Debian Time Machine Server

As usual, a little background for perspective. This the second time I have had to do this and to get it working I had to go scouring the Internet a little bit. This involved taking bits and pieces from a few sites then keeping my fingers crossed that it would work in the end.

There are two Macs in my household. I configured this at first so that both would dump their backups into one folder. This worked well but I noticed a few weird stuff from time to time and I remembered also reading were some people suggested keeping them separated because of issues that, I guess, could cause the stuff I was noticing. Because of this an a few other cosmetic factors, I decided to move the service to a different server and assign both computers to separate folders (I used separate LVM volumes so that they will have no effect on each other and I have flexibility to grow)

Installing Packages

The newer releases of OS X requires Netatalk 2.2.x+. However, Debian 6.0 (Squeeze) comes with 2.1, which won’t work with Mac OS X 10.8 “Mountain Lion”. If you are still running Debian 6.0 you can get netatalk 2.2 from Debian 7.0 (Wheezy) by doing the following as root.
First add the following line to /etc/apt/sources.list:

deb http://http.debian.net/debian wheezy main contrib non-free

Then run the following commands:

 aptitude update
 aptitude install netatalk avahi-daemon avahi-utils

You can revert the changes to /etc/apt/sources.list now and run “aptitude update” again. Obviously if you were already on Wheezy you won’t have to worry about this.

Setting up Netatalk
Let’s do some configs…

Change your /etc/netatalk/AppleVolumes.default file to export the Time Machine volume.

Look for the following line:

 #:DEFAULT: options:upriv,usedots 

And change it to something like this.  Also remove the hash sign:

 #:DEFAULT: cnidscheme:dbd options:upriv,usedots 

At the end of the file you’ll find a line that reads:

~/                     "Home Directory"

Add something like this below it:

/mnt/timemachine  "Time Machine"  allow:username cnidscheme:dbd volsizelimit:250000 options:usedots,upriv,tm
 
  • /mnt/timemachine is your backup folder.
  • “Time Machine” is a random label to identify your Time Machine volume.

The rest of the line contains various parameters to allow the Mac to “play nice” with this server as a Time Machine target. It’s important to add the options:tm at the end of the line so that Netatalk enables various special options for Time Machine. You can also add fancy options to restrict access to users logging in with specified accounts. But I have decided to keep it simple, at least for this round 😉

The next config file is /etc/netatalk/afpd.conf. Comment the last line like this:

# - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword

…and add this:

- -tcp -noddp -uamlist uams_dhx.so,uams_dhx2_passwd.so -nosavepassword

I guess you could also just replace it but I like an easy rollback path, just in case.

I am not sure if this command is actually needed for it to work but it didn’t cause it not work 🙂

touch /mnt/timemachine/.com.apple.timemachine.supported

Restart netatalk for the new configuration to take effect:

sudo service netatalk restart

For an additional layer of security I decided to create a dedicated user account that will only have access to the write to the backup folder. Time Machine will ask for this information on initial setup.


 sudo useradd -s /bin/false timemachine
 sudo passwd timemachine
 sudo chown -R timemachine:timemachine /mnt/timemachine
 

This takes care of the server side.

Client Setup
Now configure your OS X installation so it sees unsigned time machine volumes. Open the terminal app and execute the following command:

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

PS.
Older articles refer to creating a /etc/avahi/services/afpd.service file. With netatalk 2.2, this file is redundant: you do not need to create it.

RaspBerry Pi – 1st Encounter

Back Story
I have wanted one of these boards to replace my Apple TV2 running XBMC for a long while now but as everybody knows the first version sold out almost immediately and the average price for one on the after-market is sometimes 3-4 times what the Element14 sells it for. They announced the second version and I decided to try get my hand on one before it hit the after-market. Long story short, after about a month of waiting on order fulfillment, I have it.
What to do?
At my office a couple of the guys have these configured as HTPCs (XBMC of course). I couple have positive feedback while others are so-so. The number one complaint I have heard it the speed. and digging further, I find a couple of them attribute it to slow SD cards. So I was worried that I might have to purchase another SD even though I already have one laying around. Of course I decided to try what I have on hand first, and I am happy with the results so far.
Here is what I have:
Hardware
Software
 Configuration
  • Installed with python script (install.py) from the site with a downloaded image
  • Install NTP
  • sudo dpkg-reconfigure tzdata for America/Montreal
  • Inside XBMC (Settings > Appearance > International) set location to Canada/Montreal
  • I use NFS shares, so I add those with the appropriate scrapers and allow it to scan the library
Conclusion
This is not my final setup but I think this gets me back to where I was before and I am okay with that. The main thing I wanted to test here is the performance of the SD card with RaspBMC and that seem to be working out. I don’t know if Class 4 would be too slow or if the doubling of the RAM from the previous model is making all the difference here (512MB vs 256MB). I don’t have a class 4 to test the difference, so all I know is this setup works…..for now 😀

Backup PostgreSQL Schemas

I have been handed the responsibility to manage the backups of a PostgreSQL database. Easy enough you would say, but there is a catch.

  1. The owner wants backups to be kept of each individual schema within the database
  2. I have never managed a PostgreSQL DB before

So not being one to back down from such a challenge, I searched high and low all over the Internet, but either the Internet community isn’t interested in doing this or I am not looking in the right places. So here, with the help of fragments of scripts from around the web, I have worked out a solution which accomplishes task at hand. It is all bottled in the script below which I think is self-explanatory with the aid of a generous helping comments scattered throughout the file.

#Description:
#This script will create a compressed backup of the Genesis Postgres Db and store it on a predefined folder.
#Backups that are older than 30days will also be removed automatically

####### Make and change to directory where backups will be saved #######
BASE_DIR="/path/to/backup/folder"
YMD=$(date "+%Y-%m-%d")
DIR="$BASE_DIR/$YMD"
mkdir -p $DIR
cd $DIR

####### Full Postgres Backup #######
sudo -u postgres pg_dumpall | gzip -c > All_Db.sql.gz

####### Individual Schema Backups #######
# 1. Select individual schemas within the database and pipe the results into sed which does Step 2
# 2. Clean up the output from the SQL above
#     - Get rid of the empty spaces at the beginning of each line
#     - Remove the head and tail info from the file(Title, labels, etc)
for schema in $(sudo -u dbOwnerUN psql -d DBName -c "SELECT schemata.schema_name FROM information_schema.schemata;"|sed 's/^[ \t]*//;s/[ \t]*$//;1,2d;N;$!P;$!D;$d');
do
sudo -u dbOwnerUN pg_dump -Ft -n "$schema" DBName | gzip -c > "$schema".sql.gz
done

####### Delete backup files older than 30 days #######
OLD=$(find $BASE_DIR -type d -mtime +30)
if [ -n "$OLD" ] ; then
echo deleting old backup files: $OLD
echo $OLD | xargs rm -rfv
fi

As I said, this is my first attempt at anything like this so it may not be the best or easiest way of accomplishing this. (I am just sharing what I know and recording for my reference). So please post comments if you have a better solution.

….Questions are also welcomed

Putty – Save Passwords

Ever since I started working on multiple servers on a regular basis I have been looking for a solution in which PuTTY is able to store passwords for the target machine. Now I think I have what can be deemed the closest thing to that (without applying keystrings or 3rd party programs), login sessions which are seeded with the relevant passwords though batch scripts.
First create and save putty session with username@IPAddr  and whatever other details are required from with PuTTY.
Next, open Notepad++ (or your preferred text editor) and create a windows batch (*.bat) file with following lines:
     cd c:\Program Files\Putty\
     putty -load "saved session name" -pw "password"
and save it like “session name.bat”
*** On some systems,especially 64 bit OS’s, Putty may be installed in “Program Files (x86)” instead of “Program Files” so make the necessary adjustment to the lines above.

Now just by double clicking on this batch file, you will be automatically logged on to the server without prompt for password. Downside is unencrypted password on your computer. You could explore using a bat-to-exe compiler which would help to mitigate some of the risk, at least from a casual prowler. ^_^

vsFTPd – Install and Configure

In this post I will go over how to install and configure one of my favorite FTP servers, vsFTPd. It’s a linux application which is known within the IT circles as being feature-rich, fast and secure, so I have adopted it as my tool of choice when the ‘job’ requires a FTP service.

Installing vsFTPd

I am using Ubuntu linux therefore my installation command is as follows:

 sudo apt-get install vsftpd

 

Configuration

To configure vsftpd to authenticate system users and allow them to upload files edit
/etc/vsftpd.conf:

local_enable=YES

write_enable=YES

Now when system users login to FTP they will start in their home directories where they can download, upload, create directories, etc. Similarly, by default, the anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart vsftpd:

anon_upload_enable=NO

The configuration file consists of many configuration parameters. The information about each parameter is available in the configuration file. Alternatively, you can refer to the man page, man 5 vsftpd.conf for details of each parameter. There are
options in /etc/vsftpd.conf to help make vsftpd more secure. For example users can be limited to their home directories by uncommenting:

chroot_local_user=YES

Restart the service

sudo service vsftpd restart

Related reading:
Creating Dummy FTP Users

Create Dummy FTP Users

So it happens time and time again, I research and learn how to do stuff and after couple months (read: days) when I want to do it again I can’t remember how. This is one of those things.

I don’t like the idea of FTP users having an actual login account on my servers. (It isn’t best practice either). It’s just a door way to break into your server waiting to be explored. To get around that on Linux, users with no privileges to login to the shell are created with their home folder being wherever I want FTP to access.

So let’s get going:
First, we define the “dummy” shell environment by editing ‘/etc/shells‘ with this command. (You can replace nano for your preferred text editor)

    sudo nano /etc/shells

Add the following line to the end of the file

    /bin/false

Create the user

    sudo useradd dummyuser –p crypticpwd –d /ftp/folder/path –s /bin/false

That’s it.