |
| + | |
| | | |
| [[Category:Howto]] | | [[Category:Howto]] |
| [[Category: Backup]] | | [[Category: Backup]] |