Line 49: |
Line 49: |
| | | |
| ==== Configuring SSH and RSYNC on the ESX3i Host ==== | | ==== Configuring SSH and RSYNC on the ESX3i Host ==== |
− | By default the SSH service is disabled and rsync is not installed. ESXi uses Dropbear rather than OpenSSL as the SSH Server. The installed Dropbear Version 0.49 has a bug that causes an incorrect return status of the executed command. Therefore it must be updated to Version 0.51. This version fixes the problem with wrong exit codes. Only with Dropbear Version 0.51 Affa can detect failures of rsync commands.
| + | On ESXi the SSH service Dropbear is installed but disabled. To use rsync the SSH service must be enabled and the rsync program must be installed. To enable passwordless login a .ssh directory for storing the keys must be created. |
| | | |
| + | A script is provided that does this: |
| To set up ESXi for use with Affa we must: | | To set up ESXi for use with Affa we must: |
| * enable SSH service by configuring inetd.conf and restarting the inetd service | | * enable SSH service by configuring inetd.conf and restarting the inetd service |
| * install rsync (statically linked binary) | | * install rsync (statically linked binary) |
− | * update Dropbear to version 0.51
| |
| * create a /root home directory with a .ssh sub directory to store the public keys for password-less login | | * create a /root home directory with a .ssh sub directory to store the public keys for password-less login |
| * link the .ssh directory to the non-volatile USB device | | * link the .ssh directory to the non-volatile USB device |
| * add a command to /etc/rc.local that executes all the steps above at boot time | | * add a command to /etc/rc.local that executes all the steps above at boot time |
| | | |
− | The following script does this all:
| + | |
| <pre> | | <pre> |
| # enable ssh service | | # enable ssh service |
− | sed -e 's/^#\(ssh.*\)/\1/' < /etc/inetd.conf > /etc/inetd.conf.affa | + | sed -ie 's/^#\(ssh.*\)/\1/' /etc/inetd.conf |
− | mv -f /etc/inetd.conf.affa /etc/inetd.conf
| |
− | | |
| # reload inetd configuration | | # reload inetd configuration |
| kill -HUP `ps | grep inetd | sed -e 's/ .*//'` | | kill -HUP `ps | grep inetd | sed -e 's/ .*//'` |
− |
| |
− | # install Dropbear 0.51
| |
− | rm -f /sbin/dropbearmulti; cp -a /bootbank/bexi/dropbearmulti /sbin/dropbearmulti
| |
− | ln -fs /sbin/dropbearmulti /bin/ssh
| |
− |
| |
− | # install sftp-server (needed for FUSE sshfs mount)
| |
− | cp -a /bootbank/bexi/sftp-server-static /usr/libexec/sftp-server
| |
| | | |
| # install rsync 3.0.4 statically linked | | # install rsync 3.0.4 statically linked |
Line 88: |
Line 79: |
| | | |
| # set new home dir for user root | | # set new home dir for user root |
− | sed -e 's#^\(root:.*\)\(:/:\)\(.*\)#\1:/root:\3#' < /etc/passwd > /etc/passwd.affa | + | sed -ie 's#^\(root:.*\)\(:/:\)\(.*\)#\1:/root:\3#' /etc/passwd |
− | mv -f /etc/passwd.affa /etc/passwd
| |
| | | |
| # add execution of this script to rc.local | | # add execution of this script to rc.local |
− | grep -q "/bootbank/bexi/affa-setup.sh" < /etc/rc.local || echo "/bootbank/bexi/affa-setup.sh" >> /etc/rc.local | + | grep -v "#BEXI$" < /etc/rc.local > /etc/rc.local.affa; mv -f /etc/rc.local.affa /etc/rc.local |
| + | echo "test -f /bootbank/bexi/affa-setup.sh && /bootbank/bexi/affa-setup.sh #BEXI" >> /etc/rc.local |
| + | echo "test ! -d /root && sed -ie 's#^\(root:.*\)\(:/root:\)\(.*\)#\1:/:\3#' /etc/passwd #BEXI" >> /etc/rc.local |
| </pre> | | </pre> |
| | | |
| + | ===== Download and install the skript ===== |
| On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word '''unsupported''' to unlock the shell. | | On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word '''unsupported''' to unlock the shell. |
| | | |
Line 103: |
Line 96: |
| Download the tarball. The tarball contains all binaries and the script. | | Download the tarball. The tarball contains all binaries and the script. |
| cd /bootbank | | cd /bootbank |
− | wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-01.tgz | + | wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-02.tgz |
| Verify the download | | Verify the download |
− | wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-01.tgz.md5sum | + | wget http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2/affa-esxi-setup-02.tgz.md5sum |
| md5sum -c affa-esxi-setup-01.tgz.md5sum | | md5sum -c affa-esxi-setup-01.tgz.md5sum |
| Unpack it | | Unpack it |
− | tar xzf affa-esxi-setup-01.tgz | + | tar xzf affa-esxi-setup-02.tgz |
− | rm affa-esxi-setup-01.tgz* | + | rm affa-esxi-setup-02.tgz* |
| and run the script | | and run the script |
| ./bexi/affa-setup.sh | | ./bexi/affa-setup.sh |
Line 147: |
Line 140: |
| === Uninstall === | | === Uninstall === |
| SSH login as root on the ESXi host and run these commands '''carefully''': | | SSH login as root on the ESXi host and run these commands '''carefully''': |
− | grep -v "/bootbank/bexi/affa-setup.sh" < /etc/rc.local >/etc/rc.local.affa; mv -f /etc/rc.local.affa /etc/rc.local | + | grep -v "#BEXI" < /etc/rc.local >/etc/rc.local.affa; mv -f /etc/rc.local.affa /etc/rc.local |
| sed -e 's#^\(root:.*\)\(:/root:\)\(.*\)#\1:/:\3#' < /etc/passwd > /etc/passwd.affa; mv -f /etc/passwd.affa /etc/passwd | | sed -e 's#^\(root:.*\)\(:/root:\)\(.*\)#\1:/:\3#' < /etc/passwd > /etc/passwd.affa; mv -f /etc/passwd.affa /etc/passwd |
| sed -e 's/^\(ssh.*\)/#\1/' < /etc/inetd.conf > /etc/inetd.conf.affa; mv -f /etc/inetd.conf.affa /etc/inetd.conf | | sed -e 's/^\(ssh.*\)/#\1/' < /etc/inetd.conf > /etc/inetd.conf.affa; mv -f /etc/inetd.conf.affa /etc/inetd.conf |
| kill -HUP `ps | grep inetd | sed -e 's/ .*//'` | | kill -HUP `ps | grep inetd | sed -e 's/ .*//'` |
− | rm -rf /bin/rsync /usr/libexec/sftp-server /root /bootbank/bexi | + | rm -rf /bin/rsync /root /bootbank/bexi |
| tar -C / -xzf /bootbank/environ.tgz sbin/dropbearmulti | | tar -C / -xzf /bootbank/environ.tgz sbin/dropbearmulti |
| | | |
| === Addtional Information === | | === Addtional Information === |
− | ===== How to make the Dropbearmulti 0.51 Binary and the statically linked Rsync Binary ===== | + | ===== How to make the statically linked Rsync Binary ===== |
− | If you want to make the binaries by yourself, run the following on a Centos4/SME7.3 box with devel RPMs installed:
| |
− | | |
− | '''Dropbear 0.51'''
| |
− | | |
− | 1. download <tt>dropbear-0.51.tar.gz</tt> from http://matt.ucc.asn.au/dropbear/
| |
− | | |
− | 2. unpack the tarball
| |
− | tar xzf dropbear-0.51.tar.gz
| |
− | cd dropbear-0.51
| |
− | | |
− | 3. edit the file <tt>options.h</tt> and comment out line 40
| |
− | /*#define NON_INETD_MODE*/
| |
− | | |
− | 4. configure and compile
| |
− | ./configure --disable-zlib --disable-openpty
| |
− | make PROGRAMS="dropbear dbclient scp dropbearkey dropbearconvert" MULTI=1 STATIC=0 SCPPROGRESS=1
| |
− | strip dropbearmulti
| |
− | | |
− | | |
− | '''Rsync 3.0.4 statically linked'''
| |
| | | |
| 1. download the source from http://rsync.samba.org/ | | 1. download the source from http://rsync.samba.org/ |
Line 185: |
Line 158: |
| make CFLAGS="-static" EXEEXT="-static" | | make CFLAGS="-static" EXEEXT="-static" |
| strip rsync-static | | strip rsync-static |
− |
| |
| | | |
| | | |
| [[Category:Howto]] | | [[Category:Howto]] |
| [[Category: Backup]] | | [[Category: Backup]] |