Bit by Bit struggle

Create disk image

  1. Boot from a live media.
  2. Make sure no partitions are mounted from the source hard drive.
  3. Mount the external HDD
  4. Backup the drive.

# dd if=/dev/sdX conv=sync,noerror bs=64K | gzip -c > /path/to/backup.img.gz

If necessary (e.g. when the format of the external HD is FAT32) split the disk image in volumes (see also the split man pages).

# dd if=/dev/sdX conv=sync,noerror bs=64K | gzip -c | split -a3 -b2G - /path/to/backup.img.gz

If there is not enough disk space locally, you may send the image through ssh:

# dd if=/dev/sdX conv=sync,noerror bs=64K | gzip -c | ssh user@local dd of=backup.img.gz

5. Save extra information about the drive geometry necessary in order to interpret the partition table stored within the image. The most important of which is the cylinder size.

# fdisk -l /dev/sdX > /path/to/list_fdisk.info

Note: You may wish to use a block size (bs=) that is equal to the amount of cache on the HD you are backing up. For example, bs=8192K works for an 8 MiB cache. The 64 KiB mentioned in this article is better than the default bs=512 bytes, but it will run faster with a larger bs=.
Restore system

To restore your system:

# gunzip -c /path/to/backup.img.gz | dd of=/dev/sdX

When the image has been split, use the following instead:

# cat /path/to/backup.img.gz* | gunzip -c | dd of=/dev/sdX

Monitoring Office 365 Mailbox size

##############################################
#### Check Mailbox size Offce 365 ############
##############################################
$MailUser = $args[0]
$MailPWD = $args[1]
$SecureMailPWD = Convertto-SecureString –String $MailPWD –AsPlainText –force
$mailCred = New-object System.Management.Automation.PSCredential $MailUser, $SecureMailPWD
$To="your@email"
$From="server123"
$SMTPServer=$args[2]
#############################################
#### Login Details for Office 365 ###########
#############################################
$username = $args[3]
$pwd = $args[4]
$SecurePassword=Convertto-SecureString –String $pwd –AsPlainText –force
$MyCredentials=New-object System.Management.Automation.PSCredential $username,$SecurePassword
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $MyCredentials -Authentication Basic -AllowRedirection
#############################################

Import-PSSession $Session -DisableNameChecking | Out-Null

$query = (Get-Mailbox -ResultSize Unlimited | where {$_.Name -inotmatch "DiscoverySearchMailbox"} |Get-MailboxStatistics -WarningAction SilentlyContinue)

$formated = $query | Select DisplayName, @{name="TotalItemSize"; expression={[math]::Round(($_.TotalItemSize.ToString().Split("(")[1].Split(" ")[0].Replace(",","")/1MB),2)}}, ItemCount

### Specifying the thresholds ###############

$warn = ($formated | Where-Object {$_.TotalItemSize -gt 45000})
$crit = ($formated | Where-Object {$_.TotalItemSize -gt 49000})

if ($warn){
Send-MailMessage -to $To -From $From -Subject "1^Server^Service^$warn" -SmtpServer $SMTPServer -Port 587 -Credential $mailCred
exit 1
}
elseif ($crit) {
Send-MailMessage -to $To -From $From -Subject "2^Server^Service^$crit" -SmtpServer $SMTPServer -Port 587 -Credential $mailCred
exit 2
}
elseif ($query = $null) {
Send-MailMessage -to $To -From $From -Subject "3^Server^Service^Status: UNKNOWN" -SmtpServer $SMTPServer -Port 587 -Credential $mailCred
exit 3
}
else {
Send-MailMessage -to $To -From $From -Subject "0^Server^Service^All mailboxes are bellow the tresholds" -SmtpServer $SMTPServer -Port 587 -Credential $mailCred
exit 0
}

Remove-PSSession $Session

Check for Veeam Endpoint Backup

##################################################################################################
##### Icinga check for Veeam Enedpoint Backup. It does check of the last backup date. #####
##### Accepted arguments are: BackupJobName and period of days for backup e.g a > b = fail:) #####
##################################################################################################

asnp VeeamPSSnapin

$name = $args[0]
$period = $args[1]

$job = Get-VBRBackup -Name $name
$name = "'" + $name + "'"

$status = $job.LastPointCreationTime.Split()[0]
$date =(Get-Date -Format d)

$check_period=((Get-Date).AddDays(-$period).ToString('dd/MM/yyyy'))

if ($job -eq $null)
{
Write-Host "UNKNOWN! No such a job: $name."
exit 3
}

if ( $status -gt $check_period ){
Write-Host "Backp hasn't been run since" $status
exit 1
}
if ($status -lt $date){
Write-Host "Backup Successful for $name"
exit 0
}

Install webacula

You might think that webacula is simple thinkg but it’s not and you think that, you terrible wrong my friend. This is probably most powerfull tool for managing bacula-director. It’s a bit tricky to make it work but once it’s running nothing can stop it. I had find myself cople of times struggling to figured out why it does not wont to start, you’ll see what I’m talking about if you do it off the beaten track. If you want great backup system with great web management tool, just follow my steps because frankly you’ll hate it otherwise.

Everything begins with:

wget http://downloads.sourceforge.net/project/webacula/webacula/7.0.0/webacula-7.0.0.tar.gz

If you have already LAMP-ish stack, you can skip this step
yum install httpd php php-mysql php-gd

tar -xzvf /root/webacula-7.0.0.tar.gz

mv webacula-7.0.0/ /var/www/html/webacula
cd !$
usermod -aG bacula apache
chgrp bacula /usr/sbin/bconsole /etc/bacula/bconsole.conf
cd ../application

vim config.ini
update:
bacula.bconsole = “/usr/sbin/bconsole”
bacula.bconsolecmd = “-n -c /etc/bacula/bconsole.conf”

vim /etc/sudoers
comment Defaults requiretty because otherwise you’ll get error like “sudo: sorry, you must have a tty to run sudo” later on

Defaults requiretty

Next step is my favorite one 🙂

vim /etc/selinux/config
>>> SELINUX=disabled

add following line in sudoers file or create config in:

vim /etc/sudoers.d/apache

apache ALL=NOPASSWD: /usr/sbin/bconsole

reboot (because the selinux) If you have selinux disabled from before it’s note necessary.

Check is apache has permissions to use bconsole:

su -l apache -s /bin/sh -c "/usr/bin/sudo /usr/sbin/bconsole -n -c /etc/bacula/bconsole.conf"
If you go straight to the bconsole, then sudo do the trick.

cd /var/www/html/webacula/install/apache/
cp webacula.conf /etc/httpd/conf.d/webacula.conf
vim /etc/httpd/conf.d/webacula.conf

Change:

Alias /webacula /usr/share/webacula/html


Deny from all

to:

Alias /webacula /var/www/html/webacula/html


Allow from

update your db pass etc.

vim /var/www/html/webacula/application/config.ini

vim /etc/bacula/bacula-dir.conf
update :
catalog = all, !skipped, !saved

cd /var/www/html/webacula/install
./password-to-hash.php

Copy respose to db.conf:

db_pwd=”your root mysql pass”
….
webacula_root_pwd=”your res from ./password-to-hash.php”

cd MySql/
./10_make_tables.sh
./20_acl_make_tables.sh

systemctl restart httpd.service

add Zend Framework to webacula:

cd /var/www/html/webacula/library
wget https://packages.zendframework.com/releases/ZendFramework-1.12.3/ZendFramework-1.12.3-minimal.tar.gz (download only ver 1.12.3!!!!!!)
tar -xzf ZendFramework-1.12.3-minimal.tar.gz
mkdir Zend
cp -Rf ZendFramework-1.12.3-minimal/library/Zend/* Zend/.

go to website 🙂

Now for some reason root passwd does not work out of the box, so we need to recover it by email.

mysql -u root -p
use bacula;
update webacula_users set email=’your email here’;

I preffer to use google mail because they don’t block messages from unexist sender such as root@localhost 🙂 The message will be in your spam folder but at least you’ll recieve it.

That’s all folsk, enjoy your Backup System.

Raspberry Pi kiosk-ish system

I needed to build kiosk-ish system for our reception to display pending tasks etc. I was stumbleing around of bunch of useless tutorials, which are either right and wrong at the same time. I found this one and it is tested on raspbian, work like a charm.

As much as you don’t want to use graphic display manager on your raspbery, you will have to 🙁

We’ll need the following packages:

matchbox
chromium
x11-xserver-utils
ttf-mscorefonts-installer
xwit
sqlite3
libnss3

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install matchbox chromium x11-xserver-utils ttf-mscorefonts-installer xwit sqlite3 libnss3

If you raspberry does not dettect automaticaly it’s resolution on boot, you can edit /boot/config.txt and add following parametters:

# 1900×1200 at 32bit depth, DMT mode
disable_overscan=1
framebuffer_width=1900
framebuffer_height=1200
framebuffer_depth=32
framebuffer_ignore_alpha=1
hdmi_pixel_encoding=1
hdmi_group=2

Starting Chromium:

Add at the end of youre /etc/rc.local

if [ -f /boot/xinitrc ]; then
ln -fs /boot/xinitrc /home/pi/.xinitrc;
su – pi -c ‘startx’ &
fi

… and create /boot/xinitrc file with:

#!/bin/sh

# Clean up previously running apps, gracefully at first then harshly
killall -TERM chromium 2>/dev/null;
killall -TERM matchbox-window-manager 2>/dev/null;
sleep 2;
killall -9 chromium 2>/dev/null;
killall -9 matchbox-window-manager 2>/dev/null;

# Clean out existing profile information
rm -rf /home/pi/.cache;
rm -rf /home/pi/.config;
rm -rf /home/pi/.pki;

# Generate the bare minimum to keep Chromium happy!
mkdir -p /home/pi/.config/chromium/Default
sqlite3 /home/pi/.config/chromium/Default/Web\ Data “CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY, value LONGVARCHAR); INSERT INTO meta VALUES(‘version’,’46’); CREATE TABLE keywords (foo INTEGER);”;

# Disable DPMS / Screen blanking
xset -dpms
xset s off

# Reset the framebuffer’s colour-depth
fbset -depth $( cat /sys/module/*fb*/parameters/fbdepth );

# Hide the cursor (move it to the bottom-right, comment out if you want mouse interaction)
xwit -root -warp $( cat /sys/module/*fb*/parameters/fbwidth ) $( cat /sys/module/*fb*/parameters/fbheight )

# Start the window manager (remove “-use_cursor no” if you actually want mouse interaction)
matchbox-window-manager -use_titlebar no -use_cursor no &

# Start the browser (See http://peter.sh/experiments/chromium-command-line-switches/)
chromium –app=http://URL.of.your/choice.html

Save it, reboot and that’s it.

Nagios check_datastore

Check esxi datastore free space

#!/usr/bin/python
from pysphere import VIServer, VIProperty
import sys

ok = 160000
warn_value = 150000
crit_value = 100000
status = { 'OK' : 0 , 'WARNING' : 1, 'CRITICAL' : 2 , 'UNKNOWN' : 3}

server = sys.argv[1]
user = sys.argv[2]
pwd = sys.argv[3]

warn = False
crit = False
lowestFreeSpace = None

s = VIServer()
s.connect(server, user, pwd)
for ds, name in s.get_datastores().items():
props = VIProperty(s, ds)
freeSpace = props.summary.freeSpace / 1024**2
if lowestFreeSpace == None or freeSpace < lowestFreeSpace: lowestFreeSpace = freeSpace lowestDatastoreName = name s.disconnect() if lowestFreeSpace < crit_value: crit = True if lowestFreeSpace < warn_value: warn = True if crit_value >= warn_value:
crit = True

if warn == True:
if crit == True:
print lowestDatastoreName, "Critical space, less than 100G"
sys.exit(status['CRITICAL'])
else:
print lowestDatastoreName, "Running low on space, less than 150G"
sys.exit(status['WARNING'])

else:
print 'status OK, datastore has enough space'
sys.exit(status['OK'])

Nagios check_esxi_snapshots

This script is using pySphere api for esxi and do loop through all vms and checks for snapshots.

#!/usr/bin/python
from pysphere import VIServer
import sys

ok = 0
warn = 1
crit = 2
status = { 'OK' : 0 , 'WARNING' : 1, 'CRITICAL' : 2 , 'UNKNOWN' : 3}

server = sys.argv[1]
user = sys.argv[2]
pwd = sys.argv[3]

s = VIServer()
s.connect(server, user, pwd)
names = ""
result = s._retrieve_properties_traversal(
property_names=['name', 'rootSnapshot'],
obj_type="VirtualMachine")
for props in result:
has_snapshots = False
name = ""
for ps in props.PropSet:
if ps.Name=='rootSnapshot' and ps.Val.ManagedObjectReference:
has_snapshots = True
if ps.Name=='name':
name = ps.Val
if has_snapshots:
names = names + name + ', '
if warn == True:

if crit == True:
print names, 'has a snapshot'
print status['CRITICAL']
sys.exit(status['CRITICAL'])
else:
print names, "are running with snapshot"
print status['WARNING']
sys.exit(status['WARNING'])

else:
print 'status OK, no snapshots'
sys.exit(status['OK'])

esxi snmp v3

I want to monitor our esxi hipervisors through SNMP but also I want to be encrypted 🙂 after all this information floating over the Internet so it is good to be at least encrypted somehow. That’s why we going to use SNMP v3 Enabling SSH on ESXi

  • Connect with the vSphere client to your node
  • Go to the configuration tab, then select Security Profile
  • Select Properties with Services, then select SSH Server
  • Click Options and select Start and Stop with host
  • Click the Start button once to start the service for now

Opening the firewall to allow SSH connections

  • Connect with the vSphere client to your node
  • Go to the configuration tab, then select Security Profile
  • Select Properties with Firewall, then select SSH Server
  • Click SSH Server, select Firewall and allow an IP-range

and now the magic… for  engin ID we need to use hexadecimal value.

esxcli system snmp set --engineid 766d77617265
esxcli system snmp set --authentication SHA1
esxcli system snmp set --privacy AES128
esxcli system snmp hash -r -A secret1234 -X secret5678
esxcli system snmp set --users root/AuthHash/PrivHash/priv
esxcli system snmp set --enable true

And that’s all, you can test is it working with snmpwalk

snmpwalk -v3 -u root -l AuthPriv -a SHA -A Auth -x AES -X Priv %HOST%

Ohh.. snap, I forgot to do one last thing 🙂
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address %IP%
esxcli network firewall ruleset set --ruleset-id snmp --enabled true