Tag Archive - ssh

rsnapshot and mysqldump

December 17, 2010 in Backup, Scripting with 1 Comment

rsnapshot is a nifty little perl script for managing rsync backups in an easy way. rsync is great for backing up almost everything, but MySQL databases is an exception, since the files could get corrupted if data is not flushed and locked prior to backup.

To use mysqldump with rsnapshot the following script can be placed on the target machine (the machine being backed up). The script can of course be modified to use mysqlhotcopy instead of mysqldump, the principle is still the same.

#!/bin/bash
 
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
 
backupdir="/tmp/mysqldump"
 
if [ ! -d $backupdir ]; then
        mkdir -p $backupdir
fi
 
chmod -R 700 $backupdir
 
case $1 in
        run)
                for db in `mysql --defaults-file=.my.cnf -e 'show databases' |tr -d '| ' |grep -v 'Database' |grep -v 'information_schema'`; do
                        mysqldump --defaults-file=.my.cnf $db |gzip > $backupdir/$db.sql.gz
                done
        ;;
 
        clean)
                rm -f $backupdir/*.sql.gz
        ;;
esac

A .my.cnf file also needs to be created on the target machine in the home folder of the backup user (probably root), with the following content. This is because we dont wont to pass the password as a command line argument (visible to other users).

[client]
user=root
password=<password>

Then use the following configuration for rsnapshot.

backup_script   /usr/bin/ssh root@example.com "/root/backup.sh run"   unused0/
backup          root@example.com:/tmp/mysqldump/                      example.com/
backup_script   /usr/bin/ssh root@example.com "/root/backup.sh clean" unused1/

This assumes that SSH key authentication is already configured. Adjust path and user names accordingly.

Syncing djbdns zones with rsync

February 8, 2010 in DNS with 1 Comment

I wrote earlier about publishing zones with djbdns. That post didn’t cover zone sync between djbdns servers. This small guide assumes we’ll be syncing all zones between two servers, s01 and s02.

Doing this by using ssh keys instead of regular login has the benefit of not asking for your password when syncing the zones. You can skip this step if you want.

On s01, do the following.

# ssh-keygen -t dsa
# scp ~/.ssh/id_dsa.pub s02:.ssh/authorized_keys

The edit the Makefile file in the root folder of djbdns on s01 and make it look like this.

remote: data.cdb
        /usr/bin/rsync -az -e ssh data.cdb s02:/etc/tinydns/root/data.cdb

data.cdb: data
        /usr/bin/tinydns-data

Adjust all paths according to your own setup.

Running make will now sync your zones to s02.

# make
/usr/bin/tinydns-data
/usr/bin/rsync -az -e ssh data.cdb s02:/etc/tinydns/root/data.cdb
#

Quick and dirty PF sync

January 13, 2010 in Networking, Scripting with 0 Comments

This is a small bash script for syncing PF rules ant tables from one firewall to another (if changes are made to fw1, this script is running on fw2). The script requires ssh keys to be generated and configured for autologin. The script also saves backups of old configs when replacing them.

Create the folders /root/pf and /root/pf/backup on fw2 and save this script as /root/pf/sync.sh. The script assumes that PF rules are in /etc/pf.conf and that tables are stored in /etc/tables (every file in this folder is synced).

#!/usr/local/bin/bash
 
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
TIME=`date +"%Y%m%d%H%M"`
 
cd /root/pf/
 
ping -c1 fw1 &gt; /dev/null 2&gt;&amp;1
if [ "$?" -eq "0" ]; then
        mkdir files
        scp fw1:/etc/pf.conf files/
        scp -r fw1:/etc/tables files/
 
        if [ -f files/pf.conf ]; then
                md5 -q files/pf.conf &gt; md5_new.txt
                md5 -q files/tables/* &gt;&gt; md5_new.txt
                NEW=`md5 -q md5_new.txt`
 
                md5 -q /etc/pf.conf &gt; md5_running.txt
                md5 -q /etc/tables/* &gt;&gt; md5_running.txt
                RUNNING=`md5 -q md5_running.txt`
 
                rm md5_new.txt
                rm md5_running.txt
 
                if [ "$NEW" != "$RUNNING" ]; then
                        echo $TIME Loading new PF &gt;&gt; log.txt
 
                        # Backing up old PF
                        mkdir backup/$TIME
                        cp /etc/pf.conf backup/$TIME/
                        cp -R /etc/tables backup/$TIME/
                        tar -zcf backup/$TIME.tar.gz backup/$TIME/*
                        rm -rf backup/$TIME
 
                        # Activating new PF
                        mv files/pf.conf /etc/pf.conf
                        rm /etc/tables/*
                        mv files/tables/* /etc/tables/
                        pfctl -f /etc/pf.conf
                fi
        fi
 
        rm -rf files
else
        echo $TIME FW1 is down, dont sync &gt;&gt; log.txt
fi